IT Environment and ERP Overview

Questions and Answers

Which of the following is NOT an example of an Enterprise Resource Planning (ERP) software?

• SAP
• Photoshop (correct)
• Quickbooks
• FIS Global

Oracle is a well-known example of ERP software.

True (A)

Name one benefit of using Cloud Computing in an IT environment.

Scalability

Mobile Device Management refers to managing and securing ______ devices within an organization.

mobile

Match each auditing type with its purpose:

Internal Auditing = Evaluates the internal controls of an organization External Auditing = Conducted by an independent party for compliance validation IT Auditing = Assesses information systems and technology controls Financial Auditing = Examine financial statements for accuracy and compliance

Which of the following is an example of a Cloud Computing service?

Salesforce (D)

IT Governance primarily focuses on the management and control of IT resources in an organization.

True (A)

Name one role of an IT Auditor.

To assess the organization's IT risk management.

The primary purpose of __________ is to ensure the accuracy and reliability of financial reporting.

Financial Auditing

Match the following ERP software with their main companies:

SAP = SAP SE Oracle = Oracle Corporation Quickbooks = Intuit FIS Global = FIS

Flashcards

ERP System

A system of integrated software applications that manages various aspects of a business, such as accounting, human resources, and customer relations.

Cloud Computing

The delivery of computing services—including servers, storage, databases, networking, software, analytics, and intelligence—over the internet ('the cloud').

IT Audit

A systematic process of evaluating the effectiveness and efficiency of an organization's information technology (IT) systems and processes.

IT Governance

Framework of policies, procedures, and structures adopted by an organization to ensure that IT supports business objectives effectively and responsibly.

ITGC's

Information Technology General Controls are standard rules or procedures to ensure a smooth operation of IT systems.

Mobile Device Management

A system for managing and securing mobile devices used within an organization, enforcing policies, controlling access, and monitoring usage.

What are the pillars of IT governance?

The key components of IT governance are responsibility, accountability, and transparency. This signifies clear roles and responsibilities for IT management, accountability for IT decisions and performance, and a transparent approach to IT activities and outcomes.

What is the primary purpose of auditing IS/IT?

The primary purpose of auditing IS/IT is to ensure that the organization's IT systems and processes are adequate, efficient, and secure in supporting business goals and objectives.

What are application controls?

Application controls are specific procedures designed to protect and safeguard individual applications or programs used within an organization. They ensure data accuracy, completeness, and integrity within these applications.

What is the role of an IT auditor?

An IT auditor is responsible for evaluating the effectiveness and efficiency of IT systems and processes, ensuring they meet business objectives and comply with relevant regulations and standards.

Study Notes

IT Environment

• Garbage in, garbage out
• Auditing cannot be replaced by AI, it requires human judgment
• Makes processes faster
• Used by national and international organizations
• Improved data storage ability, requiring better control
• Control processes affected, but objectives remain constant
• Technology altered audit methods; auditors need specialized IT skills

Enterprise Resource Planning (ERP)

• Software providing standard business functions in an integrated IT environment
• Allows multiple functions to access a common database
• Reduces costs
• Increases data consistency and accuracy
• Includes procurement, inventory, accounting, HR, finance, asset management
• Management of fixed assets in multi-branch companies
• Data analyzing and more
• ERP examples include SAP, Oracle, Kyubi, Xero, Quickbooks, FIS Global
• Standard methods for automating processes
• Uses real-time information, generating faster financial statements and analysis

Cloud Computing

• Using the internet instead of local drives for data and programs
• Enables ubiquitous, convenient, on-demand access to computing resources
• Increasingly impacts the IT environment
• Used for business processes globally
• Considered key for business strategy
• Migration to shared infrastructure has risks
• Mobile device management applies to personal and work devices

Internet of Things (IoT) and Big Data

• Systems allowing remote assets (devices/sensors) to interact and communicate
• Big Data: large, high-velocity, complex variable data requiring advanced processing
• Meaningful information is pivotal for decision-making

Organization Strategy

• Information is the lifeblood of businesses
• IT is now integral for profitability and service
• IT governance is critical for self-review and assurance
• Includes security and privacy considerations.
• Aligning IT with business strategies.

Acts and Organizations Related to IT Audit

• Sarbanes-Oxley Act of 2002 (SOX)
• Securities and Exchange Commission (SEC) Act of 1934
• Public Company Accounting Oversight Board

Financial Auditing

• Auditing activities related to the fairness of financial statements
• Audits cover equipment, procedures, and data processing

Generally Accepted Accounting Principles (GAAP)

• Establishes consistent financial reporting guidelines for corporations

Generally Accepted Auditing Standards (GAAS)

• Sets standards for auditing procedures

Categories of Audit Standards

• General standards (professional competence, independence)
• Standards of fieldwork (planning, IC evaluation)
• Standards of reporting (consistency, disclosure)

Internal Auditing

• Provides independent assurance to enhance risk management, control, and governance
• Headed by the Chief Audit Executive, reporting to CEO, BOD, and Audit Committee
• Benefits management through insight

External Auditing

• Conducted by external organizations serving the public interest
• Evaluates the reliability of client IT systems
• Familiar with attest function encompassing all activities relating to financial statements

IT Auditing

• Provides assurance about the accuracy of information generated by applications
• Can include advisory services
• Covers people, processes, and IT structure

General Computer Controls (GCC) Audit

• Examines IT general controls (e.g., policies, procedures) related to applications
• Including administration and policies across multiple applications
• Includes custody, authorization, and recording

Information System (IS) and Application Controls

• IT general controls (ITGCs) protect against errors and misstatements
• Need for IT control is noted by different organizations.
• Computer-assisted audit tools (CAATs) are used
• Standards like ISO apply
• Business roles, compliance, and legal issues are parts of audits
• Complicated programming is addressed.
• Auditing complex system development life cycle and assessing data completeness, accuracy, and application controls

IT Governance

• Linking IT principles with enterprise objectives
• Managing IT investments, maximizing returns, and mitigating risks.
• IT ensures support of business goals
• Information dependence, vulnerabilities, and costs.

Roles of IT Auditor

• Advising organizations, setting best practices, and overseeing standards
• Support for senior management daily tasks
• Management effect on business through investigations and documentation
• Delving into computer forensics