ais in general

A u d i t I nformationS ystem

In General

Hala Hamoda

SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 2

Every individual sees their

environment from their own

personal point of view.

The auditor‘s duty is to make

an objective judgment.

Continuous Audit

RatingBasel II

GoBGoBS

Sarbanes Oxley Act

I A S

US-GAAP

GDPdU

Evolution of Modern Auditing


A u d i t I nformationS ystem

A result-oriented audit view is - in an environment of mass transactions - only possible withcomputer-supported audit or control procedures

Digital Audit


Internal audit

External audit

Tax audit

Data security

SAP DBSAP DB

Collection,structure,presettingof standard SAP Reporting

Improvementof the audit processand of audit quality

Individual selection andpreparation of data

Data export-document data-account balances-financial statement data

Reconciled with:- ACL- IDEA- AuditAgent. . .

Audit - Information - System


Prüfungsumgebung – Externes Audit

Own Software

(auditing approach)SAP environment

Analysis software( ACL / IDEA / … )

Reporting software

. . . . . .

. . . . . .

. . . . . .

KNA1KNA1

KNB1KNB1

KNC1KNC1

SKA1/SKATSKA1/SKAT

SKB1SKB1

SKC1ASKC1A

BKPFBKPF

BSEG(..A)BSEG(..A)

GSEGGSEG

Audit planning

Work program - System Audit- Business Audit

Work Paper

Report

Audit Environment – External audit

•Online controlson the SAP database

-System information

-Reconciliation-Balance sheet/P+L-Balances-Accounts-Documents

•Data export-Line items-Account balances

Exp

ort

in

terf

ace

Line items

Balances


Prüfungsumgebung – Internes Audit

SAP environment

. . . . . .

. . . . . .

. . . . . .

KNA1KNA1

KNB1KNB1

KNC1KNC1

SKA1/SKATSKA1/SKAT

SKB1SKB1

SKC1ASKC1A

BKPFBKPF

BSEG(..A)BSEG(..A)

GSEGGSEG

Reporting

Corrective Action

Documentation

Analysis

Auditing

Planning

Analysis software( ACL / IDEA / … )

Audit Management

Audit Environment – Internal audit

•Online controlson the SAP database

-System information

-Reconciliation-Balance sheet/P+L-Balances-Accounts-Documents

•Data export-Line items-Account balances

Exp

ort

in

terf

ace

Line items


SAP standard roles

Audit Measure

Audit Result

Individual auditor menu

. . . . . . . . . . . .

Documentation / Maintenance

A u d i t

Risk Assessment

Step

1

Step

2

Step

3

Step

4

Step

5

Step

6

Step

nEnterprise Process

Audit Environment

G/L accnts Customers Vendors Inventory

Receivables CashFinancial

InstrumentsPayables

RevenuePersonal expense

Dataexport

. . .

Vendors

Inventory

Customers

Revenue

Receivables

Data export


The Audit Information System facilitates smoother and better quality audits.

It consists of a number of single roles and is a - Collection,- Structure, and- Default setup

of SAP standard programs

The AIS is the Toolbox of the auditor in SAP-Environment.

The Audit Information System


For a specified organization, the auditor receives a selection of evaluation programs with preset control data for each audit area to be checked.

Structure and Operation


Control data which occurs in multiple variants is defined as a variable- Table TVARVc- Arg. AUDI*

This data is updated at the beginning of an audit with the function "Customizing AIS".

This ensures proper control for all evaluations run during the course of the audit process.

