Introduction To Erp

AUDITING IN ERP ENVIRONMENT
INTRODUCTION Enterprise Resource Planning (ERP) System implementation is both an art and science that consists of planning, implementation, and ongoing maintenance. This methodology is designed to automate the drudgery of implementation and provide organized approaches to problem solving by listing, diagramming, and documenting all steps. Structured methodologies help to standardize and systemize ERP implementation and maintenance by approaching them as an engineering discipline rather than as hims of individual soft are developers. !t is essential to understand structured methodologies in the implementation of ERP systems. The basic steps of structured methodologies are" Project Definition and Requirement Analysis. #efining the terms of reference, determining user needs and system constraints, generating a functional specification and a logical model for the best solutions. External Desi n. #etailing the design for a selected solution, including diagrams relating all programs, subroutines, and data flo . Internal Desi n. $uilding, testing, installing, and tuning soft are. Pre!im"lementation. Evaluation and acceptance Im"lementation. !mplementing systems. Post!im"lementation. Evaluation of controls and debugging. %hen an organization purchases an ERP system, the intent is that the purchased ERP system provides specific functions and benefits. These functions and benefits need to be articulated to ensure that the ERP system performs as desired. This process is called conducting a feasibility analysis. The purpose of the feasibility study is to provide" &n analysis of the ob'ectives, re(uirements, and system concepts. &n evaluation of different approaches for reasonably achieving the ob'ectives. !dentification of a proposed approach. The feasibility analysis normally covers" )urrent or*ing practices. These are e+amined in depth, revealing areas in the business here there is duplication of effort, or here procedures instituted in the distant past are carried out even though there is no longer any need for them. )hannels of information. These are e+amined because the feasibility study is concerned primarily ith the input and output information of each internal system. Such a study ignores departmental boundaries and pre'udices. %hen the true information patterns ithin a business are e+posed, it is often possible to reorganize resources so that all relevant data is captured at the point here it can be used for decision. &lternative approaches. &lternative methods of handling or presenting the data should be considered. )ost factors. These must be clearly identified and sho definite cost savings or related benefits. E+isting costs must be e+amined and used as a basis for comparison. Since this presentation is li*ely to be related to the information structure rather than to the departmental organization, the ne approach may suggest possible improvements that ere hidden under the e+isting system. Supporting services offered. The training and the systems and programming assistance that ill be available during the installation period.
Page 1 of 39

Range compatibility. !f the or*load e+pands, can the configuration be increased in po er ithout e+tensive reprogramming,
Audit O#jecti$es in an ERP En$ironment The fundamental ob'ectives of an audit of controls do not change in an ERP environment. %hen evaluating controls over ERP systems, decisions must be made regarding the relevance of operational internal control procedures to !nformation Technology (!T) controls. Specific control procedures for audit ob'ectives must be tested. #escriptive material on control procedures and sample compliance tests ill be provided. This material ill be as detailed as possible and should be read selectively, considering its relevance to the specific environment being audited. !n addition to primary audit responsibilities, auditors should be able to provide advice on effective design of control procedures. &udit should communicate significant ea*nesses that come to their attention to the appropriate !T personnel. &uditors should also be alert to ea*nesses that re(uire special revie s and be capable of assessing computer systems under development, in addition to the e+isting systems. ERP %&%TE' ARC(ITECTURE ERP systems should produce accurate, complete, and authorized information that is supportable and timely. !n a computing environment, this is accomplished by a combination of controls in the ERP System, and controls in the environment in hich the ERP system operates, including its operating system. )ontrols are divided into general and application controls. -eneral controls can be further divided into management and environmental controls. .anagement controls deal ith organizations, policies, procedures, planning, and so on. Environmental controls are the operational controls administered through the computer center/computer operations group and the built0in operating system controls.
ERP System &rchitecture

Page 2 of 39

NEED )OR AN ERP RI%* A%%E%%'ENT ERPs have substantially altered the method by hich administrative processes, such as payroll, accounts payable, inventory, sales and accounts receivable, operate, are controlled and audited. 1pportunities for personal revie and clerical chec*ing have declined as the collection and subse(uent uses of data have changed. The changes are the result of moving from manual procedures performed by individuals familiar ith both the data and the accounting process2 to high volume, automated processes performed by individuals unfamiliar ith either the data or the accounting practices. !nformation Technology has substantially reduced the time available for the revie of transactions before their entry into the automated system3s records. !n poorly controlled systems the opportunity for discovering errors or fraud before they have an impact on operations is reduced, especially in the case of real time, distributed, and database systems. The radical gro th of these system configurations (or archi0 tectures) has increased the importance of both automated and manual internal control/security procedures. !t is imperative, therefore, that these systems are revie ed, as they are being implemented2 to ensure that ade(uate controls and security are designed into the ERP system from the outset. I'P+E'ENTATION ,ER%U% OPERATIONA+ AUDIT &uditing in an ERP environment can be divided into t o broad areas. 4irst is the audit of ERP systems under implementation and second is the audit of operational ERP systems. These t o types of audits re(uire significantly different approaches. !n an implementation (vanilla or other ise) of an ERP system, there is no operational system or output data. The auditor evaluates controls ithout the benefit of observing processing results. !n an implementation audit, the auditor is concerned ith ensuring that the implementation procedures and standards have been properly follo ed. The audit of operational ERP systems evaluates the results of the automated processes. !t is normally a data0oriented audit, loo*ing at processed transactions. The ade(uacy and effectiveness of the system controls can be evaluated by e+amining the results of operation (i.e., did the application produce the anticipated outcome). The operational audits can identify vulnerabilities, but these are costly to correct after implementation because of the associated costs (in money and operational do ntime). Studies have sho n that it costs appro+imately 567866 times more to correct an operational system than it ould have cost to build in the necessary controls during implementation. !ndeed, the cost to retrofit controls into a system in0 creases geometrically as one progress through the ERP system life cycle phases. !f potential vulnerabilities can be identified during implementation of ERP systems, they can be more easily and economically corrected than after the ERP system is installed and operational. Thus, it becomes imperative to evaluate the ade(uacy of the implementation approach to controls (i.e., ho controls are addressed, implemented, and documented). !f an ade(uate system of controls is built in during implementation, it can be fine0tuned through operational audits, as necessary. The ris*s and e+posures through the model ERP life cycle (ERP)9) are presented in E+hibits :.8a7:.;e, hich include the operational environment and maintenance phases.
Page 3 of 39

O,ER,IE- O) RI%*% 1rganizations assume ris*s in the normal conduct of doing business. These ris*s represent potential damaging events that might produce losses. )ontrols or safeguards are installed to reduce these ris*s. !f controls are insufficient, the organization is overe+posed and is li*ely to suffer losses or operate at a less efficient level than competitors. &ny !T environment presents uni(ue vulnerabilities and threats to an organization. <ulnerability is a ea*ness or a fla in an !T0based system that may be e+ploited by a threat that can cause destruction or by misuse of the system3s assets or resources. Threats can be environmental (e.g., fire, ater damage, earth(ua*es, hurricanes, etc.) or people0oriented (e.g., errors, omissions, intentional acts of violence, fraud, etc.). %hen a threat materializes and ta*es advantage of a system3s vulnerabilities, a damaging event causes a loss. The ris*s of damaging events cannot be totally eliminated, but the use of controls can reduce such ris*s to an acceptable level.
1vervie Ris. Analyses
of Ris*s E+hibit ;.8 Ris*s and e+posures for ERP9)
& ris* analysis of an organization3s ERP systems, their e+isting controls, and their vulnerabilities results in the loss potential for the system, ith an estimated li*elihood of occurrence. This loss potential in damages must be represented in terms of dollar value. & ris* analysis of an ERP system performs t o important functions" =8 Searches out an ERP system3s vulnerabilities and the probabilities of threats materializing to e+ploit these vulnerabilities. =; )alculates the damage or loss to its assets that could be produced by the resulting damaging events. & third component, to recommend controls or safeguards that ould reduce the damages or loss to an acceptable level (through the use of a cost/benefit analysis), might also be added. &n ERP system environment3s vulnerabilities and set of threats should be assessed to arrive at some estimate of possible damaging events. Such an Page 4 of 39

assessment ould also revie the strengths of e+isting controls. & vulnerability assessment is conducted as part of a ris* analysis. The vulnerability assessment is a ma'or assessment of the ade(uacy of an ERP3s system. 1rganizations must first identify vulnerabilities and threats2 and then determine hether controls are ade(uate to reduce the resulting ris*s to an acceptable level. !f not, it ill be necessary to correct and guard against threats. RI%*% IN AN ERP EN,IRON'ENT The ris*s in an ERP environment include both those present in a manual processing environment and those that are uni(ue or increased in an ERP environment. The use of ERP systems clearly introduces additional ris*s into the system environment. These additional ris*s include problems associated ith" =: !mproper use of technology. => !nability to control technology. =5 !nability to translate user needs into technical re(uirements. =? !llogical processing. =@ !nability to react (uic*ly (to stop processing). =A )ascading of errors. =B Repetition of errors. =86 !ncorrect entry of data. =88 )oncentration of data. =8; !nability to substantiate processing. =8: )oncentration of responsibilities. Each of these ris*s is discussed individually belo , including many of the conditions that cause the ris*s to occur. Im"ro"er Use of Tec/nolo y !nformation technology provides systems analysts and programmers ith a variety of processing capabilities. This technology must be matched to the user3s needs in order to best meet those needs. & mismatch of technology and needs can result in an unnecessary e+penditure of organizational resources. 1ne of the more common misuses of technology is the introduction of ne technology prior to the clear establishment of its need. 4or e+ample, many organizations introduce database technology ithout clearly establishing the need for that technology. E+perience has sho n that the early users of a ne technology fre(uently consume large amounts of resources learning to use that ne technology. =8>The conditions that lead to the improper use of technology include" =85Premature user of ne hard are technology. =8?Early user of ne soft are technology. =8@.inimal planning for the installation of ne hard are and soft are technology. =8ASystems analyst/programmer improperly s*illed in the use of technology. Ina#ility to Control Tec/nolo y !T personnel spend most of their effort on the problems associated ith the implementation of ne technology. Cumerous studies imply that there is often too
Page 5 of 39

