21st Century Time Bandits of Accounts Payable

May 9, 2011

When I walk into an Accounts Payable department, it feels like I have almost stepped back in time, from the 21st Century to the 1990′s. Think about this – the 1990′s saw the dawn of ERP systems. Companies implemented these ERP Systems to handle amongst other things, the process of managing and paying invoices from suppliers.

Companies got large amounts of invoices, sent via the good old postal service. These lie on desks in huge piles, until some Payables clerk is ready to pick it up, put their head down and key it in. This process goes on endlessly, in many companies around the globe. Very little has changed in the last 20 years………it is as if, we got into a time machine and went back 20 years.

So a quick intro and a quick movie recommendation before we get into the content. First up, another favorite (and directed by an Ex-Monty Python actor), Time Bandits was a very original movie, all about, you guessed it, Time Travelling. It’s a really original and very entertaining movie. It’s an 8 and great for your kids.

Now a lot of people instantly say outsource Accounts Payable. To those people I say, outsource precisely what? I am a firm believer in using technology to automate certain areas. Freeing up those people to then add far more value to the Business in other areas of Accounts Payable. Too many people outsource business functions in a knee-jerk unimaginative reaction, effectively keeping the 90′s Business processes, whilst really they should be looking at new ways of working and transforming their organization with 21st century technology.

Now I sat in one Oracle OpenWorld session a few years back and listened as one company explained how they processed 1 million invoices a year, with a handful of staff in their Accounts Payable function. My company, if it had the same volume of invoices, would have needed a staff of well over twenty times that. So how did this company manage? Because they changed the way they did business. They didn’t blindly outsource 1990′s Accounts Payable business processes.

They were a 21st century Accounts Payable function whilst their competitors remained firmly in the 90′s.

This caused me to take a very good look at exactly what was the Accounts Payable function in my company processing. I’m going to go through a breakdown of exactly what went through our Accounts Payables subledger, throwing in a few ideas of what we did, what we automated and a few future directions. Hopefully it might trigger you to start questioning some of what you are doing in Accounts Payable.

I’ve been through a lot of Self Service applications in previous blogs and this blog continues to pursue this key technology with a view to automating business processes.

What struck me about my company was that our Payables unit was putting in all sorts of staff related invoices for payment to staff. Not only were they manually entering these but they were also checking all the accounting, figures, etc. Could we outsource? Why on earth would we outsource a function that had absolutely no business value to be done manually and actually shouldn’t exist asw a manual process?

Our company gave loans to staff. When a staff applied on paper, it went through massive approval processes, then finally hit the Accounts Payable for processing. We simply replaced this with an online application form. Staff applied, everything in terms of checking was automated, and we put an invoice through the AP Open Interface (already pre-approved with all the correct accounting) ready for Payment. One function of Accounts Payable removed, with over 2,500 invoices automated.

Our company gave Home Country Travel allowances. Same process as above. Staff applied on paper, massive approval processes, then finally hit Accounts Payable for processing. Online application form, pre-approval, automation, AP Open Interface, neeed I say more. 850 complicated invoices gone, completely automated.

Housing allowances. Same procedure again. Full automation. 850 complicated manual invoices gone, completely automated.

Staff go on a lot of travel given the nature of my company’s business. Same approach again. Online application, straight through Accounts Payable processing (pre-approved, proper accounting, etc). This removed 5,000 manual invoices per year for payment of travel allowances, going completely 100% automated.

Some of our staff have Payroll paid through Accounts Payable. (Don’t ask, it’s complicated). Linking our Oracle Payroll to Payables resulted in over 5,000 manual invoices being removed from Accounts Payable. A similar approach for Pensioners (don’t ask, it’s even more complicated than staff Payroll…….) removed 12,000 manual invoices.

The point is simple. We are a small company. Our company was processing manually over 30,000 invoices per year that it simply didn’t even need to process. Automation led to not only vastly reduced workload, but also 100% error free, paper free invoice processing and vastly faster and better service to our employees.

A short point to finish up. If your Accounts Payable function is being overloaded due to Employee “invoices”, do look at what can be automated by online application.

Another perfectly valid approach is to look at iExpenses to reduce the overall manual effort and avoid your Accounts Payable function (which is supposed to be processing supplier invoices) becoming swamped with Employee expenses. This is another good approach to streamlining your overall Employee Expense Management processes.

By looking very carefully at our business processes for handling Employee Expenses, we automated over 20% of our entire Accounts Payable function, removing completely the need for manual intervention.

And with that it’s definitely time for a movie recommendation. Back in the 80′s, a great movie (actually series of movies) covering time travel was Back to the Future. These are well worth a rent for the kids. A 7 out of 10. It’s so sad to see Michael J Fox, the star of these movies, battling a terrible disease when he was still relatively very young.

Moving on to the next area of Accounts Payable. Do you have any very large, very frequent suppliers? Depending on your business, a significant percentage of your Accounts Payable invoice processing may be down to a small number of suppliers. In our case this was certainly true. Let me go through the examples of how we transformed this area.

My company does a lot of travel. But we deal with two travel agents only, giving competition but also good control of our overall travel spend. We process around 10,000 travel invoices per year. Now these companies were not happy with us. Our Accounts Payable was failing to process invoices in a timely manner. Disputed items were confusing. Volumes were high. Invoices required vast amounts of checking. Vice versa we were not overly happy with them, as we found equally the Accounts Payable process very time consuming, confusing and seriously expensive.

Now our Travel process is fully automated, including bookings to these travel agencies. We asked the Travel agents, given everything is automated when staff travel, can you give us an electronic billing file? They were very keen indeed – this was going to save them a huge amount of time as they no longer needed to prepare vast quantities of paper invoices.

So look at our processing of Travel Invoices today. Two Travel agents give us a flat file monthly each. These two files are loaded and automatically matched to our Travel system. Can you imagine how much time that saves us just in reconciling an invoice to actual travel. 95% of the invoices sent are automatically matched by our automation programs. These invoices are then automatically imported using the Payables Open Interface and paid, with no intervention by our Accounts Payable department. Our processing times for these invoices have been drastically reduced (98%). Our time is spent dealing with the exceptions, not every single invoice. And the Travel Agents are happy because for the first time ever, they actually get paid on time. (And the 95% matching is a work in progress. It’s early days and we aim to hit 98% first time matching).

Next example. Our telecoms companies. Again we have two providers for competition. We have a huge number of staff with Blackberries. Every month, we receive bills for each staff, each with a different account number. Now that’s how the service providers work, so we need to deal with that. Each month, we would circulate these paper bills to staff, get the feedback, pay each invoice……………a truly dreadful process. Huge amounts of time and effort, bills were never paid on time. Service provider was unhappy. We were unhappy…..everyone was unhappy. Simple solution – service providers gave us consolidated billing files. These were uploaded and matched to staff, sent as notifications in Self Service and uploaded directly to Accounts Payable. A very complex, highly manual process, became highly automated, again with levels of matching approaching 100% with minimal human intervention. This removed 10,000 manual invoices from our Accounts Payable function. With the simple provision of two flat files that the suppliers were extremely happy to provide.

Final example. Our company, by the nature of it’s business, has an outsourced caterer, both for the staff canteen and for functions where food is provided. Our functions are very, very frequent, leading to a very large volume of invoices. Now our caterer used to prepare each invoice and send it to us. All paper based. These would then be circulated around our company, finally hit our Accounts Payable and finally be paid. We requested a monthly file from the supplier. This is then uploaded again very simply into Accounts Payable, with automated matching again approaching 100%. Again this supplier had never actually been paid on time, wasn’t too happy but accepted it as we put a lot of business their way. From our side the process was a nightmare. But with simple invoice files, monthly, manual invoices and manual checking completely disappeared. This removed more than 6,000 manual invoices per year.

We also do this with  a few of our other large service providers. They are usually all happy to work to a very similar template for the flat files they provide to us. We’ve taken over 30,000 manually entered invoices out of our Accounts Payable function. Our matching rates are above 98%, with very few of these invoices requiring manual intervention.

Simple approach. Look for the suppliers with the most invoices. Ask those suppliers if they want to reduce paper work, reduce burueacracy and get paid a lot easier. Most will say “Yes please”. Then automate.

Now we’ve not referred to Oracle’s EDI product – E-Commerce Gateway. But effectively that is what we are doing on a very simple, but very effective approach. Oracle does have a module that allows for large-scale electronic data interchange, including for Accounts Payable. EDI has been around a very long time (I remember implementing this in the 90′s for a very large customer). Now Oracle supports what are industry standard transactions, making it possible to link companies and their suppliers together using the same language, in terms of file formats/contents, etc. A few links can be found in the Reference Section relating to this. (Note Oracle provides EDI not just for Payables, but for other modules including Purchasing, Order Management and Receivables).

The use of EDI (either Oracle’s module or simple, effective home-grown EDI) can transform your Accounts Payable process.

And now another movie review. Actually I’m going to do something a little different and recommend a TV Series (although there have also been movies) for a change. Doctor Who is a TV show broadcast by the British Broadcasting Corporation. Now this show is done relatively cheaply, but always has original stories and is highly entertaining. It’s about a time traveller that travels through time and space, fighting evil aliens such as Cybermen, Daleks and other such monsters, whilst protecting the human race. He travels around using a blue British Police Box which is actually a time machine. His main enemy are the Daleks (shown below in a poster). These are robot monsters that move around on wheels taking over the galaxy, unless that Galaxy has too many stairs, as with wheels they cannot go up stairs…….Honestly, get a few DVD’s as the series are now all available. Kids will love it and adults too…….It’s a great British institution – been around since the sixties and I’d give it a 10 out of 10.

So the next option for transforming your Accounts Payables department. I’d say this is only for the large suppliers, but Oracle has an option called Payment on Receipt (ERS). The idea here is simple – you have large suppliers that provide you with goods. Now if your Shipping department (or whoever receives and accepts the goods) has checked the goods, accepted the goods, quality checked the goods and you have a validated Purchase Order, then exactly why do you then need a supplier to send you a paper invoice (or even electronic invoice) to your Payables department to process that invoice, check it again, etc. Why do you not just get Oracle ERP to create an invoice automatically? You remove vast amounts of bureacracy, vast amounts of unnecessary work and the reliability of this method trumps even EDI – this is a huge benefit to both you and the Supplier. Details can be found at the end of this blog.

Another interesting option is that Oracle can generate Invoices based on milestone payment in Services Procurement. A very similar concept to the ERS functionality, again further removing the need for manual invoices. If you have agreed to pay a supplier on a milestone, based on a deliverable, then once a manager has accepted that milestone has been achieved, an invoice can be automatically generated. (Hopefully as you read this blog, your also starting to see just how important a good Purchasing function is when it comes to Accounts Payable – one function cannot reach it’s full potential without the other also working highly efficiently).

The idea of companies still receiving paper invoices is a curious one for many areas of their business. One step better than you paying people in your company to enter invoices is for the company wanting paid to do the work for you.

Our company hires a lot of consultants. Those consultants work on contracts, to deliver certain tangible reports/studies/other pieces of work. The project manager signs off these deliverables and the consultant gets paid. Our approach to this is to provide a simple screen for the Consultants to enter their claim (very similar in many respects to iExpenses). With the consultant entering their own data, automatically validated against a contract, workflow notification for approval to their manager and then an invoice generated automatically for Payment (based on accepted deliverables), we will remove approximately 40,000 manual invoices from our Accounts Payable department.

Our other approach for more standard goods and services is the introduction of iSupplier. This module provides many facilities including suppliers entering/updating their details/views of Purchase Orders/updated shipping information, etc. One of the facilities is for the supplier to enter invoices, removing the need for your company to do so.

Next up………..how many calls and how much time do you waste talking between your Accounts Payable Department and your supplier? You don’t know because no-one ever actually records the time………..but I bet it’s significant. The average company spends a lot of time dealing with calls that are really unnecessary. “Did you receive my invoice” or “when will my invoice be paid” or “what was this payment actually for?” We’ve replaced a very large number of these calls, again by implementing iSupplier. This module gives the supplier a full end to end view from Procurement to Payment of all activities. It effectively gives a real time window into your company to the supplier, eliminating the need to inquire on invoices or payments. Invoice and payment information can be downloaded by the Supplier for easy reconciliation.

Interestingly, if your sending out Remittance advices, this can also be replaced either by iSupplier Portal or simply letting the Payments function automatically email the supplier with a detailed remittance advice slip. Every invoice we process generates a payment and every payment has an email remittance. That’s over 150,000 manual remittance advice slips that we no longer have to prepare, print, put in an envelope and send.

This has been a busy blog. Time for a break. Time for a movie recommendation. Probably one of the first and most famous stories of Time Travel was by H. G. Wells. Now his books have been made into countless movies and the most recent The Time Machine wasn’t a bad interpretation. Overall I’d say a 7 out of 10 and worth a rent, although probably not a buy.

Now I don’t need a time machine nor some weirdo Oracle prophet to predict the future of Accounts Payables departments. The future has actually been around for quite a few years already with products that can read, scan and workflow invoices, significantly streamlining and automating your Accounts Payable function. But the one I am now looking at is Oracle’s own Imaging and Process Management. So here’s my prediction. I believe this piece of middleware (bought by Oracle, as all the best stuff seems to be) will become a central pillar, not just of AP, but will be used everywhere in future versions of R12 and Oracle Fusion. If you want to get on the Fusion express train, this is one product you should be seriously looking at.

Irrespective of product, the future, already used by many visionary companies, is to be able to receive either paper invoices or scanned emailed invoices into a single shared service center. The technology is already smart enough to scan these invoices and identify the information in a reliable manner.It can also generate invoices and match those invoices. Further these products can then workflow the invoices to the correct recipient for approval.

So what else does the Oracle Prophet see in the future? Again it’s an easy question to answer, as the future is definitely already here. I’ve done a blog previously about Oracle Pre-Built analytics. Well one of the major functionalities of the Oracle Pre-Built Analytics is the Payables module. I watched Oracle install all the tools, database, populate the data warehouse with 7 years of corporate AP data – in seven hours (as a proof of concept). The dashboards were then ready to use and we could instantly gain insight into our Accounts Payable functions. All the KPI’s were there to see invoice aging, discounts given, invoices processed, methods to process, etc. This is another fabulous product from Oracle and rounds off nicely this 21st Century Accounts Payable blog. Imagine having a complete, instant view of the health of your entire Payables process, with the ability to drill down to any single transaction, or aggregate at any level or instantly see who your problem suppliers are.

Now my company made a mistake in early 2000 by decentralizing the Accounts Payable function. In many respects this was organized chaos. If I had been with my company I could have agreed with the person doing it, except then we’d both be wrong. What I’d like to see my company do next is to move to a shared service, 100% centralized function that is 100% decentralized…………yep I’ve totally lost you, but we’re back to the concept of total federated services at the point they are used using shared service centers where appropriate. The technology is there today to allow a shared service to receive and quickly scan invoices, doing most of the keying automatically. The shared service provides a centralized function for dealing with difficult invoices (ones that don’t match, ones that don’t automatically go into the system, etc). It provides a Governance, Control and Analytical function. along the lines of a standard Accounts Payable department. However once in the system, the invoices should be routed directly to those who need to approve payment. The line managers in all the various departments worldwide who actually received the goods or services. Hence you have a shared service center, but a totally federated approval process. The technology today is very much capable of supporting this process. Throw in the automation for straight through processing on as much of your Accounts Payable invoices as possible, a sprinkle or heavy serving of EDI depending on your taste, and using your time machine, you’ve arrived in the 21st Century for Accounts Payable processing.

So out of our 150,000 Payables transactions a year, we have automated (or will shortly automate) almost 120,000.  Now I make that a whopping 80% of all Accounts Payables transactions. Now the not so smart companies out there (and there are plenty of them) would have simply perhaps have  outsourced their 1990′s business process. We will have achieved 80% automation by 2012 and taken a 20 year leap in technology and business process, all within a couple of years of the initial idea being floated.

We do intend to keep plugging away at the last 20% looking at potentially automation of invoice scanning, etc using Oracle’s Image and Process Management. We do want to continue to review what isn’t going through as EDI transactions and why. We do want to see where spend is avoiding the standard procurement processes and understand why. It’s still a work in progress.

The benefits?

1. An 80% reduction in manual effort. That saves our company a fortune. Now if you count each manual invoice costs an average company between 20-40 US Dollars to process……go do the math.

2.  Decreased supplier phone inquiries significantly

3. Improved Invoice processing times (up to 98% in some instances)

4. Improved approval processing times (and in many cases automated matching removes approval completely)

5. Vastly reduced paper, paper handling and paper storage

6. Easier to see and take effective discounts

7. Ensures compliance with Payment terms, avoiding penalties

8. Improves your company image as a good company to do business with – always pays on time

9. Absolute visibility of all Payables activities and transactions

10. Easier to audit, easier to comply with SOX/etc – the scanned invoice is available directly from the ERP Transaction

It has to be said that not everything can be automated. Some countries still need the paper invoice as a legal requirement. Some invoices just won’t have anything to automate matching to. Sometimes your supplier won’t play ball on EDI. There are limitations. Accounts Payable is still a very important and critical function that needs staffed correctly. But really, any company could look to taking a significant percentage of their manual Accounts Payable and automating to some degree.

And finally a movie recommendation to finish up our Time Travelling 21st Century Time Bandits of Accounts Payable. It has to be Bill and Teds Excellent Adventure. A movie about a couple of college kids that go through time in a telephone box to complete a history assignment by collecting famous historical figures to do speeches at their review. Along the way they play games with Death and win…..a lot of fun and a 9 out of 10. It’s the sort of no brainer nonsense that I find intellectually very challenging. Definitely not a deep movie, but MOST EXCELLENT !!!!!

As I end the column I feel it appropriate to do it in the spirit of the movie Bill and Teds Excellent Adventure:

Bill –  “Be excellent to each other. “

Ted “Party on dudes !!!!”

Until next time, when we reveal the secrets of Harry Potter and the Wizards of ERP Change Management………

Further secret blogs and prophecies can be found at:

http://oracleprophet.wordpress.com

References

Below are some of the references collected as part of the research for this blog. As usual I appreciate the authors making this information available on the internet, for the benefit of everyone. Also enclosed are a few of the guides/manuals from Oracle that go into greater depth of the possibilities for improving your Accounts Payable process.