Structure and Use


IMG Documentation selected table areas

AIS Documentation Information on audit steps

SAP Library Selected chapters

Internet Links selected WEB Addresses

Documentation in the Reporting Tree


Audit-specific documentation + training

AIS, Views / Target Groups

Business Audit Tax AuditSystem Audit

Internal Auditors

External Auditors

Data SecurityOfficers

Tax Auditors


Security guide ----------- SAP

System Audit

Audit-IS

Development-ISBenutzer-IS

Information retrieval using existing programs sorted by component

Users and Authorizations

Repository / Tables

System Audit

ADM950ADM960CA940


System Audit


SDSD

MMMM

PPPP

QAQA

PMPM

HRHR

FIFI

COCO

AMAM

PSPS

WFWF

ISIS

SAPR/3SAPR/3

SDSD

MMMM

PPPP

QAQA

PMPM

HRHR

FIFI

COCO

AMAM

PSPS

WFWF

ISIS

SDSD

MMMM

PPPP

QAQA

PMPM

HRHR

FIFI

COCO

AMAM

PSPS

WFWF

ISIS

SAPR/3SAPR/3

Audit guideline ----------User group

AC900/FIN900

The closing operation view for a single company is possible

Top Down View:Balance sheet / P&L Accounts Vouchers Procedures

Internationally deployable

Business Audit

Audit-IS

G/L ISCustomer IS

Vendor ISAssets IS

Business Audit


Business Audit


Tax Audit

WDE680

Tax Audit

DART-”DB”

Transaction data

Transaction data

...

Master data

Master data

MetadataViews

DART-”DB”

Transaction data

Transaction data

...

Master data

Master data

Metadata

DART-”DB”

Transaction data

Transaction data

...

Master data

Master data

MetadataViewsViews

Data fileprovided

Direct / indirectdata access

Tax-RoleDirect (Z1) and indirect (Z2) access to tax-relevant data.

Data file analysis (Z3)

D A R T (Data Retention Tool)Extraction and storage of tax-relevant data.


Tax Audit


Knowledge is Power, Knowledge is Productivity

SAP FIN: mySAP ERP Financials Overview Gain an overview of the mySAP Financials solution,

including data analysis

FIN900: Auditing with SAP Understanding configuration for SAP system security and

authorizations, including the Audit Information System

FIN910: Management of Internal Controls Focus on configuration of the SAP MIC application suited

for SOX / internal controls teams

WDE680*: GDPdU in SAP Systemen Using the SAP DART tool to comply with German

Steuersenkungsgesetz

* this course is offered only in German

SAP Education Offerings – Corporate Governance


Tools Used for Online and Batch Controls

A B A PA B A P

DrilldownDrilldownReportingReporting

InformationInformationSystemsSystems

D A R TD A R T

QueryQuery


Online-Controls: Special Queries for AIS

Document analysis • Documents in general• A/P A/R G/L line items

flexible selection for the data retrieval flexible analysis of the data deemed critical

using ALV functions

Dubious Documents• Document Journal

(with holiday calendar) Posted on Sunday or holidays? Posted at unusual times? . . .

Account Analysis• A/R• A/P• G/L accounts

Offsetting account analysis Even distribution of postings? (in Days/Months/Year) Unusual document origin? (manual, SD, MM, HR, ...) Posted in timely manner? (BUDAT – CPUDAT) Documents with the greatest volume (+/-)


Online-Controls: Special Queries for AIS

Comparison of Terms• A/R• A/P

Terms and conditions, base date, days 1, %, days 2, %, net Values in document - Values in master data =Variance (shows manual changes)

Variance Analysis• A/R (Payments received)• A/P (Payments sent)

Payments out of the norm- Standard condition per master data (days / %)- Condition taken as found in document- Variance (shows payment tendency)

Critical Clearing Processes • A/R

Clearing of a non-payment-related transaction ? Clearing via reversal ?


Until SAP Release 4.6C, AIS was realized using a menu technique (transaction SECR).

As of SAP Release 4.6, AIS is part of the SAP Standard System

As of SAP Release 4.6C (Support Package SAPKH46C27), the technical implementation of AIS in the program has been changed to a role-based maintenance environment (transaction PFCG).Additional development of AIS will only be carried out in this new environment.

The Development History of AIS


w e l c o m e

AIS in SAP Demo System IDES R/3

A I S has been set up in the SAP I D E S Demo System. Log on with user AUDITOR_FIN (Rel. 4.70).


AUDITOR_FINw e l c o m e

Please note:In the IDES System, the authorizations for user AUDITOR_FIN are assigned via the IDES profile R3_BASIC.The AIS authorization roles are not considered.

AIS in SAP Demo System IDES R/3

ais in general

Documents

audit information

audit information systemsap

audit process

audit area

peter schiwek

function c

operationsap ag

preset control data