little time left to develop and install technological controls. &s a result, resources are e+pended to correct technological problems. )ontrols are needed over the technological environment. These controls ensure that the proper version of the proper program is in production at the right time2 that the proper files are mounted2 and that the operators perform the proper instructions. &de(uate procedures must be developed to prevent, detect, and correct problems in the operating environment. The proper data must be maintained and retrievable hen needed. The conditions that result in uncontrolled technology include" =8BSelection of vendor0offered system control capabilities by systems programmers ithout considering audit needs. =;6Too many control trade0offs for operational efficiency. =;8!nade(uate restart/recovery procedures. =;;!nade(uate control over different versions of programs. =;:!nade(uate control over schedulers, system operators, tape librarians, print capabilities, and data transmission capabilities. =;>!nade(uate revie of outputs. Ina#ility to Translate User Needs into Tec/nical Requirements 1ne of the ma'or failures of information technology has been a communication failure bet een users and technical personnel. !n many organizations, users cannot ade(uately e+press their needs in terms that facilitate the implementation of ERP applications. &nd the technical people are often unable to appreciate the concerns and re(uirements of their users. The ris* associated ith failure to satisfy user needs is comple+. E+posures include" =;54ailure to implement needs because users ere una are of technical capabilities. =;?!mproperly implemented needs because the technical personnel did not understand user re(uirements. =;@Dsers accepting improperly implemented needs because they are unsure ho to specify changes. =;A= $uilding of redundant manual systems to compensate for ea*nesses in ERP applications. =;B)onditions that can lead to the inability to translate user needs into technical re(uirements include" =:6Dsers ithout technical !T s*ills. =:8Technical people ithout sufficient understanding of user re(uirements. =:;Dser3s inability to specify re(uirements in sufficient detail. =::.ulti0user systems ith no user in charge of the system. Illo ical Processin !llogical processing is the performance of an automated event that ould be highly unli*ely in a manual processing environment2 for e+ample, producing a payroll chec* for a clerical individual for over E8 million. This is possible in an automated system due to programming or hard are errors, but highly unli*ely in a manual system. ERP applications do not have the same human oversight as manual systems. !n addition, fe er people have a good understanding of the processing logic of ERP applications. Thus, in some instances, illogical processing may not be readily
Page 6 of 39

recognizable. )onditions that can result in illogical processing include" =:>4ailure to chec* for unusually large amounts on output documents. =:54ields that are either too small or too large, thereby impacting the completeness, accuracy, or efficiency of the data being processed. =:?4ailure to scan output documents. Ina#ility to React 0uic.ly ERP applications are valuable because they are able to satisfy user needs on a timely basis. Some of these needs are predetermined and reports are prepared on a regular basis to meet these needs. 1ther needs occur periodically and re(uire special actions to satisfy. !f the ERP application is unable to satisfy these special needs on a timely basis, redundant systems may be built for that purpose. 1ne of the measures of an ERP application3s success is the speed ith hich special re(uests can be satisfied. Some of the ne er online database applications that include a (uery language can satisfy some re(uests ithin a very short time span. 1n the other hand, some of the older batch0oriented applications may ta*e several days or ee*s to satisfy a special re(uest. !n some instances, the structure of the application system is an inhibits satisfying re(uests. 4or e+ample, if an auditor ants all of the supporting information for a supply re(uisition in a tape0batched system, the cost and difficulty of satisfying that re(uest may be prohibitive. That re(uisition could be spread over many ee*s of processing, due to bac* orders, returned shipments, and shipping errors. The evidence supporting the transaction may be spread over many tape files and the cost of processing those files may be e+orbitant. The conditions that ma*e ERP applications unable to react (uic*ly include" =:@ )omputer time is unavailable to satisfy the re(uest, or computer terminals/microcomputers are not readily accessible to users. =:A The structure of the computer files is inconsistent ith the information re(uested. =:B -eneral0purpose e+tract programs are not available to satisfy the desired re(uest. =>6 The cost of processing e+ceeds the value of the information re(uested. Cascadin of Errors )ascading of errors is the domino effect of errors throughout an application system. &n error in one part of the program or application triggers a second yet unrelated error in another part of the application system. This second error may trigger a third error, and so on. The cascading of error risk is fre(uently associated ith ma*ing changes to application systems. & change is made and tested in the program in hich the change occurs. Fo ever, some condition has been altered as a result of the change, hich causes an error to occur in another part of the application system. )ascading of errors can occur bet een applications. This risk intensifies as applications become more integrated. 4or e+ample, a system that is accepting orders may be tied through a series of applications to a system that replenishes inventory based upon orders. Thus, an insignificant error in the order0entry program can GcascadeH through a series of applications resulting in a very serious error in the inventory replenishment program. The types of conditions that lead to cascading of errors include"
Page 7 of 39

=>8 !nade(uately tested applications. =>; 4ailure to communicate the type and date of changes being implemented. =>: 9imited testing of program changes. Re"etition of Errors !n a manual processing environment, errors are made individually. Thus, a person might process one item correctly, ma*e an error on the ne+t, process the ne+t t enty correctly, and then ma*e another error. !n ERP systems, the rules are applied consistently. Thus, if the rules are correct, processing is al ays correct. $ut, if the rules are erroneous, processing ill al ays be erroneous. Errors can result from application programs, hard are failures, and failures in vendor0supplied soft are. 4or e+ample, a rong percentage may have been entered for ta+ deductions. Thus, every employee for that pay period ill have the rong amount deducted for ta+ purposes. The conditions that cause repetition of errors include" =>> !nsufficient program testing. =>5 !nade(uate chec*s on entry of master information. =>? 4ailure to monitor the results of processing. Incorrect Entry of Data !n ERP applications, there is a mechanical step re(uired to convert input data into machine0readable format. !n the process of conducting this tas*, errors can occur. #ata that as properly prepared and authorized may be entered into ERP applications incorrectly. .uch of the data entered into batch0type systems is entered using a *eyboard device. Some of these devices are *eypunch machines and *ey0to0dis* machines. The data originator manually transcribes the input information onto some type of form, and the form is given to a *ey operator to enter on computer media. #uring this *eying process, errors can be made. !n the ne er technology, data can be originated and entered at the same time. 4or e+ample, order entry cler*s receive orders by telephone and *ey them directly into computer memory. Fo ever, errors can still occur during this process. 1ther methods of data entry include optical scanners, process0control computers that monitor production machinery, automatic cash dispensers and point0 of0sale e(uipment. Fo ever, these are all mechanical devices and thus sub'ect to failure. )onditions that can cause incorrect entry of data include" =>@ Fuman errors in *eying data. =>A .echanical failure of hard are devices. =>B .isinterpretation of characters or meaning of manually recorded input. =56 .isunderstanding of data entry procedures. =58 !nade(uate data verification procedures. Concentration of Data ERP applications concentrate data in an easy0to0access format. !n manual systems, data is voluminous and stored in many places. !t is difficult for an unauthorized individual to spend much time bro sing undetected through file cabinets or other manual storage areas.
Page 8 of 39

%ith ERP media, unauthorized individuals can bro se using computer programs. This may be difficult to detect ithout ade(uate safeguards. !n addition, the data can be copied (uic*ly ithout leaving any visible trail or destroying the original data. Thus, the o ners of the data may not be a are that the data has been compromised. #atabase technology increases the ris* of data manipulation and compromise. The more data that is stored in a single place, the greater the value of that data to an unauthorized individual. 4or e+ample, the information about an individual in the payroll application is restricted to current pay information. $ut, hen that data is coupled ith personnel history, not only current pay information, but also pay history, individual s*ills, years and progression of employment, and perhaps performance evaluation is available. )oncentration of data increases the problems of greater reliance on a single piece of data and reliance on a single file. !f the data entered is erroneous, the more applications that rely on that piece of data, the greater the impact of the error. &nd the more applications that use the concentrated data, the greater the impact hen that data is unavailable due to problems ith the hard are or soft are used for processing it. The conditions that can create problems due to the concentration of data in ERP applications include" =5; Erroneous data and its impact on multiple users of that data. =5: !mpact of hard are and soft are failures that ordinarily ma*e the data available to multiple users. =5> !nade(uate access controls enabling unauthorized access to data. =55 !nefficient use of system for data storage and/or retrieval, hich may impact response time or computer capacity. Ina#ility to %u#stantiate Processin ERP applications should contain the capability to substantiate processing. This substantiation includes both the ability to reconstruct the processing of a single transaction and the ability to reconstruct control totals. ERP applications should be able to produce all of the source transactions that support a control total as ell as substantiate that any source document is contained in a control total. &pplication systems need to substantiate processing to correct errors and to prove that processing is correct. %hen errors occur, computer personnel need to pinpoint the cause so they can be corrected. ERP application customers, other users, and control0oriented personnel, such as auditors, fre(uently ant to verify that processing is correct. )onditions that may cause the inability to substantiate processing include" =5? Evidence is not retained long enough. =5@ The evidence from intermediate processing is not retained. =5A Evidence is not independently revie ed for (uality assurance and/or data integrity. =5B 1utputs are not revie ed for (uality by the users. =?6 The cost of substantiating processing e+ceeds the benefits derived from the process. Concentration of Res"onsi#ilities ERP systems concentrate the responsibilities of many people into the automated Page 9 of 39

application. Responsibilities that had been divided among many people for control purposes may be concentrated into a single application system. & single application system may also concentrate responsibilities from many departments ithin an organization. The responsibilities in an ERP environment may be concentrated in both the application system and !T personnel. 4or e+ample, the data0base administrator may absorb data control responsibilities from many areas in the organization. & single ERP system pro'ect leader may have the processing responsibility for many areas in the organization. Ce methods of separation of duties must be substituted for the previous segregation of duties among people. )onditions that cause the concentration of responsibilities in an ERP environment include" =?8 Establishment of a data processing programming and systems group to develop ERP applications for an organization. =?; )entralized processing of ERP applications. =?: Establishment of a database administration function. =?> 9ac* of ade(uate standards and enforcement of those standards. =?5 9ac* of ade(uate (uality assurance and systems or applications testing. The follo ing is a list of negative situations to hich ERP application systems are vulnerable, grouped according to common system organizational structures. %hile not intended to be all0inclusive, the list suggests various *inds of vulnerabilities that may e+ist in an ERP system. This list of potential vulnerabilities helps identify the additional ris*s presented in an ERP environment. #ue to their value as a tool to identify uni(ue ris*s, a brief description of vulnerabilities by type is also provided. Erroneous or )alsified Data In"ut. Erroneous or falsified input data is the simplest and most common cause of undesirable performance by an applications system. <ulnerabilities occur herever data is collected, manually processed, or prepared for entry to the computer. =??Dnreasonable or inconsistent source data values may not be detected. =?@Ieying errors during transcription may not be detected. =?A!ncomplete or poorly formatted data records may be accepted as if they ere complete records. =?BRecords in one format may be interpreted according to a different format. =@6&n employee may fraudulently add, delete, or modify data (e.g., payment vouchers, claims) to obtain benefits (e.g., chec*s, negotiable coupons) for himself. =@89ac* of document counts and other controls over source data or input transactions may allo some of the data or transactions to be lost ithout detection or allo e+tra records to be added. =@;Records about the data entry personnel (e.g., a record of a personnel action) may be modified during data entry. =@:#ata that arrives at the last minute (or under some other special or emergency condition) may not be verified prior to processing. =@>Records in hich errors have been detected may be corrected ithout verification of the full record. Misuse by Authorized End Users. End users are the people served by ERP Systems. The system is designed for their use, but they can also misuse it. !t may be difficult to determine hether their use of the system is in accordance ith the Page 10 of 39

