Information Technology Reference
In-Depth Information
The IS auditor should be able to review these interconnections in order to ensure that both
enterprises are protected. Depending on the size of the enterprises and volume of transac-
tions, the integration process might be complex and require detailed SLA agreements to
implement.
b) How does the enterprise ensure that data transfer between your ERP and other
systems is controlled?
Control of data transfer is done by first establishing connectivity through the virtual private
network (VPN); the second phase would be for the application systems to perform a hand-
shake and allowing actual data transfer.
The VPN connection can be reviewed by checking the configuration on the firewalls,
routers, or other devices which are used to create the connection. It is important to check
the connection information generated by the devices to ensure that the connections are cor-
rect and secure. The handshake between the application systems should also be checked.
The statistics can be generated by the middleware software or the application systems by
posting details in the transactions logs.
It is advisable that the IS auditor apart from reviewing the controls should also review
sample data to ensure that the data passing between the two systems is valid. This can be
done by extracting sample data and testing it using data analytics software such as Excel,
ACL, or IDEA.
c) What are the major risks of integrating systems?
The major risks could be security as the systems reside in different locations and managed
by two different enterprises. The two enterprises should regularly monitor the performance
of the two systems in order to ensure that they function correctly and data is processed
through without being corrupted. The other risk is systems malfunctioning and bringing
operations to a halt. A fallback system should be put in place in the event of system failure.
The IS auditors should ensure that the enterprises do regularly conduct risk assessments in
order to ensure that integration risks are managed.
d) How would the enterprise ensure that data transferred to external systems is ac-
cepted?
The middleware software will handle the handshaking, data transfer, and ensure that data
transferred is accepted. The systems will also use a common protocol to ensure easy iden-
tification of data.
The IS auditor can review logs being generated by the middleware software or application
systems to validate the data exchanged by the two systems. A regular review by the IS aud-
itor is essential in order to ensure there is data integrity and consistency.
Search WWH ::
Custom Search