On Sap

SAP: Business Process Controls and AIS
Jennifer Hahn Michael Juergens Deloitte & Touche ISACA Spring Conference April 27, 1999
Presentation Outline
SAP Module Overview s SAP Business Process Overview s Audit Information System (AIS) Overview
s
1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
SAP Module Overview
Bpcontrols.ppt
SAP R/3 Modules

SD
Sales & Distribution
FI
Financial Accounting
MM PP
Materials Mgmt. Production Planning
CO
Controlling
AM
R/3
Client / Server ABAP/4
HR IS
Industry Solutions
Fixed Assets Mgmt.
QM
Quality Management
PS
Project System
PM
Plant Maintenance
WF
Workflow
Human Resources
Bpcontrols.ppt
SAP Modules - Functional Category

Functional Category
s s s s
Financial Applications Logistics Applications Human Resources Cross Applications Industry Solutions
Financial Applications
FI, CO, EC, IM, TR, AM, PS
Logistics Applications
SD, MM, PM, PP, QM, LO
Human Resources
PA, PD
Cross Applications
WF, OC, AL, CAD. DMS, ALE,
EDI, I/Net, EC s
Industry Solutions
IS
5
Bpcontrols.ppt
Financial Accounting
q q
General Ledger Accounts Receivable Accounts Payable Tax and Financial Reports Special Purpose Ledger Legal Consolidations
FI
q q
q q
Financial Applications. . . . . . . .
1999 Deloitte & Touche LLP. All rights reserved. Bpcontrols.ppt
Controlling
q q
Cost Center Accounting Profit Center Accounting Product Cost Controlling Profitability Analysis Activity Cost Management Internal Orders
CO
q q
Fixed Asset Management

q q q q
Depreciation Property Values Insurance Policies Capital Investment Grants
AM
Project System
q q
Project Tracking Work Breakdown Structure Budget Management Cost and Revenue Planning Networks and Resources
PS
q q
Sales and Distribution

q q
Computer Aided Sales Quotations Sales Order Management Pricing Delivery Invoicing
SD
q q q q
Logistics Applications . . . . . . . .
10
Materials Management
q q q q q
Procurement Inventory Management Vendor Evaluation Invoice Verification Warehouse Management
MM
11
Production Planning
q
Sales & Operations Planning Demand Management Material Requirements Planning Production Activity Control Capacity Planning
PP
12
Quality Management
Quality Certificates Inspection Processing Planning Tools Quality Control Quality Notifications
QM
q q q q
13
Plant Maintenance
q q
Plant Maintenance Equipment and Technical Objects Preventive Maintenance Service Management Maintenance Order Management
PM
q q q
14
Human Resources
q
Personnel Administration Payroll, Benefits Time Management Planning and Development Organization Management
HR
q q
Human Resources. . . . . . . .
15
Cross Applications
q q q
WF
q q q
SAP Business Workflow SAP Office SAP ArchiveLink EDI Communication Application Link Enabled (ALE) Others
Cross Applications. . . . . . . .
16
Industry Solutions
q q q
IS
q q q q q
Banks Hospitals Oil Companies Publishing Sector Telecommunications Retail Utilities Others
Industry Solutions. . . . . . . .
17
Basis Component Overview
Bpcontrols.ppt
18
Basis Component
q
ABAP/4 Development Workbench Computer Center Management System Authorization Concept Transport System Database Administration
BC
q q q
Basis Component. . . . . . . .
19
SAP Business Process Overview
Bpcontrols.ppt
20
10
SAP Business Processes

Over 1200 business processes defined by SAP

Highly flexible Customized to fit each company Companies choose the business processes that they want to implement
Every SAP installation is different

It is important to have clear understanding of business processes that are effected by the SAP implementation These business processes should be mapped to the corresponding SAP modules that are implemented
Bpcontrols.ppt
21
Example Business Process - Sales

Product Costing Profitability Analysis
Planning MPS
Sales Order
MRP run
Planned Order
Production Order
Delivery
Billing
Customer Payment
Goods Issue
Goods Receipt
Goods Issue
Purchase Requisition
Raw
Goods Receipt
Finished
Modules s MM s PP
Vendor Customer G/L Account Material

