IMPROVING AUDIT READINESS BY MANAGING YOUR DYNAMICS ERP



Similar documents
Whitepaper. GL Consolidation. Published on: August 2011 Author: Sivasankar. Hexaware Technologies. All rights reserved.

An Oracle White Paper January Access Certification: Addressing & Building on a Critical Security Control

IBM Tivoli Compliance Insight Manager

Contract management's effect on in house counsel

Private Companies Banking in a Sarbanes-Oxley World

IBM Tivoli Netcool Configuration Manager

White paper September Realizing business value with mainframe security management

Optimizing government and insurance claims management with IBM Case Manager

Datacenter Management Optimization with Microsoft System Center

IBM Tivoli Netcool network management solutions for enterprise

Auditing Standard 5- Effective and Efficient SOX Compliance

Minimize Access Risk and Prevent Fraud With SAP Access Control

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,

ON Semiconductor identified the following critical needs for its solution:

Addressing IT governance, risk and compliance (GRC) to meet regulatory requirements and reduce operational risk in financial services organizations

Improving sales effectiveness in the quote-to-cash process

Turn Your Business Vision into Reality with Microsoft Dynamics SL

SAP ERP FINANCIALS ENABLING FINANCIAL EXCELLENCE. SAP Solution Overview SAP Business Suite

MICROSOFT DYNAMICS CRM Vision. Statement of Direction. Update: May, 2011

The Challenges of Administering Active Directory

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems

Eight Ways Better Software Deployment and Management Can Save You Money

IBM Tivoli Netcool network management solutions for SMB

Essentials of Financial Consolidation Applications. A white paper prepared by PROPHIX Software October 2010

IBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet

Top Ten Keys to Gaining Enterprise Configuration Visibility TM WHITEPAPER

Turn Your Business Vision into Reality with Microsoft Dynamics GP

Turn Your Business Vision into Reality with Microsoft Dynamics GP

Warranty Fraud Detection & Prevention

Turn Your Business Vision into Reality with Microsoft Dynamics GP

GROWTH. Microsoft Dynamics GP Business Essentials Build your business with a solution designed for growth

IBM PowerSC. Security and compliance solution designed to protect virtualised data centres. Highlights. IBM Systems and Technology Data Sheet

ORACLE S PRIMAVERA FEATURES PORTFOLIO MANAGEMENT. Delivers value through a strategy-first approach to selecting the optimum set of investments

Agio Remote Monitoring and Management

IBM Global Business Services Microsoft Dynamics AX solutions from IBM

Turn Your Business Vision into Reality with Microsoft Dynamics GP

Analance Data Integration Technical Whitepaper

The Firewall Audit Checklist Six Best Practices for Simplifying Firewall Compliance and Risk Mitigation

Best Practices in Contract Migration

How Software Asset Management Enables Businesses to Meet Sarbanes-Oxley Requirements

The Casper Suite An ROI overview

IBM InfoSphere Optim Test Data Management

Continuous Controls Monitoring ISACA, Houston Chapter. August 17, 2006

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February

Analance Data Integration Technical Whitepaper

Top 10 Most Popular Reports in Enterprise Reporter

The case for Application Delivery over Application Deployment

PRIMAVERA PORTFOLIO MANAGEMENT

Ensuring Compliance to Sarbanes-Oxley through Privileged Identity & Information Management. White Paper. V Balasubramanian. ZOHO Corp.

SAS 70 Type II Audits

Open Source Business Rules Management System Enables Active Decisions

Defining a blueprint for a smarter data center for flexibility and cost-effectiveness

CRM Buyers Guide CRM Buyers Guide

Driving business performance Using data analytics

Title: Harnessing Collaboration: SharePoint and Document Management

Statement of Direction

Banking. Using collaborative customer knowledge to increase operational efficiency while retaining loyal, profitable customers

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

IBM Cognos Controller

Preemptive security solutions for healthcare

CDW PARTNER REVIEW GUIDE SOFTWARE LICENSE MANAGEMENT

Enterprise Information Management Services Managing Your Company Data Along Its Lifecycle

Streamlined Planning and Consolidation for Finance Teams in Any Organization

Ensure Effective Controls and Ongoing Compliance

Streamlined Planning and Consolidation for Finance Teams Running SAP Software

How To Use Intacct

agility made possible

ADVANTAGES OF IMPLEMENTING A DATA WAREHOUSE DURING AN ERP UPGRADE

Why Nonprofits Need Nonprofit Accounting Software

Whitepaper: 7 Steps to Developing a Cloud Security Plan

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

IBM QRadar Security Intelligence April 2013

IBM Cognos 8 Controller Financial consolidation, reporting and analytics drive performance and compliance

The Smart Archive strategy from IBM

Continuous Monitoring and Auditing: What is the difference? By John Verver, ACL Services Ltd.

IBM Information Archive for , Files and ediscovery

The Challenges of Administering Active Directory

CA Repository for z/os r7.2

PROACTIVE ASSET MANAGEMENT

Kroll Ontrack Data Analytics. Forensic analysis and visualization of complex data sets to provide intelligence around investigations

Kronos Workforce Central 6.1 with Microsoft SQL Server: Performance and Scalability for the Enterprise

How Configuration Management Tools Address the Challenges of Configuration Management

GOVERNANCE, RISK AND COMPLIANCE. Internal Audit. Assessing Fraud Vulnerabilities. kpmg.com/in

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Reduce your data storage footprint and tame the information explosion

Healthcare systems make effective use of IT

IT audit updates. Current hot topics and key considerations. IT risk assessment leading practices

VMware Hybrid Cloud. Accelerate Your Time to Value

can you improve service quality and availability while optimizing operations on VCE Vblock Systems?

Statement of Direction

Microsoft Dynamics NAV for Government Contractors

Remote Infrastructure Support Services & Managed IT Services

Top 10 reasons to automate expense management process

KPMG Unlocks Hidden Value in Client Information with Smartlogic Semaphore

Security Intelligence Solutions

Directory Integration in LANDesk Management Suite

Nationwide Bank Reduces Data Consolidation Time by 92 Percent, Makes Faster Decisions

identity management in Linux and UNIX environments

BROCHURE ECOSYS EPC. Full Lifecycle Project Cost Controls

Strengthen security with intelligent identity and access management

Transcription:

IMPROVING AUDIT READINESS BY MANAGING YOUR DYNAMICS ERP Building Sustainable Control Accountability

Contents 1 EXECUTIVE SUMMARY... 1 2 MANAGING YOUR DYNAMICS ERP SYSTEM: AUDIT READINESS... 1 2.1 Common Barriers to Audit Readiness... 2 3 AN EFFICIENT SOLUTION TO AUDIT READINESS: D3CIFER FOR GP... 2 3.1 Solution Benefits... 3 4 CUSTOMER USAGE SCENARIOS... 4 4.1 Global Mining Company Uses D3CIFER for GP to Maintain SOX Compliance... 4 4.2 US Global Manufacturer Uses D3CIFER for GP to pinpoint Segregation of Duties and Access Control Issues in Foreign Subsidiary... 4 5 CONCLUSION... 5 June, 2009 Page i

DISCLAIMER This White Paper is for informational purposes only. E KRIEL AND ASSOCIATES INC. MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. The information contained in this document represents the current view of E Kriel and Associates Inc. on the issues discussed as of the date of publication and is subject to change without notice based on our technical and business judgment. Because E Kriel and Associates must respond to changing market conditions, it should not be interpreted to be a commitment on the part of E Kriel and Associates Inc., and E Kriel and Associates Inc. cannot guarantee the accuracy of any information presented after the date of publication. Other company, product, and service names mentioned in this document are registered trademarks or trademarks of their respective owners. June, 2009 Page ii

