Presentation is loading. Please wait.

Presentation is loading. Please wait.

MIS 5121: Exam 3 – Review Sheet

Published byNoah Griffith Modified over 9 years ago

Similar presentations

Presentation on theme: "MIS 5121: Exam 3 – Review Sheet"— Presentation transcript:

1 MIS 5121: Exam 3 – Review Sheet
Edward Beaver ff

2 ISC framework in the ERP environment
Other Reg’s Organization’s Objectives & Policies External Financial Reporting regulations Balance Sheet P & L Notes FDA etc. Performance & Policies Arise through Must be observed / achieved in Business Processes _____ ______ ______ ______ ___ _______ ___________ __________ ______ __ _____ _______ _ ________ __ Contain Risks ___________ ___________ Assertions Value / Benefits Errors & Fraud Minimized by ISC framework in the ERP environment Entity level controls Automated application controls Manual and semi-automated business process controls Authorizations and access protection (confidentiality, integrity) IT General controls (change management, operation, security) Automated testing and monitoring of business processes, KPIs, etc.

3 Procurement at GBI Marketing / Sales Customers Suppliers Supply Chain
Finance / HR Payment

4 Procure to Pay Process Common Risks Common Controls

5 Order to Cash at GBI Marketing / Sales Customers Suppliers
Supply Chain Finance / HR

6 Order to Cash Process Common Risks Common Controls

7 Environment Favorable to Fraud Framework for spotting high-risk situations
_________________________ (____________________ _________) _____________________ ________________________ (____________________ _________) ______________________ (____________________ _________) Fraud __________ ____________ ________ / _________ Fraud Triangle

8 Inventory: Record Accuracy
Does ______________-- Match __________________ Check: _______________ Physical Counting Cycle Counting

9 Typical SAP Landscape Development System Type of Users: -
Type of Work: Quality-Assurance System Type of Users: - Type of Work: Production System Type of Users: - Type of Work:

10 Client Dependent vs. Independent
System/Instance Client Dependent Dev 100 Master (Gold) ________ Data Dev 110 Dev Test …. Dev 180 Data Conversion …. Dev 900 Sandbox …. Client Independent _____________ > Repository Objects (Client Independent Config _____________ - _____________, _____________ _____________ - _____________ _____________ > _____________

11 SAP Change Management SAP Transports are: ____________________________________________ They Contain: _________________________________________________ SAP Change Management Recommendations Risk: _____________________________________________ Control: _____________________________________________

12 System (Server) / Client Parameters
Risk: _____________________________________________ Control: _____________________________________________

13 Table Security Tables are Integral part of SAP Application
Different Types of Tables _________________ SAP is customized using thousands of ____________ tables through the _________________ (SPRO) Class Exercise: SE16N - T000, T001, MARA, TDAT (Auth groups)

14 Table and Information Security
Risk: _____________________________________________ Control: _____________________________________________

15 Program & Development Security
Good Development Practices _________________________________________ Control Concerns: Development, Data Dictionary

16 Powerful ID’s and Profiles
List few SAP Supplied Powerful ID’s and Profiles that need ‘caged’ _________________________________________ Risks and Control Recommendations for Powerful ID’s / Profiles Risk: _____________________________________________ Control: _____________________________________________

17 Firefighter / Emergency User
Valid Scenarios, Situations for Firefighter Use _________________________________________ Key differences of Firefighter vs. Regular ECC access: Audit of reason and transactions used Emergency vs. routine use Firefighter Best Practices

18 GRC & Other SAP Module Security
GRC (G___________, R____, & C__________________ Module Beyond ERP / ECC and GRC: What is another SAP module What is another SAP module: _________________________________________ What does the module do: _______________________________________ ______________________________________________________________ How is Security Administered: ____________________________________ ______________________________________________________________ GRC v 10.0 Module Function / Reason for Being

19 Segregation of Duties Goal: __________________ Definition
‘__________________________________’ Person who ______________ should not be the person who ______________ . An Individual should only have 1 of following Responsibilities / Privileges: A_____________ R_____________ C_____________

20 Finance Common Risks Common Controls

21 Inventory Control Common Risks Common Controls

Download ppt "MIS 5121: Exam 3 – Review Sheet"

Similar presentations

© 2009 by SAP AG. All rights reserved. / SAP University Alliances Page 1 Primary Learning Objectives Use the SAP system to experience the steps in a typical.

© 2009 by SAP AG. All rights reserved. / SAP University Alliances Page 1 Primary Learning Objectives Use the SAP system to experience the steps in a typical.
Internal Control.

Internal Control.
The Islamic University of Gaza

The Islamic University of Gaza
Chapter 10: Auditing the Expenditure Cycle

Chapter 10: Auditing the Expenditure Cycle
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
Chapter 1 INTRODUCTION TO ACCOUNTING INFORMATION SYSTEMS

Chapter 1 INTRODUCTION TO ACCOUNTING INFORMATION SYSTEMS
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS

IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
Chapter 12 Auditing the Human Resource Management Process McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.

Chapter 12 Auditing the Human Resource Management Process McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 11 - 1 The Impact of Information Technology on the Audit.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley The Impact of Information Technology on the Audit.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.

Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
SAP An Introduction October 2012.

SAP An Introduction October 2012.
IT Service Delivery And Support Week Five IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA CISA CISSP) 1.

IT Service Delivery And Support Week Five IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA CISA CISSP) 1.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
Central Piedmont Community College Internal Audit.

Central Piedmont Community College Internal Audit.
Computer Based Information Systems Control UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee.

Computer Based Information Systems Control UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee.
Transaction Processing and the Internal Control Process Small Business Information Systems Professor Barry Floyd.

Transaction Processing and the Internal Control Process Small Business Information Systems Professor Barry Floyd.
SAP GRC access control @ ULg Pierre Blauwart – Project Manager HERUG BvD-it Confidential.

SAP GRC access ULg Pierre Blauwart – Project Manager HERUG BvD-it Confidential.
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.

Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Introduction to Internal Control Systems

Introduction to Internal Control Systems
Learning Objectives LO1 Explain the key risks of misstatement in production and payroll processes. LO2 Outline the production process: typical transactions,

Learning Objectives LO1 Explain the key risks of misstatement in production and payroll processes. LO2 Outline the production process: typical transactions,

Similar presentations

Ads by Google