IExpense – Back to Basics

iExpenses – Ohio Valley OAUG

Oracle Internet Expenses

EDI and E-Business Suite

Oracle E-Commerce Gateway

Payment on Receipt

Oracle iSupplier

Oracle Purchasing

AP Invoice Automation – Bottomline Technologies

AP Invoice Automation – Readsoft

AP Invoice Automation – Basware

AP Invoice Automation – Kofax

Accounts Payable Invoice Automation

Oracle Imaging and Process Management

Oracle AP Automation IPM Solution

Wikipedia – Oracle Imaging and Process Management

Oracle Imaging and Process Management 11g

Accounts Payable Analytics

The Quest for the Holy Grail of R12 Patch Management

April 26, 2011

With new technological innovations, please wear 3D Glasses and Headphones for optimal experience whilst reading this blog. This represents the first ever blog to cover ERP Columns and Movie Columns, together with hot off the press exposes that Oracle Technology came from Alien UFO’s captured at Roswell, all in 3D and Dolby Sound. Popcorn and a coke are recommended.

Ensure your PC sound is turned down if in the office with no headphones.

In the time of King Arthur, legend had it there was a magical cup, a holy grail.

Whoever drank from the cup would have immortality. During the time of King Arthur, many knights embarked on dangerous quests to find this magical grail, always to fail. The question is, were those pursuing their quest searching for something, that perhaps did not actually exist?

Sometimes it feels like Oracle Patch Management is perhaps a search for the holy grail. To be able to stay current on patches, to be able to apply patches and still ensure that no adverse effects are inflicted on the Business seems an almost impossible quest. This column looks at some of the strategies that can be used, to perhaps not achieve the holy grail, but certainly move towards the holy grail of patching ERP.

Now previously some crazy oracle prophet had written about the Art of Zen Patching . Let’s be clear on this – the quest for the Holy Grail of R12 Patching is not such a zen-like endeavor. It is an arduous, painful and often disappointing journey, frought with failure, despair and danger.

And at this point I feel a movie review is appropriate.

One of the most famous movies (and one of my all time favorites EVER) covering the times of the Holy Grail has to be Excalibur. Highly recommended on DVD. A superb and very haunting movie. It is one of the most atmospheric movies I have ever seen. You just have to see it.


So the movie is about a search for something that people dream of but quite possibly doesn’t exist. It’s about human dreams that become all consuming leading people to eventual madness and despair.

For many years I have been searching for what can only be described as the Holy Grail of ERP Patching. I started off pretty sane, but as the years went on my sanity deteriorated until I started writing columns combining movie reviews and Oracle ERP tips. I tried to turn to Zen (The Art of Zen Patching), but lately, just maybe I found the Holy Grail of Patching. I uncovered this during an R12 Upgrade Quest. In the midst of battle, with patches coming out daily from Oracle (on 12.0.4) we perhaps found not a perfect grail, but certainly something that made the quest worthwhile.

As I explained in a previous column there are a few patch scenarios:

1. Security Patches, Database Patches and ATG Patches on a Production System. This column could be used for that, but I’d also recommend the Art of Zen Patching for these types of patches. These patches are generally stable (if left to others to apply first) and cause less problems from experience. Note however we HAVE had problems on each of these types of patches, so don’t underestimate the fact that the quality is better that you can be sloppy on your testing.

2. Patches that come out during an R12 Upgrade Project or need to be applied. I guess this column kind of applies, although depending on how far your upgrade is you can take a more aggressive patch approach. If you are early in an upgrade, you generally throw in the Rollup Patches or others as needed. The later in the project you are the more careful you need to be.

3. The Holy Grail of Patching refers to the approach taken for Patches on a Production System. It is like searching for the grail, a very slow and dangerous process, with little in the way of rewards.

As everyone knows Oracle has patches to fix the patches you applied. This isn’t good, because like Forest Gump, Oracle gives you a box of chocolates, and your never sure if there is something unpleasant in one of them…….Or as I say, our office coffee machine (I live in the Far East) is like an Oracle Patch. Occassionally you get a cockroach dispensed……..(and no I am not joking on this one – cockroaches like Nescafe too…….)

Our approach to the Holy Grail of Patching can be described as a highly conservative and disciplined approach, based largely on the principles of ITIL. Our primary aim is not one of speed, but of keeping our Production Systems safe and stable, to avoid major business disruption. It is a very slow and very painful process.

So let me walk you through the process (Apologies, it’s going to get a bit serious from here on in. Have a look at the Alien Technology blog if you need something lighter……Oracle Fusion finally went live in one company. Poor buggers………Although it is based on captured Alien Technology from Roswell……………so I am sure as a first release of an Oracle product quality is great as it always is……. )

The bug process starts either with the EBS Support Team (I assume you are proactively look for bugs/problems before they happen, by keeping an eye on Oracle Support Updates) or the business user reporting an incident. The Incident Management process should record the details and check if it’s a known problem or there is a workaround.

This should then be passed to your Problem Management Process, where you investigate the problem reported (DS10B-001).

You should then try to replicate the problem (DS10B-002).

If you can replicate, then it’s time to log on to My Oracle Support (DS10B-006). (I’ll slowly introduce some ITIL Terminology into this column. ITIL is a framework to manage IT Systems and it’s very, very good indeed, applicable not only to ERP but to any IT activities. If it was a movie I’d give it a 10 out of 10, but it’s a bunch of great books that can be found here. Introducing these ITIL concepts can seriously improve your service to your ERP users.

And onto another movie review. It has to be Monty Python and the Holy Grail. This is about as British as humor gets. A great movie and very, very original. It’s a 9. Get it on DVD.

On My Oracle Support you should check for similar bugs. It’s a great database and no doubt someone else has hit your bug before you (unless you are one of the suckers to take an early release).

You’ll get to one of two points here. You’ll either identify a patch (which may have pre-reqs) or you’ll come up blank. Lets deal with the second point.

If there is no patch (and don’t be lazy not bothering to look) then raise a Service Request (DS10B-012). Now Oracle’s game isn’t necessarily to help you fix the problem………..Typically responses are as follows, but we suggest you counter-act these by using phrases from the movie Monty Python and the Holy Grail. Assuming Oracle Support doesn’t hang up, this will certainly be a tactic they have not seen from other companies………..

Oracle Support – Good Morning. How can I help?

You – “Go and tell your master that we have been charged by God with a sacred quest.”

Oracle Support – We’re very sorry to hear that.

You – “Everytime I try to talk to someone it’s ‘sorry’ this and ‘forgive me’ that and ‘I’m not worthy’!”

Oracle Support – Sorry Sir, could you explain the problem with your system?

You – “Come and see the violence inherent in the system!”

(We recommend you explain the problem, maintaining the Monty Python style and English accent – pretend you are an old English queen)

Oracle Support – That’s standard functionality Sir. The accounting on the Payables isn’t supposed to do proper exchange rate variance calculations, otherwise your General Ledger would be correct for the 30M Dollars you spent on Oracle. Now that sounds perfectly plausible, doesn’t it Sir?

You – “Your mother was a hamster and your father smelled of elderberries.”

Oracle Support – Sorry Sir, let me just check (By this point Oracle Support is a little concerned)

Oracle Support – Ah, it’s a known bug. It’s in development………..should be out in six months…….

You – “I’ll bite your legs off!”

Oracle Support – Wait Sir, Wait Sir, let me check. I’ll check again. You need to go to R12.0.6 (By this time the support person is probably thinking “nutcase on the phone, better help him quick”……)

You – “Jesus Christ!”

Oracle Support – This small patch will definitely fix your problem !!!! (Now Oracle Support knows this has nothing to do with your problem but ask you to apply it anyway just so you get off the phone and they can close the call………)

You – “Pull the other one!”

Oracle Support – OK we suggest you apply the latest Rollup Patch

You – “I fart in your general direction.”

Oracle Support – OK how about this patch, which has 300M of Pre-Requisites. That will do right?

You – “Aaarrrggghhh!”

Oracle Support – What about a one off patch that no-one else has that will trash your system and is cobbled together by our developer?

You – “You tiny-brained wipers of other people’s bottoms!”

Oracle Support – But we’ll need to spend 4 weeks of burueacracy giving you a hard time to justify our development team doing this for you, even though it’s a serious bug we should fix……..

You – “You can’t expect to wield supreme executive power just ’cause some watery tart threw a sword at you.”

Oracle Support – Wait I’ve actually done my job and found a correct patch………

You – “I feel happy!”

A very Monty Python approach, but every scenario above represents some actual conversations with Oracle Support……(bar the Monty Python quotes – I normally pretend to be Harry Potter when talking to Oracle Support).

They may also pretend it’s a problem for another team (e.g. AP blamed the SLA Team and vice versa) or point to the good old technology stack components or database components. Common tactics by Oracle Support.

There’s a very serious point to the above. It shows the strategies that Oracle Support uses against you when it comes to patches. Your end game with Oracle Support is to get you to the minimum patches required to fix your problem. You and Oracle have very different aims sometimes (Oracle’s current aim is to move everyone onto minimum of 12.0.6…..), so you have to be very careful in how you manage the Oracle Support Analyst because that seriously affects your patch outcome and therefore testing work and eventual risk to your system.

And it’s got to be time for a movie review. This is another favourite Indiana Jones and the Last Crusade. Great movie for all the family. It’s a 9 out of 10 and keeps our Grail movie theme moving along nicely. This makes me feel old, because when the first Indiana Jones movie came out I was 10. Now Indiana Jones (Harrisson Ford) is a pensioner…….

So you’ve got that patch sitting on your server waiting to be applied. Do you feel lucky punk? You’ve reached DS10B-016 in the Patch Management Process.

A quick excerpt from a previous conversation I had with a person in one company:

Techie Guy -We need to apply the payment patches this weekend.

Oracle Prophet – Why?

Techie Guy – My manager told me to

Oracle Prophet – What did he say?

Techie Guy -“If it’s not done by sunrise, I’ll cut your balls off.”

Techie Guy – So we had real problems with the application of patches in a Test System that knocked out all Payment functionality.

Oracle Prophet – So you’ve never had a clean run of applying this patch?

Techie Guy – No, that’s right. Never been applied correctly in any test system. (Stated not with concern, but an unbelievable stupidness that is rarely found). So can we go ahead and apply it in Production this weekend?

Oracle Prophet – “I’ve got no option but to sell you all for scientific experiments.”

This was a true conversation of one person considering applying patches that he had never gotten to work during a testing phase…..to our Global Payments Systems……….truly a new way of testing patches. “Yep it didn’t work in any test environments, but maybe it will behave differently in Production when we apply……….”.

Our first step for Patch Application is normally to look at the size of the patch. Now a lot of people say size does not matter – many woman beg to differ. In this case, the smaller the better – the patch I mean. It gives an indication of just how many objects it’s going to hit potentially. Not scientific but a quick check gives a reasonable impact assessment. However……….

Applying patches is about a horrible and painful quest with little reward. But going back to King Arthur the Oracle Prophet recommends you seek a mystical wizard. Yep, your thinking I’ve lost the plot again on this one………..Just trust me. Go into your Manager, now obviously your credibility is shot to pieces after suggesting using the Art of Zen on corporate systems. Obviously he thinks you are a bit mental after suggesting using captured alien technology for deployments of ERP customizations.

But trust me, when you tell him you should seek out a mystical wizard to improve patching, you will truly have made those other suggestions look almost coherent………

So King Arthur had Merlin as his wizard. On your quest, we suggest that you take a look at the Patch Wizard from Oracle. (I surpass myself in corny literally prose this time……..)

Oracle has had a Patch Wizard for a considerable amount of time. I am not here to teach you all there is in this (see the excellent authors at the end of this column). I am here to raise awareness of these tools, what they do and how they fit into the Holy Grail of R12 Patching. The Patch Wizard can be found under the System Administrator Responsibility.

Once we have assessed the patch size, read me, etc, we normally try to apply the patch on a temporary database (we usually have one we can apply on). (We’re now on DS10B-007 in the Process Chart previously).

The Patch Screens below are a very useful impact assessment tool. Now size isn’t always an indication of how satisfying the patch will be for you………After applying the patch, bring up the Applied Patch screen and query the patch applied.

So a patch may be 300M. But it may not apply many files, if your patch levels are already recent.

Looking at the files copied and Action Summary will give you a very good idea of just how satisfying that big patch has been for you.

If a patch shows that it is replacing database objects, forms, etc then it certainly has had potentially an impact on your system.

We’ve faced large patches, but when looking at the files applied, we may only end up with a handful of files. This allows us to then use our technical guys to put a reasonable assessment on roughly what we have to test.

With an idea of what we have to test, we can now draw up a reasonable test plan for the patch. Without the patch screens we would be looking at guessing the best approach to testing. Now it is not easy to work out from the files exactly what to test – you need to be careful in that respect.

Now a message to Oracle. Why don’t you enhance the Patch Wizard to do a mapping between code files and Functionality. This would allow Functional Users/Support Teams to far more easily assess the patches, then draw up a far more accurate test plan. This would be an excellent enhancement for Patch Management for companies globally.

One of the problems with patches is where they overwrite your customizations (customizaton by modification). I suggest that where you modify shipped Oracle code to make new customizations, you record these in the appcust.txt file. To quote the manual “Oracle Applications uses this file during patch processes to generate warning messages that customizations are being overwritten or may need to be replaced after the patch”. It’s a handy tip. A missed customization that is overwritten by a patch can cause immense damage later……….

Our approach to testing patches is comprehensive.

We apply the patch onto a DBA Instance. (Step DS10B-008). This lets the DBA’s check the pre-reqs, make sure the patch applies cleanly, makes sure objects are not invalidated, etc. We then do a very quick sanity test.

We apply the patch onto a PTH Instance. (Step DS10B-009). Our test here is not thorough, but gives us confidence that the patch has fixed the problem and does not break any other key functionality.

We apply the patch onto a DEV Instance. (Step DS10B-010). Testing becomes more thorough at this point from our internal team. (Make sure it is a clean DEV instance, else use another clean environment). Once complete by our IT ERP Team, we release the Patch to our users.

We also test critical functionality when applying a patch. The drop dead functionality such as entering an invoice and paying. We also do an end to end around the patch when necessary (e.g. a quick cycle through procure to pay). Testing patches well in the IT area of ERP ensures quality patches are delivered to the Business. The messy dealings with Oracle and cycle of patches to fix patches is kept out of the Business Users view, as sometimes this could undermine confidence in the patches themselves otherwise.

We apply the patch onto a TST Instance. (Step DS10B-011). Our users then independently test this patch, using their own test plan and test cases. Keeping the testing independent (separate IT and Business Testing) gives more chance of any issues with the patch being caught.

For testing patches, we have suites of comprehensive test scripts/test plans across our application. We built these up as part of our previous R11 and then R12 Upgrade. This allows us to test our scenarios easily and quickly. It also covers integration to other systems. With freehand testing, formal test script usage, business user testing and IT Testing, we avoid mistakes.

With sign-off from the Business Users (DS10B-018), the patch is passed to our Release Management process for scheduling into Production.

With the use of the Patch Wizard and Patch Screens in R12, our testing becomes much more targeted, minimizing testing effort but re-utilizing our test script library selectively.

By having multiple databases with multiple testing cycles from both business and IT, our testing becomes much safer, reducing risk of a bad patch reaching production. It also protects other environments including your Development and Test Instances. You wouldn’t want to wreck these with a bad patch usually.

There are a few options we are looking at to further improve our Patch Management:

We are looking at Oracle Configuration Manager as a potential to alert us to patches that need to be applied, moving to a more proactive patch management policy.

We are looking at Testing Automation. Our preference is the HP Tools with pre-built testing scripts for ERP, but we know there is a huge amount of work before we could get to proper automation. Oracle also has a Testing Tool, but I still prefer HP’s to be honest. Automated Testing does seem to be the holy grail eventually – to be able to press a button at 5:00PM, have all the test scripts executed and come in at 8:00AM and see the results really is something that I think companies should aim for. However it’s expensive, difficult and often a huge failure when companies try to do this.

Finally we just bought Oracle RUEI. I have written about this in the past. It is a support revolution. We can now see the errors that users are encountering, the system performance that they are experiencing and so much more. Again it’s a move to a much more proactive incident/problem management. It even has an option to playback user errors. As said no more having a helpdesk asking “And what step did you do next. What data did you enter, blah, blah, blah and failing to take the right information for the Support Analysts”. It has pre-built integration into ERP and Oracle had this up and running for us in a matter of days. It even works with our custom modules……… I’d recommend this product to anyone running ERP. It’s a super product, quite revolutionary in terms of support.

And the final movie recommendation. Dan Brown’s Da Vinci Code. I read the book (also highly recommended) on a long haul flight to the Far East. Then I watched the movie on the TV a few years later. The movie is pretty interesting and I’d say it’s an 8.

Personally I always thought Mona Lisa looked absolutely miserable……

But Dan Brown’s book caused a huge amount of controversy. It’s a full circle from where I started the column. Many looked for the holy grail yet never found it. Dan Brown’s book was based on the premise that the Grail wasn’t really an object, but the grail was actually a person.

I’d say that to find a Holy Grail of ERP patching isn’t perhaps looking for an object or a magic bullet. I’d say that the Holy Grail of ERP Patching is also, actually a person. A person that puts in place the strong processes, controls and procedures, whilst thinking smart to reduce the work to enable a safe and reasonable patching strategy that supports the business goals. That is the true Holy Grail of ERP patching.

One last question – why are you wearing those 3D Glasses? You look pretty stupid in those in the office, given this is just an ordinary web page……..

And to end on an equally silly Monty Python note:

Woman -”He’s the Messiah !!!!”

Oracle Prophet – “I am not the Messiah!”

Man – “He’s not the Messiah. He’s a very naughty boy.”

Until next time when we look at R12 Patching – Friday 13th – A Horror Movie Special.

Further secret blogs and prophecies can be found at:

http://oracleprophet.wordpress.com

References

This column was based on some very hard-won experience. However other parts of this column came from research from generous authors in the Oracle Community. Below are some excellent articles that further shine light on the difficult process of Patching ERP safely.

Oracle E-Business Suite Patch Wizard – Path to Less Errors

Release 12 eBusiness Suite Codelines, Codelevels and PatchWizard

The 11i Patch Wizard

Managing R12 EBS

Tips and Tricks for Patching R12 EBS

Best Practises for Patching and Maintaining EBS R12

Real User Experience Insight

Star Wars Episode IV: A New Hope – R12 Self Service Jedis

April 14, 2011

Now I can’t do the scrolling Yellow Text and the famous Star Wars fanfare, but I reckon most people will have already got the Star Wars theme for this blog. The force is obviously strong in you.

