Publier un mémoire
Consulter les autres mémoires
|
|
Publier un mémoire Consulter les autres mémoires |
|
|
During the mission, the listener must have at his disposal several documents which are used to him as a basis for its work of controls. These documents are is reports/ratios generated starting from the system or many procedures specific to the company.
In what follows, the documents will be presented important that the data-processing listener must consult within the framework of his work of review of a ERP.
· LOGS of audit or Auditrons:
Are newspapers published by the system by the execution of specific orders. These newspapers recall all the operations of change (creations, modifications, suppressions) made on the level of the permanent files such as the file suppliers « to beg file », file customers « customer file », management of the thirds « Address Book », the program of adjustment and price « Price and Adjustment Schedule ».
In these reports/ratios, one finds the name of the person who carries out the requests for change, the name of the person who controls the regularity of these changes, the date of modification, the old value and the new value.
· The check procedures of will auditrons :
The Logs of audit must be controlled to identify the actions not - authorized and to avoid them in the future. So that control is beneficial, it must obey a formalized and well defined procedure.
This document indicates the goal of the check procedure of will auditrons, the intervening people, the periodicity of edition, the responsibilities, the methods practical and the applications.
· Reports/ratios of integrities :
The reports/ratios of integrity present the problems of integration which can exist between the balances of the accounts of the various modules of J.D. Edwards « WITH/R, With/P, F/A, etc » and their direct charge on the level of the general ledger « G/L ».
These reports/ratios are an integral part of system J.D. Edwards.
They must be published :
· During the installation of J.D. Edwards and following the migration of the data.
· Daily, for the majority of these reports/ratios.
If these reports/ratios are not published regularly, the integrity of given can be affected, which represents a great risk : « High Risk off Dated Integrity Issues ».
The examination of the reports/ratios of integrities helps with :
· To make sure that the system functions correctly ;
· To correct any problem in time in an efficient way.
It is extremely important of :
· To parameterize the reports/ratios of integrities ;
· To publish these reports/ratios periodically and to try to solve the differences ;
· D-to establish the reports/ratios of integrities until they do not contain any more differences.
The reports/ratios of integrities which one can extract from J.D. Edwards are as follows:
ü Accounts payable : WITH/P
· The P047001 report/ratio compares the pays of the accounts payable in the module accounts payable with the balances of the accounts suppliers charged in the general ledger.
· The P04701 report/ratio checks that the total amount of each batch in the accounts payable is equal to the corresponding amounts in the general ledger.
ü Accounts receivable: WITH/R
· The P03702 report/ratio compares each batch of the gross values receipts registers with the accounts receivable with the table customers of the general ledger.
· The P03701 report/ratio checks that each Batch of the accounts receivable, which corresponds to him the total of the received amounts, is balanced with the corresponding Batches in the general ledger.
ü Fixed assets: F/A
· The P127011 report/ratio compares the balances recorded with the table accountancy fixed assets with the pays of the table of the General ledger.
· The P12301 report/ratio identifies all the transactions which were registered in the General ledger and should be, but it, are not registered yet in the accountancy of the fixed assets.
ü General ledger : G/L
· The P007011 report/ratio presents the schedule of the lots not yet entered while being based on the control panel of the batches.
· The P007031 report/ratio lists the batches which affected but are not balanced. The difference appears in the report/ratio.
· The P097001 report/ratio presents the clear balance of each company.
· The P09705 report/ratio shows the divergence of each period between the pays of the balance and the balances in the general ledger.
· The P097021 report/ratio shows the divergences of the amounts on the level of the companies between the accountancy and the tables of the accounts.
ü Stocks: ESC
· The P41543 report/ratio shows the types of divergences between the tables of accountancy of stocks and those of the general ledger:
- The detail of the article in stock exists without having a correspondence with the general ledger.
- The article is not balanced with its correspondent of the general ledger.
· The P41544 report/ratio shows the divergences for the quantities and the amounts between the accountancy of stocks and the general ledger.
Below an example of report/ratio of integrity :
Figure15 : Report/ratio of integrity
· Rights of access :
Are cards formalized which define the rights of access of the users to the various menus of the system, while respecting the profile of each one.
In order to avoid any confusion in the attribution of the rights of access, each request for creation, modification and suppression of user profile should specify :
· The group to which the new user must belong ;
· Additional rights to grant.
