SAP - ASSESSMENT & AUDIT

Transcription

1 COCHIN SHIPYARD LIMITED (A Government of India Enterprise) Pre-Bid Queries and Clarifications on the RFP for SAP - ASSESSMENT & AUDIT Enquiry No: ISD/134/ERP/AUD/201

2 SAP ASSESSMENT & AUDIT Pre Bid Queries & CSL Reply Is SRM to be considered as a part of 1 SR. No 15 in table for Section E Tendering for the review as its implementation is Yes. 3. SAP 6 Procurement. Module underway? Planned for Go Live Aug 201. ERP Solution Overview SRM What is planned date of SRM Go Live? 2 Sub section 4.1. Effective usage Sub section a Mapping of Business process into ERP with suggestions for process re engineering if any Since this engagement is pertaining to SAP assessment, the changes in process would be an offshoot of the changes suggested in SAP. This engagement is not a process reengineering engagement in entirety Review of how effectevely business process mapped in SAP or can be mapped into SAP more effectevely. Recommendation for simplification of the process expected. 3 Sub section 4.1. Effective usage Sub section e Review of 12 identified processes completely for correctness from beginning to final output. Please share the list of 12 critical processes. From SAP review point of view END to END Means review of Input data till Accounting entry. We will not be validating the authenticity of the input data. And we will not be auditing the processes which are not mapped in SAP. 1. Materials & services Indent to Payment process for Ship Building (SB), Ship Repair (SR) and Capital Projects 2. Inventory Management for Ship Building (SB) & Ship Repair (SR) 3. Subcontracting Processes for Ship Building (SB) & Ship Repair (SR) 4. Cost Estimate to Invoicing and Settlement payment Process including warranty claims for Ship Building (SB) & Ship Repair (SR) 5. Project Management for Ship Building (SB), Ship Repair (SR) and Capital Projects 6. Financial Accounting functions including accounts payable, accounts receivable, Costing and profitability, General Ledger, TDS and TCS, Treasury and funds management. Inspection and Quality control for Ship Building (SB) & Ship Repair (SR). HR functions and processes like Organisational Management, Personnel administration, Time management, Payroll, ESS/MSS etc.. Subcontract employees Management system including PF & Gratuity payment. Asset management including Breakdown, planned and preventive maintenance 11. Employee Health and Safety System including Incident Management 12. Management Information System and Business Intelligence Page 1 of

3 Would you be able to share the list with us providing some detail on what each of these transactions are used for? Sub section 4.1. Effective usage Sub section g Sub section 4.3. ERP software maintenance/ ABAP customization Sub section Sub section 4.3. ERP software maintenance/abap customization Sub section and Sub section 4.3. ERP software maintenance/ ABAP customization Sub section Review of identified critical customized transactions in SAP and recommendation for improvement, if any. Code review to find out if the optimized code is being used for minimizing execution time and recommendation to improve performance (for Top 30 identified critical Z developments) Review all customizations/all change requests after Go Live in CSL Review the procedure for development testing and Transport Management for sufficient documentation. Are the FS and TS document available? Coding review will not be possible without availability of signed Functional and technical specification. Would you be able to share the list with us providing some detail on what each of these transactions are used for? Are the FS and TS document available? Coding review will not be possible without availability of signed Functional and technical specification. Can you share how many customizations/ Change requests have been carried out after Go Live and what is the expectation here in terms of reviewing each of them? Recommend documents This point is not clear. Developments that are to be will not be reviewed in absence of updated with respect to the signed document. customization/version. What is the expectation here? List of transaction provided in Annexure 1. Available. List of transaction provided in Annexure 1. Available. Approximate No of Z transactions after Go Live is less than 300. Need to review these to find out if these developments are as per the standard norms and recommendations for best practices to be followed for testing process and documentation. Recommendations expected for best practices to be followed for documentation. Page 2 of

