Description

Professors teaching ERP systems may consider including content about the auditing and security of these systems, which is very important for reliability and integrity of data and the IT infrastructure and provides assurance of IT controls that support the financial statement audit. This workshop includes materials that focus on teaching both general controls (i.e. logical access, program change and computer operations) and application controls (controls either configured or programmed into the ERP system), which are two categories of controls that must be in place for an IT audit. In particular, this workshop focuses on logical access in PeopleSoft, specifically, role based access controls. Then, we will learn about how program change control is accomplished in an SAP environment through the SAP transport, followed by discussing necessary controls in a data center, using a Big-4 provided template. Finally, we will discuss the ERP-specific content in the CISA, Certified Information Systems Auditor exam. This session includes a series of exercises that are relevant to instructors and practitioners alike.

Share

COinS
 
Aug 10th, 12:00 AM

Auditing and Security of ERP Systems

Professors teaching ERP systems may consider including content about the auditing and security of these systems, which is very important for reliability and integrity of data and the IT infrastructure and provides assurance of IT controls that support the financial statement audit. This workshop includes materials that focus on teaching both general controls (i.e. logical access, program change and computer operations) and application controls (controls either configured or programmed into the ERP system), which are two categories of controls that must be in place for an IT audit. In particular, this workshop focuses on logical access in PeopleSoft, specifically, role based access controls. Then, we will learn about how program change control is accomplished in an SAP environment through the SAP transport, followed by discussing necessary controls in a data center, using a Big-4 provided template. Finally, we will discuss the ERP-specific content in the CISA, Certified Information Systems Auditor exam. This session includes a series of exercises that are relevant to instructors and practitioners alike.