The SAP Audit Information System: Solution Management Financials Sap Ag

The SAP Audit Information System
Solution Management Financials SAP AG
Agenda
Audit Information System overview
Administration of AIS
System audit with AIS
Business audit with AIS
Tools and data export
Summary and Q&A
SAP AG 2003 / Audit Information System, 2
SAP Audit Information System (AIS)

AIS is the auditors toolbox within the SAP environment
Structured collection and pre-setting of standard reports Suitable for auditors with limited SAP experience Role-based organization
Comprehensive functionality for system and business audits

Provides monitoring of system inherent and configurable controls Implements numerous reporting controls
Business audit structured according to

Financial statements Business Processes
AIS reporting tree links to multiple types of documentation

AIS documentation, SAP Library, IMG documentation, web addresses
Data export to external analysis and audit tools

online real time or batch processed queries document data, account balances, and financial statement data
Audit Information System (AIS)
Non-SAP Environment
Audit planning Work program - System audit - Business audit
mySAP ERP Environment
... Online controls on the SAP database

System information Reconciliation B/S, P&L Account balances Documents
Accounts Customers Vendors Assets Material Orders Invoices
Analysis software ( ACL / IDEA / )
Line items
Reporting software
Balances
Export interface
Work paper prep.
Data export
Account balances Line items
Report
AIS Motivation and Availability

Why should one be interested in the topic?
In an environment of mass transactions, system support for audit is a must. Corporate governance requirements
Why use the SAP Audit Information System?

Acts as a bridge between auditors and the SAP system Helps to understand SAP terminology and structures Optimized for the SAP system, direct access to critical data
What is the effort involved in installing and using AIS?

AIS provides data without requiring much system resource. Queries can be run in batch or online.
Availability of AIS
First available with SAP R/3 Release 3.x Largely enhanced for use on top of SAP R/3 4.6C and R/3 Enterprise Enhancements available as part of mySAP solutions and as part of SarbanesOxley Act (SOA) package
Corporate Governance
Rating Basel II IAS US-GAAP
SarbanesOxley Act
Software Certificate
Parallel Valuation SEM
Risk Mgmt, Consolidation, Bal. Scorecard, Man.Cockpit
MIC GoB, GoBS COSO II GDPdU Continuous Audit

Management of Internal Controls
DART
Audit Information System Data Retention Tool
SOA Section 302 Requirements

Certification of disclosure in companies quarterly and annual reports
Management responsibility for effective disclosure controls and procedures over financial reporting, operations and compliance Disclosure of significant deficiencies in internal control to audit committee and external auditors Certification of contents of SEC reports* by CEO and CFO
(*) filed annually and/or quarterly, depending on size and location of company
Activity
Identify scope of the companys disclosure controls and procedures. Document business processes and process controls over all major activities within an entity (beyond solely processes impacting financial reporting). Assess internal control effectiveness. Identify and track resulting issues and remediation plans. Cascade the accountability for control evaluation and roll up the results (e.g., resulting in a dashboard confirming ability to sign certification).
SOA Section 404 Requirements

Management report on internal control over financial reporting
Annual report should include a report by management on the effectiveness of internal control over financial reporting.
Documentation of control design of effectiveness testing Disclosure of any material weaknesses Attestation by external auditors
Note: Further periodic requirements are covered under Section 302.
Activity
Identify areas of scope relevant for evaluating the effectiveness of internal control over financial reporting. Document the design of significant controls. Perform evaluation of control design and effectiveness. Identify resulting control issues and monitor remediation. Document changes in processes and controls; surface any associated issues. Prepare internal control report. Attestation by external auditors
SAP Principles and Applications Supporting SOA
SAP principles
Inherent controls Configurable controls Reporting controls
implements checks
SAP applications
Management of Internal Controls Whistle Blower Audit Information System Business Consolidation Risk Management Management Cockpit Balanced Scorecard Business Planning and Simulation
Audit Environment
Audit
Documentation / Maintenance Step n Step 1 ... SAP standard roles
G/L accnts Customers Vendors Financial Instruments Data export Inventory Vendors Receivables Cash Personal expense Payables Inventory Customers ... Revenue Receivables Data export Revenue
Step 2
...
Step 3
Enterprise Process Risk Assessment Audit Measure Audit Result
Step 4
Step 5
...
Step 6
...
Individual auditor menu
AIS, Views/Target Groups
System audit
Business audit
Tax audit
Internal auditors External auditors Data security officers Tax auditors Audit-specific documentation and training
Audit Information System
Additional Information within the AIS
AIS Documentation
Information on audit steps
SAP Library
Selected chapters
IMG Documentation
Selected table areas
Internet Links
Selected Web addresses
Agenda
Summary and Q&A

