Understanding an Entity: ERP System
An auditor needs to obtain an understanding of an entity’s Enterprise Resource Planning (ERP) system, as it plays a crucial role in processing, storing, and reporting financial data. This understanding helps the auditor to assess the risks of material misstatements and design further audit procedures. The following steps outline how to obtain an understanding of an entity’s ERP system and document the procedures performed:
- Review system documentation: Obtain and review the entity’s ERP system documentation, such as system architecture diagrams, user manuals, and technical specifications, to gain an initial understanding of the system’s features, modules, and functionalities.
- Understand the IT environment: Gain an understanding of the entity’s overall IT environment, including hardware, software, networks, and data centers that support the ERP system. Consider any relevant third-party service providers, such as cloud providers or system integrators, involved in the ERP implementation and maintenance.
- Identify key modules and processes: Identify the key modules in the ERP system that are relevant to the entity’s financial reporting process, such as general ledger, accounts payable, accounts receivable, inventory, fixed assets, and payroll. Understand how these modules interact with each other and support the entity’s significant business processes.
- Evaluate the system’s internal controls: Assess the design and effectiveness of the ERP system’s internal controls, focusing on areas such as access controls, segregation of duties, change management, and system monitoring. Understand the roles of system administrators, developers, and other IT personnel in managing and maintaining these controls.
- Perform walkthroughs: Conduct walkthroughs of key processes within the ERP system, tracing sample transactions from initiation through financial statement reporting and disclosure. Observe the execution of control activities and evaluate their effectiveness in addressing risks associated with the ERP system.
- Interview key personnel: Interview key personnel involved in the implementation, operation, and maintenance of the ERP system, such as IT management, system administrators, and business process owners. Obtain insights into the system’s configuration, customization, and control activities, as well as any known issues or challenges.
- Review previous audit findings: Examine any previous internal or external audit findings related to the ERP system, assessing how the entity has addressed these issues and implemented any recommended improvements.
- Document the understanding: Create clear and comprehensive documentation of the procedures performed to obtain an understanding of the entity’s ERP system, including a narrative or flowchart that details the system’s modules, processes, and internal controls. Highlight any identified risks or control weaknesses and describe how they may impact the financial statements.
- Assess the risks of material misstatements: Based on the understanding of the entity’s ERP system, identify and assess the risks of material misstatements at the assertion level for each relevant financial statement item. This information will be used to plan further audit procedures, including tests of controls and substantive procedures.
By following these steps, auditors can obtain an understanding of an entity’s ERP system and document the procedures performed, providing a solid foundation for the planning and execution of the audit.