Information Assurance for Enterprise Resource Planning Systems: Risk Considerations in Public Sector Organizations
ERP (Enterprise Resource Planning) systems reveal and pose non-typical risks due to its dependencies of interlinked business operations and process reengineering. Understanding of such type of risks is significant conducting and planning assurance involvement of the reliability of these complicated computer systems. Specially, in case of distributed environment where data reside at multiple sites and risks are of unique nature. Until now, there are brief pragmatic grounds on this public sector ERP issue. To analyze this subject, a partially organized consultation study was carried out with 15 skilled information systems auditors who are specialists in evaluating ERP systems risks. This methodology permitted to get more elaborated information about stakeholder’s opinions and customer experiences. In addition, interviewees mentioned a numerous basic execution troubles (e.g. inadequately skilled human resource and insufficient process reengineering attempts) that lead into enhanced hazards. It was also reported by the interviewees that currently risks vary across vendors and across applications. Eventually, in offering assurance with ERP systems participants irresistibly stresses examining the process instead of system end product.