Presentation is loading. Please wait.

Presentation is loading. Please wait.

Governance & Control in ERP Systems

Similar presentations


Presentation on theme: "Governance & Control in ERP Systems"— Presentation transcript:

1 Governance & Control in ERP Systems

2 Corporate Governance An enterprise’s “Rules of Engagement” Framework – The conduct ethics and values, laws, policies, standards, procedural guidelines and other compliance requirements every person in an organisation must respect, follow and uphold when working in an enterprise In work behaviours When carrying out work duties and performing work activities Example

3 Corporate Governance Standards / Best Practice Guidelines
Sarbanes Oxley Act – US 2002: Basic precepts of good corporate governance and ethical business practices ASX Corporate governance principles and recommendations (consistent with the OECD guidelines): 2003: Ten principles for listed companies 2007: 2nd edition containing eight principles 2010: An amended version was released 2014: 3rd edition was released

4 Corporate Governance Standards / Best Practice Guidelines
Sarbanes Oxley Act – US 2002: Basic precepts of good corporate governance and ethical business practices ASX Corporate governance principles and recommendations (consistent with the OECD guidelines): 2014: 3rd edition

5 IT Governance Can follow:
ISO/IEC 38500:2015 Information technology - Governance of IT for the Organisation: Guiding principles for those responsible in organisations (owners, directors, partners, executive managers and others) for the effective, efficient and acceptable use of information technology within their organisations COBIT Framework A business framework for the governance and management of enterprise IT Enterprise IT Policies, standards, etc Are part of internal controls to ensure efficiency and effective use, development & management of ICT resources Subset of Corporate Governance Rules applicable for IT Operations, Project & Management work

6 Are part of an enterprise Corporate Governance Framework
Internal controls Internal Control: The measures an organisation employs to help attain the objectives of efficient operations, reliable reporting and compliance with relevant laws Essential to an organisation’s corporate governance structure Internal control involves the processes that an organisation implements to: safeguard assets provide accurate and reliable information promote operational efficiency enforce prescribed managerial policies and comply with applicable laws and regulations Are part of an enterprise Corporate Governance Framework

7 Classification of Internal Controls
Preventive Controls Detective Controls Corrective Controls PREVENT problems before they arise Require compliance with preferred procedures to stop undesirable events from happening Alert system users of likely occurrence of & arising errors and anomalies Procedures and techniques designed to identify undesirable events after they have already occurred Correct/fix identified problems Classification of Internal Controls General (Commonly used through the enterprise) or Application Specific Controls  usually via IT Application Controls (via process & data models)

8 Internal Control Development Approaches & Standards
Control Processes For the three control objectives to be achieved, there are five integrated control components: Internal control is a process, affected by an entity's board of directors, management and other personnel, designed to provide "reasonable assurance" regarding the achievement of the three key control objectives: Operations objectives: Effectiveness and efficiency of business operations Reporting objectives: Internal and external financial and non-financial reporting obligations Compliance objectives: Adherence to applicable laws and regulations

9 Internal Control Development Approaches & Standards
Environment Control The Australian Standard on Assurance Engagements ASAE 3150 Assurance Engagements on Controls outlines two key areas for assessing the control environment in an organisation: Management: Culture of honesty and ethical behaviour Strengths in the control environment elements If control environment is weak, the internal control system is less reliable

10 Internal Control Development Approaches & Standards
Risks Control The ASAE 3150 risk assessment process includes whether the enterprise has processes for: Identifying risks which threaten achievement of control objectives Estimating the significance of the risks Assessing the likelihood of their occurrence Deciding about actions to address those risks

11 IT Environment Controls IT Operations Management Controls
IT System Controls IT Environment Controls IT Access Controls eg login, input, processing & output controls IT Change Management Controls IT Project Management Controls IT Operations Management Controls IT System Acquisition Controls eg SDLC Mgt Chapter 10 has more details & Examples by ERP Functions

12 Financial Analysis via Excel Modelling
Lect 7 – Read through all good practice guideline when using Excel to perform financial analysis work Functions you must know: See URL to explain these logical functions used in IF statements: Example 1 – see below Example 2 :

13 Next Week – Specialised IT Risks Concepts
Security & Fraud …. {Privacy}


Download ppt "Governance & Control in ERP Systems"

Similar presentations


Ads by Google