Description
Professors teaching ERP systems may consider including content about the auditing and security of these systems, which is very important for reliability and integrity of data and the IT infrastructure and provides assurance of IT controls that support the financial statement audit. This workshop includes materials that focus on teaching both general controls (i.e. logical access, program change and computer operations) and application controls (controls either configured or programmed into the ERP system), which are two categories of controls that must be in place for an IT audit. In particular, this workshop focuses on logical access in PeopleSoft, specifically, role based access controls. Then, we will learn about how program change control is accomplished in an SAP environment through the SAP transport, followed by discussing necessary controls in a data center, using a Big-4 provided template. Finally, we will discuss the ERP-specific content in the CISA, Certified Information Systems Auditor exam. This session includes a series of exercises that are relevant to instructors and practitioners alike.
Recommended Citation
Bradford, Marianne and Herman, Bob, "Auditing and Security of ERP Systems" (2017). AMCIS 2017 Proceedings. 4.
https://aisel.aisnet.org/amcis2017/PDSs/Presentations/4
Auditing and Security of ERP Systems
Professors teaching ERP systems may consider including content about the auditing and security of these systems, which is very important for reliability and integrity of data and the IT infrastructure and provides assurance of IT controls that support the financial statement audit. This workshop includes materials that focus on teaching both general controls (i.e. logical access, program change and computer operations) and application controls (controls either configured or programmed into the ERP system), which are two categories of controls that must be in place for an IT audit. In particular, this workshop focuses on logical access in PeopleSoft, specifically, role based access controls. Then, we will learn about how program change control is accomplished in an SAP environment through the SAP transport, followed by discussing necessary controls in a data center, using a Big-4 provided template. Finally, we will discuss the ERP-specific content in the CISA, Certified Information Systems Auditor exam. This session includes a series of exercises that are relevant to instructors and practitioners alike.