Auditing Controls in ERP Systems

ERP Systems

Edward N Beaver

Week 3 Wrap-up: Fraud, P2P Controls

by

Great discussion this week.  You raised all the important points but let me share my thoughts.

Q1: ‘Assertions’ are important to who?  You shared many good scenarios and examples.  In my view, assertions are important to anyone who uses information provided by a company.  Whether those relying on the information are inside or outside the company, unless assertions / controls are in place they can’t count on the information.  We’ve talked mostly about financial information, but the veracity of non-financial information also requires assertions / controls.

Q2:  Which dimension of Management Assertions do you believe is the most important?  In my view, all the dimensions are of some value.  The industry and type of business can significantly impact the varying risk associated with each dimension.

Q3: Have you ever been victim of fraud?   Thanks for sharing your own personal and some cases emotional stories.  I hope you agree with me that fraud is real in our world today and adequate controls are necessary  to address the risks.  The fraud triangle is a effective tool for analyzing risk scenarios – especially those of high risk.

Q4: Which step of the P2P is the most vulnerable?  Risks exist in every step of the process.  However, I believe the early and payment steps are the most vulnerable.  The vulnerability exists because the early steps relate to the value of the transaction and the payment step is where the $$ changes hands.  Because of the wide variety of different P2P scenarios, it’s a challenge to identify all the risks and effectively put controls in place to address.

I trust from our discussions in class and these questions, how important assertions and their related controls are.  We’ll be exploring for the remainder of class risks and related controls in various processes and scenarios.

Exercise 1 (Procure to Pay) Guide Updated

by Leave a Comment

In class this week you noticed some discrepancies in the Exercise 1 Guide vs. the submission sheet.  I just updated (on the Assignments -> Exercise 1 page) the guide to clarify a few questions and assure the questions were fully synchronized to the submission sheet.
Note: the submission sheet did not change.

Updated (September 16 11:53 am) Exercise 1 (Procure to Pay) Guide.
(updated  with clarified questions and synchronized to submission sheet)

Week 3 Questions

by 151 Comments

  1. The concept of ‘Assertions’ is important to accountants.  Who else is it important to?  Why?
  2. In class we discussed several dimensions of Management Assertions.  Which do you believe is the most important?  Why?
  3. Have you ever:
    – Been victim of Fraud?
    – Had evidence of, suspicions of fraud occurring?
    – Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
     Explain
  4. Which portion / step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind?  Explain

Week 2 Wrap-up: Business Processes, Assertions

by

Great job on the discussion.  This is what I want to see every week.   I think you raised all the salient points but let me summarize and share my views.

Q1: Business Process Experiences:  You have experience with a lot of different processes across a large number of industries, markets and settings.  A couple observations common to each example:

  • Processes are comprised of a number of steps – sometimes a lot of steps (depending on level of detail provided)
  • The steps are executed by different people and usually different functions within an organization.  It’s often the handoffs between people and organizations that cause problems and inefficiencies.

Q2: SOX Laws – are then sufficient reaction or overreaction?  Great discussion.   My view is that the laws & regulations have had an effect because there have been fewer major control failures like Enron, Worldcom, etc. in the past.   The laws have sharpened the accountability of top level executives and management.  However, organizations must spend lots of $$ and it’s a lot, lot of work to develop and maintain the control system and discipline necessary to execute them.

Q3: Define a control environment:  Some great definitions – although I suspect internet search tools helped.  Couple of my comments related to the discussions:

  • The company culture and the tone set by senior management has a role in establishing a company’s control environment.  I’ll share a personal story from my experience about this in class.
  • The proper culture, tone and discipline necessary to support the control environment can’t just some from the top brass / executives.  It has to flow through to front line managers to be truly effective.  The challenge is how to maintain the alignment between senior management and front line managers.
  • We’ll learn more about this topic (in some detail) later in this class and your final exercise.

Q4: Differences between a compliance-driven vs. a profitability driven controls:  Both types of controls are important to the success of an organization.  Compliance controls are basic requirements for a company (necessary to operate legally) while profit controls support the ultimate goals and level of ‘success’ for a company.  Although the focus of compliance vs. profit controls is different, sometimes the same methods / means can be used to support both.