legitimate performance of their 'ob. &n employee may convert confidential information to an unauthorized use. 4or e+ample, he may sell privileged data about an individual to a prospective employer, credit agency, insurance company, or competitor2 or may use statistics for stoc* mar*et transactions before their public release. =@5& user hose 'ob re(uires access to individual records in a file may compile a complete listing of the file and then ma*e unauthorized use of it (e.g., sell a listing of employee3s home addresses as a mailing list). =@?!nformation may be altered for an unauthorized end user (e.g., altering of personnel records). =@@&n authorized user may use the system for personal benefit (e.g., theft of services). =@A& supervisor may manage to approve and enter a fraudulent transaction. =@B& disgruntled or terminated employee may destroy or modify records, possibly in such a ay that bac*up records are also corrupted and useless. =A6&n authorized user may accept a bribe to modify or obtain information. Uncontrolled System Access. 1rganizations e+pose themselves to unnecessary ris* if they fail to establish controls over ho can enter the system area, ho can use the ERP and ho can access the information contained in the system. =A8#ata or programs may be stolen from the !T room or other storage areas. =A;ERP facilities may be destroyed or damaged by intruders or employees. =A:!ndividuals may not be ade(uately identified before they are allo ed to enter the !T area. =A>Remote terminals may not be ade(uately protected from use by unauthorized persons. =A5&n unauthorized user may gain access to the system via a dial0in line and an authorized user3s pass ord. =A?Pass ords may be inadvertently revealed to unauthorized individuals. & user may rite his pass ord in some convenient place, or the pass ord may be obtained from some other apparent source, discarded printouts, or by observing the user as he types it. =A@& user may leave a logged0in terminal unattended, allo ing an unauthorized person to use it. =AA& terminated employee may retain access to an ERP system because his name and pass ord are not immediately deleted from authorization tables and control lists. =AB&n unauthorized individual may gain access to the system for his o n purposes (e.g., theft of computer services, data or programs, modification of data, alteration of programs, sabotage and denial of services). =B6Repeated attempts by the same user or terminal to gain unauthorized access to the system or to a file may go undetected. Ineffective Security Practices for the Application. !nade(uate manual chec*s and controls to ensure correct processing by the &!S, or negligence by those responsible for carrying out these chec*s, result in many vulnerabilities. =B8Poorly defined criteria for authorized access may cause employees not to *no hat information they, or others, are permitted to access. =B;The person responsible for security may fail to restrict user access to only those processes and data that are needed to accomplish assigned tas*s. Page 11 of 39

=B:9arge funds disbursements, unusual price changes, and unanticipated inventory usage may not be revie ed for accuracy. =B>Repeated payments to the same party may go unnoticed because there is no revie . =B5Sensitive data may be carelessly handled by the application staff, by the mail service, or by other personnel ithin the organization. =B?Post0processing reports analyzing system operations may not be revie ed to detect security violations. =B@!nadvertent modification or destruction of files may occur hen trainees are allo ed to or* on live data. =BA&ppropriate action may not be pursued hen a security variance is reported to the system security officer or to the perpetrating individual3s supervisor. !n fact, procedures covering such occurrences may not e+ist. Procedural Errors within the IT acility. $oth errors and intentional acts committed by the #P operations staff may result in improper operational procedures, lapsed controls, and losses in storage media and output. Procedures and !ontrols. =BB4iles may be destroyed during database reorganization or during release of dis* space. =866 1perators may ignore operational procedures2 for e+ample, by allo ing programmers to operate computer e(uipment. =868 Job control language parameters may be erroneous. =86; &n installation manager may circumvent operational controls to obtain information. =86: )areless or incorrect restarting after shutdo n may cause the state of a transaction update to be un*no n. =86> &n operator may enter erroneous information at a )PD console (e.g., control s itch in rong position, terminal user allo ed full system access2 operator cancels rong 'ob from (ueue). =865 Fard are maintenance may be performed hile production data is online and the e(uipment undergoing maintenance is not isolated. =86? &n operator may perform unauthorized acts for personal gain (e.g., ma*e e+tra copies of competitive bidding reports, print copies of unemployment chec*s2 delete a record from a 'ournal file). =86@ 1perations staff may sabotage the computer (e.g., drop pieces of metal into a terminal). =86A The rong version of a program may be e+ecuted. =86B & program may be e+ecuted using rong data or may be e+ecuted t ice using the same transactions. =886 &n operator may bypass re(uired safety controls (e.g., rite rings for tape reels). =888 Supervision of operations personnel may not be ade(uate during non0 or*ing0hour shifts. =88; #ue to incorrectly learned procedures, an operator may alter or erase the master files. =88: & console operator may override a label chec* ithout recording the action in the security log. Stora"e Media #andlin".
Page 12 of 39

=88> )ritical tape files may be mounted ithout being rite protected. =885 !nadvertently or intentionally mislabeled storage media are erased. !n case they contain bac*up files, the erasure may not be noticed until it is needed. =88? !nternal labels on storage media may not be chec*ed for accuracy. =88@ 4iles ith missing or mislabeled e+piration dates may be erased. =88A !ncorrect processing of data or erroneous updating of files may occur hen input data has been dropped2 partial input data is used2 rite rings mista*enly are placed in tapes2 rong tapes are incorrectly mounted or orn tapes mounted. =88B Scratch tapes used for 'obs processing sensitive data may not be ade(uately erased after use. =8;6 Temporary files ritten during a 'ob step for use in subse(uent steps may be erroneously released or modified because they are not protected or because of an abnormal termination. =8;8 Storage media containing sensitive information may not get ade(uate protection because operations staff does not *no the nature of the information content. =8;; Tape management procedures may not ade(uately account for the current status of all tapes. =8;: .agnetic storage media that contain very sensitive information may not be degaussed before being released. =8;> 1utput may be sent to the rong individual or terminal. =8;5 !mproper operation of output or post0processing units (e.g., bursters, decollators, or multipart forms) may result in loss of output. =8;? Surplus output material (e.g., duplicates of output data, used carbon paper) may not be disposed of properly. =8;@ Tapes and programs that label output for distribution may be erroneous or not protected from tampering. Pro"ram Errors. ERP system should operate in an environment that re(uires and supports complete, correct, and consistent program design, good programming practices, ade(uate testing, revie , documentation, and proper maintenance procedures. &lthough programs developed and implemented in such an environment may still contain undetected errors, programs not developed in this manner may be rife ith errors. %ithout these controls, programmers can deliberately modify programs to produce undesirable side effects or they can misuse the programs they monitor. =8;A Records may be deleted from sensitive files ithout a guarantee that the deleted records can be reconstructed. =8;B Programmers may insert special provisions in programs that manipulate data concerning themselves (e.g., a payroll programmer may alter his o n payroll records). =8:6 #ata may not be stored separately from code so that program modifications are more difficult and must be made more fre(uently. =8:8 Program changes may not be tested ade(uately before being used in a production run. =8:; )hanges to a program may result in ne errors due to unanticipated interactions bet een program modules.
Page 13 of 39

=8:: Program acceptance tests may fail to detect errors that only occur for unusual combinations of input (e.g., a program that is supposed to re'ect all e+cept a specified range of values actually accepts an additional value). =8:> Programs ith contents that should be safeguarded may not be identified and protected. =8:5 )ode, test data ith its associated output, and documentation for certified programs may not be filed and retained for reference. =8:? #ocumentation for vital programs may not be safeguarded. =8:@ Programmers may fail to *eep a change log, to maintain bac* copies, or to formalize record0*eeping activities. =8:A &n employee may steal programs he maintains and use them for personal gain (e.g., sale to a commercial organization, hold another organization for e+tortion). =8:B & critical data value may be initialized t ice due to poor program design. &n error may occur hen the program is modified to change the data value, but only changes it in one place. =8>6 Production data may be disclosed or destroyed hen it is used during testing. =8>8 & programmer ho misunderstands re(uests for changes to the program may cause errors. =8>; & programmer ho ma*es changes directly to machine code may introduce errors. =8>: Programs may contain routines not compatible ith their intended purposes, hich can disable or bypass security protection mechanisms. 4or e+ample, a programmer ho anticipates being fired, inserts code into a program hich ill cause vital system files to be deleted as soon as his name no longer appears in the payroll file. =8>> !nade(uate documentation or labeling may result in the rong version of a program being modified. $peratin" System laws. #esign and implementation errors, system generation and maintenance problems, and deliberate penetrations causing modifications to the operating system can produce undesirable effects in the ERP systems. 4la s in the operating system are often difficult to prevent and detect. Dser 'obs may be permitted to read or rite outside the assigned storage area. =8>5 Simultaneous processing of the same file by t o 'obs may introduce inconsistencies into data. =8>? &n operating system design or implementation error may allo a user to disable audit controls or to access all system information. =8>@ The operating system may not protect a copy of information as thoroughly as it protects the original. =8>A Dnauthorized modification to the operating system may allo a data entry cler* to enter programs and thus subvert the system. =8>B &n operating system crash may e+pose valuable information such as pass ord lists or authorization tables. =856 .aintenance personnel may bypass security controls hile performing maintenance or*. &t such times, the system is vulnerable to errors or intentional acts of the maintenance personnel, or anyone else ho might also be on the system and discover the opening (e.g., micro0coded sections of the
Page 14 of 39

operating system may be tampered ith or sensitive information from online files may be disclosed). =858 &n operating system may fail to record that multiple copies of output have been made from spooled storage devices. =85; &n operating system may fail to maintain an unbro*en audit trail. =85: %hen restarting after a system crash, the operating system may fail to ascertain that all terminal locations are still occupied by the same individuals. =85> & user may be able to get into monitor or supervisory mode. =855 The operating system may fail to erase all scratch space assigned to a 'ob after the normal or abnormal termination of the 'ob. =85? 4iles may be allo ed to be read or ritten ithout having been opened. !ommunications System ailure. !nformation being routed from one location to another over communication lines is vulnerable to accidental failures and to intentional interception and modification by unauthorized parties. Accidental ailures. =85@ Dndetected communication errors may result in incorrect or modified data. =85A !nformation may be accidentally misdirected to the rong terminal. =85B )ommunication nodes may leave unprotected fragments of messages in memory during unanticipated interruptions in processing. =8?6 )ommunication protocol may fail to positively identify the transmitter or receiver of a message. Intentional Acts. =8?8 )ommunication lines may be monitored by unauthorized individuals. =8?; #ata or programs may be stolen via telephone circuits from a remote 'ob entry terminal. =8?: Programs in the net or* s itching computers may be modified to compromise security. =8?> #ata may be deliberately changed by individuals tapping the line (re(uires some sophistication, but is applicable to financial data). =8?5 &n unauthorized user may ta*e over a computer communication port as an authorized user disconnects from it. .any systems cannot detect the change. This is particularly true in much of the currently available communication e(uipment and in many communication protocols. =8?? !f encryption is used, *eys may be stolen. =8?@ & terminal user may be spoofed into providing sensitive data. =8?A 4alse messages may be inserted into the system. =8?B True messages may be deleted from the system. =8@6 .essages may be recorded and replayed into the system (i.e., Gdeposit E866H messages). $esides the ris*s described previously, the impact of these additional vulnerabilities must be assessed. These special vulnerabilities pose threats, hich are not present at all, or are present to a lesser degree, in non0ERP environments. 1nce these ris*s are identified, their severity should be estimated, and controls developed to mitigate their impact on the ERP applications. I%TE&%A' !$%T&$'
Page 15 of 39