4 Sub section 4.5. Validations and controls in ERP Sub section Review the existing User profiles and Security profiles and map them with Industry Best Practices. Please elaborate the expectation here. Are we talking about BASIS security parameters? Yes Sub section 4.5. Validations and controls in ERP Sub section Segregation of Duties (SoD) review. Please share the list of z t codes in use. We need them for the effort estimation for updating the SOD ruleset. Z Transactions < 450 Z Reports < 250 Z TMG < 15 Sub section 4.6. Evaluation of Security Measures Sub section Review of security measures implemented in ERP system and work stations Considering this to be a SAP Assessment, would require clarity on what is the expectation for Security measures implemented in Work Stations. For SAP, how this point is different from Expected to review the unauthorised external access to the ERP system. 11 Sub section 4.6. Evaluation of Security Measures Sub section Risk & Control based assessment for the end to end business processes. Do you have selected critical processes or you want to do this for all the processes, Can you please provide the list of the business processes being implemented in SAP All business processes need to be reviewed. Business Process Master List available in tender document Annexure Sub section 4. Future path for ERP and related expansion Sub section 4..4 License agreements and recommendation to optimally handle future requirements. Is the ask to carry out a license review for SAP? Or is it just to verify the license agreement with SAP. Expected to review the present practice of user license allocation and recommend how optimally the licences can be utilised. 13 Sub section 4.. Interface with Non ERP systems Sub section 4..1 Review the interface between the Business ERP applications with non ERP systems. How many interfaces exist currently? Can you please provide us with a list of peripheral applications which connect with SAP Four. 1. Solus Attendance system. 2. Avery weighing bridge Application. 3. CSL Intranet Web Application. 4. Retired Employees Corner Web Application. Page 3 of

5 14 Sub section 4. Adequacy of SAP support Structure Sub section 4..1 and Review adequacy of IT and functional human resources for managing SAP system and infrastructure effectively Review and evaluate the system in place for the SAP ERP support (Incident management System) and recommendation What is the number of resources utilized for managing the SAP application and infrastructure? What is the incident management system current being utilized? Who manages it? How are the incidents allocated Human resources details will be provided on later stages. Incident Management System in place is SAP Solution Manager. 15 Sub section 4.11 Deliverables Sub section Training on the observations to improve utilization of the SAP solution The training requirement is not clear. We will be conducting detailed workshop to explain our observations Expected detailed workshop/training to explain consolidated list of observations and and recommendations. This will be recommendations to the involved team/management. the only training.there will not be any training post implementing to recommendations 16 Section 5. Scope of Work, Sub section 5.4 Project Management during implementation of agreed observations by CSL / AMS vendor Is there expectation for a full time resource for project management during implementation phase? Full time project management resource not expected during implementation phase. 1 3 SAP ERP Solution Overview 6 Listing of SAP Modules Implemented at CSL Are SAP Blue Print documents, subsequent Change requests documents and enhancements undetaken (for e.g. GST related changes) available and updated by CSL? CSL should provide all up to date documentation for SAP implementation and subsequent change requests Available. Page 4 of

6 Is SRM module currently under 3 SAP ERP Solution Listing of SAP Modules 1 6 implementation for e procurement Refer CSL reply for Sr. No. 1 Overview Implemented at CSL part of SAP Audit? g Review of identified critical customized transactions in SAP and recommendation for improvement, if any. What are these customized applications and whether all documentation on design, process, expected outcome from the transactions is available with CSL? Refer CSL reply for Sr. No. 4 Can we have understanding on which all areas / modules it encompasses so as to assess the level of customizations Pre Qaulification Criteria Criteria on 5 years of SAP Review / Audit practice Previous SAP Review assignment value above 20Lakhs This criteria are too restrictive and would request to reconsider the criteria Bidder to comply with the tender condition Pre Qaulification Criteria Atleast 3 assignments on SAP Review As part of our Consultancy / Advisory practice, we have done various SAP reviews as part of our Internal Audit assignments with our clients and hence request CSL to consider such engagements as experience on SAP Review work. Bidder to comply with the tender condition. 22. Terms of Payment 13 40% payment on final Audit report post reaudit This payment terms will block too much of cash flow and should be reconsidered with atleast 2 separate milestone for Final Audit Observation Bidder to comply with the tender condition. report / presentation and PMO activity start and completion. Balance 15% could be for Re Audit and final Re Audit report. Page 5 of

