Académique Documents
Professionnel Documents
Culture Documents
Page 1
Seradex ERP and Internal Controls • Reconciliations of data to
external information – bank
Seradex ERP dictates that reconciliation, accounts payable
operational data and financial data are statement reconciliations
totally integrated. More people are • Cost centre and responsibility
able to enter transactions without accounting
review or checking by a supervisor. • Management review and
Many organizations give users very budgetary control
wide access to data without • Review and authorization of
necessarily analyzing specific work non-routine transactions
requirements. • Validation checks
• Validation of data input in
particular transactions
Note: Without careful consideration • Properly designed and validated
this wide access can weaken internal reports with authority checks
controls by violating the segregation of • Matching of documents prior to
duties concept. “closing out” e.g. purchase
order – receiving
documentation – invoice
ERP systems change the role of • Master file control
middle management for transaction • Independent review of master
review and authorization. Questioning file changes
and follow up formerly done by middle • Independent master file
managers is commonly reduced when creation to transactional
an ERP system is implemented. responsibilities Identifying
redundant master
There are several implications
and considerations to the internal Auditing for Fraud
controls possible in Seradex ERP.
These can be segregated into the Auditors have a responsibility
following categories: to minimize opportunities by ensuring
that adequate internal controls are in
• Network Security and User place. If internal controls are weak in a
Identities particular area the next step would be
• User and Group Setup to consider red flags. A red flag is an
• Security authorization issues indicator that some kind of irregularity
• Use of Active Directory is occurring and that something may
• Administrative user be wrong. It does not prove that fraud
management has occurred but if a red flag is
• Password control identified more detailed transaction
• Customer / Supplier Access examination is required.
User Controls
• Server, Network and Firewall
controls
• Patch policy on Servers and
Workstations
• System Controls
• Reconciliation of control
accounts to subsidiary ledgers –
Accounts Payable, Accounts
Receivable, Inventory,
Invoicing, Vendor Invoicing
Page 2
Identifying Red Flags segregation of duties. An invoice
voucher can be printed and reviewed
Some example of red flags for each check over a threshold
could include: amount to additional review.
Page 3
Password Control
Seradex ERP has challenged the role of The system can enforce minimum
internal auditors and it requires password lengths and enforce
auditors to learn new skill sets - some password expiry on a regular basis.
of which are fairly technical and
involve directly accessing data in the Patch Management Policy
system. Document the frequency of patch
updates for servers and workstations.
Security Authorizations
Data Access
At the heart of internal control In these days of DVD burners, USB
is security access to the ERP system. keys that can hold 1 Gigabyte of data,
Defined policies on who sets users up stringent control over corporate data
and what groups they belong to is needs to be established. Unauthorized
critical. Make sure network logs are users could easily take customer lists,
switched on for full tracking. This sales history, product information and
allows you to check who logged on at pricing home in their shirt pockets.
what workstation. Queries can be
developed to list all users that logged Remote Users
on to each workstation and at what Remote users accessing the system
time. Information on which through VPN connections need to be
workstations logged onto Seradex is securely authenticated.
easily available. These can be
correlated to the time of individual
transactions in Seradex ERP. These
logs will also identify which data files
were copied to the local workstations.
Most users are not aware that
these capabilities exist.
Seradex Inc.
4460 Harvester Rd.
Burlington, ON
L7L 4X2
Tel: 905-332-5051
mcorker@seradex.com
www.seradex.com
Page 4
Page 5