Rights of access « Action Codes Security » by programme of each user group must be formally defined. A functional description of each program elaborate and is presented at the person in charge user concerned.
· ACTION codes carryforward :
It is a report/ratio published for each file belonging to the permanent files «Master files ».
This document presents the identities of the user groups « To use Id » which has the right to modify, to create, remove data on the level of the permanent files.
For each group, the report/ratio presents the user profile assigned as well as the allotted safety measures.
· Rules of management «Order Acivity Rules» :
These documents present the logical sequence of the process of activities of a company using J.D. Edwards. Are the rules of management of the company.
The treatments are codified in an automatic way. It is necessarily necessary to pass from one stage at the stage which succeeds it. Each passage of a stage to another must be authorized by a designated person.
Diagram Ci below presents the sequence of the actions of a
process of sale : 
Figure 16: Key phases of a process of activity: Cycle Ventes
With the exit of the review of existing controls on the level of module A/R of the software package of management integrated J.D. Edwards (the review of the level of existence and application of these controls), the data-processing listener raises the points which, according to its own judgment, can assign the level of control to the level of the processes of the company.
The listener indicates, then, his reports, the associated risks as well as the recommendations referring itself to it.
The data-processing listener prepares the final report/ratio of his intervention (this report/ratio is added to the report/ratio of financial audit), in which he formulates the conclusion of his work (recommendations, description, etc).
The team of financial audit will use this report/ratio as bases for the choice of the strategy of audit (High, Some, No) adequate to adopt.
Following liberalization of the markets and vis-a-vis the increased threat of competition, the companies are with the research of the most developed means which their would make it possible to improve their competitiveness and to achieve their goals with knowing creation of value. New information technologies, and in particular the ERP, constituted, during the two last decades, one of these principal means of development. Indeed, majority of the companies, as well the small ones and medium-sized companies that the large international firms, are currently based on information systems built around the ERP.
In this new landscape which characterizes the majority of the companies, the listeners are vis-a-vis systems presenting of information increasingly available, just and protected. However, these systems are, sometimes so complex, that their exploitation requires a particular expertise. Thus, the control of the risks inherent in this system exceeds competences of an only using listener, methodologies and the traditional tools, and requires the implication of data-processing listeners.
It is not with a change of trade, but with an evolution of the methods and working tools which the listener must prepare. The listeners who will confine themselves with accountancy will be gradually plastered with a secondary role and are likely to see restricting their interventions with some operations of high technicality like the decree of the financial statements, or the preparation of the tax or social declarations specific.
The listeners should, consequently, level themselves and this, by the development of their knowledge and competences in order to be able to play a major part in all these new fields, and to revalue even more their contributions for the companies.
Among the tools and methodologies which a financial listener would gain to control and adopt at the time of his missions, it is advisable to quote reference frame COBIT.
This reference frame, developed and maintained by the ISACA treats in particular the fields of the strategy and the data-processing organization, the acquisition and the implementation of the information processing systems, the exploitation and the maintenance of the information processing systems and of the control and follow-up of the data-processing function.
Description of the procedure of management of the gas coupons:
The management application of the gas coupons allows the edition of the tickets fuels, the repurchase of these tickets and the follow-up of stock tickets. The tickets contain expiration dates, the amount, the name of the company, a sequence number and a bar code.
The customer orders are recorded on a standard document. Arrived at the deposit, the purchase orders are re-examined by a person in charge who controls the state of credit of the customer directly on the system before seizing the order on the application cross.
Then, the coupons are on the spot printed by another person (a state of follow-up of the numerical sequences of the tickets periodically is re-examined, signed and delivered to the customers).
Following the delivery of fuel at the stations, the managers can pay the company with coupons.
A state of these coupons (BRB: Good of Repurchase of the Goods) is addressed to the deposit.
The repurchased coupons will be seized in the application using the reader bar code. The keyboarder checks the conformity of the number and the amount of the goods with the BRB. Following the seizure of the coupons, notes of credit in the name of the managers are published. The original one of this note of credit is addressed to the person in charge customers on the level for the seat. A copy will be classified in the deposit.
At the end of the day, the person in charge for this application treats all the goods published (invoices customers) and repurchased (notes of credit customers) on the application and carries out the extraction of the batches to send them to accountancy J.D. Edwards. A daily state of control is published to control the exactitude of the transactions between the application and J.D. Edwards (amounts and a number of transactions). A monthly state of reconciliation of the account «Goods To be delivered» is published, analyzed and approved.
