Publier un mémoire
Consulter les autres mémoires
|
|
Publier un mémoire Consulter les autres mémoires |
|
|
A ERP includes/understands today tens of modules applicatifs which can be gathered in three categories : sectoral modules, intersector modules and wide modules :
· The sectoral modules back the trades activities of the company (production, maintenance...). They are specific to the sphere of activity of company (car Manufacturer, Assurance, oil service, etc);
· The intersector modules computerize the activities of support of the company. They are subdivided in three categories : activities of support (accountancy, Human management Resources...), the system direction (strategic and operational planning) and the gate of company towards outside (access via Web to information of the company) ;
· The wide modules manage the transactions between firms or between a company and its customers such as the modules of the type SCM, CRM...
The standard model of the ERP always includes the following activities of the company :
· Production planning ;
· Management of the purchases and stocks ;
· Administration of the sales ;
· Human stock management ;
· Logistics ;
· Countable and financial management.
Figure 10 : Modules of a ERP
These modules, are completely or partially interfaced what will generate the creation of important flows of information. These flows are schematized as follows :
Figure 11 : Flows of information covered by a ERP
Comments :
The diagram, above, illustrates flows of information generated starting from the integration which exists between the modules of a ERP (management of the purchases, management of the sales, accounts payable, accounts receivable, general ledger, immobilization, stock) and the permanent data of the company (information customers, suppliers and articles).
The module general ledger is integrated with the other modules. It automatically receives information of the module purchase (engagements), of the accounts receivable (invoices and payments) and from the accounts payable.
The modules of the integrated software package use instantaneously information (customers, suppliers, rate of exchange...) starting from the permanent data bases (Master Dated).
Before starting the mission, the listener must set a clear purpose in order to be able to follow the most effective step which will make it possible to achieve the preset goals.
In the case of a mission of audit of an integrated software package, the principal objective is to evaluate the relevance of existing controls on the level of the various modules to ensure itself of the quality of the information produced by the software package.
Disponibilité
Intégrité
Confidentialité
Auditeur
Figure 12: Objectives of audit of a ERP
To guarantee this insurance, the specialists must deliver their opinions on:
· The Availability:
It is the aptitude of the systems to fulfill a function within preset conditions of schedules, time and performances. It is a question of guaranteeing the continuity of the service, of ensuring the objectives of performance (response time) and of respecting the dates and limiting hours of the treatments.
To ensure itself of the availability of information, of the suitable procedures of cover against the incidents as of controls of safety must exist in order to protect itself from the inattentive or intentional suppressions from the files.
The availability of flows of information is the fact of guaranteeing the continuity of the exchanges of information, i.e. of being able to have, each time the need exists, the possibilities of reception or transfer.
For the treatments, the availability is intended to guarantee the continuity of service of the treatments, i.e. to be able to have the software and hardware resources necessary to the whole of the services, the agencies and with the external customers.
The availability of the data is the fact of being able to have the access to the data each time the need exists.
· Integrity:
It is the quality which ensures that information is identical in two points, in time as in space.
According to ISO'S 13-335-1, the integrity it is the property of not-deterioration or nondestruction of whole or part of the information system and/or the data in a way not - authorized. It is a question of guaranteeing exhaustiveness, the exactitude and the validity of information like avoiding the modification of information.
The Integrity of the data consists in establishing controls on the entries and the treatments of the transactions. It consists in, also, making safe the files of the cumulated data of any modification not - authorized.
The Integrity of the operations and the electronic documents is likely to be blamed. This deterioration of the Integrity can cause for the company of the litigations with its customers about the conditions of transaction and payment.
The Integrity of flows of information is intended to guarantee the reliability and the exhaustiveness of the exchanges of information. I.e. to make so that the data are received as they were emitted and to have the means of checking it.
For the treatments, it is intended to ensure the exactitude and the conformity of the algorithm of the treatments automated or not compared to the specifications. I.e. to be able to obtain complete and reliable results.
The Integrity of the data is intended to guarantee the exactitude and the exhaustiveness of the data with respect to errors of handling or uses not - authorized. I.e. to be able to have data of which exactitude, freshness and exhaustiveness are recognized and attested.
· Confidentiality:
It is the quality which ensures the secret behavior of information with access to the only authorized entities. The protection of the confidentiality of information against any intrusion not - authorized is of an important requirement which requires a minimum level of safety measures.
It is about:
- to only reserve the access to the data of a system to the users entitled (authentification) according to the classification of the data and the level of enabling of each one of them ;
- to guarantee the secrecy of the data exchanged by two correspondents in the form of message or of files.
This last shutter constitutes the most significant point in the electronic exchanges and interests as well the company as the consumers. Indeed, the latter worry for protection about their personal and financial data by fear which this information is revealed or used in order to harm their interests. It is thus normal that the people who plan to have recourse to the electronic trade seek to obtain the insurance that the company set up effective controls on the protection of information and that it takes care of the confidentiality of the personal information of its customers.
The confidentiality of flows of information is intended to guarantee the protection of the exchanges of which the disclosure or the access by thirds not - authorized damage would carry.
For the treatments, it is intended to ensure the protection of the algorithms describing the rules of management and the results of which the disclosure with thirds not - authorized would be harmful.
The data confidentiality is intended to protect the data of which the access or the use by thirds not - authorized damage would carry. It is a question of giving the access that to the competent people all while being based on formal procedures.
Throughout part A, our work limited themselves to a theoretical exposure of the data-processing audit. In the same part, one tried to present the concept of ERP and to define the objectives of audit of an integrated software package of management.
In order to clarify these concepts as well as possible, the part B will present the course of a mission of review of the module «Accounts receivable» of software package J.D. Edwards in an oil company in support at the financial audit. This review consists in testing data-processing controls which apply to the permanent data of the company and with the level of the module «accounts receivable».
PART B : DATA-PROCESSING MISSION OF AUDIT IN SUPPORT WITH THE FINANCIAL AUDIT (CASE OF AN OIL COMPANY)