Understanding and evaluating the effectiveness of controls in your ERP system is central to many compliance mandates and audit requirements. To complete the audit procedures, an organization must have qualified resources that not only understand audit techniques, but also have a technical expertise with the application solution. This is especially important for organizations that utilize complex ERP systems, such as SAP and Oracle, to transact. Because of its complexity, an ERP controls audit often requires an external partner to complete the audit or perform specific technical audit tasks.
Our security and controls audits pinpoint areas of weakness and identify key areas for improvement. Our professionals leverage analytics solutions to perform data analysis on the security role structure, user-to-role assignments, and security strategy, and to assess the sustainability of the existing design. We provide visibility into the root causes of security flaws and develop a roadmap to addressing the toughest challenges. Focal Point can assist with all aspects of the organization’s documentation and on-going testing, including: IT General Controls, Application Controls, and Separation of Duties (SoD) Testing.
IT General Controls. Since IT permeates all aspects of an entity’s business, we can assess the controls within the IT process related to change management, security, and IT operations to ensure compliance with Sarbanes-Oxley and/or internal requirements.
Application Controls. We can determine which system configuration and account mapping controls have been designed based on appropriate business criteria, to secure data against inappropriate processing, help ensure data integrity and comply with compliance initiatives.
Separation of Duties Testing. We have developed methodologies to collect all of the configured security permissions though a protected medium and conduct a risk analysis. The final deliverable includes a detailed Separation of Duties (SoD) conflict analysis and remediation recommendations.
An ERP security and controls audit provides your organization with a comprehensive view of the weaknesses within your system’s security controls and a strategy for remediating these deficiencies. Additional benefits include: