4.2.5. Users work
All implementations require a successful combination of the
elements of people, process and technology. It is essential that an audit be
conducted of the staff involved in the implementation as well as the way in
which their roles are structured in relation to the ERP software
implemented.
In particular the following tasks should be undertaken:
- Identify staff, their responsibilities and skills sets.
- Assess training and knowledge transfer requirements.
- Ensure staff is adequately trained and test knowledge
transfer.
- Determine roles and responsibilities for staff by mapping
existing staff complement to processes in the ERP systems.
- Ensure that appropriate segregation of duties is maintained.
4.3. Required Action
Wherever risk is increased, management should institute controls
which mitigate the risks posed.
The objectives of such controls would be to:
1. Safeguard all the assets of the enterprise
2. Ensure accurate and reliable accounting (and other)
information
- Validity - only valid items are allowed to enter a system
(authorisation)
- Completeness - all valid items are captured and entered into
system (number of items)
- Input accuracy - data that is entered into the system is
correct (data fields)
3. Improve operational effectiveness, efficiency and security
- Effectiveness - fulfils intended objective.
- Efficiency - prevents unnecessary waste of resources.
- Security - protection of resources from misuse or
destruction.
4. Promote adherence to managerial policies
It is imperative that when such controls are established,
continuous audit and review work be undertaken in order to assess the
effectiveness of these controls. The audit of an ERP system requires specific
knowledge and an understanding of the complex features and integrated processes
built into and required for the successful implementation, use and control of
specific vendor products. As financials audits require specialised audit skills
so do ERP audits. Not only should the auditors have specialised skills but the
methodologies they use should also be uniquely tailored to deal with the
different risks involved. Audit and Review guidelines should be developed which
provide a management-oriented framework and proactive control self assessment
specifically focused on:
- Performance measurement--How well is the IT function supporting
business requirements?
- IT control profiling--What IT processes are important? What are
the critical success factors for control?
- Awareness--What are the risks of not achieving the
objectives?
- Benchmarking--What do others do? How can results be measured
and compared?
With respect to IT control profiling in point 2 above, I
believe organisations should reassess the controls in place using the maturity
framework outlined in figure 3 and the subsequent text. For each control the
required level of maturity should be determined and where the control is not
found to be at that level, corrective action should be taken.
5. ERP CEGID Implementation: Case AS-SOLAR FRANCE 5.1.
Introduction
AS Solar is an internationally active German specialized
distributor and project developer for solar technology. Along with different
subsidiaries in Spain/Portugal, Benelux, France, Italy and Romania/Hungary it
is present on the most important global markets in the field of photovoltaics.
As SOLAR connects lasting market quality and the technical know-how with
outstanding service to give customers an unparalleled advantage.
| 
