Transaction mining for fraud detection in ERP Systems

Despite all attempts to prevent fraud, it continues to be a major threat to industry and government. Traditionally, organizations have focused on fraud prevention rather than detection, to combat fraud. In this paper we present a role mining inspired approach to represent user behaviour in Enterprise Resource Planning (ERP) systems, primarily aimed at detecting opportunities to commit fraud or potentially suspicious activities. We have adapted an approach which uses set theory to create transaction profiles based on analysis of user activity records. Based on these transaction profiles, we propose a set of (1) anomaly types to detect potentially suspicious user behaviour, and (2) scenarios to identify inadequate segregation of duties in an ERP environment. In addition, we present two algorithms to construct a directed acyclic graph to represent relationships between transaction profiles. Experiments were conducted using a real dataset obtained from a teaching environment and a demonstration dataset, both using SAP R/3, presently the predominant ERP system. The results of this empirical research demonstrate the effectiveness of the proposed approach.

Fraud detection in ERP systems using scenario matching

ERP systems generally implement controls to prevent certain common kinds of fraud. In addition however, there is an imperative need for detection of more sophisticated patterns of fraudulent activity as evidenced by the legal requirement for company audits and the common incidence of fraud. This paper describes the design and implementation of a framework for detecting patterns of fraudulent activity in ERP systems. We include the description of six fraud scenarios and the process of specifying and detecting the occurrence of those scenarios in ERP user log data using the prototype software which we have developed. The test results for detecting these scenarios in log data have been verified and confirm the success of our approach which can be generalized to ERP systems in general.

ERP systems implementation and organizational culture : the case of Jordan

Jordan is adopting Enterprise Resource Planning (ERP) systems in both its public and private sectors. Jordan's emerging private sector has historically close ties to the public sector; though a global market orientation requires a shift in its organizational culture. ERPs however embed business processes which do not necessarily fit with traditional cultural practices, and implementation success is not assured. This study looks at the perceptions of both public and private sector ERP implementations in Jordan and assesses these on various measures of success. There were few differences between public and private sectors, but the benefits actually realized in Jordanian ERPs fell short of claims made for the technology in other cultures.

Executive function effects and numerical development in children : behavioural and ERP evidence from a numerical Stroop paradigm

Most research on numerical development in children is behavioural, focusing on accuracy and response time in different problem formats. However, Temple and Posner (1998) used ERPs and the numerical distance task with 5-year-olds to show that the development of numerical representations is difficult to disentangle from the development of the executive components of response organization and execution. Here we use the numerical Stroop paradigm (NSP) and ERPs to study possible executive interference in numerical processing tasks in 6–8-year-old children. In the NSP, the numerical magnitude of the digits is task-relevant and the physical size of the digits is task-irrelevant. We show that younger children are highly susceptible to interference from irrelevant physical information such as digit size, but that access to the numerical representation is almost as fast in young children as in adults. We argue that the developmental trajectories for executive function and numerical processing may act together to determine numerical development in young children.

What is ERP?

Though enterprise resource planning (ERP) has gained some prominence in the information systems (IS) literature over the past few years and is a significant phenomenon in practice, through (a) a historical analysis, (b) meta-analysis of representative IS literature, and (c) a survey of academic experts, we reveal dissenting views on the phenomenon. Given this diversity of perspectives, it is unlikely that at this stage a broadly agreed definition of ERP can be achieved. We thus seek to increase awareness of the issues and stimulate further discussion, with the ultimate aim being to: (a) aid communication amongst researchers and between researchers and practitioners; (2) inform development of teaching materials on ERP and related concepts in university curricula and in commercial education and training; and (3) aid communication amongst clients, consultants and vendors. Increase transparence of the ERP concept within IS may also benefit other aligned fields of knowledge.

The relationship between self-reported animal fear and ERP modulation : Evidence for enhanced processing and fear of harmless invertebrates in snake- and spider-fearful individuals

The present study used ERPs to compare processing of fear-relevant (FR) animals (snakes and spiders) and non-fear-relevant (NFR) animals similar in appearance (worms and beetles). EEG was recorded from 18 undergraduate participants (10 females) as they completed two animal-viewing tasks that required simple categorization decisions. Participants were divided on a post hoc basis into low snake/spider fear and high snake/spider fear groups. Overall, FR animals were rated higher on fear and elicited a larger LPC. However, individual differences qualified these effects. Participants in the low fear group showed clear differentiation between FR and NFR animals on subjective ratings of fear and LPC modulation. In contrast, participants in the high fear group did not show such differentiation between FR and NFR animals. These findings suggest that the salience of feared-FR animals may generalize on both a behavioural and electro-cortical level to other animals of similar appearance but of a non-harmful nature.

Differential effects of ERP systems on user outcomes : a longitudinal investigation

Adopting a model of job enrichment we report on a longitudinal case investigating the perceived impact of an Enterprise Resource Planning (ERP) system on user job design characteristics. Our results indicated that in the context of an ERP geared towards centralisation and standardisation the extent to which users perceived an increase or decrease in job enrichment was associated with aspects such as formal authority and the nature of their work role. Experienced operational employees proficient in the original legacy system perceived ERP system protocols to constrain their actions, limit training and increase dependence on others in the workflow. Conversely, managerial users reported a number of benefits relating to report availability, improved organisational transparency and increased overall job enrichment. These results supported our argument concerning the relationship between ERPs with a standardisation intent and positive job enrichment outcomes for managerial users and negative job-related outcomes for operational users.

