ERP Systems Overview Quiz

Questions and Answers

Which type of controls are implemented at the time of installing the ERP?

Configurable controls (correct)

Inherent controls

Embedded controls

Processing controls

Which options are commonly known as processing controls?

Inherent and configurable controls

Configurable and embedded controls

Management and security controls

Both B & C (correct)

What is a fundamental aspect of inherent controls?

Ensuring Debit equals Credit (correct)

Mandatory third-party validation

Integration with external systems

Documentation of all procedures

What must an auditor do if they find ineffective General IT Controls (GITC)?

Test the automated controls

Should an auditor report deficiencies that were present in prior audit periods?

Yes, they should always mention it

What is the nature of the audit procedures required for companies?

Both listed and unlisted companies

Which term best describes a system where all modules are seamlessly connected?

Integrated system

In an ERP system, how many primary sets of Books typically exist?

One, all

Which of the following is not a possible reason why substantive procedures may not be feasible in ERP?

Low level of integration

Which of these best characterizes the flow of transactions in an integrated ERP system?

Transactions flow between relevant modules

What does an integrated Enterprise Resource Planning system imply about its modules?

They are interconnected and collaborative

In the context of ERP systems, what is a characteristic trait of transactions?

Distributed processing is common

What is implied by a 'high volume of transactions' in ERP systems?

Increased complexity in audits

What can be utilized to extract payroll information such as leaves available per employee?

Database Queries

Which of the following is not considered an element for determining the testing strategy for reports?

Validation Techniques

What is included in the validation of reports?

All of the above

Before planning to understand the types of reports, the auditor checks the ____________ of the data.

Integrity

When may the auditor limit test procedures to validate or test the reports?

When GITC are effective

Which indicative commands are used by companies in SAP to generate reports?

All the above

What aspect of report validation ensures that all necessary data is included?

Completeness check

Which of the following would NOT typically be checked for during data validation?

Data Source Authentication

What does NSJE stand for?

Non Standard Journal Entries

Where can unusual, non-recurring transactions typically be directly entered?

General Ledger

Estimates and impairments are generally categorized as what type of journal?

Non Standard journals

What should be noted while understanding IT/ERP systems that record entries?

Timing of entries

Which of the following are considered fraud risk factors leading to unusual transactions?

All of the above

In which type of entries are unusual transactions for non-recurring events typically recorded?

General ledger entries

What does PCI-DSS stand for?

Payment Card Industry Data Security Standard

Which of the following best describes non-standard journal entries?

Entries for unusual or irregular transactions

What could lead to non-standard journal entries besides impairments?

One-time extraordinary events

Which of the following is NOT a key aspect of SA 300?

Evaluating the audit evidence

Which of the following standards is related to assurance engagements?

ISAE

What area does PCI-DSS primarily address?

Security of payment card information

Which of the following terms is associated with ISAE?

Assurance Engagements

Payment Card Industry Data Security Standard is developed to ensure what?

Protection of cardholder data

How does ISAE benefit auditors?

By establishing overall audit objectives

Which of the following is part of the goals of PCI-DSS?

To secure payment processing systems

The main focus of SA 300 is primarily on which aspect?

Planning the audit strategy

What must be tested annually for completeness and accuracy?

Custom reports

Who needs to be verified by the auditor when testing custom reports?

Authorized users

What should be verified if changes occurred to a custom report before an audit?

Approval of changes

What type of access do users with critical business activity capabilities have in an ERP?

Sensitive Access

What is the purpose of segregation of duties?

To prevent conflicts of interest

What generally defines the relationship between ERP roles and users?

Many to many

What group typically consists of regular employees who perform daily tasks in an ERP?

Normal Users

What represents a designation within a company and not an individual?

Roles

What type of errors may occur when deficiencies are present in a tested report?

Significant reporting errors

What distinguishes privileged users in an ERP system?

Extensive access

Internal users of the ERP system that perform automated operations are known as?

System Users

What kind of users do not belong to the company?

External Users

What is an effective access control feature in an ERP?

All of the above

What are controls established to manage data manipulation in the context of databases?

Effective controls

Study Notes

ERP Systems

• ERP systems (Enterprise Resource Planning) are integrated management systems encompassing various business functions.
• Examples include SAP and Oracle.

Internal Control Risk Assessment (SA 315)

• Auditors aim to identify and assess material misstatement risks, including fraud.
• Understanding the entity and internal control environment, including relevant information systems.
• Auditor's responsibility is to design and implement responses in audit procedures in response to SA315.
• Assessing the effectiveness of internal controls for reporting.

