An ERP implementation consists of taking a commercial enterprise product and customizing the selected modules to replace and improve business functionality over the systems being replaced. An implementation of this magnitude is a very complex process, and presents unique challenges to each implementation. However, there are standard aspects to each implementation as well.

We audit an ERP system to provide assurance covering the area of application security, such as:

  • Review standard ERP parameters, including application controls, authorisations and standard security configuration.
  • Assess application security to allow processing in anefficient and controlled manner, while protecting valuable data.
  • Assess configuration decisions to help provide reasonable assurance of the integrity of business processes and application security.
  • Review design documentation for appropriate security and control.
  • Assess the security administration process to provide reasonable assurance that access granted is appropriately identified, evaluated and approved.
[ISACA further provides standards and guidelines for performing audits of these implementations. We incorporate ISACA’s Control Objectives for Information and related Technology (COBIT) standards, SDLC Review Guidelines (ISACA Document G23) and ERP Systems Review Guidelines (ISACA Document G21). This approach allows us to review the standard implementation components, as well as providing a standardized methodology for reviewing the unique challenges within this implementation.]
Hello There!

If you have any question, send us an email and we'll get back to you, soon.

Not readable? Change text. captcha txt