There is a serious disturbance in the force across the corporate Galaxy. Have you ever thought that your company is built up of numerous Sith Lords, all wanting to basically build a Galactic Empire of epic proportions, with no relevance to the goals of your Business.

Think of it this way. Each of those Empires is building deathstars 0f immense power over decades. Each of these wields terrible power across your company reaching to every corner of your corporate universe. At the head of these powerful empires are your typical Darth Vaders, Darth Sidius’s and other villains that steal the lifeblood from your company and quash any rebellions against them with absolute force.

However despite the absolute power, in our galactic quadrant, a small group of Rebels started a rebellion with a view to wipe out the tyranny of the Evil Empires and bring freedom to the corporate galaxy. These few were the R12 Self Service Jedis. Or perhaps you’re a Princess Leia wanna-be? (If you’re a guy and a Princess Leia wanna-be then I’d certainly find you a little strange in a long flowing white dress, but each to their own……)

So what better way to start with than a movie  recommendation. It has to be Star Wars Episode IV: A New Hope. This was a truly cutting edge movie (which a top movie critic in the UK stated was “rubbish” at the time of release – there was a truly epic screw-up……..). Well Star Wars was the thing of dreams for millions of kids (and adults) and continues to be to this very day. It’s a 10 out of 10 movie and you should buy it on DVD.

In 2001, our company built an ERP deathstar providing the various Empires powerful facilities that did everything to consolidate their power. Bar one item. Included in this deathstar was one area that could, maybe just could, undermine the Empire. There was a small part of Oracle ERP dedicated to the galactic citizens. This allowed galactic citizens to check Galactic HR records for:

Payslip

Staff Receivables (*)

Pension (*)

Company Savings Scheme (*)

Bank Account designated for Payroll

Personal Information

Staff Information

Education

(*) Indicates custom Screens we have written in OA Framework

What is interesting is that many of the above screens are pure standard functionality. Easily and very quickly enabled across the entire Galactic Empire.

Enabling the simple Staff Information gives your staff access to Employment, Salary, Performance, Training and Job Applications with a simple addition to a menu. (The screen has most of the data removed for privacy reasons).

Now perhaps you are thinking big-deal, who cares about Payslips. Well we have 2500 staff across 27 Galaxies each requiring a Payslip twice per month of 3 pages. We also have 1,000 Pensioners requiring a Payslip across 66 Galaxies. That’s over 200,000 pieces of paper that have to be printed, put in an envelope, sent to the various far flung corners of the galaxy and all that costs a huge amount of time, money and bureaucracy. Putting a Payslip online (and have it populated as a natural part of Payroll) wipes out this pointless costly burueacracy in one swift action. Start to consider the effect for a Galactic Corporation of 25,000 employees, or 50,000 employees. The savings year after year after year are immense. Not to mention that online Payslips are delivered at the speed of light, being available seconds after Payroll is completed.

(As above all the key information has been removed for privacy reason, i.e. my privacy……. although as can be seen last month I cleared 34 cents – it was better than usual :-)

For 30 years this Payroll Empire outpost had created tyranny and bureaucracy by making citizens beg for key information that was held on the Empire’s central computers. This functionality brought a small part of freedom to the citizens in this far flung quadrant.  However the Jedis from the Oracle Corporation sect quickly left in 2001 as these were mercenaries, who would only stay whilst the galactic credits kept flowing. After that the Galactic Empire’s consolidated their power, insisting each citizen continue to file vast quantities of paper with no specific purpose.

Our journey to restore freedom to our corporate Galaxy fighting against the Empire began on the small planet of Tatooine some 6 years ago back in 2005. Surveying the corporate galaxy the Jedi’s looked for areas of maximum gain where an attack would carry minimum cost and risk.

The Empire ran a facility to give Loans to Galactic Citizens (Employees). The loans were ironically managed by an army of Galactic clones that actually managed the loans and deductions to Payroll MANUALLY using spreadsheets. There was no risk on this, given they were TRIPLED CHECKED, leading to even more clones.

The Jedi’s reviewed this facility. A citizen could loan based on their Galactic Salary and length of service to their company. The Jedi’s checked and  they could get this information from the HR System. A citizen could request for a loan to be paid into their Bank Account. This could also be found in the Payroll/Payables system. The Loan could be paid using Accounts Payable and R12 Payments modules. Finally Loan interest was deducted each month from the citizens Payroll. Check – The Jedi’s could do this through 100% automation.

So exactly what were these clones doing that they demanded citizens to fill out reams of paper, have it checked in 6 separate Empire facilities shuffling paper between each, wait for weeks or months for the approval, then finally pay the loan. This was Galactic madness, purely to justify the Empire’s existence.

With a simple OA Framework screen linked to the Empire’s Accounts Payable facility, the Jedi’s managed to remove the Empire’s clone army in a six month operation. Citizens would apply for a Loan with a few clicks of a Self Service screen. This sent an invoice to Payables (pre-approved) and fed through to R12 Payments, then through SWIFT to the citizens Bank Account. The end to end application process moved from 2 weeks to 2 minutes, with no Empire intervention.

The second part of this sytem, the Loan Engine created by the Jedi’s plugged into the Empire’s computers and automatically removed the correct interest each month from the citizen’s Payroll, with no Empire intervention from clones. The Loan Deduction fed through automatically to the Self Service Payslip.

This system now processes over 4,000 Employee Loans every year. Imagine the manual work that was done before this Self Service System was deployed.

Given this was the first attack on the Empire, everything was automated, except for the R12 Payments module, which still required manual runs of the Payment Cycle Programs in R12 Payments. The Jedi’s were careful about picking full scale battles with the much feared Sith Lord Dollarius at this early stage in case the Empire became aware of the serious challenge that was growing within. A key tactic in the Jedi Wars to bring the freedom of Self Service to the Corporate Galaxy was to carefully choose their battles, delivering quick wins, at limited cost and risk.

(Again the screen is censored, but normally you could see the Loan amounts you can borrow, current loans, etc)

The next obvious move was to take out an Empire facility that did nothing but produce Certificates for Citizens. These Certificates could be for Employment, Salary, Wages, Tax and many more. Staff used ancient technology from the days of the Old Republic to fill out Old Republic Excel sheets and sign, and send to the Empire Central Processing Facility. The Empire demanded citizens wait two weeks for their own information, whilst armies of Empire Drones ran reports, got the information, sent memos to other facilities, got returned information from said facilities, cut and paste a variety of sources into an Old Republic Excel or Word document, checked the information and waited for the return of Darth Vader, the feared Head of the HR Facility to physically sign. This was the information tyranny that was feared throughout the corporate galaxy, draining desperately needed funds from well run Republic planets to fund an army of mindless Empire drones in bureaucracy.

With the plans from Princess Leia to the facilities HRMS System, the Jedi’s worked out that a small custom system to access this could be used by the citizens of the Old Republic to access their own information, removing the need for the endless army of Empire clones.

“There is something very wrong when it takes so long to get your own information from the Empire”

Obi Wan Kenobi

With a small OA Framework screen, loading of electronically scanned signatures and a little bit of BI Publisher force, the Jedi’s slashed through the endless bureaucracy of the Empire. The Empire’s Darth Attornius questioned the validity of scanned signatures, but traders and governments throughout the Empire readily accepted these, allowing citizens to apply easily for Bank Accounts, Tax Refunds and all manner of other necessities.

A signed (scanned) certificate with the citizen’s own information could be generated within seconds by the citizen themselves simply by selecting the certificate type in a Self Service screen, pressing a button and waiting a few seconds for a PDF file to be generated, with a scanned signature attached. Imagine a process that involved many people, many departments and took weeks to deliver information that citizens often needed quickly. Imagine that process where absolutely no-one was required, the citizen pressed a button and got what they needed within 5 seconds. That was the power of the Jedi Self Service.

Another small Empire outpost fell without a fight to the R12 Self Service Jedis.

In 2006, the year we launched this Self Service feature, we had 2,500 Certificates created. By 2010 that had grown to over 6,000. (For a company of 2,500 people).

This could be delivered by any small Jedi strike team in a very short period of time at minimal cost. Scale this up to a global entity of 50,000 and savings are immense. The other immediate payback is a lot of very happy citizens who get what they need in seconds.

(Note there are confirmed rumors that the Jedi Sect from Oracle Corporation has provided Certificates in R12 which the Empire and most Jedis are unaware of. See Employment Verification in Oracle Self-Service Human Resources Deploy Self-Service Capability Guide (Part B31648-03)

This short episode outlined the initial skirmishes with the Empire, mostly which went to plan, to deliver the initial foundations of Self Service functionality and freedom to the Corporate Galaxy with rapid ROI.

The R12 Self Service Jedi’s will continue with Episode V – The Empire Strikes back shortly…….

Further Prophecies can be found at http://oracleprophet.wordpress.com

Global Thermonuclear War – The New Oracle R12 Feature

January 18, 2011

This column will be short and sweet, explaining how someone can launch Global Thermonuclear War on you, completely wiping you out. Nice topic and not any jokes this month I’m afraid for such a serious subject. Of course the movie reviews will still be included, otherwise I’d lose my rating of the only combined Oracle ERP and Movie Rating Column on the Web……….

Now Oracle ERP has grown immensely over the years, adding module after module. Perhaps this column is about a new module that controls nuclear missiles? Computers (and Oracle ERP these days) seems to control everything else but thankfully Oracle hasn’t quite got to the point of having a module to do this. Worrying if they ever did, given the number of bugs in the early R12′s.

Oracle Support: Good morning. Can I help you?

User: Yes, we implemented Oracle’s Global Nuclear Missile Control module in Fusion Apps and it’s launched a nuclear missile accidentally against a large city that will kill millions in two minutes from now.”

Oracle Support: Yes, that’s a known bug. We will work on a patch and get back to you in a few days.

User: The missile will hit in two minutes. We need to escalate.

Oracle Support: We’ll have the duty manager phone you within 3 hours. Goodbye.

Ironically we’ve had a few Severity One Service Requests that make this conversation horribly familiar………

But what would happen if a hacker managed to get into your ERP system? Access to your Payroll. Access to your Financial results. Access to your HRMS System. Access to Payments. Imagine a hacker being INSIDE your system. Have a look at the column R12 and the Auditors from Mars. That will give you an idea of the horrible consequences of someone being inside your systems………..

Which brings us nicely to a movie recommendation. A hacker inside the system? It has to be the original Tron which I would give 9 out of 10 for it’s vision, way ahead of it’s time. The more recent version was OK, but lacked something I felt. But still worth seeing.

Now to get down to the serious business.  R12 did have a rather nasty payload, of thermonuclear proportions. I don’t normally write (or disclose) hacking vulnerabilities, but given this is already out on the web and represents a serious threat to you, I thought it now appropriate to warn everyone about what is a real global thermonuclear device, just waiting to go off in your ERP System with potentially catastrophic results.

In R12 a JSP file was shipped – jtfwcpnt.jsp. This JSP takes a query that executes against your database opening you up to SQL Injection based attacks………..Now let me see if I had access to an ERP Database as a hacker where would I want to start…….??????

I am not going to go into the details of how this is exploited, but you should strongly check if this file is used and then remove it if not. This warning is applicable for anyone who is using products such as iRecruitment, iSupplier or other DMZ based products in R12. (although an internal attack could equally be done).

This vulnerability seems to be across all R12 releases judging by other reports on the web. (We’re currently upgrading R12.1.3 and will be checking this also shortly).

This file represents a very serious risk to your entire ERP and therefore to your company

And to end this rather serious column, we need a movie recommendation. Well that has to be the original War Games movie. A great story from 1983 and decades ahead of it’s time. It’s all about how computers controlling everything internally are accessed from external sources to almost start a nuclear war. For me given it’s relevant 30 years later, it’s a 9 out of 10.

There’s quite a number of very serious points to this column.

We have to wonder what Oracle was doing shipping stuff like this, whilst busily shipping security patches quarterly. I am just utterly stunned this ever got out as part of the shipped R12 product.

I’d also suggest that companies start looking very seriously at security of their ERP, especially those running products in the DMZ.

Review the papers on Metalink on the best practises for DMZ. Review Steven Chan’s column as there is always great information, but most of all, out of this learning experience, google regularly for security vulnerabilities on the web about R12 or R11 – I know most people don’t do this, which is why I published this vulnerability in this column. Solution Beacon also provides some good security information. Also make sure you have decent firewalls (Oracle has released a new product just recently) and software to protect against SQL Injection and other similar attacks.

Also do keep your ATG and Quarterly Security patches up to date. I know how difficult that is, but it is critical. (A previous security patch closed a hole in iRecruitment that could be exploited from outside). See R12 Patching and the Art of Zen for an approach that makes this less painful.

Security is very much a multi-layered approach and your ERP needs heavy protection like any other corporate system. (and arguably even heavier than most).

The hacking days of Windows and Internet trojans will continue as they have done for many years, but there’s a new age of hacking dawning and there is a real awareness from hackers on other areas, and that now includes ERP Systems such as SAP and Oracle.

This is a real wake-up call in terms of security with ERP and I hope that everyone really starts looking at ERP security as a priority in their companies, over and above anything else.

The dawn of the ERP Hacking Wars is beginning……

Further Prophecies can be found at http://oracleprophet.wordpress.com

The Oracle Grinch Who Stole the R12 Christmas

December 30, 2010

Every Who Down in Whoville Liked Christmas a lot…
But the Grinch, Who lived just north of Whoville, Did NOT!
The Grinch hated Christmas! The whole Christmas season!
Now, please don’t ask why. No one quite knows the reason.
It could be his head wasn’t screwed on just right.
It could be, perhaps, that his shoes were too tight.
But I think that the most likely reason of all,
May have been that his heart was two sizes too small.
Whatever the reason, His heart or his shoes,
He stood there on Christmas Eve, hating the Whos,
Staring down from his cave with a sour, Grinchy frown,
At the warm lighted windows below in their town.

The Grinch was a particularly mean spirited creature, who’s prime aim was to make sure that everyone had a very miserable holiday season.

This will be a short but important column for the “Heroes of R12″, the companies that adopted R12 early, took all the pain and whom Oracle even honored as the best R12 Upgrade sites. To all those companies that took the encouragement from Oracle to upgrade early to R12.  Or to the 95% of companies that didn’t, the suckers that found out all the bugs.

Now every knows the story of the Grinch that hated all things Christmas.

Well as much as I love Steven Chan’s columns, Oracle gave a nasty Christmas surprise for all those R12 early adopters.

From 2012, February 1st, Oracle R12 will move from Premier to Extended Support. Great no problem, as Oracle has always kept extended support for all those on the relatively new versions such as 12.03, 12.04, 12.05 (OK not totally recent but still on recent releases than most companies)

Unfortunately as with R11, Oracle has now added a particularly Grinch like clause onto R12 Extended Support…….

“To be eligible for Extended Support, [EBS 12.0] customers will need to have applied at minimum the 12.0.6 Release Update Pack (Note ID 743368.1) and the Financials CPC July 2009 (Note ID 557869.1).   Additional minimum requirements for Oracle E-Business Suite Release 12.0 have not been finalized yet. “

So your options?

Upgrade to 12.0.6, but that’s going to be a significant upgrade to do, so may as well go to 12.1.3.

Upgrade to 12.1.3 (which is the most sensible, or 12.1.4 if it comes out in Q1/Q2 2011)

Or take your chances of not getting support (sure I fancy that one as I still have accounting issues and AP transactions getting stuck so no support will leave me in real trouble, but applying patches is massively risky and my users will scream at another upgrade in a 2-3 year time span).

Anyway the full story is here (and don’t blame Steven, he’s just the messenger), but I can’t help but feeling that Oracle has really screwed those early customers that made R12 the success and stable product that it now is.

Head’s Up – Preparing for E-Business Suite 12.0 Extended Support

If there’s a Grinch this Christmas, it’s definitely sitting in Oracle HQ, Redwood Shores and it’s delivered a very nasty Christmas present indeed to R12 early adoptors.

That gives you 13 months to get off R12.01-12.05 and move to R12.1.3. That’s not long to get the funding, get the support, get the project running, deliver it to users, through UAT and into Production.

And for the movie recommendation? I’m afraid I can’t recommend the Grinch (movie poster below). Sorry, but it sucks. On the plus side there were some good movies this holiday season including Harry Potter and the Deathly Hallows Part 1, Narnia – The Voyage of the Dawn Treader and Tron was kind of average. The Little Fockers is coming out and the same words come to mind to describe my thoughts on R12 Support and Oracle……….

And on that note, I’d just like to wish everyone all the very best in 2011. I hope it is a successful and prosperous year, for all those doing R12 Upgrades (and perhaps a few Fusion Apps implementations).

 

 

R12 Deployment using Captured Alien Technology from Roswell

December 26, 2010

On June 13th 1947, residents of Roswell reported seeing bright lights in the sky, moving at remarkable speed and then a huge explosion. 1947. The next day Mac Brazel found the crash site, and the biggest coverup in human history began. Today I am pleased to reveal a WORLD EXCLUSIVE of what really happened and how that technology worked it’s way into Oracle technology you use today. I promise with all the thousands of Oracle blogs on the internet, you will read this nowhere else……..

The crashed  UFO was taken to Area 51 (the photo above was smuggled out and is 100% genuine we believe)  and housed in a large top secret highly restricted warehouse. For over two decades scientists tried to break into the UFO’s computers with no success. From this 200 million dollar research program funded by the US Taxpayers, the only success was the discovery from the UFO of how to make non-stick frying pans. It was at this point during the famous alien autopsy that scientists also found out that the famous grey aliens keep their brains in their ass, explaining their relatively low intelligence compared with the sentinel aliens. Further there is strong evidence that a recent US President was indeed an alien, as many stated “he had his brains in his ass”.

At the same time, a bright but underachieving student named Larry Ellison, was flunking university with some style. In 1964 the government inadvertently invited Chicago students (including Larry) to the highly secure, non-existent area 51 for a field trip (Normally intruders are shot on sight but a clerical error led to 100 students, including those with far-left tendencies to be invited in). During this field trip, as the scientists were showing the non-stick frying pans Larry lost interest and wandered off, stumbling on the UFO (shown above in the 100% genuine photo). He started to mess around with the UFO computer and stumbled upon tape drives, which the 200 Million dollar research program scientists did not understand just what these were for almost twenty years. Luckily Larry had 20 large 10 inch tapes with him and he downloaded the entire UFO software. As he walked out Larry thought the game was up as security stopped him. “Do you need a hand with those tapes young man?” said the security guards. The kind guards got these dropped off at Larry’s house from the highly classified, non-existent area 51 site.

