SAP Runs SAP Audit Management

SAP runs SAP Audit Management
Einsatz der Audit Management Software bei SAP Herausforderungen und Lsungen
Gerhard Hafner, SAP
SAP-Forum fr Finanzmanagement und GRC, 13. 14. April 2015
Public
Disclaimer
Die in diesem Dokument enthaltenen Informationen knnen ohne vorherige Ankndigung gendert
werden. Dieses Dokument wird ohne jede Gewhrleistung seitens SAP bezglich der Richtigkeit,
Vollstndigkeit und Nutzung der enthaltenen Information und Angaben zur Verfgung gestellt. Es dient
ausschlielich Informationszwecken. SAP bernimmt keine Haftung fr Fehler in dem oder fr die
Vollstndigkeit des Dokumentes, insbesondere nicht fr die darin enthaltenen Informationen, Grafiken,
Links oder andere Angaben und Inhalte. SAP bernimmt keine Haftung fr Schden, weder
ausdrcklich noch stillschweigend, die sich aus dem Gebrauch des Dokumentes ergeben knnen,
insbesondere nicht fr die Marktgngigkeit und der Eignung fr einen bestimmten Zweck sowie fr die
Gewhrleistung der Nichtverletzung geltenden Rechts, es sei denn, dass Schden durch Vorsatz oder
grobe Fahrlssigkeit seitens SAP verursacht wurden. Hiervon umfasst sind insbesondere direkte,
besondere, indirekte Schden sowie Begleit- und Folgeschden.
2015 SAP SE or an SAP affiliate company. All rights reserved.
Public
Ein Lsungsportfolio fr den CFO: SAP Finance and Security

Financial
Planning and
Analysis
Accounting and
Financial Close
Treasury and
Financial Risk
Management
Collaborative
Finance
Operations
Enterprise
Compliance
and Security
Develop and
Translate Strategy
Accounting
Payments and Bank

Communications
Receivables
Management
Enterprise Risk
Management
Planning, Budgeting
and Forecasting
Entity Close
Cash and Liquidity

Management
Collaborative
Invoice to Pay
Controls and
Compliance Mgmt.
Profitability and
Cost Management
Corporate Close
Debt and Investment

Management
Travel Management
International Trade
Management
Monitoring and
Reporting
Reporting and
Disclosure
Financial Risk
Management
Financial Shared
Services
Identity and Access

Management
Financial Close
Governance
Commodity Risk
Management
Real Estate
Management
Enterprise Threat
Management
Fraud and Audit

Management
Public
Agenda
Transformation des Corporate Audit bei SAP
SAP Audit Management
Manage
Plan
Perform
Communicate
Monitor
SAP Fraud Management

Zusammenfassung
Public
Transformation des Corporate

Audit bei SAP
Vision
SAP Corporate Audit Vision:
Corporate Audit makes:

relevant contributions to SAPs success
as a trusted advisor and
as a source of talent for the entire organization
Public
The Changing Mandate of Internal Audit

Strategic Advisor
The pace of technological change is increasing
Stakeholders are demanding greater visibility into
everything on organization does
Corporate Audit (Internal Audit) is expected to move
beyond the compliance activities, provide strategic
advice and business insight:
Provide early warnings for potential risks
Transformational
Mandate
Organizational
Business process/model Product and technology
Financials
Strategic
Advisor
Business
Insight
NonNegotiable
Compliance
Audit skills + business

knowledge + critical and
strategic thinking
Audit skills +
additional business
knowledge + critical
thinking
Basic audit skills, IT,

baseline critical
thinking
Public
Organizational structure
Chief Audit Executive (CAE)

Overall Responsibility for SAPs Internal Audit Function
Strategy, Sales
& Services Audit
Strategy Audits
Transaction
Services
Competitive
Environment
Software &
Services
Partner &
Ecosystem
Service &
Support Delivery
Compliance &
Forensic Audit
Financial &
Operational
Audit
Information
Systems Audit
& Advisory
Audit
Operations
Talent Rotation
Program (TRP)
Prevention
Audits
Detection Audits
Investigations
IP Audits
F&A
Financial
Reporting
HR
Workforce
Safeguarding
Assets
Information
Technology
Security
Development
System
Landscape
Executive
Reporting
Communication
& Information
Platform
Central Report
Review
Templates
SOX Processes
Quality
Assurance
Program
Strategy and
Execution
Talent
Performance &
Development
Alignment with
HR Talent and
Recruiting
Successful
Placement to
Business
Public
Audit process
To achieve uniform audits, Corporate Audit developed the audit road map, which serves
as the model for the audit process for all standard audit topics.
Each phase is divided into subphases, which must be executed in a specific sequence to
ensure that security and quality requirements are met.
DEMAND
MANAGEMENT
Audit Planning System

