Milford Sprecher SAP Public Services, Inc. Audit Support in SAP Milford Sprecher SAP Public Services, Inc.
mySAP Audit Information System (AIS) Overview Auditing Overview mySAP Audit Information System (AIS) Overview Administration of AIS Tools and Data Export Summary and Q&A This is the table of contents. If using the MacroMedia animation then this will be interactive. The pod presenter can easily move between topics depending on the questions or comments posed by the prospect or customer. However, if given the ideal time to present then this is the default flow of content.
Reasons/Methodology for Financial Audits Generally begin with an assessment of internal controls under the assumption that good internal controls reduces the risk of improprieties in the system Are performed after adequate planning and with proper supervision Are performed by obtaining “competent evidential matter through inspection, observation, inquiries and confirmations to afford a reasonable basis for an opinion”3 3 Taylor, Donald H. and Glezen, G. William. Auditing: Integrated Concepts and Procedures, Second Edition, New York: John Wiley & Sons, 1982
Legal Environment (Today) Sarbanes-Oxley Act – 2002: New regulations for auditing firms including more independence requirements Reinforces older case law and acts Places more attention, requirements and responsibilities on management Elevates internal accounting controls to assertion level requiring an opinion from auditor
How Can Technology Help? System tools to facilitate documentation, assessment and testing of internal control environment Ability to implement continuous automated control techniques to ensure continued compliance with Sarbanes-Oxley requirements (e.g., monitoring of key disclosure controls, electronic sign-offs of control procedure completion, etc.) Ability to provide consistent business process and control practices Automated auditing techniques Control gap analysis and resolution performance management and tracking
SAP Principles Supporting Audit Requirements Inherent controls are delivered with SAP and do not need to be designed into the system Configurable controls automated controls to be defined at the time of system configuration Security controls user access and segregation of duties controls Reporting controls controls that rely on standard or ad-hoc reports from SAP
Internal Controls SAP Security Guide Contains examples of best practices for separation of duties System Audit Function in System Audit to make sure there are separation of duties (after the fact) MIC (Management of Internal Controls) Documents processes, risk and internal controls in place Third Party Products SAP Compliance Calculator by Versa Contains segregation of duties testing Sarbanes-Oxley driven
SAP MIC – Phases and Roles Continuous Improvement Management Auditor Scoping and Set-Up Document Processes and Controls Assess Control Design and Remediate Issues Test Operating Effective- ness Sign-Off, Prepare Certification / Internal Control Report Attest and Report CEO / CFO Internal Control Manager Org.Unit Manager Process Group Owner Section 404 requires an ongoing internal control management process. This slide shows the process steps from documentation, to a design assessment, then a test of operating effectiveness, and finally through to sign-off. This process is ongoing, and repeated each year (or quarter), as represented by the arrows at the top of the slide. If a weakness appears in the control design phase, the documentation may have to be reworked. Then the assessment is carried out a second time. This is represented by the first backward arrow. If a weakness appears in the testing phase, the control’s design may have to be reworked. Then the test will be carried out a second time. This is represented by the second backward arrow. Various roles are involved in the process, from the CFO and external auditors, down to the operative control owners and the people responsible for the remediation of control weaknesses. MIC has a flexible role and task concept to allow your company to create your own roles suited to how you manage internal controls in your organization. Control Owner Evaluator Tester Issue and Remediation Plan Owner Internal and External Auditor
mySAP Audit Information System (AIS) Overview Auditing Overview mySAP Audit Information System (AIS) Overview Administration of AIS Tools and Data Export Summary and Q&A This is the table of contents. If using the MacroMedia animation then this will be interactive. The pod presenter can easily move between topics depending on the questions or comments posed by the prospect or customer. However, if given the ideal time to present then this is the default flow of content.
SAP Audit Information System (AIS) AIS is the auditors‘ toolbox within the SAP environment Structured collection and pre-setting of standard reports Suitable for auditors with limited SAP experience Role-based organization Comprehensive functionality for system and business audits Provides monitoring of system inherent and configurable controls Implements numerous reporting controls Business audit structured according to Financial statements Business Processes AIS reporting tree links to multiple types of documentation AIS documentation, SAP Library, IMG documentation, web addresses Data export to external analysis and audit tools online real time or batch processed queries document data, account balances, and financial statement data Provide AIS system audit demo here. Insert SAP Tutor when available.