Larry spent the next ten years working out exactly how aliens were using advanced software technology using these tapes, before formally starting Oracle in 1977.

The truth is that Oracle software is based on alien technology

Now using alien technology was not all plain sailing (Larry can you stop spending so much on this sailing stuff - great pun and literally transition eh? – and start paying more in dividends….???). When Larry used alien technology to create Oracle Apps 10.7SC he did not realize that the aliens had tried this exact same strategy on their home planet of Ursula Minor Quadrant 5 with an ERP product called Grey Apps SC (note the naming similiarity) and everyone was laughing at how crap it was………The same thing happened here on earth to Larry’s home grown 10.7SC version. Larry eventually apologized for this ERP Release.

However the Oracle Database, ERP and now Fusion (even sounds alien) can now be revealed as being based on the software from the captured UFO in Roswell. And of course with such software, other vendors such as IBM and SAP (that 2 Billion dollar fine must sure have hurt), offering vastly inferior software are doomed….you may as well sell their shares now. It’s interesting to note it took a team of Oracle scientists a further 20 years to break the alien tapes for Fusion software. Oracle claims to have thousands of people working on this but this is just disinformation. Think about how little information is out there. Why is Oracle so secretive on Fusion Apps? When it does come out look for the alien code, that has not been taken out amongst the 50 million lines of source code.

Fusion Apps was delayed because Oracle couldn’t break the alien code. Fusion Apps is actually being developed not by a team of thousands as Oracle claim, but by a single programmer named Steve in his bedroom using the captured alien technology from Roswell.

And I feel a movie recommendation coming on. So captured alien technology that humans then re-engineer for their own ends? Well this one absolutely fits the bill. Terminator was a classic (as were all the Terminator movies) and they score a 10 out of 10. All are great movies to rent or buy.

Interestingly the new Exadata is similiary based on blueprints from those tapes. When you turn one of these Exadata servers on it uses less power than a lightbulb (it has alien fusion power sources and chips and a special plug from Home Depot). When you turn on the IBM servers with the same performance, all the lights in New York go out as it drains the power grid (allegedly according to a guy I talked to in a bar at 2:00AM. The lights of the bar went out and that’s when he stated someone turned on the IBM server again……..). It’s pretty conclusive proof of the use of captured alien technology from Roswell.

At this point I’d just like to say I don’t believe in conspiracy theories, or alien abductions, etc. So if you’re some UFO nut that stumbled on this column and think this is all true, please don’t stalk me for photos and email me for further stories, as I’ve got good lawyers and I’ll take out a restraining order on you……..Now onto the serious business of the column – Teleportation. (Your thinking I’ve really lost the plot today right? Stay with me on this one for one more paragraph)

Look at the definition of teleportation. It breaks down physical structures and moves them from one place to another. I’d like to claim the Nobel Science prize for showing we already have this today and finally get to the point of today’s column (some are happy because they get hopefully useful information after reading like 10 pages of crap, others probably think here come the boring stuff and it was amazing Oracle based all their products on captured Alien Technology….we suggest those people get a life…….). Don’t worry, I’ll try to keep it interesting as I’ve absolutely got to do some sci-fi movie recommendations given the title of this column right?

So the topic for today is migration of all your R12 setup, customiztions, etc. (Well think about it. You take physical information, sitting on a disk, transfer it over a network which might even be some fibre optics channel, so actually converting physical info to light…..now that is super advanced ….. and then reconstruct on the other disk. Now that’s the very definition of teleportation).

Now there are two approaches. Either you manually do this (and risk all the screw ups) or you use teleportation. I’d love to see your bosses face as two weeks ago you were telling him of Zen Patching (See the article on the Art of Zen Patching) and today in your management meeting when you are asked how to solve deployment issues you suggest TELEPORTATION with a straight face, which you got from some guy called the Oracle Prophet on the web…….

When you do an Oracle implementation, or an Upgrade, or a new module or a single project or even a simple customization, there is potentially a lot of information that needs teleported. I wonder how many people have been fired as a result of my columns so far……

So today is a high level overview of the options you have to safely move the various components around your R12 instances with the minimum of fuss and the minimum risk. This is going to be a handy column for all those doing an R12 Upgrade in 2011 (given Premium Support has ended and R11 Support is dependent on some nasty small print of applying minimum patch levels…….)

FNDLOAD

Lets start with one which I hope just about everyone knows. FNDLOAD. Now this has been around since the first aliens came down and built the Pyramids……..So to quote Oracle Oracle Applications System Administrator’s Guide – Configuration Manual:

“The Generic Loader can download data from an application entity into a portable, editable text file”. How cool is that? You can download lots of your setup and edit it, giving you the ideal opportunity to screw things up bigtime.

But FNDLOAD is an amazing utility. With a single command line you can download an incredible array of setup including:

Applications

Attachment Setup

Concurrent Program Executables

Concurrent Program Definitions

Descriptive Flexfields

Folders

Forms

Functions

Key Flexfields

Lookup Types

Lookup Values

Menus

Messages

Printers

Printer Styles Definitions

Profile Options

Profile Values

Request Groups

Responsibilities

Values

Value Sets

(and a few more not documented………)

Using FNDLOAD is a breeze. Simply type in a one line command to download and a one line command to upload. Now if your doing 1,000 Menus across 12 Project Instances during Implementation, the time savings are vast….

FNDLOAD apps/apps_psswd 0 Y Mode configfile datafile entity [param]

It really is as simple as a single one line command.

A great blog entry on the details can be found at Anil Passi Blog. This gives a much more detailed overview than this column can and is a great blog with lots of other info too.

So which movie made teleportation famous? Well that has to be Star Trek, which started way back in 1966. Now I’m not a Star Trek fan, but the the 2009 Star Trek Movie was pretty good and I’d give that an 8 out of 10. Definitely worth a rental on DVD in 2011.

Generic File Manager Access Utility

Well here’s one I’ve never even heard off – Generic File Manager Access Utility. Now in a manner befitting Star Trek and during research for this article I came across this and we should boldly go where no man has gone before (Note Star Trek finally became gender aware and change this to a more acceptable politically correct sentence…..)

As said can’t say much on the Generic File Manager Access Utility as never used it, but its covered again in the Oracle Applications System Administrator’s Guide – Configuration Manual. From what I can see it’s used to transfer Help Files between Systems, but as with everything in an Oracle manual, a lot is left unstated………

Oracle Alerts

Now Oracle has the ability to define Alerts across pretty much any business area. These are very useful and used by a lot of companies. But they can take a fair chunk of time to define and migrate. Not many people know this, but alerts can also be transferred between databases. Having a quick look at Oracle Alert User’s Guide it’s a pretty straightforward procedure:

Firstly go to the Alert Screen.

Simply choose from the Tools Menu the Transfer Alert option and fill out the screen above. Very straightforward and saves a lot of time.

Now apparently there is also an option to transfer alerts using FNDLOAD

FNDLOAD apps_user_name/apps_password O Y DOWNLOAD $ALR_TOP/patch/115/import/alr.lct my_file.ldt ALR_ALERTS APPLICATION_SHORT_NAME=”INV” ALERT_NAME=”Alert_to_download”

See Meta Link Note: 400295.1 for more details.

Now the interesting point is that you can download all your configuration files and once your happy, store them in a Source Control System such as Subversion or PVCS. Once you are ready to deploy to a new instance all the files can be automatically loaded using a Shell script (or some other newer options I’ll discuss) in a matter of minutes. Interestingly if you combine using a database flashback option and an automated shell script you can practise deployments many times in quick succession until you get it right. That keeps your Production very safe, as you will have removed all the bugs from deployment by repeateded practise runs. The Database Flashback option lets you go back to a previous version of the database very quickly indeed.

So time for another movie recommendation. Back in the 80′s, when I was a kid, I saw one of the most magical and memorable movies of my life. E.T. This movie is timeless and one your kids will definitely love. It’s funny how ET used a Texas Instruments Speak and Spell and a few bits of wire to make an intergalactic telephone to call across the Universe for help. Ironically putting a bunch of very simple tools together (FNDLOAD, ISetup, etc) can equally help you in either your R12 Upgrades or R12 Implementations………..

Data Load

So how do you spot a Functional Consultant? One way is that generally Functional Consultants have weird hairstyles. That’s a sure give-away. The other give-away is that they are sitting trying to write SQL badly so that they can get the data for their beloved Data Load Tool.

So what is Data Load? Data Load is a tool that basically takes all your data and plays it back into an Oracle ERP screen. It’s uses are endless from typing in Account Combinations, Suppliers, Inventory Setup, etc. It can work on both Core/Professional and Self Service screens. Sure there are others ways to do some of the stuff listed, but that requires heavy technical ability, and sometimes on projects that just ain’t there, so that’s when Functional guys turn to this tool, plus all the stuff that technically cannot be done without violating your support license.

Now you imagine. Even with all the “alien technology” I doubt Oracle has everything covered in terms of setup, etc. So you imagine having a tool that can pretty much load into a very large number of screens, where no API, FNDLOAD or Interface can go……….and then be able to source control everything and when you get a new environment during implementation you can simply run Data Load to create a lot of what would take you days to setup. And it’s so easy even a Functional guy can use it………

I’ve seen a lot of people rave about this product and use it during implementations. It’s definitely worth a look and you can find it at the Data Load Site.

FSG Export/Import

Apart from the funny hairstyle and dataload, another way to spot a Functional guy is that they generally are writing FSG Reports. For those that don’t know, FSG Reporting provides the ability for end users to write various accounting reports with no programming in Oracle General Ledger. Now if you’ve ever written one of these, you’ll know they can involve zillions of rowsets, column sets, etc. They take a long time to define and setup.

An excellent blog on the details of FSG Transfer can be found here.

Oracle ISetup

iSetup has been targetted to deploy a lot of the functional setup. Now I looked at this product quite a few years back and found it disappointing to be honest.

However it does seem to have moved on and it does now support more in terms of setup.

iSetup now supports:

Application Object Library

Oracle Financials

Oracle Human Resources Management System

Another link I checked is stating that the coverage is much wider across General Ledger, Accounts Payable, Accounts Receivable, Fixed Assets, Cash Management, Purchasing, Inventory, Bill of Material Engineering, WIP, Costing, Order Management, Shipping, HRMS and Payroll. Its worth checking Metalink for the latest list of objects that iSetup supports, together with re-use of API’s.

From an Application Object Library perspective, iSetup supports a similar list to FNDLOAD.

From a Financials perspective, as of 12.1 iSetup supports various General Ledger setup including Chart of Accounts, Currencies, Accounting Calendars, Budgets, Ledger Sets, etc.

iSetup has some support for Cash Management including System Parameters and Transaction Codes.

From an HRMS perspective, as of 12.1 iSetup supports various HRMS Setups including Locations, Business Groups, Organizations, Organization Structures, Job Groups, Jobs, Grades, Position Structures, Position Hierarchies and Positions. It also supports Employee Migration.

From a Payroll perspective, as of 12.1 iSetup supports various Payroll Setups including Balance Types, Defined Balances, Balance Attributes, Element Classifications, Fast Formula, Element Types, Input Values, Balance Feeds, etc.

One interesting option is the possibility to download and then modify and change. Allowing for instance setting up once and then changing for a different country and reloading. Has a lot of time-saving potential.

iSetup can also migrate XML Publisher data, Personalizations and Workflow Definitions, so it is well worth investigating as an additional tool to your deployment strategy.

Another nice feature of iSetup is the ability to compare various objects across databases. Handy when somethings stops working and you are looking for a needle in the proverbial haystack with a small piece of missing/mistyped setup.

Further details can be found on the websites below:

Steven Chan – Ten Ways of Using iSetup

iSetup Data Sheet

Frontier Consulting – iSetup

Frontier Consulting – iSetup Best Kept Secrets

Solution Beacon – Some new Thoughts for an Old Friend – iSetup

Trutek – Migating your Customs with iSetup

And with that it’s definitely time for another movie review. So a column all about aliens and their technology…..well if this column is all about Aliens and Sci-fi movies then one of the best Alien movies of all time has to be Aliens 2. I give this an absolute 10 out of 10. And you can probably pick it up on DVD pretty cheap given it’s a real old movie now, but still incredibly good.

OA Framework Personalizations

A lot of sites are using OA Framework Personalizations to modify OA Framework Pages, with a view to limiting impact of future upgrades/patches. Some of these personalizations can be quite involved and re-applying these involves a huge amount of work. Luckily again Oracle provides a handy method of exporting and importing these personalizations across databases.

More details can be found in the excellent blogs below:

Anil Passi – OA Framework Personalization Migrations

R12 Form Personalizations
 
 A little known feature of R12 is Form Personalizations. This allows you to replace quite a chunk of CUSTOM.PLL (or other Library code) with code that you define directly in R12. A great article covering this can be found at

R12 Form Personalizations

Now this not only allows you to remove custom code from CUSTOM.PLL or attached libraries (which is great), it also allows you to extract and import these Personalizations.

Simply using FNDLOAD again does the trick:

FNDLOAD user/pass 0 Y DOWNLOAD affrmcus.lct output_file FND_FORM_CUSTOM_RULES form_name 

Using R12 Form Personalizations is a more flexible and more visible way of approaching some forms based customizations. It’s also much more supportable.

Putting all the Alien Technology Together

There are a couple of interesting options with all the tools listed above that could radically improve your processes, make your ERP Instance(s) a lot safer and save you piles of time.

Firstly most of them produce files. Files can be put into Source Control such as Subversion (it’s free and great). If you Source Control your files, you can implement proper Release Control, guaranteeing that what you deploy is what you really want to deploy.

With all your files for setup in source control you can write automated deployment scripts, that will deploy all your setup in a matter of minutes (or if you have huge amounts of setup, a couple of hours). This will allow you to practise deployment in a repeatable manner until it works with ZERO failures. (Use the database flashback allows you to run deployment and then restore to a previous state in a few minutes, allowing multiple deployment runs/adjustments). Once you have that deployment release perfect, your Production deployment will be vastly safer than 99% of other companies on the planet.

Now Oracle’s heading in a very interesting direction with all this using the Application Change Management Pack. This, as Oracle puts it “provides a centralized view to monitor and orchestrate changes (both functional and technical) across multiple Oracle E-Business Suite systems.”

Read this for some more details on the Application Change Management Pack.

Now I don’t know just how good this is, but imagine being able to put large parts of your Functional and Technical Setup and your code into a Release Patch, just like Oracle Corporation. Imagine being able to clone Production, apply your patch and get to the point of repeating this until you had zero failures on your very complex R12 Upgrade Customization Release Patch.

This is certainly a very interesting development and the Change Management Pack is certainly worth looking at.

So time for a final movie review and a wrap-up. A word of warning. Not all alien technology is entirely friendly. In War of the Worlds, Alien technology proved to be extremely deadly. So my final movie pick is War of the Worlds. On reflection I’ll give this a 9 out of 10. It’s a superb remake. And a word of advice, when using the FNDLOAD Alien Technology, just be careful with your parameters or you may download and then upload into Production a whole lot more than you want………

The point of these tools isn’t primarily to save you time, although they will definitely save huge amounts of time on any project. Imagine having to setup say 100 custom programs in 12 instances during a project implementation. Or 200 messages. Or thousands of menus and entries. Or module setup. A large chunk of project time is wasted by very expensive consultants doing very menial setup, rather than delivering the end solution. And it doesn’t need to be that way with the tools that Oracle provides.

The primary reason everyone should be using these tools (either in implementation or Post-Production Support or R12 Upgrades) are because these tools introduce a repeatable, testable and verifiable process. These tools vastly reduce the mistakes you make.

For all those doing R12 Upgrade, these tools allow you to be successful on cutover weekend even when the timescales look utterly impossible. (Have a look at my R12 columns, with thousands of custom objects, 600 functional setups, all to be done in a matter of a day, with everyone under serious stress. Impossible? Not if you plan ahead and fully utilize all the tools that Oracle provides to make your life easier………

Till next time when I hope to publish the Secrets of the Holy Grail and the connection to R12. Just don’t tell the Feds where Oracle technology really came from. The secret is out there.

So I guess as Arnie would say from Terminator,  Hasta La Vista Baby………

Further secret blogs and prophecies can be found at:

http://oracleprophet.wordpress.com



Halloween – A Time of Ghouls, Ghosts and R12 Upgrades (Pt3)

October 31, 2010

Welcome back to the R12 Upgrade House of Terror.

All I can promise you is pain, heart-ache (that Oracle Support girl for the AP Trial Balance broke mine…..ahhhhhhhhh) and impending doom. Abandon all hope on your R12 for those who read on……..

So you’ve been mad enough to start an R12 project (they’ll lock you up in the asylum they will !!!) and you’ve made it through Implementation (designing any new stuff, build, test, UAT, etc) and you are sitting there smugly thinking you’re smarter than your average 5th grader and that this column was just scare-mongering……..Well lets go to the Transition Phase and see how confident you are………

 Cutover is complex

Deployment involves high number of objects

Deployment involves significant application setup

Deployment carries high risk areas

Users are not familiar with the new software

Large number of users require training

Users are distributed across countries

Help Desk Staff are not trained to take calls

Transition is poorly documented

Transition is not rehearsed

Change in Business Procedures for R12

Before you start the cutover, just wondering if you actually trained all your users? Yes R12 is mostly the same, but there are significant variations between R11 and R12 in Payments, TCA, SLA, etc. Now if those are spread across countries, it’s going to be even worse. A new system with new features suddenly appearing will lead to a lot of angry users, all wanting to talk to you on Day 1 of R12 as you are inundated with other more serious issues……..Now I went through four audits on my R12 and got a clean bill of health on all, except for training (even though we did some). The auditor did a survey and the users said they would have liked MORE TRAINING. But the products almost the same I said bar a few key areas as we were doing a Technical Upgrade !!!!!!!! I got burnt at the Halloween stake on this – OK ever so slightly singed. Don’t make this mistake. At least offer some training on delta differences and some educational classes with no commitment to implementing (get your lawyer to write the disclaimer) new functionality.

