Role-based Access Control Risk for Enterprise Resource Planning Systems: In Perspective of Segregation of Duties

• Main Authors: CHIANG,I-AN, 江怡安
• Other Authors: SUN,CHIA-MING
• Format: Others
• Language: zh-TW
• Published: 2016
• Online Access: http://ndltd.ncl.edu.tw/handle/4yp9sx

碩士 === 國立雲林科技大學 === 會計系 === 104 === In recent years, many companies have been convicted of fraud, most of them are the staff using their position to gain valuable information or misconduct. The application of existing control limitation and agent position is not easy to implement dynamic management authority on the enterprise ERP system. Therefore, it is difficult to achieve prior mandatory control of the segregation of duty (SOD). Employees with high authority may lead to increase risk of fraud. This study will use the enterprise ERP system to identify high-risk transactions data by detecting regular post-events control orientation. The ERP of operational risk factors included: the elements of the COSO SOD Model, program trading authority risk transactions, amount of the transaction , and frequency by approver and sequential of transaction notes. We design an ERP operational risk investigation mechanism, the auditors is easier identify high-risk transactions which possible violate internal control rules. The study also adopt the questionnaire to request experts measuring those operational risk factors under different scenario. According to the statistical results of questionnaire, we apply that to analyze the risk of enterprise system transaction data, showing the effectiveness of adopting our mechanism. The study found that the proposed ERP operational risk factors in this research, will help immediately assess the risk of employees transactions, quickly finding out the possibility of high-risk transactions due to the excessive authority. The risk assessment mechanisms established in this study, which can be applied for detecting risks with ERP systems and treat as the compensation control in the situation of hard to implement SOD.