Governance Framework

• The business team is the owner of data residing within application.
• Ownership is transferred to the IT team in charge of application
• Communication channels are crucial between Chief Information Officer and Chief Financial Officer for effective data management

Automated Environment Risks

• Automated environments present numerous risks due to the complexity and interconnectedness of applications.
• Risks are influenced by the number and location of applications within the system.

Reporting from ERP Systems

• Standard generated reports are provided by ERP systems to businesses
• Customised reports are developed for business use within the ERP system.
• Database queries are used to retrieve information in a structured format from the database.

Controls in ERP

• Inherent controls ensure the accuracy, completeness, and validity of transactions, present in ERP.
• Configurable controls are those implemented during ERP installation in an organization.
• Input controls are the first point of control within ERP.

Sensitive Access and Segregation of Duties (SOD)

• Sensitive access in an ERP system grants extensive or unrestricted access to carry out various activities.
• Role-based access control (RBAC) involves grouping related access rights into roles for streamlined user management.
• Segregation of Duties is the distribution of job roles among employees to avoid conflicts and ensure accountability.

User Roles and Access

• Normal users perform daily operations within the ERP system.
• System users execute automated operations and transactions.
• Privileged users possess extensive or unlimited access for key activities.
• Default users come embedded with the ERP software
• Generic users are positions or designations, not specific people
• Temporary users are granted access for a limited time.
• External users represent individuals/entities outside the company
• Multiple roles and users can interact in a "many-to-many" relationship.

User and Access Control Deficiencies

• Auditors must document and report control deficiencies to management, following standards.
• The deficiencies relating to user access controls should be evaluated in order to understand the impact of the deficiencies on audit.
• Understanding the business environment and IT environment is a crucial starting point for audits on segregation of duties.
• The business rules for the implementation and review of SOD and sensitive access should focus on the company rules, policies and procedure.

ERP Migration and Data Procedures

• ERP migration involves planning, system design, data conversion/configuration, testing, and go-live stages.
• Rollback procedures are for managing potential errors during the process.
• During migration, sensitive access, SOD, and related controls must be considered.
• Internal auditors can provide valuable experience regarding ERP changes.
• Documentation is essential to effectively manage any ERP implementation.

Financial Data Records (Journal Entries)

• Standard journal entries record regular transactions.
• Non-standard journal entries capture unusual and non-recurring transactions, adjustments, and corrections.
• Non-standard entries are often not subject to normal internal controls.
• The extraction and analysis of JE data can be enhanced using software scripts.

Query Creation and Usage in ERP

• Subqueries can be used within queries to filter specific output values.
• Access uses a variety of queries ranging from simple to complex, capable of extracting aggregated results.
• Joins in Access can connect data from different tables.
• Aggregate functions summarise numerical values.
• A wide arrange of filters are available for further refinement.

Working with and Summarizing Data

• Using Pivot Tables helps users quickly summarize and analyze data in a spreadsheet.
• Calculations can be run on existing data using expressions and functions.
• Conditional formatting highlights cells containing specific values, a powerful method to track and refine data during analyses.

Statistical and Probability Concepts

• Benford's Law is useful for identifying potential data irregularities when a specific numerical pattern appears significantly off from the expected value.
• Hypothesis testing involves comparing observed data to a predicted outcome, using calculated probabilities to determine whether to accept or reject those probabilities.
• Statistical analysis is crucial for drawing meaningful conclusions from data sets.

Data Mining and Warehousing

• Data Mining is used to uncover patterns from a database.
• Data Warehousing is a repository for storing and organizing historical data, for analysis.
• OLAP is the technique and tool to query complex multi-dimensional databases.
• Operational Data Stores are used for detailed data for processes.

Accounting and Financial Concepts

• Financial Planning involves establishing financial targets.
• Depreciation is the accounting process for spreading the cost of using an asset over its useful life.
• Cash budgets and capital budgeting are used to manage and model monetary flow in a business.
• Various financial ratios help in comparison analysis.

Excel Functions

• Specific Excel functions are used to generate and manage financial/accounting data
• Excel functions help in performing various calculations on financial data.
• There are tools in Excel suited for various data management activities.

Description

Test your knowledge on Enterprise Resource Planning (ERP) systems with this quiz. Explore key concepts such as controls, audit procedures, and transaction characteristics within ERP environments. Ideal for students and professionals looking to enhance their understanding of ERP.