Has anyone told the Helpdesk of your R12 transition? Has anyone told the business they will lose their systems for 4 days (weekend, plus two working days). Has anyone told the external users or put out appropriate announcements? Are there key business activities that expect to run during your upgrade? Have you scheduled your upgrade right in the middle of these? People are going to be seriously upset if payroll is delayed for your upgrade. Or month end closing is delayed and you have serious problems with your new R12 that goes live right before the preparation of those financial results. Wondering if you told your corporate website team that pulls out summary information from ERP to display to your company website that ERP won’t be available over the transition? Or how about the legacy team that are still sending you files to interface into ERP? I know you are feeling pretty insecure now. I guess you are wondering “Have I missed anyone in the announcements……”.

Cutover is a nightmare. Get this wrong and you see your entire project collapse in a pile of dust, on day 1 of Production, with the Board asking why your business has ceased to function and lost 5M US. Pulling the transition on R12 at the last minute is really bad, but even worse is going live and then finding out you have serious issues……..Either has a good chance of ending your career.

Has everything been tested? Has every bit of code your about to deploy to Production actually really been through UAT (or did the developer slip in that one last easy fix with no testing?). Does your Application Setup really reflect the setup you tested? Did the Consultant complete the BR.100 before he left for a contract paying 30% more? Can anyone actually follow that BR.100……?

So you have a thousand customization files (actually isn’t a lot when you count Java files, setup, etc). Have you ever taken that as a single software release and had your DBA’s (not your developers that know to run script 2 if script 1 falls over and hack script 3 to make it work, without anyone finding out) and applied to an exact clone of your Production system and had a 100% success rate? Have you repeated this multiple times as you roll towards the go-live date, just to make sure that any changes between the time you last ran it and any updates to Production didn’t cause any adverse impact? Are you sure that the DBA’s can run all your customization deployments in a very short-time frame. (Your typical go-live window is a maximum of 4 days with two of those the weekend, after that your business will scream if you go one hour over). Is your deployment manual and if so, will the DBA do the same steps each time? If your deployment is automated will it actually work?

We had 600 application changes. Have you ever checked how long it would take to deploy all of those changes? Have you ever done an entire setup and checked all the setup was valid and tested properly? Have you thought of the issues of letting knowledgeable people do the setup in Production in terms of access, SOX, etc? If new people need to do the setup, as the project team cannot have access to Production, are they familiar enough not to make mistakes? Have they ever practiced the setup on an R12? Interesting how long it takes to carefully setup and check 600 application setups. Just wondering if you ever thought how long it actually takes to setup 600 application setups for a single person. Do you know it’s impossible to do that setup with one person? Have you ever bothered to do a careful review of all setup, access needed and then balance setup streams across different people to make it achievable in the very short transition time the business has granted you whilst still ensuring segregation of duties, SOX compliance, etc?

Have you ever considered setting up some functions, menus, etc in R11 BEFORE you go-live. Or some new program definitions? Or perhaps having these as Loader files, so you can load them instead of manually setting up? Of course if you load them, have you checked that the developers have generated these LDT files correctly?

How many minutes will the R12 Upgrade run on Production hardware? (I ask for minutes because you should know very precisely the estimated time of this – if you don’t you are in serious trouble. For info an R12 will run for a very, very long time indeed, even on a small ERP database.). Have your DBA group ever run an R12 Upgrade with no failures? How long will it take to upgrade the Technology components or database? Have you ever seen a detailed step by step upgrade document from the DBA Team? Are there any hot wiring the DBA team apply during the upgrade due to known failures? Are you aware of these known failures and the implications? Do you know that an R12 Upgrade will require some very serious shift working? Do you know that your DBA’s will be seriously burned out as they have the very first task in the actual upgrade of running the hundreds of thousands of scripts that the standard R12 upgrade runs. And they need to actually be awake and watch this constantly, because if it falls over, you don’t have the time to lose 8 hours on an upgrade weekend…….

Wondering if you’ve actually even got a transition plan? Have you got an hour by hour schedule, with milestones and an effective method to monitor setup, customizations, actual upgrade, etc? On an R12 upgrade transition, you have no slippage time for anything. If you slip, the team will get stressed, you’ll get stressed and mistakes will be made.

Bottom line is have you REALLY rehearsed an R12 cutover BEFORE you actually do it? Do you really feel confident that first time you do it for real will be on your Production system……….if so you must be a clown……by the way do you think the McDonald’s clown is intrinsically evil????? (My Attorney has advised me at this point to clearly state that is a question and in no way implies anything on McDonalds whose food I have been legally advised to state I love and the picture below is in no way related to said company).

If you take a look at the Oracle Upgrade manuals, it’s interesting how many pre-req steps potentially have to be done. Ironically if you miss some of these you can have major support issues going live. I wouldn’t leave any Payments in the middle of process. I’d be carefully checking the effect of an upgrade half way through each of your workflows. Is there any effect on transactions that are left half completed? Do you even have these in your cutover procedures and does everyone in the Business know from your carefully documented plan exactly what their responsibilities are prior to bringing down their R11 ERP. If you (or the Business) makes mistakes here, you are in real trouble. Do you have scripts to check everything has been accounted, no payments are sitting halfway or are you just relying on your business to do the right thing with no checking whatsoever…….Just to add a little time pressure, your DBA’s will be screaming at YOU if you go one minute over the agreed time to shut down R11 and hand it to the DBA team……..of course you’ll have to herd dozens of business units across 27 countries to complete all activities before that time…….but then they want to do their business not your upgrade……which leaves the DBA’s screaming at you…….(The DBA’s will be working all through the night, so every hour you delay, means an hour extra in the middle of the night so a little empathy for them here folks……..Show them you care for their welfare….at least till your upgrade is over. Alternatively take the selfish approach that the DBA that is working all night might be the same one running your customization scripts after two hours of sleep because of your poor planning that could wreck your upgrade when he makes a serious mistake because he’s so tired……….)

Have you made any plans to backup the original system? What are your fallback plans if the upgrade fails? When will you be prepared to pull the plug and under what criteria, over the transition cutover to R12? Who is going to take responsibility to give the green light to go live? Will the senior management even be there at the weekend to make that decision?

Just wondering if you told your team and others (Unix, Email, Legacy, etc) that they would need to work some very stressful and long hours over the cutover weekend. Wondering if any of those key staff have their holidays planned…….?

Have you made plans to clone and test the actual R12 on the cutover weekend? If not how do you know all your setup, customizations, etc actually were promoted cleanly and your R12 actually works? You will need a large team to test in such a short period of time. Do you even have a cutdown test plan to make sure you hit the key functionality? Have you got all this planned? Probably not…….And if you find stuff missed, do you have a proper controlled mechanism to track it, test it and release it to Production in a horrifically short and highly pressured weekend in a safe manner?

What’s amazing is that everyone plans a transition, but no-one actually thinks about turning on the R12……….when you enable the workflow and the concurrent managers are you just going to open the tap, or are you carefully going to release production jobs and monitor. I’ll tell you that your single most stressful time is when you commit to switching on these elements over the weekend. I bet you that your heart will be pounding and you will be sweating at this point. The entire company ERP and Business hangs on your Go or No-Go signal. Once you’ve done that, there is no turning back, there is no backing out and you are on R12. At that point if you’ve got it wrong, you’ll be looking for another job. (Doesn’t that picture below remind you of your boss when it all goes wrong……?????). I wonder if that Oracle Support girl I dealt with for the AP Trial Balance wore red lipstick…….ahhhhhhh……..

So your live, but it’s not over……..

Serious Outages can occur

Lack of Staff to address serious support issues post go-live

Patches are required after go-live

Are you ready for serious outages? Did your transition plan have proper contingency plans for these events? If not exactly what will you tell the Board and the Business?

Do you have the appropriate staffing plan to handle what could be a very rough few days (or weeks) or months? An R12 will almost always lead to a spike in calls. Are you ready? Did you bother to give your people proper notification that they may be required to work late nights and weekends for the first few weeks after go-live? Or is it just a line item on your plan that you didn’t bother to communicate?

Did you re-synchronize all of your ERP and Legacy systems in terms of interfaces? Some of these integrations may require manually running interfaces to catch-up with transactions for the days you were down.

With major business events such as payroll and closing, do you have any plans to clone and rehearse these events, prior to these happening? Now if you can clone and simulate an R12 closing after you are live, but before the closing happens, it’s better to find out serious problems and have a few weeks to fix them right? (Of course this has you wondering if you should close in R11 and then immediately move to R12, but of course, then your Financial reporting would be straight after go-live, so you can’t win right?)

Have you got any plans for patches after go-live? What happens if you really need to apply patches? Are your project team still there? Did you set business expectations just in case? Always better to make business aware of the real risks inherent in an R12 Upgrade. That way, they’ll be incredibly happy if you manage to get it right.

I hope you remembered to get before and after reports from key areas, such as your AP Trial Balance (that Oracle Support girl was just so nice, ahhhhhhhhh), GL Trial Balance, etc. And keep a copy of your Production database on R11, whether on tape or disk. When the auditors come and take an interest in it, as they will it would be unfortunate if you’ve not done this and it causes issues with your auditor’s signing off your company accounts.

Also before you go live just have a quick review of JVM sizing and parameters. If you fail to tune and size this properly you could see your Applications crashing, intermittent crashes, etc. Getting your JVM sizing wrong leads to absolute nightmares……..Ask your DBA’s “Have you size the JVM’s and if they say what’s that, start to worry……”. If you have too many users and not enough JVM’s and OACORES then BOOM !!!!!!!!

Finally is there monitoring of key components in place? Are you touching base with all the areas of Business (and Legacy and Web and email and and DBA and Unix and other teams). Are you even aware of major production issues or is your Production setup so poor in terms of support that you’ll be the last to know……..

And lets break for another movie recommendation. The single scariest movie I have EVER seen. This was the 1970′s television mini series called Salem’s Lot. It is absolutely terrifying. Get it on DVD….it’s one creepy movie from the Master of Horror Mr. Stephen King. I saw this when I was ten, and I didn’t go out for weeks after dark……It’s a classic ten out of ten movie. But REALLY TERRIFYING.

This isn’t an exhaustive list of what can go wrong in an R12. Now note this article has been written in a strong manner to scare the crap out of you because if I do that then you’ll start to take every last point out of this article and make sure you’ve covered it. Make no mistake – R12 Upgrades are a serious risk to your career. (However don’t let some consulting company come in and scare the crap out of you. They are in it to make as much money as possible from you for an R12 by scaring you as much as possible. I write these articles for FREE and hope people can avoid the mistakes that I and others made in our R12 Upgrades). If you read this article and take everything on board, you’ll be strongly versed in R12 risks and be able to evaluate what these consulting companies are telling you and separate the fact from the fiction…….

And a final note. Premier Support for 11.5.2 ends in November 2010…..that gives you about a month left……Interestingly you also need to have minimum baselines in place for R11 if you want proper support from November 2010……….And will you get hit by fees if your still on R11 in November 2011??????

Have you read Metalink Note 1178133.1…….

“Starting on Dec 01, 2010, Oracle E-Business Suite customers on Release 11i10 will only receive extended support for new bugfixes as described in My Oracle Support, Minimum Baseline Patch Requirements for Extended Support on Oracle E-Business Suite 11.5.10.”

That’s a lovely little bit of legal small print from Oracle with major implications for you………Getting to those minimum levels will be enough to “persuade” most customers to jump to R12 instead.

It’s funny also that so many people don’t think they can start doing preparatory work in R11 that will greatly ease R12. Have a look at the references below. Work spread over R11 and R12 will greatly ease your stress in the R12 Upgrade itself, as you’ll have less to do. (Did you know Solution Beacon even has Vision instances you can play with for free, even before you install an R12 in your company’s test environment…..)

Let me tell you briefly our R12 story. We had some very serious problems with quality (12.0.4 RUP5) – an early R12 release in many respects. However despite that we got through a Finance, HRMS and Procurement Suite R12 Upgrade across 20+ countries with strong planning. Our transition finished 30 minutes ahead of the planned 96 hour time window (I wasn’t kidding when I said you should know the transition in minutes…..). Yes, I was terrified when I made the call to go-live. But due to all the planning and a great Project team, we went live with no major issues on 3rd August 2009 and I went home at 5PM two days after go-live (And for the cynics, no I didn’t spend the first two days constantly in the office 48 hours straight…..I got home at a reasonable time the first two days as well). We cleared Payroll, breezed through month end and went live on two Payroll rollouts to two new countries one month after go-live.

Of course now I’ve told you all the risks, well you’d be a fool to actually fall into those holes right? Take this article, make a list, make sure you cover each and every one. Then you’ll make your R12 a huge success.

An R12 is certainly a very achievable project, with significantly reduced stress and risk, if planned correctly.

Hope I haven’t scared you too much……..

Enjoy your Halloween.

References

As always, my appreciation goes to the kind authors and contributors of the following articles and resources. Some of these are especially note-worthy, because those people are putting out their failings (as well as successes) on R12 in a very public and open way, for the benefit of those about to travel the R12 Upgrade road.

General Blogs and Websites

OAUG Website

Chris Warticki’s Blog – EBS R12 Support Resources – Consolidated

Oracle Applications Upgrade Guide: Release 11i to Release 12 (B31566-01)

Oracle Financials Applications Blog – R12 Lessons Learned

Analyzing, Planning and Executing an R12 EBS Upgrade

Steven Chan Blog

Risk Management: Tricks of the Trade for Project Managers (Rita Mulcahy)

My example of an R12 Risk Spreadsheet (Excel 2007) – Available on Request

 

Metalink

Oracle E-Business Suite Release 12.1.3 Release Update Pack (Patch 9239090)

 Oracle E-Business Suite Release 12.1.3 Readme (Note 1080973.1)    

Upgrade Manual Script (TUMS) – Patch 5120936

Metalink Note: 580299.1 – Best Practices for Adopting Oracle E-Business Suite, Release 12

Metalink Note: 394692.1 Oracle E-Business Suite Upgrade Resources

Metalink Note: 562887.1 R12: Helpful Tips for a Successful R12 Oracle Payables Implementation

Metalink Note: 437422.1 R12 Troubleshooting Period Close in Payables

Metalink Note: 73128.1 R12 Troubleshooting Accounting Issues

Metalink Note: Oracle Support Upgrade Advisors (250.1)

                             Tech Stack                     Note 253.1

                             Financials                     Note 256.1

                             HRMS HCM                    Note 257.1

                             Manufacturing              Note 258.1

Metalink Note: Extended Support Patch Level Verification in Oracle E-Business Suite Release 11.5.10 (Note 1178133.1)

Metalink Note: R12 Upgrade Considerations by Product (Note: 889733.1)

Oracle E-Business Suite R12.1 Financials Pre-Upgrade, Setup and Operational Tips (Note: 1104163.1)

Oracle E-Business Suite Release 12.1 Information Center (806593.1)

Database Preparation Guidelines for an Oracle E-Business Suite Release 12.1.1 Upgrade (Note: 761570.1)

Oracle Applications Installation and Upgrade Notes Release 12 (12.1.1)

R12: Period-End Procedures for Oracle Financials E-Business Suite (Note: 961285.1)

Oracle Open World 2010 – On Demand

For those with access to Oracle Open World 2010 On Demand there are good references at http://www.oracle.com/us/openworld/index.htm

Mission Impossible: Oracle E-Business Suite 12 Upgrade on 3 Continents in 6 Months

Success with Oracle E-Business Suite Release 12.1.2 Upgrade Drivers

Algar Telecom Upgrades to Oracle E-Business Suite R12   

Get Ready for Oracle E-Business Suite Release 12.1: Tasks to Complete Now

Oracle E-Business Suite 12 Upgrade : Best Practices to Obtain Business Value

Planning your Oracle E-Business Suite Upgrade from Release 11i to Release 12.1 (Superb presentation – highly recommended)

Oracle E-Business Suite 12 Upgrade: An Easier Ride on Nine Miles of Bad Road

Oracle E-Business Suite R12 Upgrades: Have you Thought about the Details?

Real-Time System Assessment of Oracle E-Business Suite 12 Upgrade: Case Study

And finally talk to other companies, use forums, other areas (such as http://www.linkedin.com) and make contacts with people that have done R12. This again will help you considerably on your R12.

Footnote:

Some of the great graphics were the work of:

WWW.MYSPACEGRAPHICSANDANIMATIONS.COM

Halloween – A Time of Ghouls, Ghosts and R12 Upgrades (Pt 2)

October 23, 2010

So it’s heading for Halloween. Only a few days left……..And looks like you’ve come back for the 2nd part of the R12 Halloween Upgrade. So I guess you don’t scare too easy? Prepare to be afraid. Prepare to be very, very afraid.

So after a whopping amount of things that can go wrong just in the initial stages of an R12, we can finally talk about the actual R12 Implementation in terms of analyzing, designing, building, testing, new functionality, etc. It’s amazing so much can go wrong BEFORE you even start……..here’s a previous Project Manager that was running an R12…….(he’s the guy 3rd from the right, the one 2nd from the right did the R11 Upgrade and the one on the right did the initial ERP implementation….isn’t Oracle ERP pretty unforgiving project wise……)

Here’s a few things on Implementation to help you lose sleep.

Applications do not provide a good fit to Business Requirements

Subsequent Analysis during the Project drives Significant Change

Not possible to achieve a consistent Business Process across all units

Some modules are largely custom built

Large number of customizations

Undocumented customizations

Lack of development standards

Information is confidential

System Integration is complex

System integration is high risk

System integrates with non Oracle technology

Complex Oracle Application Configuration Management

Complex custom development configuration management

Poor Technical Designs

Customizations are delayed or lacks resources in Development Team

Functional Designs are late or incomplete

Technical Designs are late or incomplete

Patch Management is poor

Complex Setup

Testing misses requirements or scenarios

Testing is incomplete by Project Team

Testing is incomplete by Business Team

Testing is delayed or lacks resources for Project Team

Testing is delayed or lacks resource for Business Team

Testing integration is delayed by dependencies

Legacy data is of poor quality

Legacy Data requires data cleansing

Legacy Data has complex structure

Legacy data involved high data volumes

Changes in Legacy System required

Oracle does not have interfaces to support conversion

Oracle uses complex API’s for conversion

Ignore the Legacy Conversion stuff. I use this spreadsheet for more than just R12 Upgrades…..

Now if you’ve ignored the advice to aim for a R12 Technical upgrade, then you may find yourself knee deep in very long, difficult and time consuming business requirements, business change, etc. On an R12 Upgrade, trust me just don’t go there. Keep it clearly 100% out of the scope of the project. It can wipe out your project unless absolutely forced to. Which brings us nicely on to R12 Oracle Payments.

