Sei sulla pagina 1di 31

A udit I nformation S ystem

In General
Peter Schiwek
Solution Management Financials, SAP AG

Evolution of Modern Auditing

Rating Basel II IAS

Sarbanes Oxley Act


Every individual sees their environment from their own personal point of view. The auditors duty is to make an objective judgment.

US-GAAP
GoB GoBS GDPdU

Continuous Audit

SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 2

Corporate Governance

Rating Basel II IAS

Sarbanes Oxley Act

Software Certificate

Parallel Valuation
SEM

Risk Mgmt, Consolidation, Bal. Scorecard, Man.Cockpit

US-GAAP
AS / DRB GoB GoBS GDPdU Continuous Audit
/ DART
Audit Information System Archive Information System

MIC
Management of Internal Controls

SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 3

Digital Audit

A result-oriented audit view is - in an environment of mass transactions only possible with computer-supported audit or control procedures

Au d i t I nformation S ystem
SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 4

Audit - Information - System


Collection, structure, presetting of standard SAP Reporting Improvement of the audit process and of audit quality Individual selection and preparation of data Data export -document data -account balances -financial statement data Reconciled with: - ACL - IDEA - AuditAgent ...

SAP DB

SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 5

Audit Environment External audit Prfungsumgebung Externes Audit


Own Software (auditing approach)
Audit planning Work program
- System Audit - Business Audit

SAP environment

BKPF BSEG(..A)

Online controls
on the SAP database

GSEG SKA1/SKAT SKB1 SKC1A KNA1 KNB1 KNC1 ... ... ...

Export interface

Analysis software ( ACL / IDEA / )

-System information -Reconciliation -Balance sheet/P+L -Balances -Accounts -Documents

Line items

Reporting software

Balances

Work Paper Report

Data export
-Line items -Account balances

SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 6

Audit Environment Internal audit Prfungsumgebung Internes Audit


SAP environment Audit Management
BKPF

Planning Auditing Reporting Export interface Online controls


on the SAP database
-System information -Reconciliation -Balance sheet/P+L -Balances -Accounts -Documents

BSEG(..A) GSEG SKA1/SKAT SKB1 SKC1A KNA1 KNB1 KNC1 ... ... ...

Corrective Action
Documentation Analysis
Line items

Data export
-Line items -Account balances

Analysis software ( ACL / IDEA / )

SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 7

Audit Environment
Audit Documentation / Maintenance Step n Step 2 Step 1 Step 3 Enterprise Process Risk Assessment Audit Measure Step 4 Step 5 Step 6

...

...

Audit Result

...

...

SAP standard roles


G/L accnts Customers Vendors Financial Instruments Data export Inventory

Individual auditor menu


Vendors Receivables
Revenue Data export

Receivables

Cash Personal expense

Payables

Inventory Customers

Revenue

...

SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 8

Authors

Bansbach Schbel Brsztl & Partner


Deloitte & Touche

Ernst & Young Deutsche Allgemeine Treuhand AG


KPMG Deutsche Treuhand-Gesellschaft Price Waterhouse Coopers SAP User Groups Internal auditors from various companies
SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 9

The Audit Information System

The Audit Information System facilitates smoother and better quality audits. It consists of a number of single roles and is a - Collection, - Structure, and - Default setup of SAP standard programs The AIS is the Toolbox of the auditor in SAP-Environment.

SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 10

Structure and Operation

For a specified organization, the auditor receives a selection of evaluation programs with preset control data for each audit area to be checked.

SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 11

Structure and Use

Control data which occurs in multiple variants is defined as a variable - TableTVARVc - Arg. AUDI* This data is updated at the beginning of an audit with the function "Customizing AIS". This ensures proper control for all evaluations run during the course of the audit process.

SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 12

Documentation in the Reporting Tree

AIS Documentation
Information on audit steps

SAP Library
Selected chapters

IMG Documentation
selected table areas

Internet Links
selected WEB Addresses

SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 13

AIS, Views / Target Groups

System Audit

Business Audit

Tax Audit

Internal Auditors External Auditors Data Security Officers

Tax Auditors

Audit-specific documentation + training


SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 14

System Audit

System Audit
AuditIS Development-IS Benutzer-IS

Information retrieval using existing programs sorted by component Users and Authorizations

Security guide ----------SAP

ADM950 ADM960 CA940

Repository / Tables

SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 15

System Audit

SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 16

Business Audit

Business Audit
AuditIS G/L IS Customer IS Vendor IS Assets IS

The closing operation view for a single company is possible Top Down View: Balance sheet / P&L Accounts Vouchers Procedures
AC900/ FIN900

Audit guideline ---------User group

Internationally deployable

SD MM PP QA PM HR

FI CO AM PS WF IS

SAP R/3

SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 17

Business Audit

SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 18

Tax Audit

Tax Audit
Data file provided Direct / indirect data access

Tax-Role Direct (Z1) and indirect (Z2) access to tax-relevant data. Data file analysis (Z3)
WDE680

DART (Data Retention Tool) Extraction and storage of tax-relevant data.

SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 19

Tax Audit

SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 20

Tools Used for Online and Batch Controls

ABAP

Query
Drilldown Reporting Information Systems

DART
SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 21

Online-Controls: Special Queries for AIS


Document analysis
Documents in general A/P A/R G/L line items flexible selection for the data retrieval flexible analysis of the data deemed critical using ALV functions

Dubious Documents
Document Journal (with holiday calendar) Posted on Sunday or holidays? Posted at unusual times? ...

