Recent

  • Show all results for ""
quiz image
By @uns__nstudio

ERP System Controls

NonViolentBeige7156 avatar
NonViolentBeige7156
·
·
Download

Start Quiz

Study Flashcards

15 Questions

What do IT application controls (ITACs) control in an ERP system?

Input, processing, and output functions

Segregation of duties (SoD) requires the same person to approve a transaction, record it, and have custody of the assets involved.

False

What is the main purpose of Role-Based Access Control (RBAC) in an ERP system?

Assign individuals to organizational roles and those roles to specific access in the system

_______ is a concept of requiring different people to complete different parts of a process to reduce the risk of erroneous and inappropriate actions.

Segregation of duties

Match the following controls with their descriptions:

Logical Access Controls = Policies, procedures, organizational structure, and electronic controls designed to restrict access to information systems and data only to individuals with genuine authority to access the information Data Center Controls = Focus on the physical security of the data center where the servers that support the ERP system are kept IT General Controls = Apply to all systems components, processes, and data for a given organization or IT environment to secure and validate the data contained in the systems Program Change Controls = Govern the changes made to programs, ensuring proper design, testing, validation, and approval prior to migration to the production environment

The ERP system's general ledger is the primary source of data for financial statements.

True

ERP systems are designed to bypass internal controls to increase efficiency.

False

Auditors do not need to inspect IT controls during a year-end audit.

False

IT application controls are not necessary for ERP systems.

False

ERP systems do not have built-in auditing capabilities.

False

Role-Based Access Control (RBAC) is not necessary for ERP systems.

False

Segregation of duties (SoD) requires multiple people to perform the same task.

False

IT general controls are not necessary for ERP systems.

False

Program change controls are not necessary for ERP systems.

False

Logical access controls are not necessary for ERP systems.

False

Study Notes

IT Application Controls (ITACs)

  • ITACs control input, processing, and output functions of an ERP system by enabling, disabling, or limiting user actions and enforcing business-driven rules and data quality.
  • ITACs facilitate data accuracy, completeness, validity, verifiability, and consistency to ensure confidentiality, integrity, and availability of the ERP application and its associated data.

Segregation of Duties (SoD)

  • SoD is a concept requiring different people to complete different parts of a process, reducing the risk of erroneous and inappropriate actions by employees.
  • Segregation of duties is a deterrent to fraud, requiring three functions to be kept separate: approving a transaction, recording and reconciling the transaction, and having custody of the assets involving the transaction.

Role-Based Access Control (RBAC)

  • Authorization in an ERP system is accomplished through RBAC, assigning individuals to organizational roles and those roles to specific access in the system.
  • A person can be assigned to more than one role, but may be required to act in a single role at any one time.

Auditing IT Application Controls (ITAC)

  • It is essential to subject a company's ERP software to a thorough and detailed audit, as transactions involving money, material, and services are recorded in the application.
  • The first questions the auditor should ask are "What does this module do?" and "What business process or processes does this module support?"

IT General Controls (ITGCs)

  • ITGCs are controls that apply to all systems components, processes, and data for a given organization or IT environment.
  • ITGCs secure and validate the data contained in systems that process financial transactions.

Program Change Controls

  • Program change controls govern changes made to programs, including the ERP system and underlying database, based on user requests or maintenance requirements.
  • These controls ensure that changes are properly designed, tested, validated, and approved prior to migration to the production environment.

Logical Access Controls

  • Logical access controls are policies, procedures, organizational structure, and electronic controls designed to restrict access to information systems and data only to individuals with genuine authority to access the information.
  • Logical access is part of Identity and Access Management (IAM), managing individual identities and privileges or permissions within or across system and company boundaries.

Data Center Controls

  • Data center controls protect computer facilities and resources from environmental hazards, espionage, sabotage, damage, and theft.
  • Reliability is the ability of a system or component to execute its required functions under stated conditions for a specified period of time.
  • Availability is the degree to which a system or component is accessible and operational when needed.

