Beruflich Dokumente
Kultur Dokumente
INTRODUCTION Enterprise Resource Planning (ERP) System implementation is both an art and science that consists of planning, implementation, and ongoing maintenance. This methodology is designed to automate the drudgery of implementation and provide organized approaches to problem solving by listing, diagramming, and documenting all steps. Structured methodologies help to standardize and systemize ERP implementation and maintenance by approaching them as an engineering discipline rather than as hims of individual soft are developers. !t is essential to understand structured methodologies in the implementation of ERP systems. The basic steps of structured methodologies are" Project Definition and Requirement Analysis. #efining the terms of reference, determining user needs and system constraints, generating a functional specification and a logical model for the best solutions. External Desi n. #etailing the design for a selected solution, including diagrams relating all programs, subroutines, and data flo . Internal Desi n. $uilding, testing, installing, and tuning soft are. Pre!im"lementation. Evaluation and acceptance Im"lementation. !mplementing systems. Post!im"lementation. Evaluation of controls and debugging. %hen an organization purchases an ERP system, the intent is that the purchased ERP system provides specific functions and benefits. These functions and benefits need to be articulated to ensure that the ERP system performs as desired. This process is called conducting a feasibility analysis. The purpose of the feasibility study is to provide" &n analysis of the ob'ectives, re(uirements, and system concepts. &n evaluation of different approaches for reasonably achieving the ob'ectives. !dentification of a proposed approach. The feasibility analysis normally covers" )urrent or*ing practices. These are e+amined in depth, revealing areas in the business here there is duplication of effort, or here procedures instituted in the distant past are carried out even though there is no longer any need for them. )hannels of information. These are e+amined because the feasibility study is concerned primarily ith the input and output information of each internal system. Such a study ignores departmental boundaries and pre'udices. %hen the true information patterns ithin a business are e+posed, it is often possible to reorganize resources so that all relevant data is captured at the point here it can be used for decision. <ernative approaches. <ernative methods of handling or presenting the data should be considered. )ost factors. These must be clearly identified and sho definite cost savings or related benefits. E+isting costs must be e+amined and used as a basis for comparison. Since this presentation is li*ely to be related to the information structure rather than to the departmental organization, the ne approach may suggest possible improvements that ere hidden under the e+isting system. Supporting services offered. The training and the systems and programming assistance that ill be available during the installation period.
Page 1 of 39
Audit O#jecti$es in an ERP En$ironment The fundamental ob'ectives of an audit of controls do not change in an ERP environment. %hen evaluating controls over ERP systems, decisions must be made regarding the relevance of operational internal control procedures to !nformation Technology (!T) controls. Specific control procedures for audit ob'ectives must be tested. #escriptive material on control procedures and sample compliance tests ill be provided. This material ill be as detailed as possible and should be read selectively, considering its relevance to the specific environment being audited. !n addition to primary audit responsibilities, auditors should be able to provide advice on effective design of control procedures. &udit should communicate significant ea*nesses that come to their attention to the appropriate !T personnel. &uditors should also be alert to ea*nesses that re(uire special revie s and be capable of assessing computer systems under development, in addition to the e+isting systems. ERP %&%TE' ARC(ITECTURE ERP systems should produce accurate, complete, and authorized information that is supportable and timely. !n a computing environment, this is accomplished by a combination of controls in the ERP System, and controls in the environment in hich the ERP system operates, including its operating system. )ontrols are divided into general and application controls. -eneral controls can be further divided into management and environmental controls. .anagement controls deal ith organizations, policies, procedures, planning, and so on. Environmental controls are the operational controls administered through the computer center/computer operations group and the built0in operating system controls.
& ris* analysis of an organization3s ERP systems, their e+isting controls, and their vulnerabilities results in the loss potential for the system, ith an estimated li*elihood of occurrence. This loss potential in damages must be represented in terms of dollar value. & ris* analysis of an ERP system performs t o important functions" =8 Searches out an ERP system3s vulnerabilities and the probabilities of threats materializing to e+ploit these vulnerabilities. =; )alculates the damage or loss to its assets that could be produced by the resulting damaging events. & third component, to recommend controls or safeguards that ould reduce the damages or loss to an acceptable level (through the use of a cost/benefit analysis), might also be added. &n ERP system environment3s vulnerabilities and set of threats should be assessed to arrive at some estimate of possible damaging events. Such an Page 4 of 39
Page 18 of 39
atching
)orporate 4inancial .anagement ()4.) module is not being utilised and the server purchased for )4. is *ept under shutdo n. The other modules viz. Plant .aintenance (P.), Fuman Resource (FR) and Pro'ect System (PS) are also underutilised. Plant .aintenance activities are not being ade(uately monitored through P. module due to non updation of .aintenance history, $rea*do n details, 'ob completion status, etc. .anpo er Planning is not being carried out in FR module. 4urther, FR data is not being updated regularly especially for separation cases, loan data and ne recruits. #aily Progress Report (#PR) for #rilling/ or*over and survey activities are not being regularly captured in the PS .odule. &udit revie ed the general performance of t o modules of S&P R/: namely 4inancial &ccounting and )ontrolling (4!)1) and Pro'ect System (PS) hich revealed the follo ing" , inancial Accountin" and !ontrollin" . I!$/ 4inancial &ccounting and )ontrolling (4!)1) module of S&P R/: is envisaged to cater to all the accounting, financial and informational / reporting needs of the 4inance and &ccounts #epartment of the )ompany. Fo ever, the follo ing deficiencies ere observed in the 4!)1 module" a) Single invoice can be processed for payment more than once in the )ash 'ournal. b) Revenue budget has not been configured in S&P R/: and, thus, budgetary controls on the revenue e+penditure could not be e+ercised. c) -eneral 9edger &ccounts, hich are supposed to ta*e automatic direct posting from other modules (such as .aterials .anagement, Sales and #istribution etc.), have not been mar*ed for such automatic posting. d) S&P has not been configured for preventing the use of rong cost centres. e) #epletion8 calculation has not been properly mapped. !n S&P R/:, depletion is being calculated on monthly basis, hereas the business process of the )ompany re(uires depletion to be calculated on (uarterly basis. f) The system of allocation of cost to oil ells has not been properly mapped in S&P R/:. So, the cost of departmental drilling manpo er could not be allocated correctly to oil ells as the allocation cycle could not differentiate bet een departmentally operated oil ells and contractually operated oil ells. The rong allocation of costs is adversely affecting the ell costs and leading to generation of rong .anagement !nformation System Reports. g) !n cash contra account the original document number is not properly lin*ed ith the assignment field of the document being generated at the time of cash disbursement. #ue to such improper configuration of S&P R/:, cash contra entries could not be reconciled automatically. h) S&P R/: has not been configured to generate )ash flo Statement, Segment Reporting, etc. i) .aterials, hich have already been consumed, are not being boo*ed into S&P R/: and are reflected in the inventory. The actual status of consumption of material(s), orth Rs. B8.?5 crore (as on :8 .arch ;66B), at various storage locations could not be ascertained. ') Statistical Iey 4igures (SI4s) are not being updated by the respective
Page 22 of 39
Some of the security parameters as recommended by 1R&)9E configured but retained as default values.
