General

Welcome to MIS-5121 – Beijing-BNAI!

December 6, 2020 by Jim Baranello, CISM, CRISC, MBA Leave a Comment

Introduction

Welcome to ITACS 5121, Auditing Enterprise Resource Planning Systems!

This course presents the fundamentals of ERP Systems, the business processes they enable and the controls necessary to assure they work properly. You will learn:

The basic business processes that ERP systems support
How these processes are implemented with ERP systems and
How to secure and control the processes and systems for the integrity, confidentiality, authenticity and reliability of information.

By examining how an organization can secure and control its ERP systems with an effective control environment, we understand how to enable and maintain the integrity, confidentiality and reliability of information required for regulatory, operational and financial expectations.

Before you begin the course, please take a few minutes to review the course format, and the syllabus items.

If you are new the MIS Community Site or the Canvas Learning Management Systems (LMS), you may want to begin with this video.

First, review the course objectives, which enumerates what you will be learning in this course.
Second, review the list of required text and reading materials.
Third, review the grading and course policies.
Fourth, review the course schedule, which shows the topics, reading, assignments and assessments throughout the duration of the course.
Finally, begin the first learning module, which includes an instructor introduction, followed by an introduction to the course material.

If you have any questions or concerns, please contact me: James.Baranello@temple.edu

http://community.mis.temple.edu/mis5121sec401fall2019/

Guest Lecturer Steven Yannelli Bio

October 19, 2020 by Jim Baranello, CISM, CRISC, MBA Leave a Comment

Below is a brief bio of our guest lecturer on Monday (October 23)

“Steven Yannelli is a recognized leader in SAP application security who has worked in ERP security for the past 15 years. For six years, he managed the largest international SAP implementation to date (at Walmart) and has been a consultant with Deloitte & Touche and PriceWaterhouseCoopers. He is also a US Army combat veteran who served as a Captain and Commanding Officer within the 56^thStryker Brigade Combat Team. He deployed to Iraq from 2008-2009 where he managed a secure communications network.

Steven holds a CISSP certification and a graduate degree from Drexel University. He is now a Senior Manager at CSL Behring and currently leads their global SAP security and consulting teams across four countries.”

In the News: Fraud in Sales Process

September 21, 2020 by Jim Baranello, CISM, CRISC, MBA Leave a Comment

Couple of links Re: the recent Wells Fargo fraud / control failure

Link 1 Link 2

Alternately, this week you may answer one of these questions:

How could this happen in the world of Sox and other regulations?

What should the CEO do now? Resign? Explain

Week 5 Questions

September 19, 2020 by Jim Baranello, CISM, CRISC, MBA 10 Comments

Using the Fraud Triangle analyze the ‘One Piece at a Time’ video scenario and explain how the environment was favorable to Fraud.
Assume the ‘One Piece at a Time’ video scenario could happen. If you are the operations manager responsible for the assembly line, what 1-2 key controls would you implement?Explain how the control addresses the risk.
Controls are important in all the OTC processes including shipping. What would be different in the controls of a purely domestic company vs. an international company? Give 1 – 2 specific examples.
As consumers we encounter (knowingly and unknowingly) inventory controls all the time (e.g. locked jewelry cases).What are 1-2 less obvious inventory control measures used. Are these measures effective?

Week 2 – Questions

August 30, 2020 by Jim Baranello, CISM, CRISC, MBA 10 Comments

Describe a business process you have experienced (either as an external or internal participant) and what your role was.
The Sabanes-Oxley Act in the US and many similar laws in other countries were enacted as result of high profile control failures. Are these laws a sufficient reaction to the failures or are they an overreaction? Explain.
In your own words, how would you define a control environment?
Describe a real life example of a companys profitability-driven controls. What arethe differences between a compliance-driven vs. aprofitability driven control?

What to do this week (and all future weeks)

August 29, 2020 by Jim Baranello, CISM, CRISC, MBA Leave a Comment

I want to go over your weekly activities a second time to make sure there is no confusion.

Via the Schedule menu watch the video lecture (if any), read the assignments and explore the additional materials for the week.
Each Tuesday (am) you will find a post of ~ 4 questions about that week’s readings and other content.
After finishing the videos, readings and other content, write a one or two paragraph comment on at least one (1) of the posted questions. Comment by selecting Leave a Reply option at the bottom of my post on the course blog (Leave a Comment link also works). Replies are due by 11:59 pm Sunday.
(Note: I must approve your first reply or comment so don’t expect to see it right away. After that it will be automatic.)
Once everyone’s readings comments are on the blog, I expect you to read them over and comment on them. Comments need to be posted on the class blog before 11:59 pm on Sunday.
Note: Four (4) substantive comments each week considered a B.

Class (Monday)
I may post a summary note (if any) on Tuesday

To learn to the material well you need to be actively engaged in the online discussion. Check it out and contribute everyday. If you have questions, put them in a post or reply online so that everyone can see the answer. If you find yourself confused, call me and we will talk about it (609.206.9783).

What Youll Learn How to Succeed

August 26, 2020 by Jim Baranello, CISM, CRISC, MBA Leave a Comment

Attacheddocument contains feedback from prior classes on these questions:

Why Should I Take this Course? (What Key Things will I Learn?)

What Should I do to Assure Getting a Good Grade in this Course?

Note: Items I heard more often are bolded and made larger (larger means more commonly shared).

Welcome to ITACS 5121, Auditing Enterprise Resource Planning Systems!

August 3, 2019 by Jim Baranello, CISM, CRISC, MBA Leave a Comment

Course Description:

This course presents the fundamentals of ERP Systems, the business processes they enable and the controls necessary to assure they work properly. You will learn:

The basic business processes that ERP systems support
How these processes are implemented with ERP systems
How to audit SAP through: techniques, methodology, and execution, and
How to secure and control the processes and systems for the integrity, confidentiality, authenticity and reliability of information.

Course Objectives:

Understand business processes and their role in the functioning of an organization.
Explain what ERP systems are and practice (using SAP) their use to support business processes.
Demonstrate the relationship between business process operational risks (including fraud) and the resulting integrity, confidentiality and reliability of information.
Demonstrate IT audit techniques, methodology and execution.
Appraise and prioritize real world business process operational risks and recommend compensating controls to address the risks. Includes the fundamentals of ERP system controls, security, analysis of segregation of duties (SOD) risks and specifying how to manage them.
Understand ERP System development and system operation risks and recommend compensating controls.