7 23 5. Project Plan PMO role during implementation by CSL / AMS Vendor What is expectation from Audit Partner during this 12 weeks of period while their recommendations are implemented? Is it full time role expectation for all modules? Is it only follow ups role 1 team member expected out of review partner? Expected guidance for implementing the agreed recommendations where ever necessary and not expecting full time PM resource Automated tools 11 Automated Tools Effective usage of ERP (f) Effective usage of ERP (g) Effective usage of ERP (b) Effective usage of ERP Master Data Analysis Can bidder use third party tools for SoD conflict Reviews? What is the current version of SAP installed and the EHP package? Does the business has updated and signed off SAP BBP documents? Does the business has detail of all the customizations with supporting functional & technical specifications. Who will be implementing the customization/redesign (if any)? Does CSL has central Master Data Management team? What is the volume? Automated licensed tools details to be provided to CSL and the decision shall be the discretion of CSL. Permitted Tools to be implemented only in systems provided by CSL. ECC 6.0, EHP 6.0 Yes Yes CSL/AMS provider Separate team for Ship Building and Ship Repair Adequacy and Efficiency of ERP infrastructure / Utilization Does license optimization review to be consider in scope of work to analyse utilization? If yes, Please provide details of license schema (i.e. how many Professional, Limited professional etc. licenses business has) Yes. Professional License Less than 600 Portal License Less than Adequacy and Efficiency of ERP infrastructure / Utilization SAP BASIS review will be required to execute the same and hence will be consider as scope of work. Please confirm! Yes Page 6 of

8 Master Data Analysis How many company codes are there Business transactions in one company code. Five more company codes existing for PF, in the scope? Gratuity, Welfare trust etc. MM < 250 FICO < ERP software HCM < 150 How many customizations (RICEFW) maintenance/ ABAP PS < 125 have been implemented per module. customization QM < 5 SD < 50 PM < Validations and controls in ERP Does the business have approved SoD matrix? Yes Validations and controls in ERP When was the last SoD exercise conducted & what were the results. Please provide the same? During Go Live only Validations and controls in ERP Evaluation of Security Measures Interface with Non ERP systems Does IT General Controls(Configurable controls, Sensitive Access review) to be part of Scope of Work? What is the existing practice of User & role provisioning? How many non ERP and standalone systems/applications are interfacing with SAP? Yes. Duly approved form request by Concerned officer, HoD of the business department and HoD of IT department. Refer CSL reply for Sr. No. 13 Page of

9 Critical Z Transactions Sr. No. ZTransaction 1 Purchase Proposal 2 Provisional Work Order (SB) 3 Provisional Work Order (SR) 4 Confirmatory Work Order Processing (SB) 5 Confirmatory Work Order Processing (SR) 6 CWO Arrear Process Weigh Bridge Gate Entry and gate pass Bank Guarantee Project Network Activity Report 11 Network activity upload for MLF 12 Network activity upload Report 13 Tcode for MLF/BOM/MLP Revision 14 SR: Operations Actual Quantity 15 SR: Daily Activity Operations 16 SR: Cost Estimate 1 Batch Determination 1 Test Report in Lab 1 Planned VS Actual Cost 20 SR: Cost Estimate WCC 21 SR: Invoice 22 Payment Advice Creation 23 Payment Posting 24 Medical Claims 25 Overtime Details Pending for Approval 26 Check Overtime 2 SOLUS Interface Data Transfer 2 Workmen Compensation 2 External Contract PF Processing 30 Cumulative Physical Project Status Annexure 1