This book is designed not to provide detailed audit/review programs for ERP systems but to underline the main concepts involved in each major phase of the ERP life cycle, as well as the major components of ERP systems of special interest to auditors. It is intended to familiarize the reader with the built-in controls in the ERP architecture and recommend control procedures which may have audit significance. It also offers useful advice to IS auditors and IT departments in systems and control design to move toward the integrated audit Approach.
Although this book is written for use within the audit function, it may also be of wider interest. Management may find the information useful in assessing the effectiveness of control procedures over systems at various points in their ERP life cycle stages. Audit can use the knowledge and know-how (gained as a reference) in designing their audit programs to evaluate and test controls over their ERP system.
Finally, this book will be helpful as a basis for developing training courses for general audit staff, IT audit specialists, internal auditors, and others. The necessity of providing training and practical IT audit experience to all levels of audit staff will continue to be the cornerstone of any integrated initiative. An increase in importance will continue as the availability of smaller, faster, less expensive computer systems contributes to the expanded use of computers in large and small businesses.
Practical guidelines for assessing and managing the risk factors in ERP systems
ERP systems promise revolutionary integration of a business’s transactions–eliminating errors, improving efficiency, and offering employees universal access to information. Without proper implementation and maintenance, however, ERP systems can too easily become the 800-pound gorilla in the room, accomplishing little more than trading one set of problems for another. Integrated Auditing of ERP Systems provides IT managers a hands-on, practical guide to reducing risk and operating ERP systems effectively.
IT auditing expert Yusufali Musaji presents a structured methodology for managing risks in ERP systems and helpful auditing techniques to ensure their effectiveness. This one-of-a-kind instruction:
-
Breaks the ERP life cycle into six comprehensible steps
-
Explains the complex multilayered structure of data
-
Identifies risks to operational efficiency and data integrity
-
Maps how to conduct an integrated ERP audit
-
Includes a chapter on minimizing SAP-specific risks
IS auditors, IT managers, and chief security officers will find Integrated Auditing of ERP Systems to be an invaluable resource.