Audit Request
DELIVERY
REPORTING
Audit Announcement
Quality Review
Work Program
Draft Report
Fieldwork
Auditee Fedback
Working Papers
Final Report
Audit
File
FOLLOW-UP
Follow-Up
Activity on
Milestone Level
Follow-Up
Audit
as required
Escalation on demand
Public
SAP required a state of the art Audit System

State of the art User Interface based
on Fiori
Mobile enabled
Embedded Reporting
Role based authorization and approvals
Highly integrated into Risk Management,

Fraud Management and SAP ERP
Search in unstructured data
Leveraging technology: HANA
Fast implementation through streamlined
configuration templates
Public
10
Manage
Plan
Perform
Communicate
Monitor
SAP solutions: Why SAP Audit Management?
Simplify
Gain Insight
Collaboration
Automate
Visualize
Process Excellence
Integrate
Analyze
Workflows
Unify
Monitor
Audit Team
Public
12

Transform audit. Move beyond assurance
Monitor
Manage
Monitor the disposition of

results reported to
management
Establish a risk based plan,

prioritize audit activities and
align with the needs of the
enterprise
Communicate
Plan
Communicate the
engagements objectives,
scope, conclusions,
findings and
recommendations
Develop and document a

plan for each engagement
Perform
Identify, analyze and document
relevant information
Public
13
SAP Audit Management: The Users

Transform audit. Move beyond assurance
Key Benefits
Simple, intuitive home screen for
all users
One UI for all devices, e.g. PC,
tablet, smart phones
Role based authorization is

embedded
Users configure the tiles they need
for their home screen by adding or
subtracting from the time menu
Customized tiles are supported
Public
14

Manage the audit activity
Establish a framework for risk

assessment and prioritization
Communicate plans and resource
requirements
Deploy and appropriate
resources
Report plan performance to senior
management and the Board
Back
Public
15

Establish a framework for risk assessment and prioritization
Scope
Key benefits
Create a plan based on a documented risk based audit

universe
Permits audit planning based on risks identified

Allows audit to identify and assess risks directly
Auditors are able to assess

each risk as part of the audit
planning process
Public
16

Communicate plans and resource requirements
Scope
Key benefits
Auditable items are created and prioritized

Audit plans are created and approved
Creates auditable items

Risk rates the auditable items
Establishes and communicates a risk based plan
The audit universe is defined

in risk terms
Public
17

Deploy appropriate resources
Scope
Staff each engagement with appropriate resources
Key benefits
Supervisors look up and assign

staff resources
Minimizes unproductive
assignments
Increases audit productivity and
reduces unassigned time
Audit staff and roles are
identified and documented
Public
18

Report plan performance to senior management and the Board
Scope
Report on completed and planned audits
Key benefits
Audit management can track

performance against plan
Boards and senior executives
can assess audit performance
Graphical views allow

managers to plan audits
based on current plan
completion and status
Public
19

Engagement planning
Establish engagement objectives and

scope
Assess relevant risks
Plan appropriate and sufficient
resources
Develop and document engagement
work program
Public
20

Engagement planning
Establish engagement objectives and scope
Scope
Key benefits
Audit scope is defined
Audit objectives and scope are

determined for each
engagement
Key elements of the audit are
defined
Audit scope is assigned and

approved in the engagement
planning process
Public
21

Engagement planning
Assess relevant risks
Scope
Key benefits
Relevant risks are identified in

SAP Risk Management
Key elements of risk register are
copied into the planned audit
Integration with SAP Risk

Management aligns audit
with the business
Public
22

Engagement planning
Evaluate fraud risk
Scope
Key benefits
1
2
SAP Audit Management is

integrated with Fraud
Management
Excel as a tool connecting to a Hana View e.g.

for accounting
Suspicious invoices are identified
And the file uploaded to Audit Management
Integration with SAP Fraud Management

provides the capabilities needed to
assess fraud risk
Public
23

Engagement planning
Plan appropriate and sufficient resources
Scope
Key benefits
Estimate engagement time and cost
Estimated resource
requirements are captured
Auditors are assigned to the
engagement
Public
24

Engagement planning
Plan appropriate and sufficient resources
Scope
Key benefits
Estimate engagement time and cost
Auditor schedules are shown via

a calendar
Scheduling conflicts and
availability is obvious at a glance
Public
25

Engagement planning
Develop and document engagement work program
Scope
Key benefits
Work programs are stored in the system
Auditors can select the

appropriate work programs for
the engagement
Work programs can be shared
and revised for future use
Public
26

Perform the engagement
Identify relevant information
Perform analysis and evaluation
Document engagement information
Supervise the engagement
Back
Public
27

