E.R.P.S University of Palestine. Risks in an ERP environment : The use of ERP systems clearly introduces additional risks into the system environment.

Slides:

Advertisements

Similar presentations

Test process essentials Riitta Viitamäki,

Advertisements

Software Quality Assurance Plan

ITAuditing Using GAS & CAATs

Overview of IS Controls, Auditing, and Security Fall 2005.

Auditing Computer-Based Information Systems

Group 3 John Gregory John Marsh Gerri Houston Samantha McNeily.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Database Systems Chapter 1

Documentation Testing

Chapter 15 Design, Coding, and Testing. Copyright © 2005 Pearson Addison-Wesley. All rights reserved Design Document The next step in the Software.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.

Software Configuration Management (SCM)

7.2 System Development Life Cycle (SDLC)

Database Systems.

Software Configuration Management

Change Management Chris Colomb Trish Fullmer Jordan Bloodworth Veronica Beichner.

Best Practices By Gabriel Rodriguez

System Implementation

Certification of Market Values STEB PROGRAM Briefing Points 2011 Pennsylvania Department of the Auditor General Thomas E. Marks, CPA Deputy Auditor General.

Today’s Lecture application controls audit methodology.

Database Systems: Design, Implementation, and Management Ninth Edition

Chapter 1 Database Systems. Good decisions require good information derived from raw facts Data is managed most efficiently when stored in a database.

Chapter 22 Systems Design, Implementation, and Operation Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 22-1.

CHAPTER 5 Infrastructure Components PART I. 2 ESGD5125 SEM II 2009/2010 Dr. Samy Abu Naser 2 Learning Objectives: To discuss: The need for SQA procedures.

1 Building and Maintaining Information Systems. 2 Opening Case: Yahoo! Store Allows small businesses to create their own online store – No programming.

Systems Analysis – Analyzing Requirements.  Analyzing requirement stage identifies user information needs and new systems requirements  IS dev team.

Chapter 6: Integrity and Security Thomas Nikl 19 October, 2004 CS157B.

The Islamic University of Gaza

Database Design - Lecture 1

Chapter 13 Processing Controls. Operating System Integrity Operating system -- the set of programs implemented in software/hardware that permits sharing.

AL-MAAREFA COLLEGE FOR SCIENCE AND TECHNOLOGY INFO 232: DATABASE SYSTEMS CHAPTER 1 DATABASE SYSTEMS (Cont’d) Instructor Ms. Arwa Binsaleh.

(SIA) 14 Internal Audit in an Information Technology Environment Standard should be read in the conjunction with the “Preface to the Standards on Internal.

1 INTRODUCTION TO DATABASE MANAGEMENT SYSTEM L E C T U R E

7 7 Chapter 7 The University Lab: Conceptual Design Database Systems: Design, Implementation, and Management 4th Edition Peter Rob & Carlos Coronel.

Chapter 1 In-lab Quiz Next week

FCS - AAO - DM COMPE/SE/ISE 492 Senior Project 2 System/Software Test Documentation (STD) System/Software Test Documentation (STD)

Principles of Information Systems, Sixth Edition Systems Design, Implementation, Maintenance, and Review Chapter 13.

Configuration Management (CM)

Characteristics of ERP Systems. There are some significant differences between ERP and non-ERP systems. These differences are:  In ERP systems, information.

Event Management & ITIL V3

16 1 Installation  After development and testing, system must be put into operation  Important planning considerations Costs of operating both systems.

Moving into Implementation SYSTEMS ANALYSIS AND DESIGN, 6 TH EDITION DENNIS, WIXOM, AND ROTH © 2015 JOHN WILEY & SONS. ALL RIGHTS RESERVED.Roberta M. Roth.

ZHRC/HTI Financial Management Training Session 9: Stores and Supplies Management.

Understanding the IT environment of the entity. Session objectives Defining contours of financial accounting in an IT environment and its characteristics.

MODULE 12 Control Audit And Security Of Information System 12.1 Controls in Information systems 12.2 Need and methods of auditing Information systems 12.3.

S4: Understanding the IT environment of the entity.

Webinar for FY 2011 i3 Grantees February 9, 2012 Fiscal Oversight of i3 Grants Erin McHughJames Evans, CPA, CGFM, CGMA Office of Innovation and Improvement.

Information Systems Analysis and Design Lintang. Introduction A System is a combination of resources working together to convert inputs into usable outputs.

Advantage of File-oriented system: it provides useful historical information about how data are managed earlier. File-oriented systems create many problems.

System Implementation

Today’s Lecture Covers

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.

CHAPTER 2 TYPES OF BUSINESS INFORMATION SYSTEM. INTRODUCTION Information System support business operations by processing data related to business operation.

Principles of Information Systems, Sixth Edition 1 Systems Design, Implementation, Maintenance, and Review Chapter 13.

Software Development Life Cycle (SDLC)

Objectives Understand Corrective, Perfective and Preventive maintenance Discuss the general concepts of software configuration management.

FACTORS AFFECTING THE EFFICIENCY OF DATA PROCESSING SYSTEMS.

ICT Legislation  Copyright, Designs and Patents Act (1988);  Computer Misuse Act (1990);  Health and Safety at Work Act (1974);  EU Health and Safety.

