Strategy

How to conduct a thorough ERP audit

4th April 2016

ERP is a set of tools most of us use every day to help our organizations accomplish whatever their particular goals are. Is ERP helping us to be more effective and efficient? Are you using the system properly? Is ERP hindering us in any way? These are some of the questions an ERP audit should answer.

Defining objectives and building a team

So, the first step in an ERP audit is to define the objective(s) of the audit. ERP systems have a life cycle and the objectives will change during that life. You could audit a recently-implemented system to quantify how well it is delivering on our specific requirements. An audit of a more mature ERP might evaluate whether it can still meet today's needs or whether it should be upgraded or replaced. At any time in that life cycle, you could evaluate security and user access processes. You might also look at statutory compliance or compliance with internal or external policies.

The audit might be led by an internal audit department or other groups might take the lead. Internal audit personnel have the skills to be objective during performance of the task. Usually, individuals with IT systems expertise should be part of the audit team as the networking, report programming, and integration with other software and hardware will be assessed. Executive management sponsorship is also required to ensure the audit gets the attention necessary.

Assessing system usage

Let's consider an audit for functional performance. Are users taking full advantage of features in the ERP? Are they gaining an advantage over a manual process or the use of a different system? Is any time wasted through overuse of ERP functions? Such an audit could be performed across the organization or within a single department.

Interview users and document what they do throughout the day. What are they trying to accomplish and what work do they do toward those accomplishments? Interview the “information customers” and “information suppliers” related to that department. Can the suppliers easily provide information requested and do the customers get the information they need?

Are users taking full advantage of features in the ERP? Are they gaining an advantage over a manual process or the use of a different system?

Assess how current workflow matches the intended workflow (defined by your vendor, implementation team, or training program). This will require significant expertise in the use of ERP and possibly in-depth training from ERP vendors. Ideally the designed software flow matches the actual work flow. Where there is not a match, consider whether the users have implemented a workaround that adds value or reduces cost. Otherwise, you might need to revise internal processes and training to better match the software to get the best results.

Document and publish the results of the audit. If process changes are suggested, schedule a follow up review to ensure they are in place and working as planned.

An ERP audit does not need to be formal. A cost accountant working individually can follow the flow of data from an inventory transaction through to the general ledger and this can be considered a form of audit. That accountant might realize a code table needs to be updated to provide the data flow required. You just hope that the organization has a process which records these findings for posterity.