1 EXECUTIVE SUMMARY In an era of Sarbanes-Oxley and increased scrutiny on internal controls, corporations face many challenges in proactively managing their ERP systems to ensure that they are compliant with regulations and corporate audit standards. Corporate mergers and acquisitions, system changes and upgrades, employee turnover and human error in critical business processes can contribute to a growing list of control exceptions and deficiencies which, if left untended, can be costly and resource-intensive to remediate. This whitepaper focuses on the specific topic of proactively managing access rights and privileges in the Dynamics GP ERP system to efficiently and accurately identify potential red flags in your business and IT environment. Modern ERP systems are the central nervous system in many organizations operational framework. ERP s broad reach encompasses key business processes that fundamentally affect the financial health and integrity of the organization. However making sense of the sometimes vast amounts of complex data in your ERP - especially when it relates to audit readiness - can be a significant challenge. Higher levels of accountability to ensure regulatory compliance and security of these systems, coupled with tight budgets and increasing IT complexity, can place a strain on your organization s audit readiness. In this white paper we introduce an automated ERP analytics solution D3CIFER for GP designed to comprehensively assess your Dynamics GP system s audit readiness. We will also show how customers using the D3CIFER for GP solution have regained control of their critical finance processes and saved time, money and precious human resources. 2 MANAGING YOUR DYNAMICS ERP SYSTEM: AUDIT READINESS Executives and managers are accountable for the integrity and the controls of computer systems, with a prime focus on ERP systems, as your ERP represents much of the historical and current state of the business from a financial perspective. There are several primary factors associated with the need to have a detailed assessment of an ERP system s Audit Readiness: Upcoming major corporate audit. Post-mortem for security breach in ERP system. Suspected unethical business practices. Potential or ongoing merger or acquisition. Conversion from small business accounting package to Dynamics ERP. Major ERP system upgrade. Accounting system change e.g. IFRS conversion. Audit Readiness, in this specific instance, and in the context of this whitepaper, refers to the ability of an application to achieve the objectives of a detailed application controls review. This type of review assesses the ability of programmed controls to provide reasonable assurance that not only are all transactions valid, but are properly authorized, recorded and are processed completely, accurately, and on a timely basis. Such an application review will also focus on segregation of duties. Segregation of duties is a basic, key internal control and one of the most difficult to achieve. This control ensures that errors or irregularities are June, 2009 Page 1

prevented or detected on a timely basis by employees in the normal course of business. An effective implementation of segregation of duties has two main benefits: I. Deliberate fraud is more difficult to perpetrate, as it requires the collusion of two or more persons, and II. It is more likely that innocent or inadvertent errors will be detected early. 2.1 Common Barriers to Audit Readiness In our experience, we have found that there are several common barriers to ERP Audit Readiness: Lack of easily analyzed ERP system reports specifically targeting Audit Readiness. This is not an ERP system issue, as all of the required data is present in the ERP system repository. However, this data is large, complex and tedious to analyze, creating a time consuming manual and hence error-prone - task for most organizations. The real issue here is the lack of an advanced analytics-based solution. Expert interpretation of the Audit Readiness data Most corporations do not retain corporate audit expertise among their normal operational staff or their existing audit departments are understaffed and cannot devote the resources required. This creates missed opportunities for proactive remediation of control deficiencies before the formal corporate audit. Major system upgrades or accounting changes. The next wave of accounting changes is associated with International Financial Reporting Standards, IFRS. The use of IFRS will be required in 2011 for Canadian publicly accountable profit-oriented enterprises and the SEC has tentatively proposed 2014 as the target date for public US companies. Many companies, public and private, have initiated IFRS conversion initiatives as part of their corporate strategies. IFRS will have a ripple effect on ERP systems and in many instances will create a need to assess the Audit Readiness of these systems. Many Dynamics GP customers are planning an upgrade to Dynamics GP 10.0. Dynamics GP system upgrades are not totally automated processes; they require in depth project management and planning. Once you have successfully completed the technical part of the upgrade, it makes good business sense to re-assess Audit Readiness as part of your system upgrade plan. 3 AN EFFICIENT SOLUTION TO AUDIT READINESS: D3CIFER FOR GP Many approaches to solving the issue of ERP Audit Readiness rely exclusively on technology or untrained human resources. We would like to introduce a solution that embodies several key concepts: 1. Advanced Dynamics GP Analytics. E Kriel and Associates Inc. have created unique software assets that can quickly and efficiently deliver the results you need. These assets simplify and automate a complex set of tasks and accelerate the ERP audit readiness process. 2. Expert results analysis and interpretation. You can tap into a vast body of knowledge around corporate controls to ensure that you are ready for your next corporate audit. June, 2009 Page 2

