Presentation is loading. Please wait.

Presentation is loading. Please wait.

Audit considerations for your 11i implementation Richard Byrom Oracle Applications Consultant EOUG October 2003.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Audit considerations for your 11i implementation Richard Byrom Oracle Applications Consultant EOUG October 2003."— Presentation transcript:

1 Audit considerations for your 11i implementation Richard Byrom Oracle Applications Consultant EOUG October 2003

2 Agenda Objectives Why an ERP audit? Some common mistakes Audit considerations Conclusion Questions & Answers

3 Objectives To highlight how Sarbanes Oxley Act of 2002 and Corporate Governance initiatives are requiring enhanced levels of internal control To point out common audit and review errors To outline how Oracle can assist in establishment of strong internal controls and facilitate the audit and review process

4 Why an ERP audit? Increased risk Higher Levels of Regulation –Sarbanes Oxley 2002 –Increased adoption of IAS

5 Required Action – Internal Control Institute controls which mitigate the risks posed. The objectives of such controls should be to: - 1.Safeguard all the assets of the enterprise 2.Ensure accurate and reliable accounting (and other) information –Validity - only valid items are allowed to enter a system (authorisation) –Completeness - all valid items are captured and entered into system (number of items) –Input accuracy - data that is entered into the system is correct (data fields)

6 Required Action – Internal Control 3.Improve operational effectiveness, efficiency and security Effectiveness - fulfils intended objective. Efficiency - prevents unnecessary waste of resources. Security - protection of resources from misuse or destruction. 4.Promote adherence to managerial policies

7 Required Action - Guidelines Audit and Review guidelines should be developed which provide a management-oriented framework and proactive control self-assessment specifically focused on: - 1.Performance measurement—How well is the IT function supporting business requirements? 2.IT control profiling—What IT processes are important? What are the critical success factors for control? 3.Awareness—What are the risks of not achieving the objectives? 4.Benchmarking—What do others do? How can results be measured and compared?

8 Required Action – Assess Controls Level 1: Unreliable Unpredictable environment where controls are not designed or in place. Level 2: Informal Controls are designed an in place but are not adequately documented Controls mostly dependent on people No formal training or communications of controls. Internal Controls Maturity Framework: Source: PricewaterhouseCoopers paper on Sarbanes Oxley Act of 2002

9 Required Action – Assess Controls Level 3: Standardised Controls are designed and in place Controls have been documented and communicated to employees. Deviations from controls may not be detected. Level 4: Monitored Standardised controls with periodic testing for effective design and operation with reporting to management Automation and tools may be used in a limited way to support controls Internal Controls Maturity Framework: Source: PricewaterhouseCoopers paper on Sarbanes Oxley Act of 2002

10 Required Action – Assess Controls Level 5: Optimised An integrated internal control framework with real-time monitoring by management with continuous improvement (Enterprise-Wide Risk Management). Automation and tools are used to support controls and allow the organisation to make rapid changes to the controls if needed. Internal Controls Maturity Framework: Source: PricewaterhouseCoopers paper on Sarbanes Oxley Act of 2002

11 Some Common Mistakes Poor Planning Lack of Focus Competency of Auditors Independence Reliance on Technology for the Solution Silo approach Reports and Reviews not taken seriously.

12 Audit Considerations Who should review? What should be reviewed? How to effectively utilise your software

13 Who should review Internal Audit External Audit Implementation Consultants/Partners Departmental/Functional Level Management Senior Management Third Party Review

14 What should be reviewed Hardware Network Software Software Layers and Linkages Source: Information Systems Audit and Control Association, 2003. ERP Systems review guideline.

15 What should be reviewed Processes People Implementation approach or strategy

16 How to effectively manage your software The Oracle Information Architecture Efforts to meet new regulatory requirements Global Audit and Review Capability Modular/Detailed Audit and Review Capability

17 The Oracle Information Architecture Unified data model Accessible by anyone, with any device Global Configurable Open

18 Efforts to meet new regulatory requirements The Oracle Solution to Sarbanes-Oxley Act of 2002: Source: oracle.com

19 Visibility Access a complete and accurate view of financial data for quicker reporting and meaningful disclosure. View global enterprise information that is timely, relevant, consistent, and available in real-time. Obtain a complete view of your business with global information from a single source of truth.

20 Control Support the audit department in enforcing corporate compliance with documented policies and procedures, risk and process control management, visibility to business process workflow, and improved project management. Keep your employees informed - document and track critical business processes, determine workflow, and develop and deploy applicable training to ensure compliance. Manage and document corporate communications and data with an integrated suite of enterprise level applications that focus on managing all of the communications between individuals and teams, the content they create, as well as the information for supporting them. Centralise and automate processes and controls for information consistency. Eliminate duplicate processes, reduce overhead, and cut costs.

21 Efficiency Eliminate bottlenecks and streamline the rollout of new internal processes and procedures with self- service. Reduce the risk of malfeasance and accidental errors by streamlining inter-user approvals and participation in review processes. Enable efficient execution of internal audits by providing project team members complete visibility into audit data. Integrate enterprise data and business processes based on a unified data model to support global compliance.