!nternal control systems are set up to help mitigate against the ris*s discussed above. The purpose of internal control systems is to reasonably ensure that the follo ing goals are achieved" =8@8 1bligations and costs comply ith applicable la s. =8@; &ll assets are safeguarded against aste, loss, unauthorized use, and misappropriation. =8@: Revenues and e+penditures that apply to organization operations are recorded and properly accounted for, so that accounts and reliable financial and statistical reports may be prepared and an accounting of these assets may be maintained. !ontrol $b(ectives and )ey !ontrols !n order to understand control ob'ectives and *ey controls, it is important to *no hat a system of internal controls is. The &!)P& -uidelines of !nternal )ontrol define it as" The plan of organization and all the methods and procedures adopted by the management of an entity to assist in achieving managements objective of ensuring, as far as practical, the orderly and efficient conduct of its business, including adherence to management policies, the safeguarding of assets, the prevention and detection of fraud and error, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information. The system of internal controls extends beyond those matters which relate directly to the functions of accounting system. !ontrol $b(ectives )ontrol ob'ectives are high0level statements of intent by the management to ensure that departmental programs designed to fulfill the organization3s strategic plans are carried out effectively and efficiently. These statements of intent embody the plan of organization and all the related systems established by management to safeguard assets, chec* the accuracy and reliability of financial data, promote operational effi0 ciency and encourage adherence of prescribed management policies. 1nce the business ris* for the ERP systems is defined, it is possible to determine ho these ris*s ill be contained. )ontrol ob'ectives can be defined as Gthe purpose or 'ustification for having internal controls.H The organization3s internal control structure must meet several control ob'ectives to prevent, detect and correct errors, omissions and irregularities in business transactions and processes, and to assure continuity of business operations. They are a lin* bet een the ris*s and internal controls. )ontrol ob'ectives may differ, depending upon the type, scope, and purpose of the audit. There could be several internal control ob'ectives for a given business ris*, so that the ris* is ade(uately addressed. Some of the common internal control ob'ectives that an author should loo* for are"
Page 16 of 39

=8@> Transactions are properly authorized (&uthorized). =8@5 Transactions are recorded on a timely basis (Timeliness). =8@? Transactions are accurately processed (&ccuracy). =8@@ &ll e+isting transactions are recorded ()ompleteness). =8@A &ll recorded transactions are valid (<alidity). =8@B Transactions are properly valued (<aluation). =8A6 Transactions are properly classified and posted to proper accounts and subsidiary records ()lassification). =8A8 Transactions are properly summarized and reported (Reporting). =8A; &ssets, including soft are programs, data, human resources, computer facilities, etc. are safeguarded against damage, theft, and so forth (Security). =8A: System and data integrity is maintained (!ntegrity). =8A> System availability is assured (&vailability). =8A5 System controllability and auditability is maintained ()ontrollability and &uditability). =8A? System maintainability is assured (.aintainability). =8A@ System usability is assured (Dsability). =8AA System economy and efficiency are maintained (Efficiency). )ey !ontrols Each control ob'ective is met by one or more control techni(ues. These techni(ues are the ays and means that management controls the operations, are varied in nature, and e+ist as" =8AB Procedures and policies. 4or e+ample, independent balancing, cancellation of documents after processing, independent signing for approval of prepared source documents, competent and trust orthy personnel, segregation of duties, mandatory vacations and rotation of duty assignments. =8B6 !nformation systems design. 4or e+ample, numerically prenumbered forms, message authentication, console logs, encryption, range and limit chec*s on input fields. =8B8 Physical controls. 4or e+ample, combination loc*s for vaults, card acceptor devices for restricted access areas. =8B; Segregation of duties. Se"re"ation of *uties The overall ob'ective of the segregation of duties for ERP systems can be e+pressed as Gproduction data is only accessible to bonafide users utilizing tested and approved ERP.H $onafide users are those allo ed by management to vie , update, add or delete transactions in a specific application. The manager in charge of the division or department ho relies on the data for its operations o ns the data. 4or instance, the controller o ns the financial data2 he or she is ultimately responsible for its accuracy and safeguard. 4rom a practical standpoint, that manager ill have devolved the responsibility of granting user access to managers reporting to him or her. These managers ill, in turn, rely on a system administrator, either a member of the user department or !T, to brief them on the available functions of the ERP2 the identity of the users hose 'ob
Page 17 of 39

re(uires access to these functions2 and ultimately, the data. Faving understood the sensitivity of the functions and the confidentiality of the data, these managers ill delegate authority to the administrator to grant access to users. The !T department is responsible for ensuring that po erful utilities are only accessible to selected users and cannot be utilized in an unauthorized fashion to modify production data. !n every environment, there ill al ays be one user and a bac*0up ho have access or can grant themselves access to all data. These po erful users should be carefully selected and audit trails of their actions should e+ist. Production data is never o ned by !T unless it is specific to the operations of the !T department. Production data should only be accessed through authorized utilities that ould not allo users to manipulate production data outside of the constraints and controls implemented ithin the ERP systems. 4or instance, the rules implemented at the database level re(uire that a customer be in the cus0 tomer file for their order to be recorded. !f a user ere able to directly access the order table, through a te+t editor in a DC!K environment or by TS1/!SP4 (True Sharing 1ption/!nteractive System Productivity 4acility) in an .<S (.ultiple <irtual Storage) environment, the ERP control implemented could be bypassed and an order entered for a none+istent customer.
Page 18 of 39

Indian auditin ex"erience in ERP Audit +harat Sanchar %i"am 'imited $harat Sanchar Cigam 9imited introduced S&P R/: version >.@ in -u'arat Telecom )ircle (-T)). The S&P0ERP server is installed at ERP #ata )entre at &hmedabad and 9&C (9ocal &rea Cet or*) / %&C (%ide &rea Cet or*) ere used for connecting R/: environment to the nodes at Secondary S itching &reas (SS&s). The or* of implementation of ERP in -T) as a arded to Siemens !nformation Systems 9imited (S!S9), .umbai at a cost of Rs. ;6.8> crore. The ob'ectives of implementation of ERP ere to" (i) !mprove the information flo to facilitate better decision ma*ing leading to overall improvement in the performance of the organisation by ay of improvements in productivity, cycle time, financial performance and information transparency, (ii) )onvert -T) into a paperless or*ing environment and (iii) Reduce manpo er re(uirement. Fo ever, it as observed that the desired ob'ectives did not accrue to the )ompany as detailed belo " ,. +usiness Process &e-en"ineerin" .+P&/ $usiness Process Re0engineering ($PR) is one of the fundamental steps underta*en prior to ERP implementation. %hile according sanction for implementation of ERP in -u'arat Telecom )ircle, $SC9 )orporate 1ffice in &ugust ;66: had approved implementation of ERP in one SS& and implementation in entire )ircle as to be done after finalizing business processes. &gainst the instructions of the )orporate 1ffice, -T) ent ahead ith implementation of ERP in all SS&s ithout finalising $PR hich resulted in manual intervention and deprived the )ompany of advantages of ERP. 4or instance, !n the manual system, for sale of top0up and recharge coupons the .ar*eting ing issues delivery note to the franchisee for the (uantity of top0up and recharge coupons and the )ash section receives the payments against the (uantity authorised by the .ar*eting ing. The products are then issued by the .ar*eting ing after production of cash receipts. !n an ERP environment all the above functions could be carried out through a single indo . !t as noticed that all the activities related to the sale of top0up and recharge coupons of -T) ere being carried out in the traditional ay despite operating in a computerised environment. The total value of sales of these coupons in the t o years of ;66@06A and ;66A06B as Rs. >@6.56 crore out of hich @B per cent amounting to Rs. :@; crore as through franchisees. 0. Interface with the telephone revenue billin" pac1a"es There are t o billing pac*ages used in -T) for billing. 1ne of the important conditions of the agreement ith S!S9 for implementation of ERP as to provide interface ith the e+isting billing pac*ages. !t as observed that no interface as provided ith the revenue billing pac*ages and the revenue from them are accounted in ERP through Journal <ouchers. !n the absence of interface ban* reconciliation of collection accounts is done manually depriving -T) of the advantages of efficient fund management. 2. *i"itisation of service details and records &greement ith ./s S!S9 stipulated that service records, personal details,
Page 19 of 39
atching

of crucial dates in service, )areer Planning, &ppraisal System, Pay Roll, terminal benefits etc for appro+imately ;A,666 employees ere to be digitised. $ut it as observed that the vendor did not comply ith contractual agreement ith the result that service related activities li*e leave account of employees, pay fi+ation, grant of increment etc are done manually in the )ircle defeating one of the ma'or ob'ectives of ERP implementation hich as to reduce human intervention in various administrative or*s. 3. *eclaration of 45o 'ive6 status even before achievin" online status in various modules7 &s per terms of the agreement ith ./s S!S9, ERP as to be commissioned by .arch ;665. !t as observed (1ctober ;66B) that L-o live3 as declared in the year ;66@, even though online status as not achieved in many modules and transactions. The activities li*e processing of Performance $an* -uarantees, posting of leave entries, settlement of temporary advances, 9eave Travel )oncession (9T)) and .edical claims ere processed offline. .oreover, on revie of the Trial $alance and other accounting statements prepared from ERP it as noticed that in the t o years after declaring L-o 9ive3 more than ?5,666 J<s (document created in ERP for accounting transaction carried out in legacy system) ere prepared during the preparation of final accounts of the )ompany. !t is e+pected that there should be minimum possible manual intervention after declaring L-o 9ive3. $ut absence of interface ith other soft are pac*ages and continuance of manual system contributed to the preparation of large number of J<s. 8. !ustomisation and mappin" of rules on dele"ation of financial powers )ustomising the ERP pac*age to the re(uirements of the )ompany and mapping the business rules of the )ompany completely to it as an important stage in the pro'ect implementation. &s per )ompany3s accounting policy, sanction from the appropriate level of .anagement is a must for incurring any e+penditure. !t as seen that hile implementing ERP the practice of preparing estimates for maintenance or* as replaced ith a system of Lmaintenance orders3 and no monetary limit as prescribed for Lmaintenance orders3 in the Plant .aintenance (P.) module. & revie of the e+penditure in P. module for ;66@06A and ;66A06B sho ed that e+penditures of more than Rs. 1ne la*h in each case aggregating Rs. >>.;8 crore ere incurred ithout the cases being approved through or*flo of ERP. This e+penditure on maintenance should have been lin*ed ith the or*flo so that a atch on such e+penditure could be monitored by top level .anagement to ensure only e+penditures of maintenance nature are processed thorough Plant .aintenance module. This led to inflated per line maintenance cost for -T) besides depriving it of the benefits of depreciation hich other ise ould have accrued on the capital assets boo*ed in P. module. 9. Monitorin" of functionin" of E&P 4or efficient functioning of an !T system, it is important that the .anagement put in place effective monitoring mechanism hich ould facilitate early detection and rectification of deficiencies. &udit observed the follo ing deficiencies due to lac* of effective monitoring of the functioning of ERP" !n <adodara SS& it as seen that e(uipment costing Rs. 8.>5 crore received Page 20 of 39

