 |
Application systems today are not just an integral
aspect of business management, but are also critical
for meeting an organization’s business objectives,
meeting customers’ expectations, maintaining
control over data integrity, confidentiality and
availability and improving systems processing
efficiency.
Today's applications implement and automate business
processes and are therefore reflective of an organization’s
business customs, processes and rules. As organizations
evolve, both business processes and business rules
undergo significant change and transformation.
Ensuring that applications continue to meet the
fast changing and complex business requirements
is therefore critical to organizational success.
Our application due diligence services are designed
to help our clients assess the alignment of their
business application portfolio with their business
requirements and implement corrective measures
required.
Our business requirements assessment services
help clients ensure that their planned IT systems
not only meet user requirements but also address
business process risks and regulatory/compliance
requirements. IT systems ought to be flexible
enough to adapt to extensibility, scalability
and performance requirements while addressing
challenges to systems security. Our services focus
on highlighting the existing gaps in current application
systems from a business viewpoint; taking into
consideration aspects such as performance, functionality,
security, controls, processing and reporting effectiveness.
Our approach combines business requirements assessment
with a business process risk assessment, which
helps to identify and plan for the inclusion of
appropriate application controls early in the
System Development Life Cycle (SDLC).
Our ERP review services cover most well-known
ERP platforms; including SAP, PeopleSoft, Oracle
and JD Edwards. Our before and after-implementation
reviews focus on a detailed review of application
controls: covering business process controls,
standard setup parameters and configurations,
authorizations, basic security administration,
data integrity controls, and adequacy of design
documentation.
We also assist in conducting independent functionality
reviews that focus on assessing the extent to
which the ERP's system design, configuration and
control mechanisms address the current business
requirements.
Application controls ensure accuracy, completeness,
validity and authorization of transactions and
data processing, security over critical data and
transactions (including access control and segregation
of duties) and audit trails. An effective review
of application and database level controls requires
a thorough understanding of not only the application
systems but also the specific business processes
that impact the application systems.
Our approach to application reviews involves obtaining
a detailed understanding of the business process
and the underlying application systems. Our cross-functional
team of consultants helps our clients understand
business process risks and map these to existing
application level configuration, security, and
programmed controls. We employ native as well
as specialized audit tools to validate the operating
effectiveness of existing controls and we leverage
system features/ controls that remain unutilized
to obtain the needed assurance.
|
|