Payments module is a re-implementation. This will take some adjusting as it looks nothing like the R11. With this and other new features, you run the risk of not fitting to business requirements, or wanting new processes or wanting changes. The problem is if you show the new stuff (and with Payments you have to….) you could have significant change in your project scope and therefore significant risk. If you don’t show the new stuff you are going to be accused of not showing it, not training users, not taking advantage of the “amazing” new functionality, etc. So if you show it, you are screwed. If you don’t you are screwed. For me R12 is complex enough to pull off without adding anything other than like for like. New functionality for us could wait (and it did in 99% of cases, despite some fairly tough fights).

Of course if you are rolling out R12 across multiple countries, then it’s even worse to agree all the new functionality, legislative stuff, etc.

Then you get into your biggest nightmare of all. Customizations. Imagine someone having a decade to write customizations on R11. Imagine no discipline, documentation or standards. And you’ve got to upgrade something that you have no clue what it is you actually have to upgrade. Talk about a Pandora’s box……Or worse does anyone remember the Hellraiser horror 80′s movie flick with the box that brought out the demons…….Do you really want to open that R12 box??????

When you open an R12 Upgrade project, you are opening a Pandora’s box unless you did an advance study. Or worse you could be the guy hearing the doorbell, going to his door and seeing a burning brown paper bag with R12 written on it on his doorstep. You go to stamp it out and find something VERY unpleasant on your feet that your company that implemented your ERP left you with but didn’t tell you…….Is your current R11 a brown paper bag with a pile of crap inside waiting for you to stamp on it with your R12 Upgrade?

One single customization missed can cause a catastrophic failure. Funnily enough I saw one Upgrade where they had account generators in the hooks of a standard package for Costing. Now yes, this was supported, but totally undocumented. Funny that generated a pile of entries to General Ledger that took weeks to figure out and calculate the reversals to, after the code was fixed post go-live. So the message is, it isn’t even enough to look at the obvious custom code. What about the standard packages that support hooks? What about overwriting standard code in packages, forms, reports and other customs? What about the change of seeded menus? None of this should happen, but don’t count that it hasn’t.

If you don’t have a customization register before you start you are in very serious trouble. You are going to miss stuff, and that one thing you miss could wipe you out in Production.

Also do you have any idea what R12 will do to your customizations. We saw our Payment customizations wiped out and need completely rewritten. (BI Publisher). Any workflow changes? They’ll need to be redone. Any Self Service in the old MOD PL*SQL? They’ll need to be redone. Any interfaces to GL or reports or anything else? They’ll need to be fixed as 80% of our stuff stopped working. Small changes on a lot of customizations add up to a lot of work, time and risk that can seriously delay your schedules. Did you know there have been very significant changes to the data models between R11 and R12 in certain areas……all that will cause your existing R11 customizations to crash and burn……

If you are doing an R12 Upgrade, you’ll have frequent clones. If you don’t encrypt data you could be incurring serious risk as all those outside resources can see vast amounts of confidential information. (See R12 Security and the Auditors from Mars article to scare you some more).

From a Systems Integration viewpoint, watch out that your R12 Upgrade doesn’t just focus on Oracle ERP. When we did the upgrade, we had Legacy, email , Web, external 3rd parties (Citibank and others), Health Insurers, etc. Now us Oracle guys like to think ERP is the center of the universe. Sometimes it is, sometimes it isn’t. But your typical R12 (or R11) can have interfaces, data extractions, data imports, links to spreadsheets, etc that can number many, many hundreds of integration points. Are you aware of what they are and if not how the hell are you going to test and make sure everything works day 1? Think about missing the testing on say Payroll interface to the Bank. That would be a nice one to find out doesn’t work on say, Payroll day for 50,000 employees. Or perhaps you forgot to test the interface to your planning system that orders the parts to build the products you make, which would stop your production line for 5 days, cost your copy millions of dollars and definitely get you on the “skull decoration” shown at the start of the article in the Boardroom or hanging on your managers wall….. . Hope you sleep well thinking of your integration points to ERP and the catastrophic damage it does if you get it wrong. I bet you that your one of these people that DOESN”T EVEN HAVE an architecture diagram of your ERP integration points. And your company spent like what 50 Million on that system with your integrator and you didn’t even get a coffee mat Integration and Interface Architecture chart????? You were ripped off and it may come back to haunt you…….

By the way, speaking of integration, does all the tech stack count? Just think, adding Forms 10G, Reports 10G, JDeveloper 10G, downloading the extensions for OA Framework, your Discoverer upgraded, BI Publisher. I guess not so much integration as getting the absolute basic tools to even start your R12, as all of these change between R11…….so you’d better sort that before you hire all those developers to upgrade your customizations…..

There will be a need to update or add new functional designs unless you are really a vanilla site. We did a lot of work again around Payments. Will those designs be decent and cover the requirements? Will they be reviewed in a timely manner? Will they be signed off? Keep this to a minimum (no new functionality, that’s gold plating an R12 Project) and you’ll avoid this risk.

A lot of companies also do MD.070 Technical Specifications. I’m not a fan of these to be honest as they have too much info, take too much time, are subject to not getting updated so become quickly outdated, and are largely done by many to tick the box. If you are doing these, make sure the quality and approach of customizations is correct for R12. (And don’t build what R12 provides – that’s one area I would add to an R12 to replace customizations with standard functionality where possible. We took out a raft of custom modifications which are the worst types of customs and vastly reduced our risk both to our upgrade and future upgrades/patches).

So I saw a movie with my kid. It was called The Hole (and it was in 3D so the ticket price is like double !!!!) Now this was a PG13 which meant that it shouldn’t have been that scarey, except it scared the crap out of my kid. More to the point it scared the crap out of me even more. So what’s it about? The hole generates your darkest fears and then these monsters come out. And what’s my darkest R12 fear? It’s about managing all of the configurations on an R12 Upgrade Project – that is my worst nightmare. The Hole gets a 7 out of 10 on the movie review. Well worth seeing, but if your kids get scared easy, approach with caution.

Now managing all your environments, patches, setup and customizations is a truly epic and very complex task. Really someone could write a book on this by itself, but the point is, you lose track of this and you lose track of your project. The lack of source control, the lack of BR.100’s, the lack of configuration management spreadsheets (or software) will cause your project to descend into chaos, especially as your ERP clones spiral from a development instance, to a sandbox, to a project team test instance, to a UAT instance, to a patch instance, to a DBA instance, to an instance with a DMZ, to an instance just for one module as it’s getting piles of patches and needs isolated……..your configuration management isn’t about a single instance. We had 10 instances at one point during the upgrade…….Or to put it another way our R12 had over 600 Functional Setups between R11 and R12, dozens of patches, thousands of test scripts all requiring data/setup to be in exact scenarios and thousands of customization files, loaders, packages, etc……Just curious on how exactly you are going to manage that………..? Are you one of these people that manage this type of thing on the backs of bits of paper or a cigarette packet? If so you’ll need to become a chain smoker as you’ll need a mountain of cigarette packets to keep track of all your configurations items on an R12 Upgrade project……

What I always find most worrying on an upgrade is playing the Oracle Patch Lottery. This is cool. You’ve got your R12 say Test environment all setup. You’ve got your thousand customization files, 600 setups and all the test data ready and you apply a patch, having no idea what that patch changes. And it trashes your entire environment, wipes out your 80% test completion and trashes the modules down-line of your testing. Every patch you apply is a roll of the dice unless you very carefully manage each and every patch. So when you apply a patch during your upgrade and have no clue/plan/analysis of that patch, the question is, do you feel lucky punk?

Testing is full of pitfalls on any upgrade. Have you got all the scenarios covered? Are your test scripts complete? Is your test data valid? Have you covered month end testing? Have you covered year end testing? Have you covered integration testing? Did you try the Web ADI? What about tools like Discoverer? Have you covered testing to and from Oracle and 3rd party companies that you barely even talk to (and met in 2007 when you put in your interface to their products which run offsite – think bank interfaces). Does your new patch invalidate Test Scenario 220, 221, 222 all the way through to 230 for Payables and therefore invalidate your testing across 80% of Payments? Or what if you apply a patch on TCA? Does it hit PO, AP and Payments? Or if you apply your customization, what have you invalidated? Will the auditors pick you up for claiming a sign off from the user, when they tested on a completely different configuration of custom, patch, etc? Are you sure your environments are all the same? Or do some differ in terms of setup/customizations/etc? If so, then how valid is your testing?

Here’s another great one to keep you awake. So all your systems around ERP. I bet you one joker that owns for instance your Legacy planning system or say your Payment middleware is planning to upgrade at exactly the most inconvenient time for your R12. Now you’ve always hated that guy and he’s always hated you. I mean is he doing this at the most inconvenient time in your R12 Upgrade without telling you just to screw you over yet again to get that next promotion over you ? If your not aware of everything you need in your R12 Upgrade and everything in your company’s universe (planned upgrades, planned business initiatives, politics, etc) that can screw you over, I need to ask, why did they even give you the R12 upgrade to do?????

Even if you get all this right, does your team have enough time to thoroughly test? Did you properly track all the bugs? Are you monitoring the bugs? Are you monitoring the Service Requests? What happens if Oracle decides to give a RUP (Rollup Patch) for you in your UAT and refuses to provide a single patch? Do you also take that latest security patch? Did you know that security patches have been known to screw up the Applications…….

It’s also interesting that an R12 DOES have data migration. Think about all those scripts running for the upgrade from Oracle Corporation. They are re-arranging your ERP data pretty substantially in some areas. What if the standard upgrade scripts for changing the structure of the Bank data (to TCA) goes wrong or cause problems? Think that won’t happen? Have a look at our Risk Register for R12………Or did you know you can run a script to convert your previous data to Subledger Accounting? Did you know R12 actually does some fairly heavy data conversion for SLA as standard? Are you confident it will all work with no need to reconcile? Are you confident that the new way that R12 handles accruals will work, as you actually have to run programs to build all the Accrual data………If so have a look at our Risk Register…..we didn’t spend 4 months reconciling and talking to the guy that had written this (in ironically Redwood shores…..those conference calls time-wise between Asia and California, weren’t easy) and apply multiple patches because it was working first time or second time or third time or fourth time……..Again have a look at the risk register from us. Or how about your AP data being converted? Again R12 does some very serious data conversion in the background. Try running the AP Trial Balance and see if you can reconcile…I didn’t spend two months just trying to talk to the lovely girl at Oracle Support to get a date from her….there honestly was a problem with the AP Trial Balance although I did close the SR immediately once it was transferred to a guy……..And did you know all your supplier data is converted by Oracle’s Upgrade process to TCA……..

The good news is that newer versions of R12 are a lot better, largely thanks to “suckers” like me that spent months with Oracle making all of the above data conversions that the standard R12 does in the background work. Of course until you check and reconcile all this for yourself, how confident do you really feel trusting some guy on a blog that claims to be a prophet yet never picks decents stocks………?

On top of all that resource management across your R12 will be the usual nightmare. Competing projects, production issues and users screaming for enhancements of R11. Key Project People walking off to lucrative new contracts and positions. Lack of R12 experience in the market. The time delays finding and hiring people to replace those that walk off. Dealing with unexpected issues that you didn’t plan for that have a catastrophic effect on your resourcing across the project (try cleaning up 3,000 banks when you find out what Oracle does to these during an R12 Upgrade….)

We’ve pretty much covered the testing phase above but just a quick recap to really scare you…..

Testing misses requirements or scenarios

Testing is incomplete by Project Team

Testing is incomplete by Business Team

Testing is delayed or lacks resources for Project Team

Testing is delayed or lacks resource for Business Team

Testing integration is delayed by dependencies

Test Plans are poor

Test Scripts are poor

Reconciliation of Ledgers and Subledgers is not carried out

Test Coverage is poor

Numerous Patches are required disrupting Test Cycle

All of the above can wreck an R12 Upgrade. It’s easy to miss key scenarios. Test scripts can run into thousands. Integration testing can have hundreds of points including external parties making it very complex indeed. User testing is beyond your control in many respects, especially for those that see no need for an R12 Upgrade. Reconciliation of ledgers and data that R12 has converted in the background is a significant task. Patches create havoc on internal test cycles and formal UAT. Remember you can’t just get each group of users to test each module. Each module talks to the other modules. Data from one module flows to the other for the next scenarios. PO needs Inventory. PO feeds the receipts. AP matches on PO receipts which then feeds to assets. IRecruitment flows to HRMS which then trigger hiring which then triggers Payroll which then relies on Advanced Benefits which then drives Self Service. The beauty and wonder of a fully integrated system makes testing co-ordination far from a stand alone list of test plans for each module………Managing an R12 in terms of testing is an extremely complex and challenging endeavor. Try doing that across 45 business areas and 27 countries, each speaking a different language……What’s Halloween in Spanish……??????

With an R12 Upgrade, vendor management is unavoidable…..

Software has significant patches

Software purchased is unstable

Hardware Vendor provides poor support

Software Vendor provides poor support

Poor quality in Product (bugs)

Software purchased is recently released

You are going to spend a significant amount of time dealing with Oracle Support. Depending on who you get on your Service Request can really screw you up big-time, as quality varies significantly. Get the right person (such as the lovely Indian girl we got on our Trial Balance problem, ahhhhhhhh…….) and you could get an immediate response. Get the wrong person and you could see weeks or months wasted, with the “apply this next rollup patch, we’re sure one of the thousand+ fixes will fix your minor problem and retest your entire R12 again” attitude.

R12 was highly unstable in 2008. 2009 saw it got better. By now reports are it is solid……….but I wouldn’t make that assumption, until I had actually implemented it and got my UAT signed off 100%.

When you implement R12 you may need to upgrade your database. (most will). When you upgrade your database you may need to upgrade your Operating System. When you upgrade to R12 you may upgrade or replace your servers, depending on where they are in their lifecycle. Now companies don’t generally have massive dealings with their hardware vendors (as Unix/Linux is incredibly reliable). But during an upgrade that relaxed relationship is going to be potentially very heavily tested. Question is, can the vendor provide strong support, resolve issues quickly and get you safely onto a server that is the very foundations of your business? If you fail to install the correct O/S plus interoperability patches you could see your business crippled…….It’s funny that the Infrastructure Manager that you were fighting with two weeks ago, kind of holds your entire career in the balance and you don’t really know anything about Servers, questions to ask, etc so are 100% dependent on him for your project to succeed.

Just wondering if your R12 needs more resources in terms of CPU, disk, memory, etc? Have you checked? It would be a shame if the server collapsed on day 1 of go-live.

Lastly the million dollar question. Oracle is on R12.1.3 at time of writing. Do you implement this version (and be the one to find the bugs as no one else is using it) or do you go for say 12.1.1. At this stage of the R12 lifecycle I’d go for R12.1.3 but then again you will get some additional pain of being one of the first. Obviously by the time you get to UAT, 12.1.4 will be out……….then do you jump to that or perhaps apply that new ATG patch or a RUP Patch that has come out as it has some really needed functionality……..All of these create massive risks not just for the stability of the project but also your budget, timescales and resourcing. Larry Ellison is a little devil….always releasing new ATG, Security or RUP Patches just at key points in your project, just to tempt you and cause major indecision in your mind. Question is, is that patch a poisoned apple that will drop your project at a key time??????

All hail Larry Ellison. The True and Only Oracle Prophet !!!!!

Happy Halloween. The clock is ticking down to the midnight hour. Before Halloween is over, I will scare you. The witching hour is coming with Transitioning from your R11 to R12, the actual cutover and post go-live, with all the reference material and a prebuilt R12 Risk Spreadsheet as a treat for all the kids in the next article……

Delivered on Halloween !!!!! Enjoy………..

 

See the other Prophecies including Business Intelligence and the Kung Fu Dragons of Wudang at

http://oracleprophet.wordpress.com

Halloween – A Time of Ghouls, Ghosts and R12 Upgrades (Pt 1)

October 20, 2010

Darkness falls across the land
The midnight hour is close at hand
Creatures crawl in search of blood
To terrorize the neighborhood

Now if you don’t know that song intro, shame on you. It’s from one of the biggest hits of all time – Michael Jackson’s thriller. A very appropriate one for Halloween I’m sure you’ll agree.

So first movie recommendation of the day. This would be “This is It”. There’s something very poignant about seeing him performing in what was his final curtain call.

Now Halloween has always been a time to scare the crap out of people. Kids dress up as Ghouls, Vampires and the like and go “trick or treating”, sometimes with some very nasty tricks indeed. Either the local neighborhood pays the kids with sweets, etc or the kids do something nasty.

Back when I was a kid, there was one particularly nasty kid who didn’t bother with the treat stuff. He figured he could go beat up the other kids at the end of the evening and steal their sweets. This saved him the effort allowing him to do his favorite trick of all.

This kid had a real nasty trick. What this kid would do would be to get some dog crap, put it in a brown paper bag and then go place it on someone’s doorstep. He’d quickly set the bag on fire, ring the doorbell and wait for someone to answer.

Now what is amazing is that the immediate reaction of an adult to a small burning paper bag (even if they are not wearing shoes) is to try to stamp out the fire with their feet. Irrespective of wearing shoes or not, this had some pretty unpleasant results for the poor neighbor at the end of this “trick”.
Before we start, let’s put our other movie recommendation out. It’s the original Halloween movie. Now I saw this when I was 13 and it scared the absolute crap out of me. Well worth getting the video. A classic 70’s horror flick for Halloween, but definitely not for the kids. (Don’t see the more recent one, it sucks).

So seeing as it’s Halloween, I should scare the crap out of everyone reading this right? So everyone’s moving to an R12 Upgrade in 2011. So what better way to scare you than tell you how horribly wrong it can all go on an R12 Upgrade !!!

So R11 Oracle Apps Premier Support is ending in November. That means you are screwed. OK, not completely (but Oracle will be putting the pressure on you and telling you that you are) but seriously you should be looking at R12 now.

Now let me tell you that an R12 Upgrade will be the biggest, toughest upgrade of ERP that you will EVER have done. It can go disastrously wrong. You could corrupt your data, you could have major functional failures dropping your business to it’s knees. Or your entire ERP could disintegrate and you could lose your job because at the end of the day your boss will need a sacrificial lamb and you seem to fit the bill.

Are you starting to get scared? You will be by the time you read this article, because it contains a very long list of every single thing that I can possibly think of that can wreck your R12 upgrade.