in &ugust ;66@ as ta*en into stoc* only in Jan ;66A. Though the e(uipment as put to use, it neither formed part of %or* in Progress (%!P) nor the 4i+ed &ssets of the SS& for the financial year ;66@06A. 1n being pointed out by audit, it as replied that the consignment as directly received by the sub0division and only on receipt of bill for payment the omission as noticed. !n the )ompany, transfer of stores bet een different units is fre(uent and processing of &dvice of Transfer #ebits (&T#) is an important activity in stores transactions. Test chec* of &T# transactions in Surat SS& revealed that an &T# for Rs. >:.? la*h hich as supported ith invoices as sho n in the system as Rs. ;6.6@ la*h. &s per the )ompany policy, assets costing less than Rs. 5,666 should be depreciated fully. !t as seen from the data in 4!)1 module that in @B; cases assets valuing less than Rs. 5,666 ere not depreciated fully. :. *ata validation Efficient data validation procedures are important to ensure the reliability of output from the system. &udit observed the follo ing deficiencies in the functioning of ERP due to ea* validation of data. (a) &s per e+isting rules the minimum subscription to -P4 should be si+ per cent of the pay. Fo ever, it as noticed that the system as accepting subscriptions belo si+ per cent of pay also. 1n this being pointed out, the .anagement replied that validation for -P4 subscription ould be restored from &pril ;686. (b) &s per accepted accounting principles, depreciation of an asset should commence from date of its capitalisation. Fo ever, it as observed that date of capitalisation and date of commencement of depreciation ere different in many cases. .oreover, life of assets as not matched properly and in many cases it as sho n as BBB years. (c) The currency of assets of <adodara SS& in Gdepreciation postedH sub0module in 4!)1 as seen as DS #ollars (DS#) instead of !ndian Rupee (!CR). ;. User account mana"ement Revie of the user account management of ERP revealed that multiple user accounts e+isted for the same officer in different capacities ithin the same SS& or in t o different SS&s and user once created as not being cancelled or deleted on transfer or retirement of the official. !t as also noticed in Surat SS& that bills pertaining to )ivil #ivision ere accepted and passed by logging in as &ccounts 1fficer, Telecom Electrical #ivision. $il India 'imited 1il !ndia 9imited (1!9) adopted S&P R/: (version >.@) as its Enterprise Resource Planning (ERP) soft are to enable it to integrate its business processes across the value chain. The total pro'ect cost as Rs. >5.6> crore. The ERP system ent live in #ecember ;665. &t the time of implementing the system, the )ompany had carried out a detailed cost benefit analysis incorporating all tangible benefits that ould accrue by implementing S&P R/: and pro'ected a benefit of Rs. 8>.?@ crore per annum. The benefit, inter alia, as e+pected to flo mainly from control of inventory carrying cost, overtime e+penditure, fuel oil consumption, repair and maintenance cost, decrease in surface e(uipment shutdo n time in drilling operations, transport and other contract cost, etc. &udit scrutiny, ho ever, revealed that the )ompany Page 21 of 39

could not get the above benefits entirely, due to inade(uate End Dser Training and underutilisation of ERP as detailed belo " There is no effective !nformation Security policy in the )ompany.
)orporate 4inancial .anagement ()4.) module is not being utilised and the server purchased for )4. is *ept under shutdo n. The other modules viz. Plant .aintenance (P.), Fuman Resource (FR) and Pro'ect System (PS) are also underutilised. Plant .aintenance activities are not being ade(uately monitored through P. module due to non updation of .aintenance history, $rea*do n details, 'ob completion status, etc. .anpo er Planning is not being carried out in FR module. 4urther, FR data is not being updated regularly especially for separation cases, loan data and ne recruits. #aily Progress Report (#PR) for #rilling/ or*over and survey activities are not being regularly captured in the PS .odule. &udit revie ed the general performance of t o modules of S&P R/: namely 4inancial &ccounting and )ontrolling (4!)1) and Pro'ect System (PS) hich revealed the follo ing" , inancial Accountin" and !ontrollin" . I!$/ 4inancial &ccounting and )ontrolling (4!)1) module of S&P R/: is envisaged to cater to all the accounting, financial and informational / reporting needs of the 4inance and &ccounts #epartment of the )ompany. Fo ever, the follo ing deficiencies ere observed in the 4!)1 module" a) Single invoice can be processed for payment more than once in the )ash 'ournal. b) Revenue budget has not been configured in S&P R/: and, thus, budgetary controls on the revenue e+penditure could not be e+ercised. c) -eneral 9edger &ccounts, hich are supposed to ta*e automatic direct posting from other modules (such as .aterials .anagement, Sales and #istribution etc.), have not been mar*ed for such automatic posting. d) S&P has not been configured for preventing the use of rong cost centres. e) #epletion8 calculation has not been properly mapped. !n S&P R/:, depletion is being calculated on monthly basis, hereas the business process of the )ompany re(uires depletion to be calculated on (uarterly basis. f) The system of allocation of cost to oil ells has not been properly mapped in S&P R/:. So, the cost of departmental drilling manpo er could not be allocated correctly to oil ells as the allocation cycle could not differentiate bet een departmentally operated oil ells and contractually operated oil ells. The rong allocation of costs is adversely affecting the ell costs and leading to generation of rong .anagement !nformation System Reports. g) !n cash contra account the original document number is not properly lin*ed ith the assignment field of the document being generated at the time of cash disbursement. #ue to such improper configuration of S&P R/:, cash contra entries could not be reconciled automatically. h) S&P R/: has not been configured to generate )ash flo Statement, Segment Reporting, etc. i) .aterials, hich have already been consumed, are not being boo*ed into S&P R/: and are reflected in the inventory. The actual status of consumption of material(s), orth Rs. B8.?5 crore (as on :8 .arch ;66B), at various storage locations could not be ascertained. ') Statistical Iey 4igures (SI4s) are not being updated by the respective
Page 22 of 39

departments. So, S&P R/: could not automatically determine the Statistical Iey 4igures (SI4s) for allocating the indirect costs. &ccording to the .anagement, the ignorance of respective users in updating the SI4s is the reason for above anomaly. *) The records of physical verification of assets are not being updated regularly in S&P R/: and the physical e+istence of assets, valued at Rs. 88?.;> crore, could not be confirmed. The .anagement could not monitor the physical e+istence of assets of the )ompany through S&P R/:. &ccording to the .anagement this is an uploading issue and the same ould be addressed. l) !nput controls are not sufficient to prevent the payments of regular nature being made under the facility of Lone time vendor3 payments. Dsing the L1ne Time <endor3 facility for ma*ing payments of regular nature increases the ris* of payment frauds. 0 Mi"ration of data from le"acy system The data uploading into S&P R/: as done ithout proper reconciliation and cleaning. There as around Rs. ;>@ crore difference bet een legacy data and the data migrated to S&P R/:. This fact as noticed by S&P itself, in course of Muality Revie Program after post -o 9ive Phase. 2 Pro(ect System Pro'ect System (PS) module of S&P R/: ERP system provides the frame or* for mapping and processing of pro'ect tas*s, planning, e+ecution and monitoring of pro'ects in a targeted and cost0effective ay. PS is lin*ed to the S&P R/: 4inancial &ccounting, Sales and #istribution, .aterials .anagement, Production Planning, and Plant .aintenance modules. The follo ing issues ere noticed during the course of audit of Pro'ect System module of S&P R/:"0 a) $udgetary chec*s are not operating at the time of raising Purchase Re(uisitions (PR) for contractual services. &udit noticed that Purchase 1rders, valuing Rs. 8;.:6 crore ere raised against PRs ithout reflecting commitment value, during the period from ;66? to ;66B. b) )ontract %or* 1rder ()%1) can be created in S&P R/: ith Lun*no n3 account assignment bypassing budgetary controls. &udit noticed that si+ty seven (?@) or* orders valuing Rs. 88.6B crore ere issued ith un*no n account assignment during the period from ? #ecember ;665 to :6 &pril ;66B. c) )ost planning of the %or* $rea*0#o n Structures (%$S ;), e+cept the material cost, through net or* is not being done. Fence, the actual versus plan cost against %$S does not reflect the correct scenario. #industan Paper !orporation 'imited Findustan Paper )orporation 9imited ()ompany) as using !ntegrated $usiness !nformation System (!$!S) for invoicing, sales and purchase accounting purposes. !n ;66:, the )ompany decided to implement the ERP solution for its various activities and accordingly, 1racle e0$usiness Suite, an ERP solution by 1racle )orporation, as selected through a global tendering process. Tata )onsultancy Services 9imited as the implementation partner and %!PR1 as the vendor for supply of the production server. The ERP system, installed in Cagaon Paper .ill (CP.), &ssam of the )ompany, as made operational in &pril ;66? at the cost of Rs. @.@6 crore. &s per .emorandum of Dnderstanding (.1D) (;66;06:) ith the -overnment of !ndia, Page 23 of 39

implementation of ERP as to be completed by .arch ;66:. Fo ever, it as noticed that the order for implementation as issued only in January ;665 and the ERP system ent live in &pril ;66?, ith a delay of three years. The delay as primarily due to procedural delays attributable to the .anagement. , Anticipated benefits of E&P The anticipated financial benefits of implementing ERP or*ed out to Rs. 8:.6@ crore over five years period mainly by ay of savings in inventory carrying cost through reduction of procurement cycle. !ntangible benefits such as accuracy of payment against material receipt, online availability of cost sheet integrated ith production/ sales data, accurate information of real0time customer balance helping faster and error0free invoice0processing and dispatch operations ere also e+pected. The follo ing tangible benefits as envisaged could not be achieved" a) &gainst anticipated reduction of average procurement cycle time from 8A ee*s (;66:) to 86.A ee*s, actual average procurement cycle time for the period ;66?6B as found to be more than ;A ee*s. b) ;6 per cent reduction in inventory holding as also envisaged during post implementation period. This could not be achieved as ith similar levels of turnover, the inventory levels remained almost same during ;66?0;66B. 0 5eneral controls 4ollo ing deficiencies in general controls ere noticed" There as no documented L!nformation Technology Policy3. ere not
Some of the security parameters as recommended by 1R&)9E configured but retained as default values.
The user management as deficient hich e+posed the system to the ris* of unauthorised use and loss of audit trail and difficulty in tracing the identity of the unsuccessful login. 2 Input control and validation chec1s The follo ing deficiencies ere noticed in this regard" )hanges in price of finished products ere not immediately uploaded in the system. )onse(uently, sale of products in the intervening period as made at old rates necessitating manual corrections by ay of raising debit/credit notes. &nalysis revealed that on A8 occasions, the delay in changing price list ranged bet een 8 to >A days. This increased the ris* of errors and omission. ;85 codes had been allotted to @A customers indicating that customers ere allocated more than one code and the customer names ere almost similar but their )ustomer ids ere different and goods ere sold to the same customers under different customer !#s. The e+istence of duplicate customer !#s may lead to the ris* of e+tending additional credit facilities to a single customer. &nalysis revealed that 8,6B6 inventory items ere allotted more than one code and separate stoc*s e+ist for 58 duplicate items. !n case of ;;: items, material descriptions ere not available in the system.
Page 24 of 39