System Audit with AIS

General
SAP R/3 Security Guide Top 10 security reports System configuration System logs Software status (transport, support packages) ...
Users and authorizations

Central user administration Critical combinations of transactions ...
Tables/repository
Table authorization Table recordings Access statistics Change documents ...
System Audit
System Audit - Authorization
Critical combination of transactions addresses the issue of segregation of duties (SOD)
Critical Combination of Transactions SOD
Critical Combination of Transactions SOD
System Audit - Repository/Tables
Repository/Tables - Information System
Repository/Tables - Data Browser
Agenda
Summary and Q&A
AIS Standard Roles for Business Audit (1)

Account-oriented approach
Balance sheet
Fixed assets Real estate (*) Inventory Receivables Financial instruments (*) Cash (*) Payables
Income statement
Sales revenue (*) Raw material consumed (*) Personnel expenses
Segment reporting (*) Internal activity allocation (*) Consolidated financial statement (*)
* = new as of Q4 / 2003
AIS Standard Roles for Business Audit (2)

Process-oriented approach
From purchase to pay (*)
Vendors Purchasing Incoming invoices Payables Outgoing payments
From order to cash (*)

Customers Revenues Receivables Incoming payments
* = new as of Q4 / 2003
AIS - Business Audit
AIS Organizational Overview
Organizational Overview - Client
Organizational Overview - Company Code
Organizational Overview - # of Customers
KNA1
KNB1
KNC1
AIS - Financial Statements - General
General Ledger (GLT0)
Account Analysis G/L Account
The analysis is also available for - A/R accounts - A/P accounts
Account Analysis Data Selection
Account Analysis Offsetting Accounts
Account Analysis Daily Volume
Account Analysis Timely Update ?
Account Analysis Top Posting Volume
Account Analysis - Documents
AIS Business Audit of Receivables (1)

AIS Receivables
Overview about customers New customers
Customer master data Top 10 reports Reconciliation Customers balances Customers documents Risks on receivables Cut-off check A/R Information System
Customers marked for deletion Changed customers Missing credit data
AIS Business Audit of Receivables (2)

AIS Receivables
Customer master data Top 10 reports Reconciliation Customers balances Customers documents Risks on receivables Cut-off check A/R Information System
Agenda
Summary and Q&A
Tools Used for Online and Offline Controls
Query
ABAP
DrillDrill-down reporting
Information systems
DART
Online Controls ABAP
List
SAP - DB
Dialog
ABAP
Drilldown
Advanced Business Application Programming
ABAP is the programming language used in R/3. Call SAP standard or customer-specific programs.
Extract
(flat file)
ABAP Reporting Calling Up Reports

Calling up reports using the application menu
Report selection w/ GL Legal requirements Account G/L account balances
Calling up reports directly using the system menu
System Services Reporting
Program:
RFSSLD00
G/L account balances provided by program RFSSLD00
ABAP Reporting Using Variants

Call report
G/L Account balances/RFSSLD00 with variant (1) Variants for RFSSLD00 VAR1 : Chart of accounts INT G/L Account 1-999 Company code Fiscal year VAR2 : Chart of accounts INT Company code VARn :
G/L Account balances Chart of Accts. INT G/L Account 1-999 Company code 0001 Fiscal year 2002
T-BUK T-GJAHR
T-BUK
Table of variables
G/L account balances provided by program RFSSLD00
T-BILANZ T-BUK T-GJAHR2002 T-from/to
INT 0001 0100 - 0999
Online Controls Query
List
SAP - DB
Dialog
Query
Drilldown
SAP Query The application SAP Query is used to create lists not already contained in the SAP standard. It has been designed for users with little or no knowledge of the SAP programming language ABAP.
Extract
(flat file)
Online Controls Drilldown Reporting
List
SAP - DB
Dialog
DrillDrill-down Reporting
SAP drill-down reporting With drill-down reporting, SAP provides you with an interactive information system to let you evaluate the data collected in your application.
Drilldown
Extract
(flat file)
Online Controls Information Systems
List
SAP - DB
Dialog
Information systems
Component-specific information tools: General ledger Accounts receivable Accounts payable Logistics Repository ...
Drilldown
Information System Information System Information System Information System Information System
Extract
(flat file)
Offline Controls DART
List
SAP - DB
Dialog
DART
Drilldown
Data Retention Tool ( D A R T ): Data retention and evaluation of tax-relevant data. Data extraction and storage View query Export function (SAP-Audit-Format)
Extract
(flat file)
Scenario for the Export of Data
SAP DB
Download
Single audit
Probability-based auditing (statistical sampling algorithms)