Description of the procedure of blocking of the orders:
According to the procedure of the studied company, when the order is blocked by the system, the keyboarder of the orders prepares a request for releasing which will be addressed to the «credit to control». This last, after discussion with the sales department, can either sign the request for releasing and force the system or to refuse the order.
A state of the customer orders blocked is published daily.
Description procedure of use of the notes of flow/credit:
In the case of our studied company, the notes of flow customers are used for the amounts of the insurances service stations (end of the year), clothing for the stations and the rents. These notes are approved by the «credit to control» before being seized in the system. The notes of credit are used for the coupons (payment of the managers).
Description procedure of use of the manual invoices:
In the case of the studied company, the manual invoices are used in the event of breakdown in the system. A numerical sequence of these invoices is adopted. With the resumption of the system, the invoices are seized on the level of this last and each manual invoice is fastened with the published invoice of J.D. Edwards.
· BRIAN JENKINS and ANTHONY PINKNEY ; Audit of the systems and the accounts managed on data processing, Edition PUBLI-UNION, 1996.
· HOWARD F.STETTLER ; To that : principles and general methods, Edition PUBLI-UNION, 1998.
· SMALL GERALD, DANIEL JOLLY and JOCELYN MICHEL ; Guide for the financial audit of the computerized companies, Edition CLET, 1985.
· JOCELYN MICHEL ; Guide for the operational audit of the data processing and the information systems, Edition CLET, 1989.
· JOSE PLANS; Practice of the data-processing audit, Edition EYROLLES, 1984.
· MARC THORIN ; The data-processing audit, Edition PUBLI-UNION, 2000.
· ABDERRAOUF YAICH ; The countable profession and new communication and information technologies, the Countable review and Financial RCF, N° 53, p. 17.
· THOMAS DAVENPORT and NITIN NOHRIA ; Restick work instead of dividing it ! , the expansion Review Management, Fall 1994, pp. 56-66.
Webography :
· HTTP: // www.sécurité-informatique.enligne-france COM
· HTTP: // www.audit-informatique.fr
· HTTP: // www.procomptable.com
· HTTP: // www.clusif.asso.fr
· HTTP: // www.afai.asso.fr
· HTTP: // www.audit.com
· HTTP: // www.itaudit.org
· HTTP: // www.isaca.org
· HTTP: // www.erp.com
· HTTP: // www.issa.org
· HTTP: // www.jde.fr
- AAI : Automatics Accounting Instructions
- AP : Accounts Payable
- AR : Accounts Receivables
- LOW : Business Advisory Services
- BPR : Business Reengineering Process
- CIF : The Council To that the Formation
- CEAA : Knowledge and Accumulated Experience of Audit
- CF : Corporate Finances
- COBIT : Control Objectify for Information and related Technologies
- CRM : Customer Relationship Management
- ECS : Energy Chimical System
- ERP : Enterprise Resource Planning
- F : Fixed Assets
- GL : General Leadger
- CAM : Production control Computer-assisted
- GRMS : Total Risk Management Solutions
- IFAC : International Financial To that Committee
- ISACA : Systems information To that the and Control Association
- ISO : International Organization for Standardization
- MANDELEVIUM : Master Dated
- MTBF: Mabkhout Tmar Belaifa Fendri
- NTIC : New Communication and Information Technologies
- OSRM : Operational System Risk Management
- CAP: Pierre Audouin Consultants
- PGI : Software package of Management Integrated
- PwC : PricewaterhouseCoopers
- KING : Return One Investment
- SCM : Supply Chain Management
- SODA : Segregation Off Duties Assessment
- TLS: Legal Tax Services
Figure 1 : Risks of audit
Figure 2 : Data-processing risks
Figure 3 : Strategies of audit
Figure 4 : Customer-server architecture
Figure 5: Evolution of the information systems of company
Figure 6 : The wide company
Figure 7 : Actors of the market
Figure 8 : Reasons of establishment of a ERP
Figure 9 : Evolution of the structure of activity of the company
Figure 10 : Modules of a ERP
Figure 11 : Flows of information covered by a ERP
Figure 12: Objectives of audit of a ERP
Figure 13 : The cartography of the systems of the studied company
Figure 14 : The applicative card of the studied company
Figure 15 : Report/ratio of integrity
Figure 16: Key phases of a process of activity: Cycle Ventes