Focus Question: How do financial statement auditors prepare themselves to audit complex enterprise resource planning systems in order to issue opinions in PCAOB regulated public company audits?
Brazel, Joseph F. "A Measure of Perceived Auditor ERP Systems Expertise: Development, Assessment, and Uses." Managerial Auditing Journal 20.6 (2005): 619-31. ABI/INFORM. Web. 2 Feb. 2011.
This paper studies financial statement auditors' perceived expertise in evaluating ERP systems. The study asked financial statement auditors to evaluate their expertise relative to their peers. Results of the study tended to argue that those auditors with higher perceived expertise in ERP tended to perform better risk assessments and created better substantive audit tests. The study also noted that there was not a strong correlation between ERP expertise and general audit experience. The article concluded that although results were gathered from the study, more studies are necessary to substantiate its findings.
Brody, Richard G., and Grover Kearns. "IT Audit Approaches for Enterprise Resource Planning Systems." Icfai University Journal of Audit Practice 6.2 (2009): 7-26. ABI/INFORM. Web. 28 Jan. 2011.
This paper discusses implementation issues of ERP systems, and the challenges faced by auditors during ERP systems audit. The paper also gives an overview of the audit risk, and discusses certain statements, including the COSO, that provide guidance for ERP audits. The need for ERP auditor expertise, as it relates to ERP audit risk assessment is emphasized, and the paper discusses the use of bull's-eye model in prioritizing complex changes, as a means of decreasing IT audit burden. Certain auditing techniques - useful in ERP system audit - were discussed. The paper concludes that audits of firms with ERP systems should incorporate the use of auditing "through the computer", and "with the computer" techniques.
Esteves, Jose. "A Benefits Realisation Road-map Framework for ERP Usage in Small and Medium-sized Enterprises." Journal of Enterprise Information Management 2nd ser. 22.1 (2009): 25-35. ABI/INFORM. Web. 28 Jan. 2011.
This paper attempts to formulate an implementation framework for implementing ERP systems and ERP system upgrades. Dr. Esteves evaluates the ERP benefits model and the benefits of implementing ERP systems into organizations then breaks down where and when benefits occur during an ERP implementation. He divides ERP benefits into a preparation stage, realization stage, achievement stage, and finally, ERP auditing stage. His ERP auditing discussion debates the necessity of continuously auditing the ERP system and including internal auditors and management in implementation.
Goldberg, Stephen R., and Joseph H. Godwin. "Operational Reviews and Auditing ERP." Journal of Corporate Accounting & Finance 14.4 (2003): 63-65. ABI/INFORM. Web. 28 Jan. 2011.
This article is a review of two books - which includes Integrated Auditing of ERP Systems, by Musaji Yusufali. The article points out the notoriety of ERP systems for being extraordinarily complex, and having numerous implementation risks. The article further explains the concept of integrated auditing in an ERP system.
Hsu, Ko, Jeanne Sylvestre, and Ellen N. Sayed. "Avoiding ERP Pitfalls." Journal of Corporate Accounting & Finance 17.4 (2006): 67-74. ABI/INFORM. Web. 28 Jan. 2011.
This paper evaluates the potential risks associated with ERP systems through various COBIT, COSO, and Sarbanes-Oxley frameworks. It discusses the recent consolidation of the ERP-development industry, the increased demand for ERP systems, and the increased demand for ERP consulting services. It uses some of these developments to discuss emerging issue or "pitfalls" that seem to be developing in business and then evaluates various remedies to mitigate these risks.
Hunton, James E., Arnold M. Wright, and Sally Wright. "Are Financial Auditors Overconfident in Their Ability to Assess Risks Associated with Enterprise Resource Planning Systems?" Journal of Information Systems 18.2 (2004): 7-28. ABI/INFORM. Web. 2 Feb. 2011.
This paper attempts to determine if financial auditors are overconfident in their abilities to audit ERP systems. It references SAS No. 94 to determine if auditors and IT auditors recognize the increased risks of ERP systems compared with legacy systems then goes on to explain the differences in risks amongst the two types of systems. The paper focuses on a study where Big 4 CPE training sessions were developed and carried out with lack of regard for ERP systems despite the fact that significant numbers of clients at those firms utilized ERP systems. It also identifies a lack of communication between financial statement auditors and the IT auditors. There seems to be various reasons why financial statement auditors do not consult the IT auditors for advice and guidance and why financial auditors may have overestimated their skills in auditing ERP systems. These rationales include plain overconfidence in ability to audit complex ERP systems, economic pressures from audit fees, and continually changing dynamics in the audit workspace due to increased technological developments and new regulatory requirements following the passage of the Sarbanes-Oxley Act. Nevertheless, the general focus of the paper is on the perceived overconfidence of financial statement auditors in their abilities to comprehend and understand complex ERP systems.
Kuhn, John R., and Steve G. Sutton. "Continuous Auditing in ERP System Environments: The Current State and Future Directions." Journal of Information Systems 24.1 (2010): 91-112. ABI/INFORM. Web. 2 Feb. 2011.
This paper states that there is the push for continuous auditing technique in auditing, and provides an overview of continuous auditing in an ERP system environment. The characteristics of continuous auditing through traditional EAM, MCL and modified EAM were discussed. The paper further discusses the challenges and concerns - including from an audit perspective - of implementing EAM into an ERP environment, and explores the limitations of alternative continuous auditing approaches, such as MCL, and EAM ghosting. The paper concludes that it appears that MCL methodology offers the most used alternative.