3. Simple and flexible Audit-Readiness reports. Your staff can analyze the results of the D3CIFER for GP assessment using common tools like Microsoft Excel. This solution combines the best, most proven aspects of process, technology and people to reduce your costs and enhance the quality of Audit Readiness (see Figure 1. D3CIFER for GP - A Holistic Business Solution). D3CIFER for GP enables your business to collect, analyze and intelligently act on data, one of the primary facets of superior corporate performance. D3CIFER for GP has been designed with the modern corporation in mind: it is easy to deploy, cost effective comprehensive and customizable to individual customer s needs. D3CIFER for GP : Integrated Process, Technology and People Expert Analysis Decrease Costs Advanced Analytics Automated Manual Processes Increase Quality Audit Best Practices Figure 1. D3CIFER for GP - A Holistic Business Solution 3.1 Solution Benefits Quick, efficient, comprehensive and proven process. Deliverables equivalent to professional pre-audit assessment by Big Four and other public accounting firms at a fraction of the cost. No conflict of interest with your auditor. Non-intrusive i.e. no software installation on your Dynamics GP system. June, 2009 Page 3

Remote analysis and results delivery. Scalable to more complex engagements i.e. customizable to your individual needs. 4 CUSTOMER USAGE SCENARIOS 4.1 Global Mining Company Uses D3CIFER for GP to Maintain SOX Compliance Number of Dynamics GP Users: 24 Number of Companies: 52 Business Scenario: As a result of a recent corporate merger, the company had to roll out Dynamics GP to all of its newly acquired and widely dispersed operating units. This project entailed creating new roles, tasks, adding new users while still maintaining SOX-compliant internal controls over user access rights management. With two months to go to its financial year end, there was not enough time to identify the control exceptions and implement the necessary remedial action using traditional, manual methods. E Kriel and Associates obtained various system generated user and security reports in electronic format and using D3CIFER for GP, pinpointed control exceptions and segregation of duties issues within days of starting the in depth analysis. A traditional manual approach would have taken several months, as the User Security Report for this particular company contained 3.5 million lines of data and just to print this out would have taken 87,000 pages! Reviewing a report like this by hand is simply impractical and is error prone. Business Benefits: Targeted Risk Management D3CIFER for GP effectively analyzed 100% of the users, companies, roles and tasks with unmatched precision. Our rigorous approach created full confidence in the results. Cost Effective A manual approach would have cost tens of thousands of dollars to achieve the same result. Rapid Results D3CIFER for GP delivered in a matter of days what may have otherwise taken several months to achieve. 4.2 US Global Manufacturer Uses D3CIFER for GP to pinpoint Segregation of Duties and Access Control Issues in Foreign Subsidiary Number of Dynamics GP Users: 38 Number of Companies: 1 June, 2009 Page 4

Business Scenario: A foreign subsidiary of this global manufacturing company had not been audited for several years. The internal audit department requested assistance in obtaining insight into how the users access rights and capabilities had been configured. They also wanted to determine if there were any potential conflicts of duties in the Purchase to Pay and Sales to Cash processes. In preparation for the audit E Kriel and Associates obtained the user security reports, activity tracking reports as well as certain transaction reports and analyzed them using D3CIFER for GP. The foreign subsidiary had implemented a foreign language version of Dynamics GP but this did not impact the analysis. Business Benefits: Targeted Risk Management D3CIFER for GP effectively analyzed 100% of the users, roles and tasks in this subsidiary. Control issues in segregation of duties in both processes were quickly identified and remediated. Cost effective An automated approach saved this company tens of thousands of dollars compared to a traditional manual approach. Rapid Results D3CIFER for GP delivered in a matter of days what may have otherwise taken several months to achieve. Additional Value-Added Feedback An in depth analysis of the user activity tracking report revealed that the internal clock of the GP server was set incorrectly thereby creating an operational impact on the backup processes in the data center. This issue was addressed as a priority and the clock reset to the proper time zone. An analysis of the Purchase To Pay process revealed numerous duplicate payments had been made; this is a common control exposure in Sarbanes-Oxley audits. A task force was set up to do a root cause analysis and implement the necessary controls to prevent this from happening again. The task force was also charged with recovering the duplicate payments. 5 CONCLUSION We have introduced a new and innovative solution, D3CIFER for GP, which can assist companies in improving their ERP Audit Readiness. The solution is both industrialized and portable and could be extended to other ERP systems in the future. This solution is part of the D3CIFER family of solutions from E Kriel and Associates Inc. which harness the power of Analytics to extract hidden value from data in the areas of Risk and Control. For more information on this solution, you can contact E Kriel and Associates Inc. at: Web: www.krielassoc.com Email: info@krielassoc.com Voice: +1 (416) 451-3919 June, 2009 Page 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information