continuous auditing applications for sap/r3 vincent rykes city of edmonton
Post on 22-Dec-2015
216 views
TRANSCRIPT
Continuous Auditing Applications for SAP/R3
Vincent Rykes
City of Edmonton
Session Overview
• Introduction
• Benefits of CAA
• Key Requirements for CAA
• SAP Data: Information and Sources
• CAA Tools
• Levels of Automation
• Example of a Fully Automated ACL CAA Batch
• Potential SAP CAA’s
• Questions
Introduction
• Definition of Continuous Auditing Application (CAA)
“A continuous audit is a methodology that enables independent auditors to provide written assurance on a subject matter using a series of auditors' reports issued simultaneously with, or a short period of time after, the occurrence of events underlying the subject matter”.
Source: CICA/AICPA Continuous Auditing Research Report 1999.
• Generic Definition of CAA
› Real time or near real time
› Periodic
› Produce information relevant for decision makers
• Session Objectives
› General theory and methodology
› Identify some of the technical issues and obstacles
› Go through an example of a fully automated SAP CAA
› Provide some examples of possible CAA’s
Benefits of CAA’s
• Timely
• Comprehensive
• Cost Effective
• Feedback loop for corporate governance frameworks
• Satisfy new audit and regulatory standards
• Be proactive regarding identifying indicators of fraud and/or errors
• Dynamic
Key Requirements for CAA’s• Organizational Support
• Planning Requirements
› knowledge of the underlying business processes
› how manual and machine processes manifest themselves into data
› buy-in from the affected business area
› roles and responsibilities for investigation and resolution of anomalies identified
• Reliable and accurate data sources
• Sufficient and appropriate access, tools and skills
• Timely and effective reporting mechanism
SAP Data: Information and Sources
spsp
SPSP
SP
SP
• Audit Information System (SECR)
› Standard queries - FI, GL, Vendor, Customer
› ABAP Queries
› ABAP/4 Dictionary
• Transactions and Reports
› Use F1-Technical Information to obtain information on tables and fields
• DART (FTW0)
• Quick Viewer (SQVI)
• Data Browser (SE16)
• ACL Direct Link
CAA Tools
SPSP
• SAP Audit Information System
› periodically run a transaction, report and/or ABAP query and save it a variant
› some audit procedures come standard
› e.g. duplicate invoice numbers
• General Audit Software
› ACL - SAP Certified Partner
› ACL Direct Link allows direct access to databases
• Spreadsheet and Database Applications
Levels of Automation
• Fully automatic
› Scheduling software
› ACL Direct Link
• Interactive
› ACL batch with dialogue
• Custom batches or queries/transactions/reports
› Create variants in SAP
› Audit software batches
Example of a Fully Automated ACL CAA Batch (page 1)
Example of a Fully Automated ACL CAA Batch (page 2)
Potential SAP CAA’s
• HR
› New employees
› Overtime
• MM
› Inventory adjustments
› New vendors
› Duplicate invoices
• FI
› Journal entries
› Offsetting account analysis
• Other
› Compliance with Privacy Legislation
› Compliance with Sarbanes-Oxley Act
Questions
• Resources:
• Websites› http://www.continuousauditing.org/
› http://business.tamu.edu/cca/
• ACL Documentation
› ACL User Guide – Chapter 8
› ACL Command - Volume 12, No3
• Questions ?
Thank you for attending!Please remember to complete and return your evaluation form following this session.
Session Code: 512