An ERP implementation consists of taking a commercial enterprise product and customizing the selected modules to replace and improve business functionality over the systems being replaced. An implementation of this magnitude is a very complex process, and presents unique challenges to each implementation. However, there are standard aspects to each implementation as well.
We audit an ERP system to provide assurance covering the area of application security, such as:
- Review standard ERP parameters, including application controls, authorisations and standard security configuration.
- Assess application security to allow processing in anefficient and controlled manner, while protecting valuable data.
- Assess configuration decisions to help provide reasonable assurance of the integrity of business processes and application security.
- Review design documentation for appropriate security and control.
- Assess the security administration process to provide reasonable assurance that access granted is appropriately identified, evaluated and approved.