22 The Oracle Corporate Governance Solution Set

23 Global Audit and Review Capability – Daily Business Intelligence Daily Business Intelligence (DBI) can be defined as a reporting framework that enables senior managers and executives to see an accurate and integrated daily summary of their business. DBI provides the technology components that enable cross-functional analysis, daily summarisation, and optimised reporting performance.

24 Global Audit and Review Capability – Daily Business Intelligence

25 The following intelligence products utilise the daily business intelligence reporting and analysis framework to give users a cross functional view of their business: - Contracts Intelligence Human Resource Intelligence Financials Intelligence Interaction Centre Intelligence Marketing Intelligence Projects Intelligence Purchasing Intelligence Quoting Intelligence Sales Intelligence Supply Chain Intelligence

26 Global Audit and Review Capability – Daily Business Intelligence

27 Global Audit and Review Capability – Internal Controls Manager Oracle Internal Controls Manager is a comprehensive tool for executives, controllers, internal audit departments, and public accounting firms to use to document and test internal controls and monitor ongoing compliance

28 Global Audit and Review Capability – Internal Controls Manager

29 Internal Controls Manager Benefits More efficient internal control testing Higher Certainty in your Risk Assessment Lower external audit verification costs.

30 More efficient internal controls testing

31

32 More efficient internal controls Audit Program office/project management Risk assessment questionnaires Confidential feedback mechanism Reviewing reconciliation status of all subsystems Reviewing policy compliance

33 Higher certainty in your risk assessment Internal audit system is part of your operational system – this ensures accurate, real time business information. Risk library and associated controls developed by Oracle working with world leaders in Audit and Risk Assurance.

34 Lower external audit verification costs Internal control manager ensures internal & external auditors understand your business systems risks and associated controls, hence reducing time taken to understand the system and saving you money.

35 Modular/Detailed audit and review capability Modular integration Reporting Capability Scripts Network Test Audit Trail

36 Modular Integration

37 Reporting – on line Two way drill Transaction status

38 Reporting - On line T- accounts

39 Reporting - on line Activity Summaries

40 Reporting Web reports Standard Reports –Transactional Data –Master Data –Roles and Responsibilities –Setup parameters at modular and system level –Sequentially numbered documents –Security Rules and Cross Validation

41 Scripts CRM analysis tool runs detailed analysis of setup parameters. Ref Note 167000.1 per Metalink (will demo the results)

42 Network Test

43 Audit Trail Report History

44 Audit Trail Record History

45 Audit Trail Table Audit Sign on Audit –Monitor Users

46 Audit Trail Sign on audit reports –Sign on Audit Forms Report – who is navigating what form and when –Sign on Concurrent Requests Report – to view information about concurrent requests. –Sign on Audit Responsibilities Report – view who is selecting what responsibility and when –Sign on Audit Unsuccessful Logins Report – view who attempted unsuccessfully to log in to Oracle. –Sign on Audit Users Report – view who signs on and for how long.

47 Conclusions Risks of implementing ERP systems requires special attention to mitigating controls especially considering new regulatory requirements Audit and review of ERP systems should be carried out by skilled professionals The Oracle E-Business Suite functionality outlined will enable an organisation to optimise their controls and move to level 5 in the Internal Controls Maturity Framework Internal Controls Maturity Framework: Source: PricewaterhouseCoopers paper on Sarbanes Oxley Act of 2002

48 A Q &

49 Speaker Information Name: Richard Byrom e-mail: richard@rpcdata.comrichard@rpcdata.com richard@richardbyrom.com Company: RPC Data Ltd Web Site: http://www.rpcdata.comhttp://www.rpcdata.com http://www.richardbyrom.com Mobile: +256-77983245

Download ppt "Audit considerations for your 11i implementation Richard Byrom Oracle Applications Consultant EOUG October 2003."

Similar presentations

Audit Considerations for your 11i implementation Richard Byrom Oracle Applications Consultant UKOUG November 2004.

Audit Considerations for your 11i implementation Richard Byrom Oracle Applications Consultant UKOUG November 2004.
Organizational Governance

Organizational Governance
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Auditing Computer Systems

Auditing Computer Systems
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
The Islamic University of Gaza

The Islamic University of Gaza
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Sarbanes-Oxley Compliance Process Automation

Sarbanes-Oxley Compliance Process Automation
Security Controls – What Works

Security Controls – What Works
Spreadsheet Management. Field Interviews with Senior Managers by Caulkins et. al. (2007) report that Spreadsheet errors are common and have been observed.

Spreadsheet Management. Field Interviews with Senior Managers by Caulkins et. al. (2007) report that Spreadsheet errors are common and have been observed.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
McGraw-Hill/Irwin Copyright © 2008, The McGraw-Hill Companies, Inc. All rights reserved.

McGraw-Hill/Irwin Copyright © 2008, The McGraw-Hill Companies, Inc. All rights reserved.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.

Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
Purpose of the Standards

Purpose of the Standards
Www.adira.org Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.

Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.
Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?

Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Similar presentations

Ads by Google