ABSTRACT
This chapter presents an audit perspective to an enterprise Software as a Service (SaaS). The internal controls such as three-way match, transactions approvals and mandatory fields, are deemed to be operating in the SaaS by auditors even if they are really the outcome of everyday work performed to correct for misclassifications, duplications, or omissions – manual behind-the-scenes "fixes" performed by accounting personnel. In this respect, the controls justify or validate the audit, rather than the other way. They become self-fulfilling, tautological performances that abstract away rather than address the operational exigencies at hand. In Where Are the Designers, Hales identifies categories of computer software design that can be just as applicable to the design of internal controls supporting an enterprise SaaS. The use of SaaS, with the accompanying ease of integration of other best-in-breed in play applications in the corporate cost management ecosystem, supplants legacy monolithic and/or on-premise software.
