This preview shows page 1. Sign up to view the full content.
Unformatted text preview: es, multiple period accounting and
• Improves information access and management throughout the enterprise.
Auditing ERP Systems
An ERP solution by its very nature has some peculiarities which have to be
considered while planning and conducting the audit. Some of these are given
Implementation of an ERP solution goes closely with not only business
process reengineering but also with organizational remodelling; these may be
extensive in nature. Hence it is very important to evaluate whether the auditee
understands the full import of going for ERP and whether it has enough
organizational resilience and flexibility to undertake the project. Many ERP
projects have failed not because of technical deficiencies but because of a mismatch
between the management aspirations and organizational compliance.
The database is usually centralized and as the applications reside on multiple
users the system allows flexibility in customization and configuration. The
processing is real time online whereby the databases are updated simultaneously by
minimal data entry operations. The input controls are dependent on pre data
acceptance validation and rely on transaction balancing. Thus time tested controls
such are batch totals etc are often no longer relevant. Since the transactions are
stored in a common database the different modules update entries into the database.
Thus database is accessible from different modules. Moreover the authorization
controls ere enforced at the level of application and not the database. As a result the
security control evaluation is of paramount importance. Accordingly the auditors
have to spend considerable time understanding the data flow and transaction
processing. Since the system is heavily dependent on networking on a large scale
with increased access from not only users but also business associates and
customer's networks and database security are important areas to look into.
Vulnerability by increased access is a price that is paid for higher integration and
View Full Document
This note was uploaded on 10/27/2013 for the course LAW 10-100 taught by Professor Parsons during the One '10 term at Bond College.
- One '10