Identify relevant information
Scope
Key benefits
Identify sufficient, reliable, relevant and useful information
Internal auditors can identify sufficient, reliable, relevant,

and useful information to achieve the engagements
objectives
Audit files are secure and information may be accessed
from any device
Public
28

Perform analysis and evaluation
Scope
Key benefits
Allow auditors to analyze documents
Internal auditors have the ability to access and analyze

information from mobile devices
Search capability unlocks information in

audit files and makes it available for
analysis and comparison
Public
29

Document engagement information
Scope
Key benefits
Document relevant information to support the conclusions
Complete capability for documenting and storing working

papers
Internal auditors can drag and drop appropriate
documentation into their work papers
Audio, video and other files can be captured and stored
Documentation can be done using a mobile device
Working paper files are indexed for easy reference
Public
30

Communicate results
Determine communication criteria
Disseminate results
Back
Public
31

Communicate results
Scope
Key benefits
A standard template is used to ensure communication

criteria are established
Ensures consistency in reporting
Automates report preparation
Reduces elapsed time to report
Public
32

Communicate results
Disseminate results
Scope
Key benefits
Communicate departmental results
Internal auditors create their own charts and reports on a

variety of topics
Ensures consistency and accuracy in reporting to audit
committee and executives
Reduces evaluation and monitoring effort and cost
Public
33

Monitor progress
Establish a follow up
process
to monitor management
actions
Monitor the disposition of
consulting engagements
Back
Public
34

Monitor progress
Establish a follow up process to monitor management actions
Scope
Key benefits
Establish a system to monitor the disposition of results
Auditors create ad hoc issues in the system

Documents follow up activities
Reduces evaluation and monitoring effort and cost
Meets audit standards for follow up process
Public
35

Monitor progress
Monitor the disposition of engagements
Scope
Key benefits
Monitor the disposition of engagements
Audits and other engagements are tracked by status

Completed and planned engagements shown separately
Reduces manual effort and preparation time
Conforms to professional standards for communication to
management
Public
36

powered by SAP HANA
Streamline audits by
leveraging technology to
create, organize and share
working papers
Mobile capability to instantly
capture audit evidence
Global monitoring of findings and
follow up
Intuitive and user friendly interface
Elevate the impact of audit

efforts by using technology
to provide insight on key
business risks
Integration with SAP Fraud
Management, SAP Risk
Management and SAP Process
Control
Configurable screens and views for
better management and reporting
Flexible audit universe with resource
planning and scheduling
Amplify the influence and

value of internal audit by
using next generation
analytics to provide advice
beyond the obvious
SAP HANA in-memory database
for high speed processing and total
search capability
SAP HANA based predictive
analytics for planning, monitoring
and deep analytical insights
Collaborative tools to maximize
continuous stakeholder
engagement
More information and 3 day free trial

Public
37

powered by SAP HANA
Detect fraud in real
Investigate fraudulent
Prevent fraud by
time within business

processes and by mass
detection by multi-rule
strategies
transactions efficiently
with alert management
capabilities and network
analyzer tool
stopping fraudulent
business transactions
and process
optimization
Improve
Performance by realtime calibration and
simulation on current
and historical data
Powered by SAP HANA high performing, configurable and scalable standard solution
Link: Predefined Business Content
More info and 3 day free trial

Public
39
Zusammenfassung
Management Summary
SAP Audit Management supports transformation of

Internal Audit
Process Excellence of Internal Audit including Quality
Assurance
One source of truth
Leverage latest technology including mobile

enablement
Integration with Fraud Management, Risk Management,
Process Control
Public
41
Vielen Dank!
Contact information:
Gerhard Hafner
Chief Product Owner (Fraud, Audit, Screening)
Governance Risk & Compliance
Dietmar-Hopp-Allee 16
69190 Walldorf, Germany
E-mail: gerhard.hafner@sap.com
2015 SAP SE oder ein SAP-Konzernunternehmen.