The user management as deficient hich e+posed the system to the ris* of unauthorised use and loss of audit trail and difficulty in tracing the identity of the unsuccessful login. 2 Input control and validation chec1s The follo ing deficiencies ere noticed in this regard" )hanges in price of finished products ere not immediately uploaded in the system. )onse(uently, sale of products in the intervening period as made at old rates necessitating manual corrections by ay of raising debit/credit notes. &nalysis revealed that on A8 occasions, the delay in changing price list ranged bet een 8 to >A days. This increased the ris* of errors and omission. ;85 codes had been allotted to @A customers indicating that customers ere allocated more than one code and the customer names ere almost similar but their )ustomer ids ere different and goods ere sold to the same customers under different customer !#s. The e+istence of duplicate customer !#s may lead to the ris* of e+tending additional credit facilities to a single customer. &nalysis revealed that 8,6B6 inventory items ere allotted more than one code and separate stoc*s e+ist for 58 duplicate items. !n case of ;;: items, material descriptions ere not available in the system.
Page 24 of 39
the dates of delivery of finished goods prior to the date of opening of the production orders2 dra al of material even before opening of the respective production order and after the completion of such manufacturing activity2 closing of production orders and delivery of goods even hen there ere incomplete dra al of materials re(uired for production2 the dates of invoice/billing prior to date of opening of respective production orders2 issue of materials even before receipt of materials from the suppliers resulting in issue of 8,:;: materials valuing Rs. 8A5.56 crore during .arch ;66B2 and ?@? purchase re(uisitions ith the re(uirement dates prior to the re(uest date. 4rom the above, it may be observed that there ere inconsistencies in the dates relating to various stages of the production orders2 purchase re(uisition dates and dra l of materials for the production. Fence, the data relating to the production planning available in the system as not reliable and dependable. Materials mana"ement The follo ing discrepancies ere noticed in the material management module" !t as observed that system accounted the materials and delivered the materials ithout the (uality inspection chec*s due to deficient validation chec*s. 1n test chec* of some of the materials in the inventory, the system permitted the issue of materials by adopting other than the then e+isting eighted average rates. The The system released payment of Rs. 8A.86 crore due to one vendor/supplier through another vendor indicating that the controls for effecting payments to relevant vendor through )ompany account ere absent. Similarly, system accepted payment related to a sale of e(uipment from the customer other than the customer invoiced. !n the year ;66A06B, hile accounting the transfer of materials valued at Rs.
Page 31 of 39
Page 32 of 39
Page 33 of 39
0. $bservations on material mana"ement module 4:< ,. 0. 2. 3. 8. 9. :. ;. In"ut and $alidation controls Inconsistent codes and duplicate description in the material master Updation of master data *ifferent units of measurement for same material *uplicate vendor codes Inconsistencies in delivery and purchase order dates Inconsistencies in purchase re<uisition release date and purchase order date Purchase documents without material code =aluation of stoc1 as per accountin" policy
Page 34 of 39
,. 0. 2. 3.
(i) Standardisation of description as not done2 (ii) #escription in respect of >5 materials valuing Rs.8.@; la*h as incorrect2 (iii) .anufacturers3 names ere not incorporated in the material master2 (iv) 1ut of :A6B5 stoc* materials, part number as not mentioned in respect of 8A:5A materials2 (v) #etailed specification did not e+ist in respect of 86@>5 materials valuing Rs.A.>; crore2 and (vi) #uplicate material descriptions ere noticed in the material master and in respect of ;;> materials valuing Rs.8>.B6 la*h, 86?B material codes e+isted. 0. E@istence of incorrect material "roup 2. *iscrepancies in vendor master7 (i) )lassification data li*e annual turnover, manufacturer, distributor, retailer and trader ere not maintained. (ii) !ncorrect grouping under SS! and PSD. (iii) Caming convention as not consistent. (iv) #uplicate/multiple vendor code continued to e+ist in the system. 3. Aide variation in values of same materials at two stora"e locations
Page 36 of 39
Page 39 of 39