So let’s start at the very beginning. Getting the Project Started. If you get this wrong, it’s probably not worth bothering about the rest of the project. Here’s a short list of things to worry about. (Now the purists will say these are not risks). For me I like to have everything that can go wrong on one spreadsheet. Call it risk, call it a list, doesn’t bother me, because I can quickly mentally check each month how things are going and make sure I haven’t forgotten anything. It also gives me a nice risk score and lets me manage that to hopefully give the project a fighting chance of delivery.

Let’s start with the Project Management risks and everything that can go wrong here:

Weak Business Commitment to Project

Funding is not secured for Project

Project Decisions are not Timely and On Time

Weak Business Commitment to Change

Review of Project Deliverables and Sign-Off is not timely

Weak Support of Business Case

Scope is not defined clearly or completely

Business process model is not defined clearly

Planning is of poor quality

Project involves large number of departments

Tight Time-Frames, Minimal Slack between Dependent Tasks

Go-Live Date accommodates limited UAT

Project Milestones are not achievable (Project Schedule)

Dependency on other Projects

Project requires complex organizational changes

Contract involves significant cost

Project involves time-critical Procurement

Significant Scope creep

Gold Plating by Implementation Team

Project Budget is not sufficient with Current Progress

Project Resources are no sufficient with Current Progress

Project schedule is delayed

Project Cost is overrunning

Product does not meet client expectations

The very first thing you need to do is get your most knowledgeable and trusted people in a room and do proper planning, taking into account your organizations political landscape, resources, expected funding and other commitments. If you fail to plan, you plan to fail. Your planning must give ample slack time for delays in UAT, delays in decisions, procurement delays, bugs, resource problems (only 5% of people have done R12. The other 95% of people will do R12 in 2011, so can you get resources??????)

The most important part of any project is to get high level buy-in and commitment from the senior people across your organization. From a resource viewpoint an R12 Upgrade requires intense Business and IT Commitment. Fail to get every area of Business and IT involved and agreed, then you are screwed 100% come UAT, if not even earlier. You need to make it clear when you need the business, what you need them for, how long and how many resources right at the onset of the Project Initiation. IT resources need to be equally onboard.

Securing realistic and adequate funding is critical to an R12. It is bigger. It is more complex. It does take longer. An R10 to R11 or a 11.0.3 to say 11.5.10 is NOT the same as an R12. Build in a decent contingency.

An R12 is not a basic like for like Technical Upgrade. You should ideally keep R12 as a pure technical upgrade and not a re-implementation, unless there are very good reasons, otherwise your risks and costs will escalate severely. However even doing a technical upgrade involves a pile of new modules and new functionality (albeit some can be deferred). But you’d better be prepared to implement Subledger Accounting, EBiz Tax, TCA (changes in Banks), Payments and Self Service (new functionality and removal of MOD PL*SQL). All of these will need user review, functional designs (if customizations on top), setup and decisions, as well as time for your own team to learn the implications.  This can lead to multiple risks including your own team wanting to add “cool functionality” or users not making timely decisions or being prepared to adopt new processes to account for changes in say TCA or Payments.

If you are dealing with contracts for consultants, firms (outsourcing or otherwise) or need hardware, etc, be prepared for the heavy risks of delays in Procurement. IT guys often overlook that it may take a while, despite having the cash to get resources onsite or hardware commissioned, etc.

Talking of resources this should be viewed as a serious risk throughout your project. R12 resources are still less rather than more common.

As well as all of the above, you still have to worry about all the usual Project Management stuff of quality, schedule, cost, delays, budget, etc. And think about it, we’ve not even got to the actual project yet…….

So the very first thing you need to do (before your project team arrives) or is internally deployed is to make sure they actually have an R12 Instance to work on…..

Infrastructure is often overlooked for projects. Unfortunately this can cripple the project team (and therefore your project) very rapidly indeed.

Network Speed

Performance Issues on Project hardware

Performance on Production may not be acceptable Go-Live

Deployment involves new hardware

Hardware is not sized correctly

Database is not sized correctly (do you have enough disk space for R12)

Hardware is no available for Project Use

Backups are not available for Projects

Project Environments not available

Network availability is poor (if teams distributed)

DMZ Configuration is not available

Architecture is new

R12 Instances are not available

Space for Project Instances is not available

Missing interoperability patches

Missing patches to Operating System

If you are going R12, either you have a lot of servers around spare, or you are going to need to buy (or lease) additional hardware. Otherwise what is your team going to use? Ten Consultants onsite doing nothing is some serious cash burn.

Then you have to have a plan for environments needed, dates needed, who prepares them, who sets them up, etc. DBA’s will shout at you if you need environments the next day. And what if there is no space? Did you check the disk space as part of your project? Your average R12 environment requires considerably more space than your R11.

During an R12 Upgrade you’ll need a pile more databases. We used around 8 additional (and we still needed all our R11 Development, Patch, Test as R11 Production work could not be completely halted).

Now just think when you finally deliver that R12, and it crumbles on day 1 into a performance black hole. Did anyone bother to do proper sizing either on CPU or disk or Memory? If not, try www.jobserve.com when it all fails on day 1.

Even when you are starting the project, insufficient hardware will kill you.

Did anyone ask for backups of your project databases? It would be a real shame to see your R12 go down and no backup, losing months of effort.

If your Production is a DMZ enabled configuration, I hope that someone is also going to emulate this for some of your R12 databases as you go through the project.

 

So lets get to the one that usually gives R12 Project Managers nightmares. Resourcing.

Poor IT Staff Skills – Functional

Poor IT Staff Skills – Business

Poor IT Staff Skills – Quality Assurance

Poor IT Staff Skills – Java

Poor IT Staff Skills – Oracle Development

Poor IT Staff Skills – ERP

Poor IT Staff Skills – Modules Implemented (or new modules)

Poor IT Staff Skills – Technology

Poor IT Staff Skills – Unix/Linux

Poor IT Staff Skills – DBA

Poor IT Staff Skills – Project Management

Poor IT Staff Skills – Senior IT Management

Poor IT Project Team Rating – Skills

Poor Business Project Team Rating – Skills

User Department Staff not available for Project

IT Staff not available for Project

Poor User Department Staff Skills

Poor or lack of Project Team Lead (s) per Functional Stream

Experience of Business Area is Low

Project has competing projects for Resources

Custom Development relies on 3rd party

Project Manager is inexperienced in Upgrades/ERP

Legacy Staff unavailable for Data Conversions

IT Staff skills – training required

Low retention of project  team during implementation

Low availability of Trained and Experienced reasonable cost alternate resources externally

No IT Staff available for existing Production Support

Oracle Support provides poor support

Have you even contemplated the vast variety of resources you are going to need to pull off an R12 Upgrade? Have a look above if you think you can use a couple of consultants over a few months.

Will your internal IT guys be good enough? Do they know the R12 functionality? Probably not. Will you train them? Probably not. So how can they deliver? And even if you want to train them, can you get the appropriate training completed before they actually do the upgrade. Training courses from Oracle can be hard to come by, especially on some of the niche modules and require booking way in advance.

Do your IT guys REALLY know the business? If not are you sure you’ll catch every scenario and every nuance during implementation.

Do you have decent Oracle skills? Do you have decent Java skills? Do you have decent Oracle ERP Technical people? If not, you are going to need to ramp up or get someone that does to do your upgrade (unless your complete vanilla ERP).

Do you have anyone that knows all the new R12 modules, such as EBiz Tax, Subledger Accounting, Payments, etc? These are not optional modules (except Payments, but if your running Payables in R11, then Payments becomes essential in R12 and it’s a new module). Most companies will require to have knowledge on these and something like Payments has heavy changes between R11 and R12 – indeed it is a rewrite between R11 and R12.

New technology components are included across the board. Are your people ready and capable?

Your typical upgrade will require some pretty heavy Unix or Linux skills. You might have to upgrade the O/S or you may take the opportunity to switch to cheaper, less proprietary hardware or Linux. Do you have any clue what’s involved? (we did this and yes it saved us a pile of cash for the future, but it ain’t easy and is littered with risks).

Did you tell the Infrastructure guys you’d be needing a full time DBA for the R12; to clone R11 Production; to work on the upgrade process; to write detailed upgrade documents that give step by step guides; to optimize the process so that it can fit into a long weekend on a huge global database? To apply all the patches? You probably thought your DBA’s sit around doing nothing and can do all this at the drop of a hat…….Count on the initial upgrade where your DBA’s find out the nuances of R12 to take quite a chunk of initial time and plan that into your environments and people coming onboard project wise.

R12 Project Management. Words fail me on this one. If you are not an ERP person don’t even think of doing an R12 without a strong R12 Project Manager, ideally someone that has done R12 Upgrades. It’s horrendously complex, extremely technical and the risks are catastrophic if you get it wrong. (I can be contacted on the following number for lucrative job offers……… :-)   )

Are the Senior Management (both in IT and Business) in full support of both you and the R12 Upgrade, or are they ready to crucify you at the first delay? R12 will have delays, it will throw horrendous curveballs in terms of bugs and other complexities. Just make sure everyone is on your side politically before you start. The guy below thought everyone was his friend, until he forgot to order the hardware in time……

Now this is a weird one, but how well do your Business know the Business and Oracle ERP? Look for the weak spots here before you start. If a Business Unit has a lot of new people or inexperienced people or are anti-Oracle ERP (and some are), how are you going to get them to assist (or write) Test Plans and Test Scripts and do actual testing. Now if your IT and Consultants don’t test well (and they are NOT business experts) the one hope of catching everything before Go-Live is the Business. I never build 100% dependency on the Business for testing, but if your IT and Business guys can’t be relied upon for testing, you’ve got a perfect storm.

The other thing to check is everybody’s schedules. We’re not talking dinner dates, or when they plan to see a movie. Are the Business available for an R12 (which won’t add vast value to be honest) or do they have a planned move to say IFRS planned from June to December 2011. If so you won’t get a look-in resource wise for UAT and your project will be dead in the water.

Same goes for IT. If they have some major high profile initiatives, your R12 is bottom of the list, as in the priority list, it’s just one of these unpleasant tasks that needs to be done.

Watch out that your R12 Upgrade doesn’t just focus on Oracle ERP resources. When we did the upgrade, we had Legacy guys, email guys, Web guys, external 3rd parties (Citibank and others), Health Insurers, etc. Miss those guys out and who can help you complete your UAT?

What’s amazing about an R12 Upgrade is that you’ll need exactly the same resources that are getting used for your R11 Maintenance and Support. That leads to automatic conflict and resource contention and delays (and when it comes to Production problems or R12 Upgrade, you’ll lose that argument every single time). So ensure you augment your team to not be 100% reliant on goodwill.

If you are getting a company to do it for you, be careful. Have they done an R12? If yes, will they give you resources that have ACTUALLY DONE AN R12? Most outsourcing or consulting companies might have done R12’s, but they are as keen as anyone else to stack your project with their guys who can then learn R12 at your expense. Nice how they’ll happily charge you for the privilege of training their people…….Interview all people, before they deploy onsite. Hire an independent highly knowledgeable freelancer Consultant to fight your corner and keep the vendor on the right track, working in your interests, not the vendors.

Do you know the effort involved in training people for R12? The IT guys, the Business guys, etc? If not, start to worry.

The great thing about an R12 Upgrade is that your team (and maybe your consultants or outsourcers) will all get fantastic R12 skills, in the midst of the hell of an R12 project. Trust me that’s a great way to learn. Of course all those companies that have not done R12 (and that’s 95% worldwide) will be looking and admiring your very skilled people. And your loyal people that you’ve spent time and money training in R12, will of course be looking for that next payrise with their new found skills. Losing key resources (say for instance your Payments expert) is your worst nightmare. Suddenly one single module can derail your entire R12 Upgrade. If you think this is the stuff of nightmares, well during our R12 back in 2008/2009 we lost our Payments Consultant (one of the few in Asia at the time). Luckily we had him shadowed throughout the project by another staff. The demand for R12 skills will hugely increase in 2011 and your guys will be headhunted or tempted away. Just be ready. I am sure the resigning employee will feel your pain as your project is now doomed, in the same way you felt his pain when you froze his pay last year, as part of a corporate wide pay freeze…….

Our final resource issue is to prepare for the maelstrom of Production support hell. Just make sure your well staffed and haven’t let the entire project team go, just before you get deluged with Production issues. (and yes you should start thinking about this not at the end of your project when everyone is jumping ship as the project for them is over, but at the very start of your project). It’s funny as R12 projects get to go-live, most of the work is done, and you start letting consultants/contractors go. Do you have any idea the pyschology in play with the others that you expect to see remaining to do the support work and provide critical support for a few months after go-live? Why should they stay when they can get a far longer, far higher paying and far easier (i.e. not pressured go-live support) contract with their fantastic R12 skills you gave them? Sleep on that one, assuming you can still sleep……..

And I hope you’ve got a full communication plan going on – an upgrade can take time and if you are not informing and working with the users throughout…..don’t expect them to be enthusiastic about putting large amounts of time into your UAT. Of course if you run workshops and demos and mini training throughout your R12 you’ll have a whole lot more acceptance during UAT and go-live…….

And finally Oracle Support………..now R12 should be stable now, but back in the early days, we had these jokers on the phone daily. We even had a few removed from our support calls because progress was atrocious. Are you ready to deal with Oracle Support? Do you know how to escalate calls effectively? Do you know how to work around Oracle stalling for time or sending you on a wild goose chase? If not hire someone that does. Good ERP people with strong experience are essential for your R12. It’s funny but I bet you didn’t even think about informing Oracle Support of your upgrade, which is a shame as they might have given you a Critical Account Manager that could have helped you push all your Service Requests….

And that’s all for now folks. Part 2 will cover more in ghost, ghouls, implementation, transition and onto go-live, together with a whole pile of great references, covering fantastic presentations from experts in R12 and great Oracle Open World links of R12 Presentations there, together with a heavily researched bunch of Metalink articles around R12.

I’ll be scaring you very shortly with Part 2 before the full moon of halloween is over.

The other blogs can be found on http://oracleprophet.wordpress.com

Enjoy.

Footnote:

The great graphics were the work of:

WWW.MYSPACEGRAPHICSANDANIMATIONS.COM

R12 Security and the Auditors from Mars

October 9, 2010

Let’s face it auditors are not from this planet. Rather like the famous movie War of the Worlds, they bring fear and terror wherever they go. Are they from Mars? Probably, although the one thing certain about auditors is the uncertainty they bring with them, together with the general fear and terror they instill.

I thought the picture below was a rather appropriate one of a hand reaching out with the entire planet in its grip…..when the auditors are around you sometimes get the feeling that your entire company is under the grip of these terrifying Auditors from Mars…..

 

Now this column seems almost like a recommendation for movies these days, so if you’ve not seen War of the Worlds, get it on DVD. It’s a great movie.

Now as someone that had not one, not two, not three but FOUR different companies looking at my R12 Upgrade Project (AND FINDING NOTHING!!!!!) I have to say I’ve learned to deal with them pretty well over time. Our first R12 audit was from our internal audit guys, who wanted to learn R12. It’s important for internal staff to learn, so we were happy to help. We then had an audit from E&Y as our R12 Upgrade was part of a large Program…….we then had a pre-Attestation audit from PWC to make sure the project was OK from an attestation viewpoint. Finally we had another guy from a large Consulting Organization looking at it and never quite figured out why. (Guess they also wanted to learn how to do an R12 Upgrade). Amusing that these audits cost 30% of the actual cost of the upgrade and ended up commending the R12 Upgrade :-) One audit surveyed random users with 20 out of 21 commending the team, with the other neutral. It was a lot of work providing the auditors everything they needed, but I have to ask – 4 audits???????

Now here’s a question for you. If you saw an auditor drowning in a river, would you run to get the life belt 30 feet away from the river, or run to your car 50 feet away to get your video camera? Alternatively if you’re a Project Management Professional (PMP) you’d have planned ahead and kept a bag with bricks in your car beside your video camera. As you throw the bag of bricks the auditor is thinking “What a nice guy throwing a bag to keep me afloat”, whilst you are thinking “What a sucker, that’ll help him sink……”

 

I have to point out you should not take this blog too seriously, as the above may get you into some serious trouble, although with a good lawyer you’ll probably get off with a small fine as it could be seen as justifiable or reasonable……. You may be able to even make some money back to pay for your legal fees from the video on America’s favorite home movies show.

There is no question that Auditors are from Mars, causing fear and terror wherever they go………well recently they struck on an area that probably too many people just don’t take seriously enough or don’t even realize is their responsibility. This area is Data Security within your ERP regarding access of your Support Team. Now what is worse is that when auditors do raise this they generally have a very good point and your best interests at heart.

So we’re almost going back to our Koan stuff (see the Zen column). How do you do support Oracle ERP Production when your support team can’t access Production due to information and data security concerns?

That’s a difficult question and I’ve yet to see any really effective, comprehensive solution either in a blog, white paper or from Oracle themselves (at a reasonable price – I had a discussion with Oracle last week and almost fell off my chair – the Oracle Sales guy might as well have had a mask and a gun…….).

So you’ve got your auditors on the one hand, a whole raft of legislation on data security (your legally obliged to follow – it’s not a matter of choice) and a very limited IT budget. So how do you square the circle to keep every party happy?

So look at your typical ERP these days. It’s a monolithic, super system:

  • Financial performance – if you’re a listed company that causes major data security issues to prevent internal staff dealing in shares, because they know you had a record quarter looking at your General Ledger before it was announced or worse short your shares if they know there is bad news coming. That’s real company loyalty for you.
  • It probably has all your HR information in there, including performance appraisals (some none too pleasant quotes on how a staff was involved in some questionable activity), potentially medical information, salary of course and a whole lot more.
  • You might have Procurement information, so a huge amount of confidential contracts also.
  • And most ERP sites run Payables and Payments. Do you know the potential fines you can get if you lose bank information? Or worse if you lost your Supplier bank information and the damage that could do to your company’s reputation, not to mention legal liability.
  • Ever worked out that your Accounts Receivables is a very good indication of a customer’s credit rating? After all, you kind of know who’s got cash flow problems……And the Bank Account information is everywhere. Are you really looking after that securely? Your customers won’t be too impressed if you lost that and would probably never do business with you again.
  • Or are you capturing credit card information as part of say your Order Management/Accounts Receivable process…….Have a look here if you are.

Data Security is an absolute minefield for any IT department responsible for Oracle ERP.

There is just so much legislation on this area that most are blissfully unaware of:

  • Sarbanes Oxley
  • PCI
  • HIPAA
  • European Directives
  • Individual country legislation
  • And a whole lot more…..

