- How much of automated controls should be desired? Is it beneficial to consider controls at the initial design phase or controls are introduced as and when needs arise?
- In the Real World Control Failures we have reviewed, describe the character of the leaders involved. Is it a root cause of the control failures?
- A person’s character is very crucial in the audit industry. How would you build your reputation and maintain a good ethical character in this industry?
- SAP’s GRC module may be important and effective, but can the cost of GRC be justified? Explain
Week 13 Questions
- SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
- The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
- What aspect of compliance should an organization put the most effort into ensuring their controls are adequate? What factors about an organization (it’s industry, profit / non-profit, international) would drive this answer
Week 12 Questions
- Have you ever been involved with an internal audit or audit of your process / project? Briefly describe.
- How is independence maintained when working for the company as an internal auditor?
- When is the cost of implementing a compliance control higher then the benefit obtained? What should an organization do to ensure efficiency and profitability?
Week 11 Questions
- What are the key components of SAP change management controls you would expect the auditor to review?Why?
- In your company, do you use any blueprints as documentation? Why are process blueprints important in the documentation?
- How have you seen change management work in your organization? What improvement recommendations do you have?
- In future weeks we may have the privilege of having real world auditors join us for our discussions. What questions would you like to ask the Auditors to answer for us?
Week 10 Questions
- Master data in an ERP system is highly integrated with various processes and effects many parts of the organization. How does an organization assure this integration works well for all?
- Which department or person should play the key role in defining master data and assuring it’s quality?
- Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain
- Which transaction do you believe is the most ‘Sensitive’ and therefore should have extra focus in an SAT (Sensitive Access to Transaction) audit? Explain
Week 9 Questions
- What is segregation of duties and why is it a commonly used control? Give an example of two (e.g. IT) roles that should be segregated?
- Security in an ERP system (e.g. SAP) is complex. What is the most fuzzy, difficult to understand component?Explain
- What key (1-2) competencies does the person responsible in a company for security (e.g. for a given process) need to have to be successful?Why?
- All companies are dynamic entities with employees and others using systems coming and going all the time. What best practices have you experienced or would you recommend for managing system users and their related security access?
Week 8 Questions
- Do you believe businesses rely too much on administrators to configure the security protocols in programs like SAP, rather than look for security in the entire network? Explain
- What is the relevance of only being able to have one posting period open at a time for real time financial postings? What does this prevent from happening?
- Consider the list of financial and accounting controls discussed in class. Rank them. Which to you believe is the most important, the least. Why?
- You’ve used various computer systems in your lifetime, career. System security is complex and often maligned as cumbersome, difficult, bureaucratic, etc. Have you seen these problems in your experience? Explain
Week 7 Questions
- As we’ve seen in the P2P and OTC Processes many different often non-financial business functions are involved with ERP system transactions that post to accounting records. If you are responsible for Finance / Accounting controls for your company how would you manage the risks coming from these non-Financial function jobs?
- As we continue to learn about business processes and ERP systems we often discuss financial or account related terms and concepts. How much finance and accounting knowledge should IT personnel supporting business applications know and learn? Explain
- Controls are important to financial and accounting processes. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.
- How important is it for people responsible for general I/T controls (e.g. Network, workstation, Server and data base security) to know about how the ERP system works? What is one (1) specific thing they should know?
Week 6 Questions
- Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
- Who in an organization should care more about the collections process – Finance or Sales? Explain
- Controls are important in all the OTC processes including invoicing and collections. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.
- You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain
Week 5 Questions
- Using the Fraud Triangle analyze the ‘One Piece at a Time’ video scenario and explain how the environment was favorable to Fraud.
- Assume the ‘One Piece at a Time’ video scenario could happen. If you are the operations manager responsible for the assembly line, what 1-2 key controls would you implement?Explain how the control addresses the risk.
- Controls are important in all the OTC processes including shipping. What would be different in the controls of a purely domestic company vs. an international company? Give 1 – 2 specific examples.
- As consumers we encounter (knowingly and unknowingly) inventory controls all the time (e.g. locked jewelry cases).What are 1-2 less obvious inventory control measures used. Are these measures effective?