SALARY ADVANCE Pacific Area Finance Training February 2008.

SOFTWARE TESTING Date: 29-Dec-2016 By: Ram Karthick.

Software Project Configuration Management

TRANSACTION PROCESSING SYSTEM (TPS)

System Design, Implementation and Review

Database Systems: Design, Implementation, and Management Tenth Edition

Developing Information Systems

Database Systems Chapter 1

Chapter 22, Part

Audit of the Payroll and Personnel Cycle

Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.

Presentation transcript:

E.R.P.S University of Palestine

Risks in an ERP environment : The use of ERP systems clearly introduces additional risks into the system environment. These additional risks include problems associated with :  Improper use of technology.  Inability to control technology.  Inability to translate user needs into technical requirements.  Illogical processing.

 Inability to react quickly ( to stop processing ).  Cascading of errors.  Repetition of errors.  Incorrect entry of data.  Concentration of data.  Inability to substantiate processing.  Concentration of responsibilities.

Improper Use of Technology :  One of the more common misuses of technology is the introduction of new technology prior to the clear establishment of its need.  For example, many organizations introduce database technology without clearly establishing the need for that technology.

The conditions that lead to the improper use of technology include :  Premature user of new hardware technology.  Early user of new software technology.  Minimal planning for the installation of new hardware and software technology.  Systems analyst/programmer improperly skilled in the use of technology.

Inability to Control Technology :  Controls are needed over the technological environment. These controls ensure that the proper version of the proper program is in production at the right time, and that the operators perform the proper instructions.  Adequate procedures must be developed to prevent, detect, and correct problems in the operating environment. The proper data must be maintained and retrievable when needed.

The conditions that result in uncontrolled technology include : Selection of vendor-offered system control capabilities by systems programmers without considering audit needs. Inadequate restart/recovery procedures. Inadequate control over different versions of programs.

Inadequate control over system operators, print capabilities, and data transmission capabilities. Inadequate review of outputs.

Inability to Translate User Needs into Technical Requirements : One of the major failures of information technology has been a communication failure between users and technical personnel. In many organizations, users cannot adequately express their needs in terms that facilitate the implementation of ERP applications. And the technical people are often unable to appreciate the concerns and requirements of their users.

Conditions that can lead to the inability to translate user needs into technical requirements include :  Users without technical IT skills.  Technical people without sufficient  understanding of user requirements.  User’s inability to specify requirements in sufficient detail.  Multi-user systems with no user in charge of the system.

 Failure to implement needs because users were unaware of technical capabilities.  Improperly implemented needs because the technical personnel did not understand user requirements.  Building of redundant manual systems to compensate for weaknesses in ERP applications.

Illogical Processing :  Illogical processing is the performance of an automated event that would be highly unlikely in a manual processing environment.  for example, producing a payroll check for a clerical individual for over $1 million. This is possible in an automated system due to programming or hardware errors, but highly unlikely in a manual system.

Inability to React Quickly : ERP applications are valuable because they are able to satisfy user needs on a timely basis. Some of these needs are predetermined and reports are prepared on a regular basis to meet these needs. Other needs occur periodically and require special actions to satisfy.

If the ERP application is unable to satisfy these special needs on a timely basis, redundant systems may be built for that purpose. One of the measures of an ERP application’s success is the speed with which special requests can be satisfied. Some of the newer online database applications that include a query language can satisfy some requests within a very short time span.

The conditions that make ERP applications unable to react quickly include :  Computer time is unavailable to satisfy the request, or computer terminals/microcomputers are not readily accessible to users.  General-purpose extract programs are not available to satisfy the desired request.  The cost of processing exceeds the value of the information requested.

Cascading of Errors :  An error in one part of the program or application triggers a second yet unrelated error in another part of the application system. This second error may trigger a third error, and so on.  The cascading of error risk is frequently associated with making changes to application systems.

 A change is made and tested in the program in which the change occurs. However, some condition has been altered as a result of the change, which causes an error to occur in another part of the application system.  Cascading of errors can occur between applications. This risk intensifies as applications become more integrated.

For example, a system that is accepting orders may be tied through a series of applications to a system that replenishes inventory based upon orders. Thus, an insignificant error in the order- entry program can “cascade” through a series of applications resulting in a very serious error in the inventory replenishment program.

The types of conditions that lead to cascading of errors include :  Inadequately tested applications.  Failure to communicate the type and date of changes being implemented.  Limited testing of program changes.

Repetition of Errors :  In a manual processing environment, errors are made individually. Thus, a person might process one item correctly, make an error on the next, process the next twenty correctly, and then make another error.  In ERP systems, the rules are applied consistently.

 Thus, if the rules are correct, processing is always correct. But, if the rules are erroneous, processing will always be erroneous.  Errors can result from application programs, hardware failures, and failures in vendor-supplied software. For example, a wrong percentage may have been entered for tax deductions. Thus, every employee for that pay period will have the wrong amount deducted for tax purposes.

The conditions that cause repetition of errors include :  Insufficient program testing.  Inadequate checks on entry of master information.  Failure to monitor the results of processing.