Purchase Order
Invoice Receipt
Vendor Payment
s SD s FI/CO
Bpcontrols.ppt
22
11
Linking SAP Modules, Business Processes and Audit
Bpcontrols.ppt
23
Audit Challenges
SAP Modules
Three Main Functional Categories Multitude of Modules Multitude of Sub-Modules
SAP Business Processes

1200+ Processes
Audit Processes
Business Process Cycles
Bpcontrols.ppt
24
12
Linking Audit Cycles to SAP Modules

Audit Business Cycles Treasury Fixed Assets Expenditure Revenue Inventory Management Payroll and Personnel
SAP Module Functional Category Financial Applications
Logistics Applications
Human Resources
Basis Component Cross Applications Industry Solutions
Bpcontrols.ppt
25
Audit Information System (AIS)
Bpcontrols.ppt
26
13
AIS - History and Background

Requested by
Internal Auditors, External Auditors, and Company Management
Designed by SAP in response to requirements for a tool to find, evaluate and download information from SAP easily Includes:
Audit Report Tree (transaction code: SECR) Report tree includes Systems and Financial audit tasks, reports and tests for additional modules are under development Evaluation and notes can be entered into the specific tasks to monitor progress of tasks
Bpcontrols.ppt
27
AIS - History and Background

s
To provide a mechanism and structure for collection, and presentation of standard SAP reporting The goal is improvement of audit quality through real-time auditing To provide company specific, individual selection and preparation of data needs and requirements for reporting and review To provide the ability to download data into flat files for analysis with external tools
AuditAgent ACL IDEA Baetge
IS
s
SAP - DB
Bpcontrols.ppt
28
14
What is AIS?
s s s
A collection of SAP reports / queries based on a reporting tree A tool for auditing an SAP system Utilizes existing SAP functionality Designed to rationalize and facilitate the audit process Organizes all audit related activities under one umbrella Aims to improve the quality of an audit
Bpcontrols.ppt
29
What does AIS do?

1998 SAP AG. All rights reserved. 1999 Deloitte & Touche LLP. All rights reserved. Bpcontrols.ppt
30
15
What does AIS do?

1998 SAP AG. All rights reserved. 1999 Deloitte & Touche LLP. All rights reserved. Bpcontrols.ppt
31
AIS Features and Functions

s s s s
Tool for performing both System and Business Audits Provides auditors with the ability to document and monitor the progress of an audit Reports and queries can be customized for each user Allows auditors to evaluate information or download data to be used by CAAT tools such as ACL Different views allow external auditors (both financial and systems auditors) and internal auditors to use the system simultaneously
Bpcontrols.ppt
32
16
AIS - System Audits

Using the AIS System Audit tree users can:

Review system configuration settings Review parameters settings Monitor operations Review various logs Review background processing Review security settings Perform user security audits Review transport related activities Review print and spool administration
Bpcontrols.ppt
33
AIS - Business Audits

Using the AIS Business Audit tree users can:

Perform various audit related queries Produce various audit related reports Review organization structure Review document structure, ranges, posting keys etc. Review client setup (number of accounts, assets, customers, vendors, materials etc.) Review chart of accounts Produce financial reports (balance sheets, P&L, ratio analysis etc.) Review account balances
Bpcontrols.ppt
34
17
Audit Status Analysis

AIS uses Status Analysis functionality to:

Summarize, maintain and monitor details of the audit progress of specific testing, and for audit management Easily and quickly identify problem areas Document results of tests offering drill-down functionality Notes exist in SAP R/3 version 3.1G+
Bpcontrols.ppt
35

Status Analysis functionality and capabilities improves the ability of Audit management to track tasks performed within SAP:
Percentage of completed audit steps for an audit objective via traffic lights: Creation of separate documentation for the node of each separate user view Ability to identify the number of views a node is assigned to, with the associated status of completion for each view Tracking of changes made to the notes to a responsible person
Bpcontrols.ppt
36
18

Bpcontrols.ppt
37
Audit Report Tree

The audit report tree contains two standard views:

Financial Audit (AUDIT_FI) Systems Audit (AUDIT_SECR)
Each view contains:

Auditing procedures and documentation tools Audit evaluations (including data and key controls within the configuration) Data download tools through links to Data Analysis Tools, such as ACL (automated) or IDEA (through Monarch)
Bpcontrols.ppt
38
19
Audit Report Tree

Bpcontrols.ppt
39
AIS and SAP versions

Versions 3.1I and 4.5B+

An integral part of the SAP Basis Component
Only works on certain releases of R/3