Though the (uantity ordered for :,??: items against >AA purchase orders had been fully delivered, the purchase orders remained open. 3 +usiness Process Mappin" #ue to improper mapping of business rules the manual intervention as re(uired hich resulted in non achievement of the intangible benefits as envisaged. !n this regard the follo ing as observed" Sale of finished product can be made either on credit or against cash/advance payment. 4or cash payments, the customer is entitled to get a cash discount based on the payment terms. !n this connection, it is observed that for cash sale, payment received from the customers is to be attached to the delivery orders generated. !t as, ho ever, noticed that system permitted generation of delivery orders ithout entering such payment details. Fence, there is a ris* of delivery of finished goods ithout payments and since cash discount is automatically calculated in the system, there is a ris* of incorrect billing also. The system accepted the entry of same che(ue/## numbers against different sales invoices. This may lead to the ris* of incorrect ad'ustment of credits against the sales, hich necessitated further supervisory controls. !n the case of credit sale, deliveries ere made against receipt of post0dated che(ues. !t as, ho ever, observed that system has not been customised to accept post0dated che(ues against credit sales hich resulted in monitoring of such sales through manual registers. There is no provision in the system to levy penalty for (uality and (uantity shortage and to calculate the 9i(uidated #amages for delay in supply of materials though details relating to (uality ere available in the system. These ere calculated and fed in the system manually thereby increasing the ris* of inaccurate calculation besides underutilizing the system. !n case of re'ection of goods by the customer, neither the returned items could be ta*en in the stoc* nor could the accounting entry be passed immediately leading to overstatement of sales and sundry debtors. This indicated that the system is deficient in accounting the material return against direct sale. Reports li*e .onthly Segment Report, .onthly Stoc*ist 1ff Ta*e Report etc., re(uired for .!S purpose continued to be maintained separately for ant of customisation of the same in the system. &ashtriya !hemicals and ertilizers 'imited Rashtriya )hemicals and 4ertilizers 9imited ()ompany) issued (Covember ;66>) a or* order for implementation of myS&P ERP ith S&P R/: Enterprise <ersion >.@ on turn*ey basis to Siemens !nformation Systems 9imited, .umbai at a lump sum price of Rs. :.>@ crore. This included Rs. 8.@; crore to ards ;56 user licences of myS&P ERP and Rs. 8.@5 crore to ards design, configuration, installation and implementation of selected core modules. The )ompany incurred an e+penditure of Rs. 8.?@ crore for procurement of hard are. The pro'ect ent G-o liveH on 8 January ;66?. &udit assessed the implementation and usage of the .aterial .anagement .odule controls and the security of the system hich revealed the follo ing deficiencies" 3.0.3., +usiness Process Mappin"
Page 25 of 39

!mplementation of an ERP solution across the )ompany is to ensure integration of various business processes as far as possible. Fo ever, follo ing deficiencies in mapping of business rules ere noticed" (i) 9ogically, GPurchase Re(uisitionH date should precede GPurchase 1rderH date. !t as observed that in 58 cases the GPurchase Re(uisitionH dates ere after GPurchase 1rderH dates. (ii) There as no online system of creation, approval and release of both Purchase Re(uisitions and Purchase 1rders. !n case of ra materials the system as not configured for release of Purchase Re(uisitions. The system follo ed by the )ompany as to obtain approval on the file manually and input the data into the system later. (iii) Purchase Re(uisitions ere created and released in the system for procurement action. !t as observed that in respect of >,>?> cases even though (uotations ere invited, no further action as ta*en. Similarly, in >,88: cases, no procurement action as ta*en. There as also no provision in the system to capture the reasons for pending GPurchase Re(uisitionsH. (iv) &s per the delegation of po ers, #eputy -eneral .anager has po ers to release Purchase 1rders upto Rs. 5 la*h only. The po ers to be e+ercised by -eneral .anager and above ere e+ercised by #eputy -eneral .anagers and officers belo the ran* of #eputy -eneral .anagers hich indicated absence of participation and commitment. (v) !n respect of 8>? cases, Purchase 1rders released during the period from 8 &pril ;66? to :8 .arch ;66A, valuing Rs. 5.8: crore here delivery as completed and in 8,:>; cases valuing Rs. 8,:B6.?A crore here partial delivery as completed, the Purchase 1rders ere still open (&ugust ;66B). (vi) There as no provision in the system to generate .!S Reports of pending Purchase Re(uisitions. The system as also not configured to indicate reasons for delay. (vii) !n @,B@> cases, valuing Rs. 58.5@ crore, the time gap for converting Purchase Re(uisitions to Purchase 1rders ranged from B6 days to more than 5>6 days. The )ompany had not fi+ed any time schedule for issue of Purchase 1rders from the date of release of Purchase Re(uisitions in the system. (viii) !n ;;,658 cases the Purchase 1rders ere issued on the same day or after the Ge+pected delivery dateH specified by the re(uisitioner. 3.0.3.0 %on-utilisation of SAP The data relating to availability and consumption pattern of materials available in the S&P system as not utilised for decision0ma*ing as detailed belo " (i) The )ompany after implementation of S&P procured materials orth Rs. 8.;: crore bet een 8 &pril ;66? and :8 .arch ;66B in spite of non0moving stoc* of the same materials orth Rs. 6.B8 crore as on 8 &pril ;66?. (ii) &fter implementation of ERP, there should have been reduction in the inventory holding. !t as, ho ever, observed that the inventory of non0insurance domestic and imported spares increased by Rs. 8A.>; crore from Rs. 8;B.B> crore as on 8 &pril ;66? to Rs. 8>A.:? crore as on :8 .arch ;66B. The inventory as on :8 .arch ;66B included unmoved items orth Rs. ?A.;5 crore (>? per cent) during the period from 8 &pril ;66? to :8 .arch ;66B. (iii) .aterial Re(uirement Planning (.RP) facility to monitor and maintain minimum
Page 26 of 39

and reorder stoc* levels for critical materials has not been utilised. (iv) The S&P system has provision for capturing data relating to delivery schedule of materials ordered and levy li(uidated damages herever necessary. Fo ever, the enforcement of li(uidated damages clause as per agreement in respect of late/undelivered Purchase 1rders as not built into the system. #uring the year ;66A06B, the )ompany recovered li(uidated damages amounting to Rs. ;.8; crore based on manual calculation. (v) There ere ;,6@5 cases (Rs. ;,;>6.58 crore) of partly delivered Purchase 1rders issued upto :8 .arch ;66B for hich reminders ere not generated through the system and ere issued manually despite reminder feature available in S&P. (vi) The vendor0 ise and material0 ise lead0time details ere not captured in the system. !n the absence of hich the delays in delivery of materials could not be monitored through the system. (vii) There as no provision to capture and trac* shelf life and the e+piry date of the inventory. !n the absence of such provision, the system could not prompt the users for impending obsolescence and the ris* of belated decisions for procurement, replacement and disposal of obsolete inventory continued. (viii) The system as not configured to capture inventory of repaired/repairable items and the spares used for their repair/overhauling. #ue to non0maintenance of these details, inventory control could not be e+ercised over such items besides analysis of fre(uency of repair and economies of repairs over ne purchases as not possible. (i+) The provision to capture information relating to arranty/guarantee terms of the materials procured as not available in the system. &bsence of this provision posed the ris* of failure to use/test the usability of the e(uipment ithin the arranty/guarantee periods and to invo*e the same herever the situation arranted. Indian $il !orporation 'imited !ndian 1il )orporation 9imited undertoo* an !T re0engineering pro'ect named L.anthan3 in 8BB@ and selected S&P R/:, ERP pac*age ith !S01!9 (specific ERP solution that caters to the needs of S&P R/: users amongst the oil industry). The pro'ect as implemented in &pril ;66>. The )ompany has around 86,666 users and @66 sites spread across the country or*ing on S&P. Dsers from distant parts of the country are able to access and ma*e transactions in S&P on a real0time basis. The )ompany has *ept its #atabase and &pplication servers at the corporate data centre, -urgaon and they are accessible through leased line and / or <S&T : from all State 1ffices, Refineries and Pipeline Dnit Cet or*s. 1ther units such as Terminals, #epots and $ottling Plants etc., are connected to S&P through the nearest State 1ffice / Refinery. &long ith the e0security audit of the system the finance module of S&P as also selected for audit. , e-security The !T security revie broadly covered the !T security environment in the )ompany and Roles and &uthorisation in S&P system to conform to the )ompany3s re(uirements. !t as observed that the !T environment of the )ompany as not ade(uately secured as detailed belo " Rationalisation of Dsers3 roles and authorisation and segregation of duties as deficient. !t as noticed that ;B combinations of t o or more conflicting critical
Page 27 of 39

transaction codes involving processing sale orders / invoices / deliveries, payments, creation, settlement, change, deletion etc ere e+tended to many users ranging from 8A to >,A6A. The .anagement in its reply stated (September ;66B) that roles and authorisation have to be attached to a number of employees to fulfil and meet our minimum operation, supply and distribution and logistic re(uirements. Fo ever, the .anagement did not assess the ris* involved hile e+tending a critical combination of authorisations to various users in the system. AA users other than the $&S!S team > as given access to the sensitive Transaction )odes5. There as la+ity in the pass ord policy of the )ompany hich allo ed simple, trivial and non0alphanumeric pass ords to be entered hich made the system vulnerable to security threats internally. The .anagement stated (September ;66B) that considering the size and level of the user base and optimal operational convenience, security measures ere being implemented in a phased manner. The user3s profile as not properly defined to hich the .anagement replied (September ;66B) that updating user groups and other details as a continuous process and concerned groups ere ta*ing action from time to time. 1ut of 8:,>58 user !#s, B55 user !#s ere common i.e. used by more than one user. The .anagement in its reply stated (September ;66B) that common users had display authorisation only for reporting purposes. The .anagement3s reply is not factually correct as on verification it as found that )ommon Dser !#s ere still carrying create / change / cancel / delete authorisations. !n the absence of corporate !T policy, different virus, mal are, spy are protection soft ares being used at different offices and sites. 4urther, internet content could not be filtered through a uniform fire all policy. &t )ompany3s !nformation Fub, it as observed that (a) although a fire all as in place at the premises, the fire all rules to censor the eb content and monitoring ere yet to be framed and (b) the fire all in place as not enough to maintain a log of instances of attempts and instances of actual breach into the )ompany3s Cet or* / fire all internally or e+ternally. The .anagement accepted the observation (September ;66B) and informed that they ere trying to ensure Cet or* Security through a policy hich as being finalised. 0 inance module 4inance .odule (4!) is designed for management of the processes involved in preparation of the accounts. The 4! .odule has inter0lin*ages ith all the modules in the ERP system and consolidates all the financial information to generate the financial statement of the )ompany. The !T audit has been conducted *eeping in vie the importance and criticality of the efficacy of 4! module in the preparation and generation of the accounts of the )ompany. The follo ing deficiencies ere observed in the finance module due to hich the reports generated from the system could not be relied upon" The date of commencement of depreciation as : to 8> months prior to the date of capitalisation in respect of 85,A65 assets and it as 8 to 85 months after the date of capitalisation in respect of >,:B8 assets. #epreciation rates as per Schedule K!< of the )ompanies &ct ere not adopted in respect of ;,556 assets. The (uantity as indicated as zero in ;@,688 assets orth Rs. ?5; crore and,
Page 28 of 39

