MIS 5121: Exam 3 – Review Sheet

Slides:

Advertisements

Similar presentations

© 2009 by SAP AG. All rights reserved. / SAP University Alliances Page 1 Primary Learning Objectives Use the SAP system to experience the steps in a typical.

Advertisements

Internal Control.

The Islamic University of Gaza

Chapter 10: Auditing the Expenditure Cycle

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Chapter 1 INTRODUCTION TO ACCOUNTING INFORMATION SYSTEMS

IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS

Chapter 12 Auditing the Human Resource Management Process McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley The Impact of Information Technology on the Audit.

Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.

SAP An Introduction October 2012.

IT Service Delivery And Support Week Five IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA CISA CISSP) 1.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.

Central Piedmont Community College Internal Audit.

Computer Based Information Systems Control UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee.

Transaction Processing and the Internal Control Process Small Business Information Systems Professor Barry Floyd.

SAP GRC access ULg Pierre Blauwart – Project Manager HERUG BvD-it Confidential.

Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.

Introduction to Internal Control Systems

Learning Objectives LO1 Explain the key risks of misstatement in production and payroll processes. LO2 Outline the production process: typical transactions,

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.

Online | classroom| Corporate Training | certifications | placements| support CONTACT US: MAGNIFIC TRAINING INDIA USA :

IT Service Delivery And Support Week Eleven – Auditing Application Control IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA.

Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.

Evaluation of Internal Control System

Ensuring the Integrity of Financial Information Ensuring the Integrity of Financial Information C H A P T E R 5.

The Audit as a Management Tool Vermont State Auditor’s Office – April 2009.

Fundamentals I: Accounting Information Systems McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Management Advisory and Compliance Services Towson University Management Advisory and Compliance Services Internal Controls.

Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.

Financial Accounting (FI)

Exploitation of Semantic Web Technology in ERP Systems Amin Andjomshoaa, Shuaib Karim Ferial Shayeganfar, A Min Tjoa (andjomshoaa, skarim, ferial,

Enterprise Resource Planning Dr. Djamal Ziani. ERP Business Functions And SAP System CHAPTER 2.

Information Systems within the Organization

Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.

Confidential Beyond Financial Reporting What are people doing with all these numbers anyway?

Management Information Systems Islamia University of Bahawalpur Delivered by: Tasawar Javed Lecture 3b.

Exam Preparation 26 Oct, 8h00-11h00 HP2. 2 Bloom’s Taxonomy: 3.

McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing the Human Resource Management Process Chapter Twelve.

Internal Controls For Municipalities Vermont State Auditor’s Office – August 2008.

 Chapter 10 Information Systems within the Organization.

IT auditing in practice Marc Verdonk Eindhoven, November 27 th 2008.

Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with written approval from Gartner. Such approvals.

Experience perspective // CPAs & ADVISORS CLUB FINANCIAL MANAGEMENT BEST PRACTICES Presented by Rick Wittgren, CPA, partner.

Accounting: What the Numbers Mean Study Outlines and Overhead Masters Chapter 5.

Board Financial Oversight Governing Board Online Training Module.

Copyright © 2013 Avaali. All Rights Reserved. 1 SAP OpenText ECM Solutions: Vendor Invoice Management (VIM)

SAP MATERIALS MANAGEMENT(MM) TRAINING IN SOUTHAFRICA,AUSTRALIA

SAP GRC(Governance Risk and Compliance)/SECURITY ONLINE TRAINING  Magnific Name : SAP GRC/SECURITY 24*7 Technical support  faculty : Real time Experience.

Chapter 12 Auditing the Human Resource Management Process Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution.

Chapter 12 Auditing the Human Resource Management Process McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.

Auditing Concepts.

AUDITING BUSINESS PROCESSES Part Five. AUDITING BUSINESS PROCESSES Part Five.

Internal Control.

Accounting: What the Numbers Mean

Security Management: Successes and Failures

SAP GRC(Governance Risk and Compliance)/SECURITY ONLINE TRAINING UK

Managing the IT Function

The Impact of Information Technology on the Audit Process

Achieving Operational Excellence and Customer Intimacy:Enterprise Applications Chapter 9 (10E)

Defining Internal Control

Internal Controls Towson University

The Impact of Information Technology on the Audit Process

Effects of IT on Consideration of Internal Control in a Financial Statement Audit Dr. Donald McConnell Jr. 12/1/2018.

