A case for information ownership in ERP systems

Abstract

This study investigates the lack of infomation ownership in current Enterprise Resource Planning (ERP) software systems. The purpose is to show how difficult, time consuming and costly the implementation of security within such systems is, The focus is on the investigation of security implementations within well-known ERP software packages such as SAP R/3 and Oracle EBusiness Suite. The results of the study indicate that central administration, control and management of security within the ERP systems under investigation weaken security. It was concluded that central administration of security should be replaced by a model that distributes the responsibility for security to so-called infonnation owners. Such individuals hold the responsibility for processes and profitability within an organization. Thus, they are best suited to decide who has access to their data and how their data may be used. Information ownership, coupled with tight controls can significantly enhance infonnation security within an ERP system. © 2004 by Springer Science+Business Media Dordrecht.