ERP Solutions

AUDIT OBJECTIVES

The fundamental objectives of an audit of controls do not change in an ERP environment. When valuating controls over ERP systems, decisions must be made regarding the relevance of operational internal control procedures to Information Technology (IT) controls. Specific control procedures for audit objectives must be tested. Descriptive material on control procedures and sample compliance tests will be provided. This material will be as detailed as possible and should be read selectively, considering its relevance to the specific environment being audited.

In addition to primary audit responsibilities, auditors should be able to provide advice on effective design of control procedures. Audit should communicate significant weaknesses that come to their attention to the appropriate IT personnel. Auditors should also be alert to weaknesses that require special reviews and be capable of assessing computer systems under development, in addition to the existing systems.

SYSTEM ARCHITECTURE

The fundamental objectives of an audit of controls do not change in an ERP environment. When valuating controls over ERP systems, decisions must be made regarding the relevance of operational internal control procedures to Information Technology (IT) controls. Specific control procedures for audit objectives must be tested. Descriptive material on control procedures and sample compliance tests will be provided. This material will be as detailed as possible and should be read selectively, considering its relevance to the specific environment being audited.

In addition to primary audit responsibilities, auditors should be able to provide advice on effective design of control procedures. Audit should communicate significant weaknesses that come to their attention to the appropriate IT personnel. Auditors should also be alert to weaknesses that require special reviews and be capable of assessing computer systems under development, in addition to the existing systems.

IMPLEMENTATION OVERVIEW

At this point, the ERP and the computing environment on which the ERP system operates have been treated separately. In reality, they are not mutually exclusive and independent. The strength of one affects the other. The focus of this book is on ERP systems. Our basis assumes a large networked system which stores, processes, and transmits sensitive data and information. Enterprise Resource Planning (ERP) is an industry term for the broad set of activities supported by multimodal application software that helps a manufacturer or other business manage the important parts of its business, including product planning, parts purchasing, maintaining inventories, interacting with suppliers, providing customer service, and tracking orders.

ERP can also include application modules for the finance and human resources aspects of a business. Typically, an ERP system uses or is integrated with a relational database system. The deployment of an ERP system can involve considerable analysis of business process, employee retraining, and new work procedures.

CHARACTERISTICS

When most people refer to the “core” ERP applications or “modules”, they mean the back-office capabilities to manage human resources, accounting and finance, manufacturing, and project-management functions. However, major ERP suites from Oracle, PeopleSoft, and SAP now provide much more—including modules for sales force automation, business intelligence, customer relationship management, and supply chain management. Although the objectives of our review, evaluation, and testing of the control framework are the same, there are some significant differences between ERP and non-ERP systems.