Microsoft Dynamics vendors provide comparisons and opinions to professionals in the ERP/Accounting software selection process

 
 

Stoneridge Software

Will You Pass an ERP Implementation Audit?


Email | Print

AuditGraphic_ERPImplementationDo you like surprises? Your answer might depend on the type of surprise. For example, our 13-year-old daughter, with a little help from her grandmother, recently planned a surprise anniversary party for my husband and me. That was a pleasant surprise! Some surprises are not so pleasant, such as an unexpected audit finding. This article highlights areas to keep in mind as you proceed through an ERP implementation, to help you avoid common audit findings (i.e. not so pleasant surprises).

Verify Controls in Your ERP System

If you are transitioning from another system (or systems), you likely have automated controls you will want to verify exist in your new ERP system, or if the ERP system cannot support an existing automated control, you may need to implement a manual compensating control in its place. Additionally, you may have manual compensating controls that could not be enforced by your current system(s) that can be enforced in your new ERP system.

Consider the following as you proceed through your ERP implementation:

  1. Evaluate your existing controls, and determine which controls can be enforced by the new ERP system
    • Evaluate financial and operational controls
    • Evaluate security-related controls
      • Segregation of duties
      • Password usage
      • Process for requesting and approving user access
      • Process for periodic access reviews
    • Evaluate and design controls for any batch processes you are implementing
    • Evaluate and redesign controls for any business processes you are modifying
    • Design manual compensating controls where needed
  2. Document controls that can be enforced by the ERP system (automated controls)
  3. Document controls that cannot be enforced by the ERP system (manual compensating controls)
  4. Test all controls during ERP implementation testing

ERP Implementation Documentation

During an implementation audit, you will be asked to provide various implementation documentation. Keep records of key information as you proceed through your ERP implementation, so you can easily provide the information when requested. Examples of implementation documentation you should consider keeping:

  1. Documentation of review and approval of key implementation artifacts, such as:
    • Business requirements
    • Functional specifications
    • Technical specifications
    • Configuration documents
    • Test plans and scripts
    • Training plans and materials
  2. Documentation of security approval, verifying appropriate user access
  3. Documentation of all changes made to the system, including approval of each change
  4. Data verification documentation, showing that all data migrated into the system was reviewed and verified
  5. Testing results, showing that all business processes, system changes, and controls were tested

ERP Implementation Audit Conclusion

The information provided above should help you prepare for a potential implementation audit and hopefully avoid the not so pleasant surprise of an unexpected audit finding. In addition, you will have implementation documentation you can easily and quickly provide to an auditor when requested, giving the auditor a pleasant surprise!

 

Ruth Hetland is a Senior Project Manager at Stoneridge Software. Ruth joined Stoneridge with more than 20 years of IT consulting, programming and auditing experience. She spent 8 years at Microsoft – Great Plains fulfilling the roles of strategic software analyst, senior SQA engineer and program manager. Ruth also spent 3 years as a project manager with TMI Hospitality in Fargo. She received her bachelor’s degree in mathematics from Minnesota State University, Moorhead and her master’s in business administration (MBA) from the University of Minnesota, Twin Cities. Ruth is a certified Project Management Professional (PMP) as well as a Certified Information Systems Auditor (CISA).

Stoneridge Software is a Fargo, ND and Minneapolis, MN area Dynamics AX and Dynamics NAV partner. Stoneridge prides itself on its values of integrity, technical excellence, tenacity, being client centric, and enjoying our work. If you're evaluating a new ERP system, contact the experts at Stoneridge Software: 612-354-4966 or solutions@stoneridgesoftware.com

by Stoneridge Software

Comments are closed.