Information System Assurance for Enterprise Resource Planning Systems: Unique Risk Considerations
Enterprise Resource Planning (ERP) systems inherently present unique risks due to tightly linked interdependencies of business processes, relational databases, and process reengineering. Knowledge of such risks is important in planning and conducting assurance engagements of the reliability of these complex computer systems. Yet, there is little empirical evidence on this issue. To examine this topic, a semi-structured interview study was conducted with 30 experienced information systems auditors (from 3 of the Big 5 firms) who specialize in assessing risks for ERP systems. This approach allowed us to obtain detailed information about participants' views and client experiences. The results indicate that the implementation process of ERP systems has an important impact on system reliability. Further, interviewees identified a number of common implementation problems (e.g., improperly trained personnel and inadequate process reengineering efforts) that result in heightened risks. Interviewees also reported that ongoing risks differ across applications and across vendor packages. Finally, in providing assurance on ERP systems participants overwhelmingly indicate a focus on testing the process rather than system output.