ERP Audit

Auditing an ERP system is essential for gaining control over access and information integrity. Security audits protect the system from intrusions and criminal behaviour that can be destructive.

The system owner has the obligation to his users to control access and verify system integrity. Audits are a critical tool for the system owner to establish a level of documentation for the enterprise-level piece of software.

  1. Compliance Audit

    A compliance audit can be internal where you evaluate whether documented procedures are followed and whether there are documented procedures where necessary for processes people currently follow. Observe any person and document their actions and behaviours. Match those behaviours against the procedures as written that person is supposed to follow. Variances might mean that person needs encouragement to work according to the procedure manual. A variance might also show that the manual needs some updates. Much of the work in an organization requires data entry into the ERP or requires a person use ERP to make an optimal choice. Ensure the touch points related to ERP are covered in the documented procedures.

  2. Process Audit

    Auditing along a process could be your objective. Look at your purchase order processes, for example. Your business probably has levels of authority to authorize spending. A level one buyer might be authorized to make purchases up to 10,000 and your chief executive officer might have a limit of 50,000. Are these levels set within ERP ensuring any purchase order has proper authorization?

    In a business with inventory, many purchase orders with high value will be to purchase inventory items. Your audit might verify there is an actual customer order or an approved forecast serving as a demand before approval of an inventory purchase.

  1. System Audit

    We can look at an ERP audit from a systems perspective too. Do we have the right hardware and network to best support our use of ERP? Are any users suffering slow processing because their computer is obsolete or improperly set up? Is our wireless network consistently available in the back corner of the warehouse? What is our actual downtime related to server or cloud access compared to our standards? Are those downtime standards appropriate for our business?

  2. Security Audit

    Security is extremely important, and an ERP audit based on security will find areas for improvement. Begin with examining which users have access to system data and the limits set. Financial records should generally belong to the accounting department. Engineers might own part numbers and bills of material. Other users can view engineering records but not have the ability to make changes. You might find that a warehouse clerk needs to update the approved warehouse for a part but write access is only available to engineering. The easy solution is to open up access to that warehouse clerk while establishing some control to ensure to misbehaviour is allowed. We also could develop screen personalization, a simple form of customization where that clerk can update only the fields, they need but can only view other fields.

    Mobile access to ERP data is necessary today when users need to use their smartphone to remotely perform their jobs. The same mobile access opens the ERP system to the outside perhaps bypassing the firewall designed to protect ERP data.