3.0D, 3.0E, 3.0F 3.1G, 3.1H, 3.1I 4.0A, 4.0B, 4.0C 4.5A, 4.5B, 4.6A
Not all functions are available in each version, as functionality is based on the release level
Bpcontrols.ppt
40
20
AIS - Relevant OSS Notes

Online System Support (OSS) Notes:

13719 - Transport Files to load AIS onto SAP for versions 3.0D on 41475 - Copying report variants between clients 77503 - AIS Overview, Auditors configuration of Views, Variants and Ratios 85344 - Performance concerns when AIS is installed 100609 - Basis Installation Steps 128256 - Missing English Texts 129170 - Download of Query Data 133914 - Conversion of drill-down reports
Bpcontrols.ppt
41
AIS Business Case
Bpcontrols.ppt
42
21
AIS Advantages
s s s s s s s s s
Centralized auditing Continuous auditing Teaming of internal and external audit efforts More efficient use of time One report tree Simplify data extraction Potential to have all SAP reports in AIS only Custom views AIS is free
Bpcontrols.ppt
43
AIS Disadvantages
s s s s s s s s s
Variant review after every SAP upgrade Reports must be configured SAP knowledge required to interpret results Over auditing Under auditing Access to SAP Auditability of the Financial (FI) module Only Reliance on the SAP system is assumed AIS is not mature
Bpcontrols.ppt
44
22
Questions and Information

Presenter Information:
Jennifer Hahn 714-436-7171 Michael Juergens 714-436-7276
Bpcontrols.ppt
45
23

On Sap

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

On Sap

Uploaded by

Copyright:

Available Formats

SAP: Business Process Controls and AIS

1999 Deloitte & Touche LLP. All rights reserved.

SAP: Business Process Controls and AIS

SAP Module Overview

1999 Deloitte & Touche LLP. All rights reserved.

SAP R/3 Modules

Fixed Assets Mgmt.

1999 Deloitte & Touche LLP. All rights reserved.

SAP Modules - Functional Category

1999 Deloitte & Touche LLP. All rights reserved.

Fixed Asset Management

Depreciation Property Values Insurance Policies Capital Investment Grants

Sales and Distribution

Procurement Inventory Management Vendor Evaluation Invoice Verification Warehouse Management

SAP: Business Process Controls and AIS

Basis Component Overview

1999 Deloitte & Touche LLP. All rights reserved.

SAP: Business Process Controls and AIS

SAP Business Process Overview

1999 Deloitte & Touche LLP. All rights reserved.

SAP Business Processes

Over 1200 business processes defined by SAP

Every SAP installation is different

1999 Deloitte & Touche LLP. All rights reserved.

Example Business Process - Sales

Vendor Customer G/L Account Material

1999 Deloitte & Touche LLP. All rights reserved.

SAP: Business Process Controls and AIS

Linking SAP Modules, Business Processes and Audit

1999 Deloitte & Touche LLP. All rights reserved.

SAP Business Processes

1999 Deloitte & Touche LLP. All rights reserved.

Linking Audit Cycles to SAP Modules

SAP Module Functional Category Financial Applications

1999 Deloitte & Touche LLP. All rights reserved.

SAP: Business Process Controls and AIS

Audit Information System (AIS)

1999 Deloitte & Touche LLP. All rights reserved.

AIS - History and Background

1999 Deloitte & Touche LLP. All rights reserved.

AIS - History and Background

1999 Deloitte & Touche LLP. All rights reserved.

What does AIS do?

What does AIS do?

AIS Features and Functions

1999 Deloitte & Touche LLP. All rights reserved.

AIS - System Audits

Using the AIS System Audit tree users can:

1999 Deloitte & Touche LLP. All rights reserved.

AIS - Business Audits

Using the AIS Business Audit tree users can:

1999 Deloitte & Touche LLP. All rights reserved.

Audit Status Analysis

AIS uses Status Analysis functionality to:

1999 Deloitte & Touche LLP. All rights reserved.

Audit Status Analysis

1999 Deloitte & Touche LLP. All rights reserved.

Audit Status Analysis

1999 Deloitte & Touche LLP. All rights reserved.

Audit Report Tree

The audit report tree contains two standard views:

Each view contains:

1999 Deloitte & Touche LLP. All rights reserved.