Home About IUP Magazines Journals Books Archives
     
A Guided Tour | Recommend | Links | Subscriber Services | Feedback | Subscribe Online
 
The IUP Journal of Audit Practice :
IT Audit Approaches for Enterprise Resource Planning Systems
:
:
:
:
:
:
:
:
:
 
 
 
 
 
 
 

Auditors operating in an ERP environment face special challenges, many of which they may not be fully equipped to face. Given the litigious environment, in which the auditors operate and the growth of technology in many companies, auditors must be prepared to effectively deal with the risks presented by ERP systems. The purpose of this paper is to address auditing issues that are specific to audits, involving clients with an Enterprise Resource Planning (ERP) system. The focus is on the risks and internal controls in an electronic environment. The paper reviews the literature in the ERP area as it relates to audits and covers the special issues that auditors face in an ERP environment. Suggestions are provided for controlling risks in these complex environments. The guidance provided will aid auditors, who come across the unique and complex environment created by the use of an ERP system. This will be a very valuable tool for practicing auditors.

 

Enterprise Resource Planning (ERP) systems are software packages that integrate two or more business modules into one system and can replace manual or independent applications while eliminating the need for external interfaces. For example, with the implementation of an ERP system, the financial module can be integrated with the manufacturing, inventory and shipping modules. ERP systems can be used by the companies that want to maintain portions of their current system, often referred to as `legacy systems,' while combining other business functions into one system. However, larger companies tend to implement ERP systems that integrate virtually all businesses modules into a single ERP system.

Because of their integrated nature, ERP systems have become popular among the firms of all sizes. The proliferation of ERPs makes it imperative for auditors to become knowledgeable about the various controls and recommended audit approaches that should exist for these systems. Maintaining data integrity is critical to risk management and complying with Section 404 of the Sarbanes-Oxley Act. Due to the system-wide integration, auditors must familiarize themselves with the underlying business processes, obtain assurance that the ERP system reflects the processes accurately, and change the way substantive tests are performed in an ERP audit.

 
 
 

Audit Practice Journal, Enterprise Resource Planning, ERP, Legacy Systems, Risk Management, System-Wide Integration, Information Technology, IT, Material Management, Supply-Chain Management Systems, SCMs, Customer Relationship Management Systems, CRMs, ERP System, Online Transaction Processing, OLTP, Electronic Data Interchange , EDI, Computer-Assisted Audit Techniques , CAATs.