ACL IDEA ...
Data Export
Data Export - G/L Account, Document Items
Data Collection (Phase 1, Batch) Download (Phase 2, Dialogue)
3rd party audit software
Agenda
Summary and Q&A
7 Key Points about SAP Audit Information System 1. SAP Audit Information System (AIS) is the auditors toolbox in the SAP environment. 2. It provides a structured, easy-to-learn access to audit-relevant data in the SAP system. 3. AIS is being used by external auditors, internal auditors, tax auditors and data security officers. 4. There are comprehensive online controls for system audit, business audit, and tax audit. 5. AIS supports data export of master data, account balances, and documents to 3rd party audit and analysis tools. 6. AIS does only require few system resources.
AIS Benefits
AIS is the auditors toolbox within SAP. Online Controls and Data Export Easy to use functionality Comprehensive offering for System audit Business audit Tax audit
Copyright 2003 SAP AG. All Rights Reserved

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, WINDOWS, NT, EXCEL, Word, PowerPoint and SQL Server are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries, xSeries, zSeries, z/OS, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, Informix and Informix Dynamic ServerTM are trademarks of IBM Corporation in USA and/or other countries. ORACLE is a registered trademark of ORACLE Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, the Citrix logo, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, MultiWin and other Citrix product names referenced herein are trademarks of Citrix Systems, Inc. HTML, DHTML, XML, XHTML are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology. JAVA is a registered trademark of Sun Microsystems, Inc. JAVASCRIPT is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. MarketSet and Enterprise Buyer are jointly owned trademarks of SAP AG and Commerce One. SAP, R/3, mySAP, mySAP.com, xApps, xApp and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies.

The SAP Audit Information System: Solution Management Financials Sap Ag

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

The SAP Audit Information System: Solution Management Financials Sap Ag

Uploaded by

Copyright:

Available Formats

The SAP Audit Information System

Solution Management Financials SAP AG

System audit with AIS

Business audit with AIS

Tools and data export

Summary and Q&A

SAP AG 2003 / Audit Information System, 2

SAP Audit Information System (AIS)

Comprehensive functionality for system and business audits

Business audit structured according to

AIS reporting tree links to multiple types of documentation

Data export to external analysis and audit tools

SAP AG 2003 / Audit Information System, 3

Audit Information System (AIS)

mySAP ERP Environment

... Online controls on the SAP database

Accounts Customers Vendors Assets Material Orders Invoices

Analysis software ( ACL / IDEA / )

Work paper prep.

SAP AG 2003 / Audit Information System, 4

AIS Motivation and Availability

Why use the SAP Audit Information System?

What is the effort involved in installing and using AIS?

SAP AG 2003 / Audit Information System, 5

Rating Basel II IAS US-GAAP

Parallel Valuation SEM

Risk Mgmt, Consolidation, Bal. Scorecard, Man.Cockpit

MIC GoB, GoBS COSO II GDPdU Continuous Audit

SAP AG 2003 / Audit Information System, 6

SOA Section 302 Requirements

SOA Section 404 Requirements

SAP Principles and Applications Supporting SOA

Enterprise Process Risk Assessment Audit Measure Audit Result

Individual auditor menu

AIS, Views/Target Groups

Audit Information System

SAP AG 2003 / Audit Information System, 12

Additional Information within the AIS

SAP AG 2003 / Audit Information System, 13

System audit with AIS

Business audit with AIS

Tools and data export

Summary and Q&A

System Audit with AIS

Users and authorizations

SAP AG 2003 / Audit Information System, 15

SAP AG 2003 / Audit Information System, 16

System Audit - Authorization

Critical combination of transactions addresses the issue of segregation of duties (SOD)

SAP AG 2003 / Audit Information System, 17

Critical Combination of Transactions SOD

SAP AG 2003 / Audit Information System, 18

Critical Combination of Transactions SOD

SAP AG 2003 / Audit Information System, 19

System Audit - Repository/Tables

SAP AG 2003 / Audit Information System, 20

Repository/Tables - Information System

SAP AG 2003 / Audit Information System, 21

Repository/Tables - Data Browser

SAP AG 2003 / Audit Information System, 22

System audit with AIS

Business audit with AIS