ERP

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Four factors have contributed to the growth of the commercial software market?

(1) low cost of general commercial software as compared to customized software; (2) industry-specific vendors who target their software to the needs of particular types of businesses; (3) a growing demand from businesses that are too small to afford in-house systems' development staff; (4) the trend toward downsizing organizational units and the move toward distributed data processing has made the commercial software option appealing to larger organizations

advantages of purchased system (5)

1. Cost - lower costs 2. quicker to implement 3. customizable through modules 4. often only option for small businesses 5. Reliable - backing of vendor who has tested and certified system

disadvantages of purchased system (3)

1. Independence - dependent on vendor 2. Need for customized system - not "fully customizable" 3. Maintenance - may be inflexible if business needs change

RBAC: within roles, users' access may be further restricted by?

1. Modules 2. Transaction w/i modules 3. Permissions w/i modules (read, write)

two approaches of access controls?

1. access control list 2. role-based access controls (RBAC)

what two general groups of applications are there of ERP?

1. core applications (OLTP) 2. business analysis operations (OLAP)

RBAC key concerns?

1. creation of unnecessary roles 2. rule of least access should apply to permission assignments 3. monitor role creation and permission granting activities

Which statement below is correct? a. Only one individual can be assigned to a role and a predefined set of access permissions. b. A role is a formal technique for grouping together users according to the system resources they need to perform their assigned tasks. c. RBAC assigns specific access privileges to individuals. d. Because of the use of roles, access security concerns are essentially eliminated in theERP environment. e. None of the above are correct.

B

Auditors of ERP systems a. need not be concerned about segregation of duties because these systems possess strong computer controls. b. focus on output controls such as independent verification to reconcile batch totals. c. are concerned that managers fail to exercise adequate care in assigning permissions. d. do not see the data warehouse as an audit or control issue at all because financial records are not stored there. e. need not review access levels granted to users because these are determined when the system is configured and never change.

C

which of the following is NOT an advantage of commercial software? a. cost b. reliability c. implementation time d. independence e. internal controls

E

an integrated software package designed to meet all (or nearly all) of an organization's information needs (NOT JUST ACCOUNTING NEEDS INFO NEEDS)

ERP

combines all of these into a single, integrated system that accesses a single database to facilitate the sharing of information and to improve communications across the organization

ERP

includes decision support, modeling, information retrieval, adhoc reporting/analysis, and what-if analysis

OLAP

a group of users who need access to the same resources in the ERP system in order to perform their jobs

Role

can maintain an audit trail to provide a record of violations and an evidence of compliance

Role-based governance system

example of monitor role creation and permission granting activities

Role-based governance system

what is one helpful test an auditor might perform for assurance over an ERP system

Testing of controls

one of the most critical control issues in an ERP environment?

access security

a form of network topology in which a user's computer or terminal (the client)accesses the ERP programs and data via a host computer called the server

client-server model

support the day-to-day activities of the business. If these applications fail, so does the business

core applications

Policies need to be in place to prevent the creation of unnecessary new roles and to ensure that temporary role assignments are deleted when the reason for them terminates

creation of unnecessary roles

a database constructed for quick searching, retrieval, ad hoc queries, and ease of use

data warehouse

custom systems developed by full-time staff of programmers

in-house development

what is the objective of ERP

integrate key processes of the organization such as order entry, manufacturing, procurement and accounts payable, payroll, and human resources

BAC conveniently handles?

many-to-many relationships between users and permissions and facilitates dealing efficiently with vast number of employees

These systems can continually monitor for risk and issue alerts when violations are detected so that remedial action can be taken

monitor role creation and permission granting activities

RBAC: each user can be assigned to _________ roles

multiple

how does understanding an ERP system help auditors do their jobs more effectively?

navigate and inquire more efficiently

commercially available systems obtained from software vendors

purchased systems

A company may satisfy some of its information needs by?

purchasing commercial software and develop other systems in-house

assigns access permissions to the role an individual plays in the organization rather than directly to the individual

role based access control (RBAC)

Policies should be in place to require managers to apply due diligence in assigning permissions to roles to avoid the granting of excessive access

rule of least access should apply to permission assignments

Security weaknesses can result in?

transaction errors, irregularities, data corruption, financial statement misrepresentations

An ERP system could exist without having a data warehouse

true

what is auditor's responsibility for an ERP system?

understand system, provide recommendations


Set pelajaran terkait

UCF - IDS 3933 - Devon Bazata - WWW - Final

View Set

Tema 1: La crisis del Antiguo Régimen, Tema 2: Revoluciones liberales y nacionalismo, Tema 3: La Revolución Industrial y los cambios sociales, Tema 5. Imperialismo, guerra y revolución

View Set

Organizational Leadership BA 205 - Chapter 11

View Set

Psych: 2010- Chapter 15: Therapy

View Set