This coming week we will look more deeply at the Procure to Pay (P2P, PtP, Procurement process – I use the terms interchangeably) as well and the link between risks and financial assertions.

In-Person Class Meetings: Details

by Leave a Comment

I had planned to arrange that a couple of our classes would actually meet on Temple campus to give opportunity of those who can to meet face to face with fellow classmates, etc.  As it turns out for some visa restrictions we have designated this course as a ‘hybrid’ course which requires this to happen.

That means that two of our class times will actually occur in a classroom on Temple’s main campus.  Those who can physically travel to that classroom, I encourage you to attend in person.  I will however, teach the classes via WebEx and students who can’t attend in person will not be disadvantaged.

Logistics of ‘in person’ classroom Events:

  • September 12                             Class room  – Alter Hall  room 603
  • October 17 (Note new date)    Class room  – Alter Hall  room 603

Week 1 Wrap-up: Introduction

by

Thanks all for persisting through some of the first on-line class issues we had.  I trust you were able to genuinely participate and learned about what we’re doing in the class as well as starting to learn the core concepts.

A couple of key messages I hope you took from the first class:

  • What Business Functions and Business Processes are and what the differences are.  This is a core concept and you can count it will be on the Exam.
  • ERP Systems are highly functional but complex in many dimensions
  • Real world control failures do happen – we’ll learn by looking at some real world examples
  • Internal control framework drivers and and components.

 

Note: there are no Questions for Week 1 – today we start focusing on Week 2 material, questions, etc.

 

 

On-Line Classes: Lessons Learned

by Leave a Comment

Some specifics I learned from our fist class that hopefully will make all future classes happen more smoothly:

  • The password for all classes is ‘Process‘.  I apologize for not sharing that prior to our first class.
  • Background conversations, noise, etc. can be very distracting with many people on-line.  Please, when you first join the class – place yourself on Mute.  Remain there except when you wish to contribute or during breakout sessions.
  • If you can’t join class via your computer (e.g. stuck in traffic, …) you can at minimum you can call into the class on your phone with this information:
    Call the number below and enter the access code:  646 715 360Call-in toll-free number (US/Canada):1-855-244-8681

    Call-in toll number (US/Canada):1-650-479-3207

    Link to all global call-in numbers (View Online in WebEx)

    Show toll-free dialing restrictions

  • I posted the video capture of the SAP logon section of the class – See Schedule -> Week 1 and Week 2.   I plan to capture a video of each class and will post a link to it the next day after class.

Week 2: Questions

by 155 Comments

  1. Describe a business process you have experienced (either as an external or internal participant) and what your role was.
  2. The Sabanes-Oxley Act in the US and many similar laws in other countries were enacted as result of high profile control failures.  Are these laws a sufficient reaction to the failures or are they an overreaction?  Explain.
  3. In your own words, how would you define a control environment?
  4. Describe a real life example of a company’s profitability-driven controls.  What are the differences between a compliance-driven vs. a profitability driven control?

What to do this week (and all future weeks)

by

(Updated Thursday September 1corrected incorrect dates and times – differed from what I shared in Class 1)

I want to go over your weekly activities a second time to make sure there is no confusion.

  • Via the Schedule menu watch the video lecture (if any), read the assignments and explore the additional materials for the week.
  • Each Tuesday (am) you will find a post of ~ 4 questions about that week’s readings and other content.
  • After finishing the videos, readings and other content, write a one or two paragraph comment on at least one (1) of the posted questions.  Comment by selecting Leave a Reply option at the bottom of my post on the course blog (Leave a Comment link also works).  Replies are due by 11:59 pm Sunday.
    (Note: I must approve your first reply or comment so don’t expect to see it right away. After that it will be automatic.)
  • Once everyone’s readings comments are on the blog, I expect you to read them over and comment on them.  Comments need to be posted on the class blog before 11:59 pm on Sunday.
    Note: Four (4) substantive comments each week considered a B.
  • Class (Monday)
  • I may post a summary note (if any) on Tuesday

To learn to the material well you need to be actively engaged in the online discussion.  Check it out and contribute everyday.  If you have questions, put them in a post or reply online so that everyone can see the answer.  If you find yourself confused, call me and we will talk about it (609.206.9783).