System Implementation Assurance (SIA)

  • SIA is an independent assessment of the health and expected outcome of the ERP implementation and corresponding change initiative.
  • SIA evaluates the design and implementation of IT General Controls and IT Application Controls to ensure they satisfy financial reporting, operational, and regulatory requirements.

Control Risks

  • Control risks involve whether the design and implementation of IT General Controls and IT Application Controls will satisfy financial reporting, operational, and regulatory requirements.
  • Assurers evaluate control risks in areas such as IT application controls, IT general controls, and program change controls.

Business Risks

  • Business risks to the ERP implementation present themselves early in the implementation during planning.
  • The SIA team evaluates the project plan, budget, and timelines.

Project Risks

  • Project risks involve whether the ERP system will be delivered on time and on budget, meet stated requirements, and whether employees are adequately prepared for the new system and processes.
  • The SIA team evaluates project risks, including training, organizational change management, and project team experience.

ERP System Controls

  • ERP system controls are implemented to ensure data accuracy, completeness, validity, verifiability, and consistency.
  • These controls guarantee the confidentiality, integrity, and availability of the ERP application and its associated data.

Segregation of Duties (SoD)

  • SoD is an ITAC that requires different people to complete different parts of a process to reduce the risk of erroneous and inappropriate actions.
  • Three functions must be kept separate: approving a transaction, recording and reconciling the transaction, and having custody of the assets involving the transaction.

Role-Based Access Control

  • Authorization in an ERP system is accomplished through role-based access control (RBAC), which assigns individuals to organizational roles and access levels.
  • A person can be assigned to multiple roles, but may need to log out and log in again to switch roles.

Auditing Information Technology Application Controls (ITAC)

  • ERP software should undergo a thorough audit to ensure transactions are recorded accurately.
  • Auditors should ask "What does this module do?" and "What business process or processes does this module support?"

IT General Controls (ITGCs)

  • ITGCs are controls that apply to all system components, processes, and data for a given organization or IT environment.
  • They secure and validate data contained in systems that process financial transactions.
  • ITGCs are the first line of defense in a secure ERP environment.

Program Change Controls

  • Program change controls govern changes made to programs, including ERP system and underlying database changes.
  • These controls ensure that changes are properly designed, tested, validated, and approved prior to migrating to the production environment.

Logical Access Controls

  • Logical access controls restrict access to information systems and data to individuals with genuine authority.
  • These controls differ from physical access controls, which control access to a building or room.

Internal Control

  • Internal control is the policies and procedures put in place by an organization's board of directors, management, and other personnel to provide "reasonable assurance" regarding achievement of objectives.
  • Internal control minimizes IT risk by implementing various policies and procedures.

ERP and Internal Controls

  • ERP systems process transactions that affect financial statements, and a company's year-end audit must include an inspection of IT controls.
  • ERP systems are designed with internal controls in mind, ensuring process integrity through automated postings and an audit trail.

Learn about IT application controls in ERP systems, including their role in ensuring data accuracy and security.

Make Your Own Quizzes and Flashcards

Convert your notes into interactive study material.

Get started for free

More Quizzes Like This

ERP Systems Quiz
5 questions

ERP Systems Quiz

GladJubilation avatar
GladJubilation
ERP and SAP Expertise Quiz
10 questions

ERP and SAP Expertise Quiz

BalancedEuphoria avatar
BalancedEuphoria
ERP and CRM Systems Functions
9 questions

ERP and CRM Systems Functions

MajesticPetra avatar
MajesticPetra
Enterprise Resource Planning (ERP) Systems in Business Management
10 questions

ERP Quiz: How Enterprise Resource Planning Systems Reduce Training Nee...

WholesomeIolite avatar
WholesomeIolite
Use Quizgecko on...
Browser
Open
Browser
Browser