thus, the correctness of depreciation provided could not be ensured. &nalysis of purchase orders/%or* orders released through the system sho ed that in respect of service contracts, P1s/%1s ere created (8B,>6? in ;66@0 6A and 8;,@65 in ;66A06B) in the system only at the time or after the receipt of goods/invoices for the services rendered (details given to the )ompany). -R/!R is an intermediary account used for payments against goods received. &nalysis sho ed that more than three la*h entries amounting to Rs. ;6B8.8; crore ere pending clearance ranging from one to four years indicating lac* of proper monitoring by the )ompany. !t as observed that, though the stoc* balances are maintained in the system the valuation of stoc*s is done outside the system hich defeated the purpose of the ERP system. The )ompany decides and assigns credit limits to various categories of customers hich are accordingly entered into the system. &nalysis of data on credit limit e+tended to customers sho ed that, there ere inade(uate validation chec*s ith the credit limits maintained in the system that resulted in overdue amount of Rs. ;B>.AB crore in respect of ;B: customers ho had e+ceeded their credit limit. Each customer is allotted a uni(ue code. Fo ever, there as more than one customer code assigned to the same customer in 8,55; cases in the customer master. %eyveli 'i"nite !orporation 'imited Ceyveli 9ignite )orporation 9imited has an integrated po er generating facility consisting of lignite mines and Thermal Po er Stations. The .aterial .anagement (..) #epartment of the )ompany centrally controls the inventory management of the )ompany catering to the needs of all units through sub stores attached to the respective units. The )ompany as using a )1$19 based batch processing system for its inventory management. !n .arch ;66;, the )ompany placed an order on the !ndian !nstitute of Technology (!!T), Iharagpur for development and implementation of 1nline !ntegrated .aterial .anagement System (19!..S) at a cost of Rs. ;.65 crore ith the ob'ective of re0engineering the e+isting legacy system to ma*e it more responsive to reduce ordering costs by at least >6 per cent and lead time by at least 56 per cent and automation of demand forecasting and scientific inventory control for all items including slo moving spares etc. The )ompany implemented 19!..S in 1ctober ;66?. Fo ever, it as observed that the desired benefits ere not accrued to the )ompany as detailed belo " = $etter !nventory control could be achieved through ell defined #ecision Support System (#SS) comprising of Economic 1rdering Muantity (E1M), Re0order Muantity (R1M), Re0order 9evel (R19), Safety stoc*, .inimum 9evel, .a+imum 9evel etc. This ould re(uire data on procurement and consumption for three to five years hich could lead to reduction in ordering cost, optimal inventory holding and minimum inventory carrying cost. The )ompany is having a system generated #SS for economic indenting purpose. The system generates an economic (uantity for each and every material based on past consumption pattern, henever an indent is raised. Fo ever, during implementation of 19!..S, the )ompany could not import the legacy data and, hence, could not use the data available for effective inventory management as per the above said inventory levels. The indented (uantity in respect of 5,B@B out of ::,@A@ material codes as in
Page 29 of 39

e+cess of system calculated economic (uantity up to 866 times. This indicated non observance of control over the system as per the system generated economic (uantity. !t as further observed that though 19!..S provided for recording the reasons thereon, in ma'ority of the cases (>,A;: cases) no reasons ere found recorded. The closing stoc* value of stores and spares as at the year end e+hibited in the financial reports comprised of stoc* balance generated from 19!..S and the value of materials lying at site as reported by respective units through the reports prepared manually. .anual intervention in this regard affected the true and fair vie of financial reports. The delivery status, in respect of >BA Purchase 1rders against hich more than B6 per cent of the ordered (uantity as received, as still indicated as partial supply instead of treating them as completed. !n respect of :@ purchase orders against hich the ordered (uantity as received in full, the delivery status still indicated as partial supply. Security controls The .. #epartment did not have an approved/documented !T Security policy. #ata analysis sho ed that users have been allo ed to have many !#s (; to ;B !#s). .ultiple user !#s ould result in ea* monitoring practice. The )ompany did not have a documented/approved pass ord policy. #ata analysis sho ed that same pass ord is being used by many users. 4or e+ample out of ?,>;? active Dser !#s available, >,56: users (@6 per cent of the users) including many senior level officers having approval authority in the or* flo hierarchy, use the same pass ord. &s the )ompany has a customary practice of using a particular employee related information as user !#, ris* of unauthorised access to the system as large, since common pass ords ere used and the user !#s ere easily predictable. +EM' 'imited $E.9 9imited as earlier using various in house developed applications for finance, planning, purchase and inventory. !n order to ensure effective utilisation of the )ompany resources and also to ensure connectivity among various divisions, corporate office, mar*eting division including its regional and district offices, the .anagement decided (&ugust ;66>) to implement company ide Enterprise Resource Planning (ERP). The )ompany selected S&P0ERP (myS&P ERP) soft are for implementation covering basic modules. S&P system as implemented (1ctober ;66@) by Siemens !nformation Systems 9imited (S!S9) at a cost of Rs. ?.A6 crore. 9ater, in order to strengthen the $usiness operations, the )ompany procured and implemented S&P0Supply )hain .anagement soft are through S!S9 at a cost of Rs. ?.66 crore. &udit scrutiny revealed that the )ompany could not realise the above benefits entirely, due to the follo ing" S&P system allo ed posting of the transactions relating to t o months at any given point of time i.e. previous month and current month. Cormally if the system as an on0line one, the data entry on the respective months ould be allo ed on the first of every month, so that the transactions can be captured as it happens.
Page 30 of 39

Fo ever, opening of the periods got delayed (up to A@ days) due to bac* log of data entry indicating system has not been made on line even though the system as made L-o 9ive3 in 1ctober ;66@. Though S&P provided for mapping of various delegations of po ers for release of purchase orders, sale orders, etc., the same ere not mapped into the system. The )ompany continued uploading the materials balances even after the system ent (1ctober ;66@) L-o live3 indicating incomplete migration of data into the system. &s uploading of materials has one sided influence on inventories and its values in the financial accounts, these transactions should be avoided after L-o live3 of the system. &udit also revie ed the general performance of t o modules of S&P, i.e., production planning and materials management modules, hich revealed the follo ing" Production plannin" #ue to the bac* log of data entry the validation chec*s built in S&P system enabled and the system accepted" ere not
the dates of delivery of finished goods prior to the date of opening of the production orders2 dra al of material even before opening of the respective production order and after the completion of such manufacturing activity2 closing of production orders and delivery of goods even hen there ere incomplete dra al of materials re(uired for production2 the dates of invoice/billing prior to date of opening of respective production orders2 issue of materials even before receipt of materials from the suppliers resulting in issue of 8,:;: materials valuing Rs. 8A5.56 crore during .arch ;66B2 and ?@? purchase re(uisitions ith the re(uirement dates prior to the re(uest date. 4rom the above, it may be observed that there ere inconsistencies in the dates relating to various stages of the production orders2 purchase re(uisition dates and dra l of materials for the production. Fence, the data relating to the production planning available in the system as not reliable and dependable. Materials mana"ement The follo ing discrepancies ere noticed in the material management module" !t as observed that system accounted the materials and delivered the materials ithout the (uality inspection chec*s due to deficient validation chec*s. 1n test chec* of some of the materials in the inventory, the system permitted the issue of materials by adopting other than the then e+isting eighted average rates. The The system released payment of Rs. 8A.86 crore due to one vendor/supplier through another vendor indicating that the controls for effecting payments to relevant vendor through )ompany account ere absent. Similarly, system accepted payment related to a sale of e(uipment from the customer other than the customer invoiced. !n the year ;66A06B, hile accounting the transfer of materials valued at Rs.
Page 31 of 39

>.68 crore from manufacturing divisions to mar*eting divisions, instead of reducing inventory account, the same has been accounted as e+penditure in Profit and 9oss account.
Page 32 of 39

In$entory 'ana ement 1/arat Electronics +imited Information Tec/nolo y Audit on t/e com"uterisation of in$entory mana ement at 1an alore Com"lex2 =8 Con0ad'ustment of finished -oods (4-) stoc* in the event of reversal of sale =; #ra al of material in e+cess of $ill of .aterial ($1.) (uantities =: Con0netting of (uantities hile processing Purchase Re(uisition (PR) => Con0closure of or* orders after completion =5 #iscrepancies in comparable stoc* data bet een .RP0!! and !4&S *eficiencies in 5eneral !ontrols7 (i) !n F4 #ivision 0 )omputer )entre, no ritten approvals for providing access to the staff ere available. (ii) !n )entral .aterial .anagement #epartment, general authorisation as given to ?A employees ithout ma*ing proper analysis of minimum access re(uirement to discharge their duties. (iii) Report and Muery rights (read only) associated ith the module ere provided generally to all the employees, or*ing in the respective module, ithout ma*ing analysis of need to *no /need to or*. (iv) $ased on the &udit observations, the )ompany issued instructions to all #epartmental Feads to revie and confirm permission already given to each user and to advise the )omputer )entre in riting about changes, if any. (v) The )ompany had not assessed the e+act re(uirement of soft are licences and had not procured the re(uired soft are herever necessary. (vi) Pass ords ere changed monthly instead of fortnightly and special characters ere not enforced. (vii) &udit trails and &udit 9ogs, though enabled, revie ed. 3arden Reac/ %/i"#uilders and En ineers +imited 'aterial 'ana ement in t/e ERP system 45 46 47 48 8. Shortcomin"s in customization" 'issin descri"tion of "ro rams Du"lication of "ro rams Deficiencies in lo ical access control Pass9ord "olicy2 (i) The length of the pass ord can be chec*ed through a system setting. &gainst the recommended minimum pass ord length of five characters, the )ompany set a minimum length of only three characters. ere not periodically
Page 33 of 39

(ii) Recommended change of users pass ords is ithin :6 days. !t as noticed in audit that ?: users of @8 users did not change their pass ords for a period ranging from @ months to >A months. (iii) To ensure that easy0to0guess pass ords are not used by the users, the list of prohibited pass ords hich e+ists in the system has to be populated. Scrutiny, ho ever, revealed that this had not been done. &s a result, there as a possibility of some of the users creating easy0to0guessN pass ord thereby putting the system at a ris* of unauthorised access. 4:; +o on acti$ity2 (i) To ensure that other users do not access the system during the authorized user3s absence, a time limit can be set on the period of inactivity before the system logs the user out of S&P. The )ompany has set this parameter at 5>66 seconds (B6 minutes) hich as high. (ii) Dsers !#s and pass ords should not be shared as it ould be difficult to identify the user ho is responsible for security breach, if any. !t as observed, ho ever, that several users ere using one user !# on different terminals simultaneously. This indicated that the user !#s and pass ords ere *no n by more than one user or the user allo ed unauthorised access to the system, thereby compromising the security of the system. 4:: %tandard user "rotection %hen S&P is installed, certain standard users are automatically created ith default pass ords hich are commonly *no n. To prevent unauthorised use of such users, the default pass ords should be changed. These users should then be de0activated by activating a system parameter setting. !t as noticed in audit that these users had not been deactivated. This resulted in the system being e+posed to the ris* of unauthorised access. !n a test chec*, &udit could access the system by using one such user !# ith its default pass ord.
0. $bservations on material mana"ement module 4:< ,. 0. 2. 3. 8. 9. :. ;. In"ut and $alidation controls Inconsistent codes and duplicate description in the material master Updation of master data *ifferent units of measurement for same material *uplicate vendor codes Inconsistencies in delivery and purchase order dates Inconsistencies in purchase re<uisition release date and purchase order date Purchase documents without material code =aluation of stoc1 as per accountin" policy
Page 34 of 39

