Embedded Audit Modules in Enterprise Resource Planning Systems: Implementation and Functionality

Abstract

Embedded Audit Modules (EAMs) are a potentially efficient and effective compliance and substantive audit-testing tool. Early examples of EAMs were implemented in proprietary accounting information systems and production systems. Over the last decade, there has been widespread deployment of Enterprise Resource Planning (ERP) systems that provide common business process functionality across the enterprise. These application systems are based upon a common foundation provided by large-scale relational database-management systems. No published research addresses the potential for exploiting the perceived benefits of EAMs in an ERP environment. This exploratory paper seeks to partially close this gap in the research literature by assessing the level and nature of support for EAMs by ERP providers. We present five model EAM-use scenarios within a fraud-prevention and detection environment. We provided the scenarios to six representative ERP solution providers, whose products support “small,” “medium,” and “large” scale clients. The providers then assessed how they would implement the scenarios in their ERP solution. Concurrent in-depth interviews with representatives of the ERP providers address the issue of implementing EAMs in ERP solutions. The research revealed limited support for EAMs within the selected ERP systems. Interviews revealed that the limited support for EAMs was primarily a function of lack of demand from the user community. Vendors were consistent in their view that EAMs were technically feasible. These results have a number of implications for both practice and future research. These include a need to understand the barriers to client adoption of EAMs and to build a framework for integrating EAMs into firm risk-management environment.