Unit 11 October 22, 2017.

SAP GRC EOH GRC Solutions Divisional divider Option 1.

The ABCs of ERP (Enterprise Resource Planning)

INTERNAL CONTROLS AND THE ASSESSMENT OF CONTROL RISK

James Baranello MIS 5121:Business Process, ERP Systems & Controls Week 8: Security 2 – Roles Financial Processes and Controls.

Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.

Presentation transcript:

MIS 5121: Exam 3 – Review Sheet Edward Beaver Edward.Beaver@temple.edu ff

ISC framework in the ERP environment Other Reg’s Organization’s Objectives & Policies External Financial Reporting regulations Balance Sheet P & L Notes FDA etc. Performance & Policies Arise through Must be observed / achieved in Business Processes _____ ______ ______ ______ ___ _______ ___________ __________ ______ __ _____ _______ _ ________ __ … Contain Risks ___________ ___________ Assertions Value / Benefits Errors & Fraud Minimized by ISC framework in the ERP environment Entity level controls Automated application controls Manual and semi-automated business process controls Authorizations and access protection (confidentiality, integrity) IT General controls (change management, operation, security) Automated testing and monitoring of business processes, KPIs, etc.

Procurement at GBI Marketing / Sales Customers Suppliers Supply Chain Finance / HR Payment

Procure to Pay Process Common Risks Common Controls

Order to Cash at GBI Marketing / Sales Customers Suppliers Supply Chain Finance / HR

Order to Cash Process Common Risks Common Controls

Environment Favorable to Fraud Framework for spotting high-risk situations _________________________ (____________________ _________) _____________________ ________________________ (____________________ _________) ______________________ (____________________ _________) Fraud __________ ____________ ________ / _________ Fraud Triangle

Inventory: Record Accuracy Does ______________-- Match __________________ Check: _______________ Physical Counting Cycle Counting

Typical SAP Landscape Development System Type of Users: - Type of Work: Quality-Assurance System Type of Users: - Type of Work: Production System Type of Users: - Type of Work:

Client Dependent vs. Independent System/Instance Client Dependent Dev 100 Master (Gold) ________ Data Dev 110 Dev Test … …. Dev 180 Data Conversion … …. Dev 900 Sandbox … …. Client Independent _____________ > Repository Objects (Client Independent Config _____________ - _____________, _____________ _____________ - _____________ _____________ > _____________

SAP Change Management SAP Transports are: ____________________________________________ They Contain: _________________________________________________ SAP Change Management Recommendations Risk: _____________________________________________ Control: _____________________________________________

System (Server) / Client Parameters Risk: _____________________________________________ Control: _____________________________________________

Table Security Tables are Integral part of SAP Application Different Types of Tables _________________ SAP is customized using thousands of ____________ tables through the _________________ (SPRO) Class Exercise: SE16N - T000, T001, MARA, TDAT (Auth groups)

Table and Information Security Risk: _____________________________________________ Control: _____________________________________________

Program & Development Security Good Development Practices _________________________________________ Control Concerns: Development, Data Dictionary

Powerful ID’s and Profiles List few SAP Supplied Powerful ID’s and Profiles that need ‘caged’ _________________________________________ Risks and Control Recommendations for Powerful ID’s / Profiles Risk: _____________________________________________ Control: _____________________________________________

Firefighter / Emergency User Valid Scenarios, Situations for Firefighter Use _________________________________________ Key differences of Firefighter vs. Regular ECC access: Audit of reason and transactions used Emergency vs. routine use Firefighter Best Practices

GRC & Other SAP Module Security GRC (G___________, R____, & C__________________ Module Beyond ERP / ECC and GRC: What is another SAP module What is another SAP module: _________________________________________ What does the module do: _______________________________________ ______________________________________________________________ How is Security Administered: ____________________________________ ______________________________________________________________ GRC v 10.0 Module Function / Reason for Being

Segregation of Duties Goal: __________________ Definition ‘__________________________________’ Person who ______________ should not be the person who ______________ . An Individual should only have 1 of following Responsibilities / Privileges: A_____________ R_____________ C_____________

Finance Common Risks Common Controls

Inventory Control Common Risks Common Controls