ERP System Controls
15 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What do IT application controls (ITACs) control in an ERP system?

  • Output functions only
  • Input, processing, and output functions (correct)
  • Input functions only
  • Processing functions only
  • Segregation of duties (SoD) requires the same person to approve a transaction, record it, and have custody of the assets involved.

    False

    What is the main purpose of Role-Based Access Control (RBAC) in an ERP system?

    Assign individuals to organizational roles and those roles to specific access in the system

    _______ is a concept of requiring different people to complete different parts of a process to reduce the risk of erroneous and inappropriate actions.

    <p>Segregation of duties</p> Signup and view all the answers

    Match the following controls with their descriptions:

    <p>Logical Access Controls = Policies, procedures, organizational structure, and electronic controls designed to restrict access to information systems and data only to individuals with genuine authority to access the information Data Center Controls = Focus on the physical security of the data center where the servers that support the ERP system are kept IT General Controls = Apply to all systems components, processes, and data for a given organization or IT environment to secure and validate the data contained in the systems Program Change Controls = Govern the changes made to programs, ensuring proper design, testing, validation, and approval prior to migration to the production environment</p> Signup and view all the answers

    The ERP system's general ledger is the primary source of data for financial statements.

    <p>True</p> Signup and view all the answers

    ERP systems are designed to bypass internal controls to increase efficiency.

    <p>False</p> Signup and view all the answers

    Auditors do not need to inspect IT controls during a year-end audit.

    <p>False</p> Signup and view all the answers

    IT application controls are not necessary for ERP systems.

    <p>False</p> Signup and view all the answers

    ERP systems do not have built-in auditing capabilities.

    <p>False</p> Signup and view all the answers

    Role-Based Access Control (RBAC) is not necessary for ERP systems.

    <p>False</p> Signup and view all the answers

    Segregation of duties (SoD) requires multiple people to perform the same task.

    <p>False</p> Signup and view all the answers

    IT general controls are not necessary for ERP systems.

    <p>False</p> Signup and view all the answers

    Program change controls are not necessary for ERP systems.

    <p>False</p> Signup and view all the answers

    Logical access controls are not necessary for ERP systems.

    <p>False</p> Signup and view all the answers

    Study Notes

    IT Application Controls (ITACs)

    • ITACs control input, processing, and output functions of an ERP system by enabling, disabling, or limiting user actions and enforcing business-driven rules and data quality.
    • ITACs facilitate data accuracy, completeness, validity, verifiability, and consistency to ensure confidentiality, integrity, and availability of the ERP application and its associated data.

    Segregation of Duties (SoD)

    • SoD is a concept requiring different people to complete different parts of a process, reducing the risk of erroneous and inappropriate actions by employees.
    • Segregation of duties is a deterrent to fraud, requiring three functions to be kept separate: approving a transaction, recording and reconciling the transaction, and having custody of the assets involving the transaction.

    Role-Based Access Control (RBAC)

    • Authorization in an ERP system is accomplished through RBAC, assigning individuals to organizational roles and those roles to specific access in the system.
    • A person can be assigned to more than one role, but may be required to act in a single role at any one time.

    Auditing IT Application Controls (ITAC)

    • It is essential to subject a company's ERP software to a thorough and detailed audit, as transactions involving money, material, and services are recorded in the application.
    • The first questions the auditor should ask are "What does this module do?" and "What business process or processes does this module support?"

    IT General Controls (ITGCs)

    • ITGCs are controls that apply to all systems components, processes, and data for a given organization or IT environment.
    • ITGCs secure and validate the data contained in systems that process financial transactions.

    Program Change Controls

    • Program change controls govern changes made to programs, including the ERP system and underlying database, based on user requests or maintenance requirements.
    • These controls ensure that changes are properly designed, tested, validated, and approved prior to migration to the production environment.

    Logical Access Controls

    • Logical access controls are policies, procedures, organizational structure, and electronic controls designed to restrict access to information systems and data only to individuals with genuine authority to access the information.
    • Logical access is part of Identity and Access Management (IAM), managing individual identities and privileges or permissions within or across system and company boundaries.

    Data Center Controls

    • Data center controls protect computer facilities and resources from environmental hazards, espionage, sabotage, damage, and theft.
    • Reliability is the ability of a system or component to execute its required functions under stated conditions for a specified period of time.
    • Availability is the degree to which a system or component is accessible and operational when needed.

    System Implementation Assurance (SIA)

    • SIA is an independent assessment of the health and expected outcome of the ERP implementation and corresponding change initiative.
    • SIA evaluates the design and implementation of IT General Controls and IT Application Controls to ensure they satisfy financial reporting, operational, and regulatory requirements.

    Control Risks

    • Control risks involve whether the design and implementation of IT General Controls and IT Application Controls will satisfy financial reporting, operational, and regulatory requirements.
    • Assurers evaluate control risks in areas such as IT application controls, IT general controls, and program change controls.

    Business Risks

    • Business risks to the ERP implementation present themselves early in the implementation during planning.
    • The SIA team evaluates the project plan, budget, and timelines.

    Project Risks

    • Project risks involve whether the ERP system will be delivered on time and on budget, meet stated requirements, and whether employees are adequately prepared for the new system and processes.
    • The SIA team evaluates project risks, including training, organizational change management, and project team experience.

    ERP System Controls

    • ERP system controls are implemented to ensure data accuracy, completeness, validity, verifiability, and consistency.
    • These controls guarantee the confidentiality, integrity, and availability of the ERP application and its associated data.

    Segregation of Duties (SoD)

    • SoD is an ITAC that requires different people to complete different parts of a process to reduce the risk of erroneous and inappropriate actions.
    • Three functions must be kept separate: approving a transaction, recording and reconciling the transaction, and having custody of the assets involving the transaction.

    Role-Based Access Control

    • Authorization in an ERP system is accomplished through role-based access control (RBAC), which assigns individuals to organizational roles and access levels.
    • A person can be assigned to multiple roles, but may need to log out and log in again to switch roles.

    Auditing Information Technology Application Controls (ITAC)

    • ERP software should undergo a thorough audit to ensure transactions are recorded accurately.
    • Auditors should ask "What does this module do?" and "What business process or processes does this module support?"

    IT General Controls (ITGCs)

    • ITGCs are controls that apply to all system components, processes, and data for a given organization or IT environment.
    • They secure and validate data contained in systems that process financial transactions.
    • ITGCs are the first line of defense in a secure ERP environment.

    Program Change Controls

    • Program change controls govern changes made to programs, including ERP system and underlying database changes.
    • These controls ensure that changes are properly designed, tested, validated, and approved prior to migrating to the production environment.

    Logical Access Controls

    • Logical access controls restrict access to information systems and data to individuals with genuine authority.
    • These controls differ from physical access controls, which control access to a building or room.

    Internal Control

    • Internal control is the policies and procedures put in place by an organization's board of directors, management, and other personnel to provide "reasonable assurance" regarding achievement of objectives.
    • Internal control minimizes IT risk by implementing various policies and procedures.

    ERP and Internal Controls

    • ERP systems process transactions that affect financial statements, and a company's year-end audit must include an inspection of IT controls.
    • ERP systems are designed with internal controls in mind, ensuring process integrity through automated postings and an audit trail.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Learn about IT application controls in ERP systems, including their role in ensuring data accuracy and security.

    More Like This

    Use Quizgecko on...
    Browser
    Browser