This memo documents internal audit's findings from a post-implementation review of an enterprise accounting system (EAS) application. The focus of the review was on the configurable application controls, application security, and segregation of duties (SOD) for the accounts payable (AP) and general ledger (GL) modules within EAS. This review did not cover project management, change management, testing (including user acceptance and conversion) and training procedures.
In this example, internal audit determined during the review that although system controls are in place, the processes are not operating consistently across companies/locations, and therefore the controls may not be operating effectively. Other challenges noted during the review were end-user system knowledge and insufficient technical and functional documentation.