milford sprecher sap public services, inc. audit support in sap

Milford Sprecher

SAP Public Services, Inc.

Audit Support in SAP

Auditing Overview

mySAP Audit Information System (AIS) Overview

Administration of AIS

Tools and Data Export

Summary and Q&A

SAP AG 2003 / Audit Information System, 3

Reasons/Methodology for Financial Audits

Financial audits Generally begin with an assessment of internal controls under the

assumption that good internal controls reduces the risk of improprieties in the system

Are performed after adequate planning and with proper supervision

Are performed by obtaining “competent evidential matter through inspection, observation, inquiries and confirmations to afford a reasonable basis for an opinion”3

3 Taylor, Donald H. and Glezen, G. William. Auditing: Integrated Concepts and Procedures, Second Edition, New York: John Wiley & Sons, 1982


Legal Environment (Today)

Sarbanes-Oxley Act – 2002: New regulations for auditing firms including more independence

requirements Reinforces older case law and acts Places more attention, requirements and responsibilities on

management Elevates internal accounting controls to assertion level requiring

an opinion from auditor


How Can Technology Help?

System tools to facilitate documentation, assessment and testing of internal control environment

Ability to implement continuous automated control techniques to ensure continued compliance with Sarbanes-Oxley requirements (e.g., monitoring of key disclosure controls, electronic sign-offs of control procedure completion, etc.)

Ability to provide consistent business process and control practices Automated auditing techniques Control gap analysis and resolution performance management and

tracking


SAP Principles Supporting Audit Requirements

Inherent controls are delivered with SAP and do not need to be designed into the

system

Configurable controls automated controls to be defined at the time of system configuration

Security controls user access and segregation of duties controls

Reporting controls controls that rely on standard or ad-hoc reports from SAP


Internal Controls

SAP Security Guide

Contains examples of best practices for separation of duties

System Audit

Function in System Audit to make sure there are separation of duties (after the fact)

MIC (Management of Internal Controls)

Documents processes, risk and internal controls in place

Third Party Products

SAP Compliance Calculator by Versa Contains segregation of duties testing Sarbanes-Oxley driven


Continuous ImprovementContinuous Improvement

Scoping andSet-Up

Document Processes

and Controls

Sign-Off, Prepare

Certification / Internal Control

Report

Assess Control

Design and Remediate

Issues

TestOperatingEffective-

ness

Attest and

Report

Management Auditor

CEO / CFO

Internal Control Manager

Org.Unit Manager

Process Group Owner

Control Owner

Evaluator Tester

Issue and Remediation Plan Owner

Internal and External Auditor

SAP MIC – Phases and Roles

Auditing Overview


Administration of AISTools and Data Export

Summary and Q&A


SAP Audit Information System (AIS)

AIS is the auditors‘ toolbox within the SAP environment Structured collection and pre-setting of standard reports Suitable for auditors with limited SAP experience Role-based organization

Comprehensive functionality for system and business audits Provides monitoring of system inherent and configurable controls Implements numerous reporting controls

Business audit structured according to Financial statements Business Processes

AIS reporting tree links to multiple types of documentation AIS documentation, SAP Library, IMG documentation, web addresses

Data export to external analysis and audit tools online real time or batch processed queries document data, account balances, and financial statement data


Audit Information System (AIS)

• Audit planning

• Work program

- System audit- Business audit

Exp

ort

in

terf

ace

Online controls onthe SAP database

• System information

• Reconciliation• B/S, P&L• Account balances• Documents

Data export

• Account balances• Line items

Non-SAP Environment mySAP ERP Environment

Work paperprep.

Report

Analysis software( ACL / IDEA / … )

Reporting software

Line items

Balances

...