Alle Rechte vorbehalten.
Weitergabe und Vervielfltigung dieser Publikation oder von Teilen daraus sind, zu welchem Zweck und in welcher Form auch immer, ohne die ausdrckliche schriftliche
Genehmigung durch SAP SE oder ein SAP-Konzernunternehmen nicht gestattet.
SAP und andere in diesem Dokument erwhnte Produkte und Dienstleistungen von SAP sowie die dazugehrigen Logos sind Marken oder eingetragene Marken der
SAP SE (oder von einem SAP-Konzernunternehmen) in Deutschland und verschiedenen anderen Lndern weltweit.
Weitere Hinweise und Informationen zum Markenrecht finden Sie unter http://global.sap.com/corporate-de/legal/copyright/index.epx.
Die von SAP SE oder deren Vertriebsfirmen angebotenen Softwareprodukte knnen Softwarekomponenten auch anderer Softwarehersteller enthalten.
Produkte knnen lnderspezifische Unterschiede aufweisen.
Die vorliegenden Unterlagen werden von der SAP SE oder einem SAP-Konzernunternehmen bereitgestellt und dienen ausschlielich zu Informationszwecken.
Die SAP SE oder ihre Konzernunternehmen bernehmen keinerlei Haftung oder Gewhrleistung fr Fehler oder Unvollstndigkeiten in dieser Publikation.
Die SAP SE oder ein SAP-Konzernunternehmen steht lediglich fr Produkte und Dienstleistungen nach der Magabe ein, die in der Vereinbarung ber die jeweiligen
Produkte und Dienstleistungen ausdrcklich geregelt ist. Keine der hierin enthaltenen Informationen ist als zustzliche Garantie zu interpretieren.
Insbesondere sind die SAP SE oder ihre Konzernunternehmen in keiner Weise verpflichtet, in dieser Publikation oder einer zugehrigen Prsentation dargestellte
Geschftsablufe zu verfolgen oder hierin wiedergegebene Funktionen zu entwickeln oder zu verffentlichen. Diese Publikation oder eine zugehrige Prsentation,
die Strategie und etwaige knftige Entwicklungen, Produkte und/oder Plattformen der SAP SE oder ihrer Konzernunternehmen knnen von der SAP SE oder ihren
Konzernunternehmen jederzeit und ohne Angabe von Grnden unangekndigt gendert werden.
Die in dieser Publikation enthaltenen Informationen stellen keine Zusage, kein Versprechen und keine rechtliche Verpflichtung zur Lieferung von Material, Code oder
Funktionen dar. Smtliche vorausschauenden Aussagen unterliegen unterschiedlichen Risiken und Unsicherheiten, durch die die tatschlichen Ergebnisse von den
Erwartungen abweichen knnen. Die vorausschauenden Aussagen geben die Sicht zu dem Zeitpunkt wieder, zu dem sie gettigt wurden. Dem Leser wird empfohlen,
diesen Aussagen kein bertriebenes Vertrauen zu schenken und sich bei Kaufentscheidungen nicht auf sie zu sttzen.
Public
43

SAP Runs SAP Audit Management

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

SAP Runs SAP Audit Management

Hochgeladen von

Copyright:

Verfügbare Formate

SAP runs SAP Audit Management

2015 SAP SE or an SAP affiliate company. All rights reserved.

Ein Lsungsportfolio fr den CFO: SAP Finance and Security

Payments and Bank

Cash and Liquidity

Debt and Investment

Identity and Access

Fraud and Audit

SAP Fraud Management

2015 SAP SE or an SAP affiliate company. All rights reserved.

Transformation des Corporate

SAP Corporate Audit Vision:

Corporate Audit makes:

2015 SAP SE or an SAP affiliate company. All rights reserved.

The Changing Mandate of Internal Audit

2015 SAP SE or an SAP affiliate company. All rights reserved.

Audit skills + business

Basic audit skills, IT,

Chief Audit Executive (CAE)

2015 SAP SE or an SAP affiliate company. All rights reserved.

Audit Planning System

2015 SAP SE or an SAP affiliate company. All rights reserved.

SAP required a state of the art Audit System

Highly integrated into Risk Management,

2015 SAP SE or an SAP affiliate company. All rights reserved.

SAP Audit Management

SAP solutions: Why SAP Audit Management?

2015 SAP SE or an SAP affiliate company. All rights reserved.

SAP Audit Management

Monitor the disposition of

Establish a risk based plan,

Develop and document a

2015 SAP SE or an SAP affiliate company. All rights reserved.

SAP Audit Management: The Users

Role based authorization is

2015 SAP SE or an SAP affiliate company. All rights reserved.

Customized tiles are supported

SAP Audit Management

Establish a framework for risk

SAP Audit Management

Create a plan based on a documented risk based audit

Permits audit planning based on risks identified

Auditors are able to assess

2015 SAP SE or an SAP affiliate company. All rights reserved.

SAP Audit Management

Auditable items are created and prioritized

Creates auditable items

The audit universe is defined

2015 SAP SE or an SAP affiliate company. All rights reserved.

SAP Audit Management

Staff each engagement with appropriate resources

Supervisors look up and assign

2015 SAP SE or an SAP affiliate company. All rights reserved.

SAP Audit Management

Report on completed and planned audits

Audit management can track

Graphical views allow

2015 SAP SE or an SAP affiliate company. All rights reserved.

SAP Audit Management

Establish engagement objectives and

2015 SAP SE or an SAP affiliate company. All rights reserved.

SAP Audit Management

Audit objectives and scope are

Audit scope is assigned and