GFS TRAINING-USER ACCESS / SOD CYCLE Jeopardy Template

AUDIT APPROACH

COMMON FINDINGS

KEY CONTROL PROCESSES

WHERE AM I
PERFORMED?

Systems

100

Typically, are ERP systems owned by the Shared Service Center, the local affiliate, or the IT Center of Excellence?

IT Center of Excellence

100

What is the most common application not included in a SSC's Cross System Review?

Bravo

100

Who ultimately grants access (creates a profile) for a user on any critical ERP used amongst the 5 SSC's?

ITGF/COC/COE

100

How does a Super User ensure all terminations have been processed by the ERP COE?

The Super User initiates a request for a HR termination report. HR submits the weekly HR termination every Monday on a weekly basis and distributes to GFS IT ERP Super Users. This is used to ensure all terminations have been completely communicated within GFS.

100

What SSC houses the following ERP's: JDE, OTWL, PandA, One AP, EBO?

GFS Suzhou

200

True or False: A cross system review does not have to be performed for all SOX critical systems.

False. A cross system review must be performed for ALL SOX critical systems.

200

What has the MOST common high risk area: Granting of Access, Terminations, Cross System Reviews?

Terminations

200

Concerning Granting of Access, Which two SSC follow the direct method?

Latin America and FASE

200

Who ultimately terminates a user from an ERP?

COE/COC/ITGF

200

What will replace EBO at the Suzhou SSC?

Vistakon’s Project Fusion

300

What are the 5 Key Controls around Interfaces?

Completeness, Accuracy, Validity, Error Handling, and Restricted Access

300

Can the following Key Controls be automated or manual: Completeness, Accuracy, Validity, Error Handling, and Restricted Access

Both. Automated and Manual

300

How can a Completeness control be manual?

Via comparison of balance totals

300

True or False: Are inventory interfaces present in North America SSC's?

True.

300

Does FASE own any of the three following systems: JDE Xe, JDE 8.12, or SAP LYNX?

NO. FASE has read only access to JDE Xe, and has only update access to JDE 8.12 and SAP LYNX.

400

Which two entities are hand-offs with the SSC shared by?

Op-Co and I/T

400

True or False: the SSC needs to maintain a listing of all Interfaces that are in scope for their SLA

True

400

What is one requirement around data for the key control of Restricted Access?

Data in transit should not be modifiable

400

Which system does FASE use to maintain Inventory?

QUASI

400

Which SSC maintains it does not perform Interface controls?

ASPAC SSC. This should be verified with the OpCos.