Accounts

Customers

Vendors

Assets

Material

Orders

Invoices

…


AIS – Motivation and Availability

Why should one be interested in this? In an environment of mass transactions, system support for audit is

a must. Corporate governance requirements

Why use the SAP Audit Information System? Acts as a bridge between auditors and the SAP system Helps to understand SAP terminology and structures Optimized for the SAP system, direct access to critical data

What is the effort involved in installing and using AIS? AIS provides data without requiring much system resource. Queries can be run in batch or online. AIS is simple to implement – five to 10 consulting days including

training.


Audit Information System


The Audit Information System facilitates smoother and better quality audits.

It consists of a number of single roles and is a - Collection,- Structure, and- Default setup

of SAP standard programs.

The AIS is the Toolbox of the auditor in SAP environment.

The Audit Information System

Auditing Overview



Summary and Q&ATools and Data Export


QueryQuery

Drill-downDrill-downreportingreporting

InformationInformation

systemssystemsD A R TD A R T

A B A PA B A P

Tools Used for Online and Offline Controls


SAP - DBSAP - DB

QueryQuery

SAP Query

The application SAP Query is used to create lists not already contained in the SAP standard.

List

Dialog

Drill-down

Extract(flat file)

Online Controls – Query


Document analysis • Documents in general• A/P A/R G/L line items

Flexible selection for the data retrieval Flexible analysis of the data deemed critical

using ALV functions

Dubious Documents• Document journal

(with holiday calendar)

Posted on Sunday or holidays? Posted at unusual times? . . .

Account Analysis• A/R• A/P• G/L accounts

Offsetting account analysis Even distribution of postings? (in Days/Months/Year) Unusual document origin? (manual, SD, MM, HR, ...) Posted in timely manner? (BUDAT – CPUDAT) Documents with the greatest volume (+/-)

Critical Clearing Processes • A/R

Clearing only payment-relevant process? Clearing via reversal?

Variance Analysis• A/R (Payments received)• A/P (Payments sent)

Payments out of the norm- Standard condition per master data (days / %)- Condition taken as found in document- Variance (shows payment tendency)

Comparison of Terms• A/R• A/P

Terms and conditions, base date, days 1, %, days 2, %, Net values in document - Values in master data = Variance (shows manual changes)

Selected Queries Delivered by SAP


SAP - DBSAP - DB

Drill-downDrill-downReportingReporting

SAP drill-down reporting

With drill-down reporting, SAP provides you with an interactive information system to let you evaluate the data collected in your application.

List

Dialog

Drill-down

Extract(flat file)

Online Controls – Drilldown Reporting


SAP - DBSAP - DB

InformationInformation

systemssystems

Component-specific information tools:

General ledger Information System Accounts receivable Information System Accounts payable Information System Logistics Information System Repository Information System . . .

List

Dialog

Drill-down

Extract(flat file)

Online Controls – Information Systems


SAP - DBSAP - DB

D A R TD A R T

Data Retention Tool ( D A R T ):

Data retention and evaluation oftax-relevant data.

Data extraction and storage View query Export function (SAP-Audit-Format)

List

Dialog

Drill-down

Extract(flat file)

Offline Controls – DART

Auditing Overview



Tools and Data Export

Summary and Q&A


7 Key Points to Take Home

1. SAP Audit Information System (AIS) is the auditor‘s toolboxin the SAP environment.

2. It provides a structured, easy-to-learn access to audit-relevant data in the SAP system.

3. AIS is being used by external auditors, internal auditors/financial analysts, tax auditors and data security officers.

4. There are comprehensive online controls for system audit, business audit, and tax audit.

5. AIS supports data export of master data, account balances, and documents to 3rd party audit and analysis tools.

6. AIS can be implemented quickly and with low effort, and easily adjusted to the requirements of the customer.

7. AIS requires few system resources.


AIS – Benefits

AIS is the auditor‘s toolbox within SAP.

Online Controls and Data Export

Easy to use functionality

Comprehensive offering for

System audit

Business audit

Tax audit

milford sprecher sap public services, inc. audit support in sap

Documents

sap system

sap slide

sap ag

system tools

system support

system resource

audit tools

sap library