Account Analysis
A/R A/P G/L accounts

Offsetting account analysis


Even distribution of postings? (in Days/Months/Year) Unusual document origin? (manual, SD, MM, HR, ...) Posted in timely manner? (BUDAT CPUDAT) Documents with the greatest volume (+/-)

SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 22

Online-Controls: Special Queries for AIS


Comparison of Terms
A/R A/P Terms and conditions, base date, days 1, %, days 2, %, net Values in document - Values in master data =Variance (shows manual changes)

Variance Analysis
A/R (Payments received) A/P (Payments sent) Payments out of the norm - Standard condition per master data (days / %) - Condition taken as found in document - Variance (shows payment tendency)

Critical Clearing Processes


A/R Clearing of a non-payment-related transaction ? Clearing via reversal ?

SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 23

The Development History of AIS


Until SAP Release 4.6C, AIS was realized using a menu technique (transaction SECR). As of SAP Release 4.6, AIS is part of the SAP Standard System

As of SAP Release 4.6C (Support Package SAPKH46C27), the technical implementation of AIS in the program has been changed to a role-based maintenance environment (transaction PFCG). Additional development of AIS will only be carried out in this new environment.

SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 24

Vision:
Primary data
SAP R/3

Audit Framework
Audit Warehouse
(SAP BW) Defined structures in a standard audit format
Requests Offers Conditions CO docs - View G/L accts ...

Auditing
Local Audit Collaborative Audit Auditor-Workplace

- Extractors -

Material docs ...

FI docs Doc history Cust. Asset accts

Vendors

CRM / SRM / ...


- Extractors -

MM accts Acct. history Table 000 Table BSL

Third-party software
- Extractors -

Table 001 ...

Table 005 Table history

Long term archive Auditable


SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 25

SAP Notes
SAP Release:
0077503
0100609 0182699 0197137 0162971 0133914 0190767 0202497 0376779 0496534 0202504 0328019 0451960 0544650 0662882 0751970 0754273

4.5
X
X X X X X

4.6A
X

4.6B
X

4.6C
X

4.70
X

5.00
X

Audit Information System (AIS)


Audit Information System (AIS) - installation Download of Query data (user exit) Query Download from EBCDIC server AIS version history 3.x 4.0 4.5 Conversion of drill-down Collect note Collect note RSQUEU01: Missing FM "F4IF_INT_TABLE_..." Query export of large data Collect note AIS Structure AUDIT_ALL does not exist AIS Role Concept Collect note Behavior of system variants for AIS Collect note Availability of Systemaudit

X X

X X

X X X X X X X X X X X X X X X X X X X X

SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 26

Quick Links
http://service.sap.com/ais http://service.sap.com/dart http://service.sap.com/gdpdu http://service.sap.com/qm Audit Information System Data Retention Tool Tax Reduction Law Audit Management

SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 27

AIS in SAP Demo System IDES R/3


A I S has been set up in the SAP I D E S Demo System. Log on with user AUDITOR_FIN (Rel. 4.70).

welcom e

SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 28

AIS in SAP Demo System IDES R/3

AUDITOR_FIN welcome

Please note: In the IDES System, the authorizations for user AUDITOR_FIN are assigned via the IDES profile R3_BASIC. The AIS authorization roles are not considered.
SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 29

Contacts Development

Project Management AIS Business AUDIT Tax-Audit Peter Schiwek, SAP AG FAX: +49 6227 78-16378 E-Mail: peter.schiwek@sap.com

System AUDIT Product Management SAP Security E-Mail: security@sap.com

International Training (AC900) / Consulting Fadi Naoum, SAP Phone: +49-170-8555448 E-Mail: fadi.naoum@sap.com

SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 30

Contacts Rollout

Region BeNeLux Max Lamberts, SAP NEDERLAND FAX: +31 73/645 7 698 E-Mail: max.lamberts@sap.com Region Brazil Sueli Nascimento, SAP BRASIL FAX: +55 11550523072554 E-Mail: sueli.nascimento@sap.com Region Deutschland Lars Gartenschlger, SAP DEUTSCHLAND FAX: +49 6227 78-33090 E-Mail: lars.gartenschlaeger@sap.com Region Finland Matti Halonen, SAP FINLAND FAX: +358 9/2536-4444 E-Mail: matti.halonen@sap.com Region France Andre Streissel, SAP FRANCE FAX: +49-6227-7-53848 E-Mail: andre.streissel@sap.com
SAP AG 2004-02-27, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 31

Region Japan Takashi Yamada, SAP JAPAN (Head) FAX: +81-3-3273-5697 E-Mail: takashi.yamada@sap.com Region sterreich Jrg Hippa, SAP sterreich FAX: +43 1/28822-333 E-Mail: joerg.hippa@sap.com Region Schweiz Thomas Pfeifer, SAP SCHWEIZ FAX: E-Mail: thomas.pfeifer@sap.com Region UK Martin Wilson, SAP UK FAX: +44 20-89176465 E-Mail: martin.wilson@sap.com Region USA, Canada, South America David E. Nelson, SAP America FAX: +00-1-404 943-2950 E-Mail: david.e.nelson@sap.com