This is serious business and can really hit you hard if things go wrong – blissful ignorance is no legal defense. And yet I bet you haven’t reviewed anything from a legal viewpoint on this……

There’s a couple of interesting links at the bottom. Choicepoint had 163,000 customer records compromised. That cost $15 million US Dollars, not to mention reputational damage and cost of implementing proper data security. The data involved? Names, Social Security Numbers, Birth Dates, Employment Information – sounds pretty much like Oracle HRMS right – they got fined for not protecting exactly the type of information you’re holding…..Or how about the California hospital that got hit with $250,000 penalties just for reporting a breach late……

Not in the US, so don’t really care? Have a look at this link. The UK has put in place legislation for fines up to GBP500,000 (equivalent to around US800,000) for data security breaches. Or HSBC, one of the largest banks in the world, that got hit with a fine of almost 5,000,000 US Dollars.

So not in the US, not in the UK, still don’t care. How about the following:

A German company fined 137,500 Euro for asking employees why they were sick and storing the information. If you run absence management, are you potentially collecting scanned medical records and are they properly secured?

Still not convinced? Forrester estimates a cost of $155 Per record for data security breaches. Lose 100,000 records and you’ll be looking at $15.5 Million US Dollars legal liability and probably looking for another job…….I guess that’s finally caught your attention? Legislation has been enacted or is being enacted worldwide. Sooner or later, it’s going to hit your country too.

Now I have to state from the outset this article does not provide all the answers. This is a highly specialized area which goes way beyond my own personal capabilities in this area. So if you’re looking for all the answers, hire a specialist. Actually read hire multiple specialists over a number of years. Security is a massive task to do well and therefore effectively.

The aim of this article is simply to show what we are doing and have done to implement a more robust security around our R12 Oracle ERP that allows us to support the Business, whilst still trying to do our best to be secure.

This purely looks at using roles to restrict database access for support people. This article does nothing more and that has to be stressed at the outset.

Hopefully it can get you at least part of the way there, giving some additional protection without costing a fortune.

 

Step 1 – Find out what access was out there historically

Our starting point was to figure out from an Applications side what access our IT guys had to Production (and note when I am talking IT I am talking ERP Support only in this column. Other areas such as DBA, System Admin, etc are beyond the scope of this article). Luckily we were already very heavily locked down. We don’t have any access to modify any part of Oracle ERP and I’d say that’s a very good thing. It makes me sleep easier at night knowing that there is no way my staff can log in to Production, “cause there’s a really easy way to fix something………”. Every change we do to Production is through a formal turnover to separate groups, fully approved, appropriately segregated and audited. That keeps our Production system safe. (All code is also in source control using Subversion just in case we ever need to rollback a change).

The next step was to see what read-only access was given to Support Teams. Now over the years, many IT systems just grow and grow, access is given for support purposes and no-one really thinks too much about it.  I was relieved to see that the Support Team had no access to Oracle ERP through the front end applications.

I thought I’d throw in a useful note at this point. We have a custom program that reports quarterly on all menus/functions/applications by person. It replaces the standard Oracle System Administrator reports that generate listings the size of War and Peace. This report is reviewed both in IT and Business to ensure that each user has the appropriate access for their job. We also tied this to staff movements within our HRMS System, so that when someone moves, this is highlighted as a potential access control violation and can be assessed before it even happens (using date-tracking in HRMS). The other useful point here is that this quarterly check also ensures complete segregation of duties. Finally by using a custom report and showing dates menus/functions were changed, it vastly reduces the work to check each menu against each data item. Actually a single maximum date at the top of the report means the users only check this and can thereby can confirm no changes from the last review. Not perfect, but keeps our auditors happy. This is a cheap and cheerful approach without buying Oracle’s GRC Suite although I think the GRC Suite looks very interesting indeed.

With our front end applications secure from our Support Team, we then started to look at the database access. Now I know some people say IT Support should have no access, especially the evil DBA Vogons from Vogsphere, who according to the book The Hitchhikers Guide to the Galaxy have “as much sex appeal as a road accident”. On the other hand others say “With no access, I can’t see anything, therefore no support’. We’re back to Koan (See R12 Patching and the Art of Zen) here – How can you fix something you cannot see? (To our DBA friends I heard the new 11G Database Release 2 is self-managing, so exactly what do you guys do???? – that should provoke a few comments :-)  )

Our support team had read-only access using database roles to Production, but when we looked at the roles created we concluded that these were too broad and needed some serious work. Roles are simply access to database tables/views or other objects given to a specific support person by the evil DBA Vogon group.

Note: For those interested in Vogons, it’s from a movie called Hitchhikers Guide to the Galaxy. Here’s a movie recommendation. Don’t see this as it sucks big-time (although the original TV series and radio show and book were amazing).

Now our next step was pretty simple. Monthly we review database access to Production and with the count of accesses by support staff, we found that many actually just didn’t need access to Production, because the support volumes regarding database queries by support staff were low (or zero). We cut these immediately.

Again doing a review monthly (only takes ten minutes) ensures that as people leave, move job, etc your access controls remain updated and correct. Again this keeps the auditors happy.

At the end of this step, we defined a Security Access Matrix, showing each Database Role against each Support Staff, shown below. This was our first baseline.

  

 

Step 2 – Defining Your Database Security Architecture

Ignore the fancy title. What this means is simple. You need to look at:

  1. Your Support Team Structure
  2. Your Applications
  3. Your Required Access

So let’s take an example. We run a fairly large ERP footprint:

  • HRMS Suite (HRMS, Payroll, Learning, Time & Labor, Self Service, Advanced Benefits, iRecruitment)
  • Financials (General Ledger, Payables, Payments, Fixed Assets, SLA, EBiz Tax, Accounts Receivables)
  • Procurement (Purchasing,  Services, Inventory, iSupplier)
  • Projects
  • A large number of custom modules
  • We’re going to add CRM (hopefully Fusion) to that in 2011.

Our Support Team is organized along classic line of business model (Procurement, Finance, HRMS). It is further segregated so that certain support people provide support for say HRMS/Payroll, others do Self Service, etc.

Now the problem we had was two-fold:

  1. Too many Support people had too much access
  2. The data protection needed to be much stronger

Our approach was simple, but effective. Each role would be along the lines of module or modules required for logical support. So we would set up roles for Procurement, AP/Payments, General Ledger, HRMS, etc.

Now this for us still didn’t get us to where we wanted to be. What was going to be in these roles database object wise?

Our next task was to then define exactly what that role would have access to table and view wise. Your average ERP Module can have several hundred tables (or even more….). Now you can give a blanket access if you want, but I think that’s overkill. It’s hard to audit and hard to police. Your average support person needs access to only a limited number of tables. That is what you SHOULD define.

In addition, obviously there is some cross-cutting of access between modules and tables, so for instance you may have to grant GL_CODE_COMBINATIONS across various roles.

In our final step, to the horror of many, we decided to NOT give access to standard sensitive tables, but instead to build views WITHOUT KEY ELEMENTS. Now a lot of support people are going to scream at this, but I need to ask, if you have a support call, do you really need access to the guy’s date of birth or performance or disciplinary records or even Full Name? I doubt it for 99.99% of cases.

Here are a couple of examples of securing tables into masked views:

Instead of giving access on PER_ALL_PEOPLE_F we removed all information except the Employee Number. No access to Social Security, Performance, Home Phone Numbers or anything else.

Instead of giving access on the Bank Tables, we removed all information and masked the bank account.

Instead of giving access of PO_VENDORS, we removed all information and simply gave the VENDOR_NUMBER.

What you need to be careful of is the other tables that you really wouldn’t expect to hold sensitive information. A prime example of this is the workflow tables.

To secure workflow tables we ensured that each role only had access to relevant workflow ITEM_TYPES. This was a very simple, yet highly effective way to secure this by role.

The great thing about this is that we got our support people to define these roles in a simple spreadsheet. This gets you your buy-in from the very people who would be screaming about cutting access. After all they are now the ones tasked with defining it (obviously subject to reviews within IT and approvals by Business).

We then decided that we’ll make this formalized. This has a lot of benefits:

  1. It provides an agreed document of what a role has access to data-wise
  2. It provides an agreed document between Business and IT on that role/data
  3. It provides a document that can be agreed and signed by all parties
  4. It makes you think about your data and protection of said data in a disciplined manner
  5. It provides the basis for all future access to sensitive data by IT Support Personnel
  6. It provides a clear statement of who has access to what in a transparent, controlled manner
  7. It provides protection from your auditors

We decided to record other details in this spreadsheet. (Each role has a separate spreadsheet).

The spreadsheets had the following columns:

  1. Object Name
  2. Database Owner
  3. Object Type
  4. Business Owner
  5. Description
  6. Object Classification (Custom/Standard or Secure. A Secure Object was a restricted, masked view of a key table)
  7. Data Security Risk (Critical, High, Medium, Low)
  8. IT Review Date

A separate Tab (Security Details) on the Excel Spreadsheet held additional details

  1. Object Name
  2. Base Table
  3. Masked Columns (.e.g. vendor name, bank account, social security number, etc)
  4. Date Approved

The Spreadsheet was split into two sections – data objects and reference objects. (Reference objects are the pre-seeded or setup tables within R12). A further tab showing review actions was included to show that this was a serious, considered exercise to the auditors.

 

 Suddenly, without even realizing it, you’ve just created a very precise, auditable and comprehensive technical security framework for your R12 Oracle ERP that will vastly improve your security of data, whilst still allowing effective support. This also provides a very powerful data classification framework for both you and your users. Even more interesting, by putting a risk score on each object, you can actually see the overall risk access rating of each role, allowing you to make informed decisions on how widely this role is given to support personnel (or not).

If you have knowledgeable, motivated people, this doesn’t take a huge amount of time. I am extremely lucky to have such a great team of people.

Once the roles were defined, signed off and agreed, the DBA Team created the roles/access very easily.

Note that once you have these documents in place and have implemented the framework within your database, these documents (and hence the roles within the database) should be strictly controlled otherwise all your work will have been for nothing……

So after not a huge amount of work we had roles for most applications that were nicely segregated, secured and with all key information masked appropriately. This can be seen in the Security Matrix below:

 

(Note how the General Database Access role was entirely removed once we worked out roles/access. The above is only a sample, not the real resources/roles).

So in a couple of weeks we went to very fine grained security on our Production System, without spending vast sums of either cash or time.

Our overall security had vastly improved for our Support access to Production. Indeed the data had really been masked very effectively yet we still could do effective support, without disclosing any critical data to our IT Support Staff.

 

Step 3 – Defining Your Access Security Processes

Without policies and procedures any security framework will fall to bits pretty quickly. Now this article isn’t really about processes, but here are the key aspects to consider. Security is not a one-time process. It’s a critical ongoing process that needs to have strong controls to keep you secure going forward:

  • When people join our company, we ensure that non-disclosure clauses are signed the very minute they step in the door.
  • Security is not just about securing your database or applications or data once.
  • The Database Security Architecture showing each module/access to tables/views should be agreed and signed off by the Business. It is important that Business understand the access IT has to data in a transparent manner. Too many IT organizations think they own the data. They don’t, they are merely custodians.
  • When new access is required for a Support person, or additional access is required, there must be a strong process to seek authorization from the Business for that access. This process should be formalized, ideally automated and fully auditable. We are currently implementing Oracle’s Identity Management product and intend to integrate the process into this.
  • When a person changes role or position, it is important that any access is immediately discontinued. Linking your process to the HRMS System gets you part of the way there and avoids any embarrassing moments when the auditor asks why a person that was fired still has access to your HRMS database details……..
  • When the Database Security Architecture documents need adjusted to add a new table/view, this must go through a formal change control process, with appropriate sign off by the Business users.
  • The DBA Team should not update any role to add/modify any table/view unless the change has been formally signed off in the Database Security Architecture documents. All requests for changes in the database should go through a formal turnover process which is fully auditable and approved by IT Management and Business Users.
  • A monthly review of Support Personnel/Access/Roles should be done by the person managing the Team. This doesn’t take long and ensures that only those needed access have access. Documenting this process protects you when the auditors role in. (Note the Oracle Database can be configured to automatically email you the roles/people/number of accesses)
  • There is one other interesting area. If you formalize the Data Architecture documents and make that part of every project before go-live, you’ll also ensure that support for go-live is properly thought through and adding new systems does not compromise security going forward.

 Step 4 – Encrypt Non-Production Databases

I’ll cover this in another article (working title is Securing your R12 using Captured Alien Technology from Roswell), but the key point here is that there is no point in protecting your production database, if you then clone and have all the same access in copies of production……..Security is about all your databases, not just Production.

 Step 5 – Securing all Layers

Again, this is beyond the scope of this article, but keep in mind that the best security is a layered approach. Your Oracle ERP security framework must involve all of the following:

  1. Network
  2. Servers (Linux, Unix, etc)
  3. Oracle ERP (across the modules)
  4. Individual Modules (each with their own security models)
  5. Database
  6. Security Patch Policy across all areas

Security is only as strong as the weakest layer…….A couple of the best articles that take a holistically approach are found in the Related Articles Section at the end of this article.

 Step 6 – Future Directions

Our goal in this article was to make others aware of simple steps to improve security for Support Staff supporting Production systems by using role based access at the database level.

However, as we looked more and more on the security, and as we became more aware of the challenges, but also consequences of getting it wrong, we see other opportunities that remain very interesting future initiatives that we will seriously look at.

We’re interested to lock down database access to restricted IP addresses. This will stop password sharing, but also ensure that even if an account is compromised, unless you sit in the person’s chair, you’re still going to have difficulty accessing. Not bullet proof for sure, but it adds another layer in our security.

We’re interested in auditing the database statements of support personnel and perhaps moving database roles/custom built to a more secure and robust solution. It looks like Oracle’s Audit Vault may get us there, but at a heavy price. This can implement roles in a more secure manner, provide full auditing, reporting, restrict data by IP address and a whole lot more.

We do already have data scrambling and encryption on our non-Production databases, along with formalized controls and processes. However as one article points out, the days of custom scripts are coming to an end (or is it just an Oracle sales pitch to get you to buy the products?) and we are seriously looking at a couple of options:

  1. The Oracle Enterprise Manager with Data Masking Pack. This allows you to setup and execute data masking. With Grid Control you can then have central data masking across all Non-Production databases. So yes they are trying to sell you even more, but then again, it’s better and cheaper than a 15M US Dollar fine for non-compliance…..
  2. Oracle Application Management Pack for ERP – This is a pretty broad release that provides functionality for Configuration Management, Application Performance Management and Service Level Management (including related to this article obfuscating sensitive data). This will allow you to clone and scramble data in a single process.

 

 One area we are interested in looking at in the respect of functional changes, setup, etc is the GRC (Governance, Risk and Compliance) module. This provides a lot of the audit capturing and reporting capability as a by-product of the general setup process. More details can be found at the end of this column. We haven’t fully evaluated this product but it does look interesting. Again Oracle has added analytics that could potentially make this a complete, all round solution (subject to our evaluation).

Oracle Identity Management. We are so interested in this product that we actually went out and bought it. This will once fully operational, control access to all our key systems, allowing us to comply with key controls from both auditors and legislation. We intend to use this directly linked to our HRMS system to basically provide all provisioning of user accounts, access, etc. This is linked not only to the triggering HR Process, but also directly to the Business owners who grant access to the modules, all using Oracle workflow technology. We’re also having a close look at the Identity Management analytics, although have not bought this yet. The two products combined can not only provide very strong security, but save a huge amount on the cost of our compliance, which becomes more and more every year……

 

 

Our final exercise is to get every Support Person off Production completely. We’re working on nightly, automated clones with data scrambling. At that point we expect to remove almost all access to Production. After all you have everything you need to do your job as a support person, bar critical calls. This is where we really want to be, but whether we get to that point remains to be seen, but we’re certainly going to try.

Of course, we’ll have all the usual security exercises on database hardening, ERP hardening, Linux hardening, segregation of duties, access control, etc going to ensure we have continuous improvement across these key areas.

I hope you’ve enjoyed this article and hopefully it provided some useful insights into how we are improving security and easing our compliance burden overall. This article has mainly been on securing data in Production from support, but I guess I’ve gone off on a tangent into some other closely connected areas also……

 I’d be very interested also to hear comments from others, as I think security is such a vast topic that really others views (please do comment) would be very helpful.

So what are you doing on security of data encryption/access to production data?

I’d very much appreciate anyone to comment. (I have written this column in the hope of actually getting feedback and learning what others are doing to improve what I also do :-)  )

And now, if you’ll excuse me, I’m off to apply a security patches to Production before the PWC Auditors from Hong Kong (awesome city) role in for a Penetration Test in October……..I like to call them my Loser friends (nothing like poking fun at the auditors….the loser buys lunch……), but they are immensely smart guys (as most PWC folks seem to be) and security is always a moving target requiring continuous improvement, so it’ll be interesting to see if I put one over on the auditors yet again (where they find nothing) or they finally put one over me and I need to buy them lunch…….

Of course either way, our company will be a safer and better place, security wise.

 

Related Articles

I hope that as you start to consider security in more depth, you may find the other articles relevant and useful reading also. My thanks go to the generous authors on a number of the articles below for sharing their knowledge for the wider Oracle ERP (and also Oracle Database) community.

Oracle Audit Vault

Oracle Governance, Risk and Compliance

Best Practices for Securing Oracle E-Business Suite Release 12 (Note 403537.1)

Oracle Identity Management

Oracle Identity Management Analytics

Oracle ERP Management Tools and Solutions

Oracle Applications Management Pack (with Data Scrambling)

Oracle Enterprise Manager 11G

Oracle Enterprise Manager 11G Data Masking Pack

Security Breaches – US Company Penalty

Security Breaches – UK Data Protection Penalties 1

Security Breaches – UK Data Protection Penalties 2

Security Breaches – California hospital Penalties

Security Breaches – HSBC Penalties

Germany Company Penalties

Data Masking – Strengthening Data Privacy and Security

Solution Beacon Security Column

Solution Beacon Security Best Practices

Project Lockdown – Securing Your Database

Recommendations for Leveraging the Critical Patch Updates

Oracle Security Column – Technology Network

Mask your Secrets using Oracle Enterprise Manager

Oracle Security Column – Documentation and Best Practices

Oracle Security Column – Critical Patch Updates and Security Alerts


Follow

Get every new post delivered to your Inbox.

Join 42 other followers