Chapter 10 • Global, Ethics, and Security Management  295

            nature of the decision, managers need to focus on resource availability, staff experience, and
            motivation.  In  fact,  there  are  six  key  assessment  factors  to  consider  when  making  the
            in-house versus outsource or offshoring decision: (1) ERP team’s skills and experience;
            (2) resource availability; (3) project priority; (4) availability of funding; (5) severity of
            problem; and (6) development motivation. 39  Implementation teams should consider keeping
            the project internally if there is a high need for control (e.g., keeping company activities
            secret for competitive advantage). Furthermore, if the organization can afford the time and
            cost to educate the internal staff, then they may be better off in the long run to perform the
            implementation internally. The decision might be about national pride and ego (i.e., teams
            may not want to see these jobs go overseas).


            ETHICS  Ethics should be a major concern of the ERP implementation team. An ethics guru
            should be appointed to the team to guide the team on privacy, accuracy, property rights, and
            access principles. The best ethical practices should be embedded into the ERP system with other
            business processes. The integration of ethics both in the system and in the change management
            strategy and training program would help create higher ethical standards with systems in the
            organization and improve the compliance with such government regulations as SOX and HIPPA.
            Another major concern for management should be with data mining activities with ERP systems.
            Setting high ethical standards during and after ERP implementation will prevent data mining
            from identifying individual consumer identities.

            LEGAL   Management cannot assume all will go well with ERP implementations. Software
            products sometimes do not perform as advertised, software companies go bankrupt or are bought
            out by other companies, and consultants overextend themselves or do not have the skills neces-
            sary to be successful. It is important for management to address as many possible legal issues up
            front to protect the company’s investing in the ERP and the successful implementation. Contracts
            must be scrutinized by both the legal department and the project director, project manager
            (PMO), or both.


            AUDIT The key issue for management with ERPs in general is the law around Sarbanes–Oxley.
            It has had a big impact on systems as it is related to the integrity and completeness of controls
            and processes that are oftentimes coded into the ERP. As the SOX law continues to be clarified
            in the courts and therefore in compliance, it will continue to have impacts on existing and new
            systems. Changes are often required to ensure that compliance is reached.

            SECURITY  Securing an ERP system is complex and requires good technical skills as well as
            communication and awareness. As mentioned before, it is often said that a systems security is
            only as good as its weakest link. In the case of systems connected to the Internet, the weakest
            link may not even be the company’s employee, but rather someone else that has been given
            access to the system for e-commerce purposes. System security cannot be underestimated or
            overlooked in an ERP implementation. Like any system a security plan must be developed to
            address all the issues related to access with an implementation methodology employed to ensure
            proper installation and testing.


            39  www.projectsatwork.com/article.cfm?ID=224597 (accessed February 2001).