Readiness of Low Complexity ERP for Continuous Auditing in SMEs: The Brazilian Case Study

The continuous auditing technology assures integrity of accounting systems and consequently improves the decision-making process of the small and medium-sized enterprises (SMEs) that implement it. Considering that SMEs located in developing countries function within a more risk prone environment and do not have resources to implement all layers of customized corporate functions in information systems, one argues for their reliance on the features of low complexity of enterprise resource planning (ERP) software to benefit from continuous auditing (CA). The purpose of this study is to relate the understanding of the CA demands and low complexity ERP systems’ technical functionalities in SMEs. Thus, to fulfill this objective, a conceptual model has been drawn to integrate the key concepts related to CA. Four pillars are the core of this model, namely: segregation of duties (SoD) with role-based access control centered on process-based approach (PBA); internal checkpoints; audit trails; and the level of integration of the continuous auditing software. This model was validated through the benchmarking of the implementation of the pillars in three cases of low complexity ERP systems adopted by SMEs in a developing country. The benchmarking/results of the study show significant differences between operational mechanisms of the three ERP software. Namely, the role-based access control exists in the two of the ERP_LC but not in the Brazilian one. Also, there is no check-point in the Brazilian ERP_LC and it does not integrate with continuous audit features. This study distinguishes between the low complexity ERP’s functionalities and the features of a more complex environment, thus bringing an important contribution to the study of low complexity ERP’s readiness for continuous monitoring in SME’s internal auditing processes.