Introduction
As an advanced management mode, internal control system plays an important role in modern business management. The risk of data security in the process of system operation, such as the internal control technology, the content and focus of internal control, etc. Therefore, under the ERP environment, if the internal control work well is a new task faced by the internal control staff of the enterprise.
1 The impact of ERP usage on enterprise internal control system
1.1 The change of control link in the ERP environment, the data transmission through the data sharing to ensure the consistency of the data, through the network technology to ensure the synchronization, data calculation, summary by the computer according to the program formula automatically completed, to ensure its correctness. From the perspective of internal control, these links are excluded from the human factors, no longer have the manual control mode under the false report, false reports, fraud prone, high hair characteristics, it will not become the internal control system focus on the link. But the normal operation of these links depends on the correctness of ERP system design and the stability of system operation. How to guarantee these conditions, become the focus of internal control.
1.2 Changes in the control mode under the ERP environment, the data transfer and processing are automatically completed by the computer according to the formula set, the accuracy of the data, completeness and timeliness of transmission depends on the correctness of the program set, such as check, review and other manual control methods can not be completed based on computer technology control requirements, Therefore, the system automatic control and the use of manual recording in the key aspects of the parallel mode of ERP environment is the main controlling means. This kind of control way change to the enterprise internal control staff put forward higher request.
1.3 Changes in data security environment in ERP environment, data storage, transmission, processing and other aspects of the traditional work environment compared to the great changes occurred. Data processing, access rights by manual physical control into computer technology based automatic control. This shift has changed the factors that need to be considered in data security control. Data security control should mainly focus on the security of data itself, and the security of data depends mainly on the stability of system operation and data storage environment.
2 How to do well the internal control work in ERP environment
2.1 In ERP environment, the system automatically stores and processes the data. Therefore, the control process should focus on the system configuration and data link. The system automatically collects the data should focus on the automatic collection process system configuration correct or not to check, and keep the system configuration list and inspection records, the system configuration process should be owned by the management of the entire system managers to carry out or by the professional and technical personnel under the strict supervision of managers, should avoid the in-depth involvement of system users, Prevent system users from fully understanding the system and discovering and exploiting system vulnerabilities. System modifications and two development must be carried out by authorized professionals.
Staff need to process to enter the system data, to take good care of the source of data, to emphasize the preservation of the original certificate and the handling of personnel and review personnel records. Easy to provide clues for internal control test and inner audit.
Conduct regular internal control system testing or audit to check the integrity and correctness of the underlying data of the system input.
2.2 The change of control link should be focused on the construction of business process and the reorganization of ERP environment, the traditional manual control of the business process will inevitably change. Therefore, according to the automatic control of ERP system and the characteristics of data management informationization, the existing operation mode and business process of the enterprise should be reorganized to better exert the function of the internal control system of the enterprise.
2.3 In data security should focus on the following aspects:
2.3.1 Organization Setup ① System maintenance Department and system use department separation, system maintenance department does not contact the actual business operation, the system uses the department does not have the power to maintain the system, the ② system maintenance department internal each post should separate; the ③ business unit should set up positions in accordance with the principle of separation of incompatible posts.
2.3.2 Information System security ① unauthorized users, not contact with the ERP system: ② equipped with special room, installation of air-conditioning, UPS uninterruptible power supply and other measures to ensure that the core hardware system of ERP system environment security: ③ set up a reliable security encryption and anti-virus software to ensure the security of the system application software; ④ set up a personal custody system to produce documents, including electronic files and paper documents.
2.3.3 System operation aspect ① system user should set different use rights according to their post duty and internal control system requirement, grant corresponding user code and password, user password should be changed irregularly, all business operation activities in ② system should be authorized; ③ error input needs to be authorized to change: ④ regularly to the system data backup, clear data storage personnel, location and manner.
2.3.4 System Monitoring ① Set System self-protection system, establish a complete log, the management of log files should be included in the key control content. ② system in the use of the process of error, should be real-time notify the relevant management personnel and timely processing.
2.4 System construction is the cornerstone of the internal control work. The rules and regulations are the basis for the enterprise to realize the goal, to carry out the business basis, and to establish the controlling measures in the process of internal control system construction and implementation. For example, in the ERP environment, in order to ensure the security of the system data, we should make the corresponding system, stipulate the number and time of the system backup, the condition of data recovery when the system is destroyed: the personnel of data keeping, the data contact person, the data storage place, the condition of the data storage Control measures should be strictly enforced and all positions treated equally. Of course, these systems are not rigid and should be revised and perfected according to the actual situation.
2.5 Training and publicity, improve the quality of the personnel is the key to the internal control of the enterprise ERP system used in the traditional work environment for the enterprise personnel. Does not mean that internal controls are getting easier. But to the enterprise employees put forward higher requirements. Only by strengthening the internal control, ERP and professional knowledge and other content training, and constantly improve the quality of enterprise employees can better play the initiative of employees, better adapt to the ERP environment of internal control work.
2.6 Establish and perfect the internal control evaluation system to do well the internal control system evaluation is the process of finding out the deficiencies in the system and making dynamic adjustment and correction. In the ERP environment, in addition to focusing on key risk control design rationality and the effectiveness of implementation, the test should be focused on the ERP system Authority settings, data and security control, a targeted understanding of the use of ERP system, to enterprises brought about by the new risk of control, For the internal control system and improve the integrity to provide protection. In short, the ERP environment, internal control work in the internal control system should follow the principle of the construction of ERP: in the implementation of the implementation of the main authority, the key operations have basis, the implementation of the process of audit, the implementation of the results have traces (leave the implementation of evidence).