>. Scrap?off-cut material bein" processed manually Oil and Natural 3as Cor"oration +imited IT Audit of 'aterial 'ana ement Input !ontrols Purchase orders for stores and spares items with wron" valuation types Purchase orders for capital items with wron" valuation type *elivery date in purchase orders !reation of fresh purchase re<uisitions with earlier re<uisitions remainin" pendin" 8. %on clearance of stoc1 in transfers 9. *elay in recordin" of material consumption :. Insurance spares Mappin" of business rule 8. Material procurement plannin"7 &nalysis of inventory holding of material vis0O0vis consumption to find out the e+tent to hich the stoc* holding as in consonance ith the actual re(uirement or consumption revealed that there e+isted ?58; items (material codes) each of average stoc* value e+ceeding Rs.one la*h, consumption of hich during ;66506? as nil. $ased on the value of the average stoc* holding during ;66506?, funds invested on these inventory items amounted to Rs.5;:.6B crore. !ncluded in these items ere >@ stores items costing Rs.8@@.:A crore and si+ spares items costing Rs.88.5; crore of average stoc* value over Rs.one crore. 4urther month0 ise stoc* analysis, since implementation of the ERP system, of items ith average stoc* value over Rs.56 la*h revealed ?; items ith nil consumption during the entire period. The average stoc* value of these items amounted to Rs 8:B.?? crore in .arch ;66?. ;. Purchase re<uisition release dates7 !t as observed that the release P date field in the purchase re(uisitions in the system automatically captured the date as one day prior to the date of delivery of material indicated in the purchase re(uisition instead of actual date of release. )apturing of rong date of release, hich as a vital *ey indicator resulted in vitiating any analysis or .!S generation involving date of release of the PR due to rong capture of data in the S&P reports. :. $pen purchase orders with small residual <uantity7 In case where the finally delivered <uantity of material against a purchase order as marginally less than the ordered (uantity and the remaining ordered (uantity as not e+pected to be delivered, the purchase order as to be closed as completed so that funds attached there ith ere freed for other use. The ERP system had neither been configured to close or trigger the closing of such purchase orders nor did the .. function generate periodical reports from the system to close such open purchase orders. #ue to non closing of such type of open purchase orders, the material and funds attached to such (uantities remained bloc*ed during the year. &nalysis of open purchase orders for the period 1ctober ;66: to .arch ;665 ith delivery date before :6 September ;665 and residual (uantity of less than 86 per cent of the ordered (uantity as in July ;66? revealed that ;>6 purchase orders of this nature involving funds
Page 35 of 39
,. 0. 2. 3.

of Rs.:.:B crore ere yet to be closed. *ata mi"ration ,. Material master data7 , !t as observed that 8?@A6 master records ere migrated into the ERP system ithout complete codification details out of hich :AA6 records ere not associated ith any material in the master table. &s the primary details of the material ere missing in these records, transactions concerning these materials could not be made. The inventory lying against these material codes since 1ctober ;66> amounted to Rs.:.5; crore. !t as also observed that subse(uent to the data migration, !)E .. core teams, responsible for creation and maintenance of the .aterial .aster data further bloc*edP >6>: discrepant master records to prevent the users from ma*ing any procurement against these material codes. There ere A68 records of spares items in the master table ithout details of part numbers. So, these records provided insufficient details to the users for placing indent on inventory management and for .!S generation. Similarly, 5?@>8 records ith missing manufacturer name ere also found among the spares items. !n order to chec* the correctness of data during the data migration from the legacy system into the ne system, &udit analysed sample data that as uploaded into the .. module. )omparative study of the migrated unit price vis0O0vis the current moving average prices revealed that the former as abnormally higher than the latter. This indicated that the data migrated from legacy system as unreliable. Oil India +imited 'aterial 'ana ement %ystem Input controls 8. Absence of primary details of material7 follo ing" Revie in audit revealed the
(i) Standardisation of description as not done2 (ii) #escription in respect of >5 materials valuing Rs.8.@; la*h as incorrect2 (iii) .anufacturers3 names ere not incorporated in the material master2 (iv) 1ut of :A6B5 stoc* materials, part number as not mentioned in respect of 8A:5A materials2 (v) #etailed specification did not e+ist in respect of 86@>5 materials valuing Rs.A.>; crore2 and (vi) #uplicate material descriptions ere noticed in the material master and in respect of ;;> materials valuing Rs.8>.B6 la*h, 86?B material codes e+isted. 0. E@istence of incorrect material "roup 2. *iscrepancies in vendor master7 (i) )lassification data li*e annual turnover, manufacturer, distributor, retailer and trader ere not maintained. (ii) !ncorrect grouping under SS! and PSD. (iii) Caming convention as not consistent. (iv) #uplicate/multiple vendor code continued to e+ist in the system. 3. Aide variation in values of same materials at two stora"e locations
Page 36 of 39

5. !arryin" of material at low value7 !t as observed that materials, hich ere ritten off during earlier years Q, ere uploaded in the system at their residual value of five per cent. The value of such materials as Rs.;.6A crore and Rs.8.>B crore as on :8 .arch ;66? and :8 .arch ;66@, respectively. 1n a revie (June ;66@) of data in the system, it as noted that materials valuing Rs.;A.A> la*h ere issued to capital 'obs up to :8 .arch ;66@ at residual value instead of at full material value. Thus, capital 'obs ere under charged to the e+tent of Rs.5.>A crore. 4urther, these materials ere also issued on loan to other companies (Rs.A.88 la*h) and contractors (Rs.:>.5> la*h). Therefore, in case any recovery as to be made from outside parties there as a ris* of under recovery as compared ith the actual value of materials. ?. E@istence of capital and stoc1 code for the same material7 &udit found that purchase of stoc* material li*e line pipe, cable, cement, coupling, elbo , gas*et and valve ere made as Lnon0stoc* material3 and Lcapital material3. &s per the accounting procedure, unconsumed stoc* and non stoc* material of the pro'ect is returned to store. !n case of capital materials hich ere fully charged to the capital 'ob, such portion of the material that remained unconsumed could not be ta*en bac* into the store records. :. *elay in postin" of "oods issue and receipts7 It was noticed in audit that7 (i) there as delay in posting of ;?B@ goods issue documents valuing Rs.8;.;A crore to ards cost centers and capital 'obs by periods e+ceeding :6 days2 (ii) due to delay in posting of the material documents referred to above, material consumption amounting to Rs.A6.;; la*h (Rs.@A.6; la*h in ;66506? and Rs.;.;6 la*h in ;66?06@ ) as accounted for in the follo ing financial years2 (iii) posting of A>86 goods receipt documents valuing Rs.88B.@5 crore as delayed for periods more than :6 days. &s a result, goods receipt documents amounting Rs.>;.AB crore of ;66506? and Rs.>8.;8 la*h of ;66?06@ ere accounted for in the follo ing financial years2 and (iv) data pertaining to the period Jan ;66? to June ;66@ revealed that in ;6;6 cases (Rs.85.@: crore), there ere delays ranging from :6 to >B? days in final posting after the materials ere provisionally accepted. =alidation chec1s ,. !han"e date of purchase re<uisition earlier than its creation date and anomaly in chan"e history7 (i) Purchase re(uisition date and any subse(uent change date in the re(uisition are system created dates. &nalysis of purchase re(uisitions revealed that in three cases, date of change of purchase re(uisitions ere earlier than its creation date. (ii) Purchase order number is generated automatically in the system. !n one case, the system did not sho any purchase order number but purchase order date as indicated. (iii) There as anomaly in last change date of purchase re(uisition as in one case, t o different dates ere sho n in t o places in the system. !n this
Page 37 of 39

case, the re(uisition as flagged as closed but in the change history 8 no detail of its closing as indicated. &s a result of the anomaly in change history, complete and correct picture on processing of document from creation to latest status as not available in the system. 0. E@pected?scheduled delivery date in the purchase re<uisition and purchase order earlier than re<uisition?order date 2. !reation of purchase order without reference to & B 3. E@cess withdrawal of material a"ainst reservation 8. Placement of P$ on bloc1ed vendor 9. &elease of P$ beyond authorization ailure to capture complete data 8. Slow movin" stores and spares7 Co provision is made in the ERP system for analysis of slo movingN item of stores and spares by importing from the legacy system the necessary information li*e last issue dates and last receipt dates of materials. The )ompany has also not developed customised report for analysis of slo moving material. ;. %on stoc1 items7 &ccording to the .anagement, stoc* items based on the physical verification ere uploaded into the system and non0stoc* items ere not uploaded into the system. Revie in audit revealed that the )ompany held non stoc* materials amounting to Rs.8@.;B crore and Rs.:;.?5 crore as on .arch ;66? and .arch ;66@, respectively. Evidently, at any point of time some non0stoc* materials ould remain unconsumed and should be suitably reflected in the data base. Incorrect?inade<uate business mappin" 8. Insurance spares7 In the Material MasterC 0D> materials valuin" &s.;.99 crore were fla""ed as insurance spares as on :8 .arch ;66@. !t as noticed in &udit that these materials ere considered as a part of inventory instead of being capitalised as re(uired by &ccounting Standards issued by !nstitute of )hartered &ccountants of !ndia. Thus the system as not mapped to ta*e care of the above mentioned provisions of the &ccounting Standards ;. $ld reservations remainin" open without any withdrawal or partial withdrawal7 !n terms of business blue print, automatic closure of the reservations in the system as re(uired if the material as not ithdra n ithin 85 days. !t as noticed in &udit (June ;66@) that in respect of ;6:? reservations, goods ere either not issued or partially issued. Fo ever, reservations ere not closed for the period ranging from : to 85 months. Thus, the system as not configured for automatic flagging for deletion of reservations even for long pending reservations. #elayed or non closure of old un anted reservations leaves scope for possible irregular practice. $ut put control 8. +usiness warehouse module7 $usiness %arehouse ($%) moduleN contains reports hich are generated based on S&P R/: database on all aspects of the business of the )ompany. Revie of reports relating to material management
Page 38 of 39

analytics revealed the follo ing discrepancies" (i) Procurement lead time analysis for the year ;66?06@ in the $% module considered 8>@: purchase orders. Fo ever, a total :5>6 purchase orders ere issued during this period. (ii) &s per the stoc* values for stoc* and non0stoc* items sho n in $% report the stoc*, as on :8 .arch ;66@, stood at Rs.;B>.A? crore hereas in ERP database it as Rs.;B?.65 crore.
Page 39 of 39

Introduction To Erp

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Introduction To Erp

Hochgeladen von

Copyright:

Verfügbare Formate

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

ERP System &rchitecture

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

1vervie Ris. Analyses

of Ris*s E+hibit ;.8 Ris*s and e+posures for ERP9)

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

AUDITING IN ERP ENVIRONMENT

Das könnte Ihnen auch gefallen

of Riss E+hibit ;.8 Riss and e+posures for ERP9)