(10) What points to be considered while auditing ERP systems?
Answer: Following points to be considered while auditing ERP systems:
In any ERP system, following auditing aspects to be considered:
(i)Auditing of Data:
Physical Safety – To ensure appropriate physical control over data.
Access Control – To ensure that system access is given on “need to know” and “need to do basis”.
(ii)Auditing of Processes:
Functional Audit – To ensure that different functions / features in the system are working properly and testing of the overall process .E.g. Purchase Process, Sales Process etc.
Input Validations – This stands for checking of rules for input of data into the system. E.g. backdating not to be allowed, amount field must not be zero, stock item field shall not be empty, etc. Input validations shall change according to each data input form.
- The primary objectives of an audit of controls do not change in an ERP environment.
- Following are some of the important questions auditor should ask during ERP audits:
- Does the system process according to GAAP (Generally Accepted Accounting Principles) and GAAS (Generally Accepted Auditing Standards)?
- Does the system ensure confidentiality of information?
- Does the system ensure integrity of information?
- Does the system ensure availability of information?
- Does the system ensure regulatory requirements?
- Are user privileges based on what is called “role-based access?”
- Is there an ERP system administrator with clearly defined responsibilities?
- Are there adequate audit trails and monitoring of user activities?
- Is there a problem-escalation process?
In any ERP system, following auditing aspects to be considered:
(i)Auditing of Data:
Physical Safety – To ensure appropriate physical control over data.
Access Control – To ensure that system access is given on “need to know” and “need to do basis”.
(ii)Auditing of Processes:
Functional Audit – To ensure that different functions / features in the system are working properly and testing of the overall process .E.g. Purchase Process, Sales Process etc.
Input Validations – This stands for checking of rules for input of data into the system. E.g. backdating not to be allowed, amount field must not be zero, stock item field shall not be empty, etc. Input validations shall change according to each data input form.