This sample memo outlines a post-implementation review of an enterprise accounting system (EAS) application. The focus of the review was on the configurable application controls, application security, and segregation of duties (SOD) for the accounts payable (AP) and general ledger (GL) modules within the EAS application.
In this sample, internal audit determined during the review that although system controls are in place, the processes are not operating consistently across companies/locations. Therefore, the controls may not be operating effectively. Other challenges noted during the review were end-user system knowledge and insufficient technical and functional documentation.
Risk & Control Matrices - RCMs
Application Control Review RCM
Application Security Review and Testing Audit Work Program