Audit Information System (AIS) Non-SAP Environment mySAP ERP Environment Audit planning Work program - System audit - Business audit A I S ... Accounts Customers Vendors Assets Material Orders Invoices … Online controls on the SAP database System information Reconciliation B/S, P&L Account balances Documents Data export Line items Analysis software ( ACL / IDEA / … ) Line items Export interface Reporting software Balances Work paper prep. Report The follwing auditing steps are provided for use with the AIS: Online-Controls in the areas -System audit -Business Audit Data export of flat files - Document line items - Account balances
AIS – Motivation and Availability Why should one be interested in this? In an environment of mass transactions, system support for audit is a must. Corporate governance requirements Why use the SAP Audit Information System? Acts as a bridge between auditors and the SAP system Helps to understand SAP terminology and structures Optimized for the SAP system, direct access to critical data What is the effort involved in installing and using AIS? AIS provides data without requiring much system resource. Queries can be run in batch or online. AIS is simple to implement – five to 10 consulting days including training.
Audit Information System
The Audit Information System The Audit Information System facilitates smoother and better quality audits. It consists of a number of single roles and is a - Collection, - Structure, and - Default setup of SAP standard programs. The AIS is the Toolbox of the auditor in SAP environment.
mySAP Audit Information System (AIS) Overview Auditing Overview mySAP Audit Information System (AIS) Overview Administration of AIS Tools and Data Export Summary and Q&A This is the table of contents. If using the MacroMedia animation then this will be interactive. The pod presenter can easily move between topics depending on the questions or comments posed by the prospect or customer. However, if given the ideal time to present then this is the default flow of content.
Tools Used for Online and Offline Controls Query A B A P Drill-down reporting A I S Information systems D A R T SAP provides various tools to help you fulfill reporting requirements. AIS uses the tool that provides the best result for the job at hand.
Online Controls – Query List SAP - DB Dialog Query Drill- down SAP Query The application SAP Query is used to create lists not already contained in the SAP standard. Extract (flat file)
Selected Queries Delivered by SAP Document analysis Documents in general A/P A/R G/L line items Flexible selection for the data retrieval Flexible analysis of the data deemed critical using ALV functions Dubious Documents Document journal (with holiday calendar) Posted on Sunday or holidays? Posted at unusual times? . . . Account Analysis A/R A/P G/L accounts Offsetting account analysis Even distribution of postings? (in Days/Months/Year) Unusual document origin? (manual, SD, MM, HR, ...) Posted in timely manner? (BUDAT – CPUDAT) Documents with the greatest volume (+/-) Comparison of Terms A/R A/P Terms and conditions, base date, days 1, %, days 2, %, Net values in document - Values in master data = Variance (shows manual changes) Variance Analysis A/R (Payments received) A/P (Payments sent) Payments out of the norm Standard condition per master data (days / %) Condition taken as found in document Variance (shows payment tendency) Critical Clearing Processes A/R Clearing only payment-relevant process? Clearing via reversal?
Online Controls – Drilldown Reporting List SAP - DB Dialog Drill-down Reporting Drill- down SAP drill-down reporting With drill-down reporting, SAP provides you with an interactive information system to let you evaluate the data collected in your application. Extract (flat file)
Online Controls – Information Systems List SAP - DB Dialog Information systems Drill- down Component-specific information tools: General ledger Information System Accounts receivable Information System Accounts payable Information System Logistics Information System Repository Information System . . . Extract (flat file)
Offline Controls – DART List SAP - DB Dialog D A R T Drill- down Data Retention Tool ( D A R T ): Data retention and evaluation of tax-relevant data. Data extraction and storage View query Export function (SAP-Audit-Format) Extract (flat file) The Data Retention Tool (DART) was developed to support R/3 users with the compliance of legal requirements regarding data storage and reporting. DART makes it possible to regularly extract and store data from active R/3 applications. DART provides tools with which stored data can be flexibly evaluated.
mySAP Audit Information System (AIS) Overview Auditing Overview mySAP Audit Information System (AIS) Overview Administration of AIS Tools and Data Export Summary and Q&A This is the table of contents. If using the MacroMedia animation then this will be interactive. The pod presenter can easily move between topics depending on the questions or comments posed by the prospect or customer. However, if given the ideal time to present then this is the default flow of content.
7 Key Points to Take Home SAP Audit Information System (AIS) is the auditor‘s toolbox in the SAP environment. It provides a structured, easy-to-learn access to audit-relevant data in the SAP system. AIS is being used by external auditors, internal auditors/financial analysts, tax auditors and data security officers. There are comprehensive online controls for system audit, business audit, and tax audit. AIS supports data export of master data, account balances, and documents to 3rd party audit and analysis tools. AIS can be implemented quickly and with low effort, and easily adjusted to the requirements of the customer. AIS requires few system resources.
AIS – Benefits AIS is the auditor‘s toolbox within SAP. Online Controls and Data Export Easy to use functionality Comprehensive offering for System audit Business audit Tax audit