Premium
Auditing SAP R/3 – Control Risk Assessment
Author(s) -
BEST PETER
Publication year - 2000
Publication title -
australian accounting review
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.551
H-Index - 36
eISSN - 1835-2561
pISSN - 1035-6908
DOI - 10.1111/j.1835-2561.2000.tb00068.x
Subject(s) - audit , internal control , control (management) , accounting , operational auditing , audit risk , affect (linguistics) , computer science , risk assessment , risk analysis (engineering) , internal audit , process management , business , computer security , psychology , joint audit , communication , artificial intelligence
This paper provides an introduction to auditing in an SAP R/3 environment, focusing primarily on the assessment of control risk. A number of distinguishing characteristics of the SAP R/3 system that affect the audit are described. The application of a standard internal control framework to the assessment of application controls is illustrated. Two significant pervasive general control areas are examined ‐ system development and program maintenance, and user access control. Relevant controls in these areas are discussed and methods for auditing these controls are outlined. Several opporhcnities for research in the auditing of SAP R/3 are proposed.