Stakeholders' perceptions of data utility in the context of ERP outcomes

A substantial body of literature exists identifying factors contributing to under-performing Enterprise Resource Planning systems (ERPs), including poor communication, lack of executive support and user dissatisfaction (Calisir et al., 2009). Of particular interest is Momoh et al.’s (2010) recent review identifying poor data quality (DQ) as one of nine critical factors associated with ERP failure. DQ is central to ERP operating processes, ERP facilitated decision-making and inter-organizational cooperation (Batini et al., 2009). Crucial in ERP contexts is that the integrated, automated, process driven nature of ERP data flows can amplify DQ issues, compounding minor errors as they flow through the system (Haug et al., 2009; Xu et al., 2002). However, the growing appreciation of the importance of DQ in determining ERP success lacks research addressing the relationship between stakeholders’ requirements and perceptions of ERP DQ, perceived data utility and the impact of users’ treatment of data on ERP outcomes.

A critical success factors model for ERP implementation

An effective IT infrastructure can support a business vision and strategy; a poor, decentralized one can break a company. More and more companies are turning to off-the-shelf ERP (enterprise resource planning) solutions for IT planning and legacy systems management. The authors have developed a framework to help managers successfully plan and implement an ERP project

Going beyond ‘misfit’ as a reason for ERP package customisation

In an attempt to deal with the potential problems presented by existing information systems, a shift towards the implementation of ERP packages has been witnessed. The common view, particularly the one espoused by vendors, is that ERP packages are most successfully implemented when the standard model is adopted. Yet, despite this, customisation activity still occurs reportedly due to misalignment between the functionality of the package and the requirements of those in the implementing organisation. However, it is recognised that systems development and organisational decision-making are activities influenced by the perspectives of the various groups and individuals involved in the process. Thus, as customisation can be seen as part of systems development, and has to be decided upon, it should be thought about in the same way. In this study, two ERP projects are used to examine different reasons why customisation might take place. These reasons are then built upon through reference to the ERP and more general packaged software literature. The study suggests that whilst a common reason for customising ERP packages might be concerned with functionality misfits, it is important to look further into why these may occur, as there are clearly other reasons for customisation stemming from the multiplicity of social groups involved in the process.

The maintenance implications of the customization of ERP software

Enterprise resource planning (ERP) software is a dominant approach for dealing with legacy information system problems. In order to avoid invalidating maintenance and development support from the ERP vendor, most organizations reengineer their business processes in line with those implicit within the software. Regardless, some customization is typically required. This paper presents two case studies of ERP projects where customizations have been performed. The case analysis suggests that while customizations can give true organizational benefits, careful consideration is required to determine whether a customization is viable given its potential impact upon future maintenance. Copyright © 2001 John Wiley & Sons, Ltd.

Identity, addressing, authenticity and audit requirements for trust in ERP, analytics and big/open data in a “Cloud” computing environment : a review and proposal

Enterprises, both public and private, have rapidly commenced using the benefits of enterprise resource planning (ERP) combined with business analytics and “open data sets” which are often outside the control of the enterprise to gain further efficiencies, build new service operations and increase business activity. In many cases, these business activities are based around relevant software systems hosted in a “cloud computing” environment. “Garbage in, garbage out”, or “GIGO”, is a term long used to describe problems in unqualified dependency on information systems, dating from the 1960s. However, a more pertinent variation arose sometime later, namely “garbage in, gospel out” signifying that with large scale information systems, such as ERP and usage of open datasets in a cloud environment, the ability to verify the authenticity of those data sets used may be almost impossible, resulting in dependence upon questionable results. Illicit data set “impersonation” becomes a reality. At the same time the ability to audit such results may be an important requirement, particularly in the public sector. This paper discusses the need for enhancement of identity, reliability, authenticity and audit services, including naming and addressing services, in this emerging environment and analyses some current technologies that are offered and which may be appropriate. However, severe limitations to addressing these requirements have been identified and the paper proposes further research work in the area.

Trust in merged ERP and open data schemes in the “Cloud”

Enterprise resource planning (ERP) systems are rapidly being combined with “big data” analytics processes and publicly available “open data sets”, which are usually outside the arena of the enterprise, to expand activity through better service to current clients as well as identifying new opportunities. Moreover, these activities are now largely based around relevant software systems hosted in a “cloud computing” environment. However, the over 50- year old phrase related to mistrust in computer systems, namely “garbage in, garbage out” or “GIGO”, is used to describe problems of unqualified and unquestioning dependency on information systems. However, a more relevant GIGO interpretation arose sometime later, namely “garbage in, gospel out” signifying that with large scale information systems based around ERP and open datasets as well as “big data” analytics, particularly in a cloud environment, the ability to verify the authenticity and integrity of the data sets used may be almost impossible. In turn, this may easily result in decision making based upon questionable results which are unverifiable. Illicit “impersonation” of and modifications to legitimate data sets may become a reality while at the same time the ability to audit any derived results of analysis may be an important requirement, particularly in the public sector. The pressing need for enhancement of identity, reliability, authenticity and audit services, including naming and addressing services, in this emerging environment is discussed in this paper. Some current and appropriate technologies currently being offered are also examined. However, severe limitations in addressing the problems identified are found and the paper proposes further necessary research work for the area. (Note: This paper is based on an earlier unpublished paper/presentation “Identity, Addressing, Authenticity and Audit Requirements for Trust in ERP, Analytics and Big/Open Data in a ‘Cloud’ Computing Environment: A Review and Proposal” presented to the Department of Accounting and IT, College of Management, National Chung Chen University, 20 November 2013.)