Sie sind auf Seite 1von 43

SAP runs SAP Audit Management

Einsatz der Audit Management Software bei SAP Herausforderungen und Lösungen

Gerhard Hafner, SAP SAP-Forum für Finanzmanagement und GRC, 13. 14. April 2015

und Lösungen Gerhard Hafner, SAP SAP-Forum für Finanzmanagement und GRC, 13. – 14. April 2015 Public
und Lösungen Gerhard Hafner, SAP SAP-Forum für Finanzmanagement und GRC, 13. – 14. April 2015 Public

Public

Disclaimer

Die in diesem Dokument enthaltenen Informationen können ohne vorherige Ankündigung geändert werden. Dieses Dokument wird ohne jede Gewährleistung seitens SAP bezüglich der Richtigkeit,

Vollständigkeit und Nutzung der enthaltenen Information und Angaben zur Verfügung gestellt. Es dient ausschließlich Informationszwecken. SAP übernimmt keine Haftung für Fehler in dem oder für die Vollständigkeit des Dokumentes, insbesondere nicht für die darin enthaltenen Informationen, Grafiken, Links oder andere Angaben und Inhalte. SAP übernimmt keine Haftung für Schäden, weder

ausdrücklich noch stillschweigend, die sich aus dem Gebrauch des Dokumentes ergeben können,

insbesondere nicht für die Marktgängigkeit und der Eignung für einen bestimmten Zweck sowie für die Gewährleistung der Nichtverletzung geltenden Rechts, es sei denn, dass Schäden durch Vorsatz oder grobe Fahrlässigkeit seitens SAP verursacht wurden. Hiervon umfasst sind insbesondere direkte, besondere, indirekte Schäden sowie Begleit- und Folgeschäden.

Ein Lösungsportfolio für den CFO: SAP Finance and Security

Financial

Planning and

Analysis

Develop and

Translate Strategy

Planning, Budgeting and Forecasting

Profitability and Cost Management

Monitoring and Reporting

Accounting and Financial Close

Accounting

Entity Close

Corporate Close

Reporting and Disclosure

Financial Close Governance

Treasury and

Financial Risk

Management

Payments and Bank

Communications

Cash and Liquidity Management

Debt and Investment Management

Financial Risk Management

Commodity Risk Management

Collaborative

Finance

Operations

Receivables

Management

Collaborative Invoice to Pay

Travel Management

Financial Shared Services

Real Estate Management

Enterprise

Compliance

and Security

Enterprise Risk

Management

Controls and Compliance Mgmt.

International Trade Management

Identity and Access Management

Enterprise Threat Management

Fraud and Audit

Management

Agenda

Transformation des Corporate Audit bei SAP

SAP Audit Management

Manage

Plan

Perform

Communicate

Monitor

SAP Fraud Management

Zusammenfassung

Transformation des Corporate Audit bei SAP

Transformation des Corporate

Audit bei SAP

Transformation des Corporate Audit bei SAP

Vision

Vision SAP Corporate Audit Vision : Corporate Audit makes: relevant contributions to SAP’s success as a
Vision SAP Corporate Audit Vision : Corporate Audit makes: relevant contributions to SAP’s success as a

SAP Corporate Audit Vision:

Corporate Audit makes:

relevant contributions to SAP’s success as a trusted advisor and as a source of talent for the entire organization

The Changing Mandate of Internal Audit

Strategic Advisor

The pace of technological change is increasing

Strategic Audit skills + business knowledge + critical and strategic thinking Advisor Business Mandate Insight
Strategic
Audit skills + business
knowledge + critical and
strategic thinking
Advisor
Business
Mandate
Insight
Audit skills +
additional business
knowledge + critical
thinking
Non-
Negotiable
Basic audit skills, IT,
baseline critical
thinking
Compliance

Stakeholders are demanding greater visibility into everything on organization does

Corporate Audit (Internal Audit) is expected to move beyond the compliance activities, provide strategic advice and business insight:

Provide early warnings for potential risks

Transformational

Organizational

Business process/model-

Product and technology

Financials

Organizational structure

Chief Audit Executive (CAE)

Overall Responsibility for SAP ´ s Internal Audit Function

Strategy, Sales

Compliance &

Financial &

Information Systems Audit & Advisory

Audit

Talent Rotation Program (TRP)

& Services Audit

Forensic Audit

Operational

Operations

Audit

 

Strategy Audits

 

Transaction Services

Prevention Audits

F&A

Information

System

Program

Financial

Technology

Landscape

Strategy and

Competitive Environment

Detection Audits

Reporting

Security

Executive

Execution

Investigations

HR

Development

Reporting

Talent

Software & Services

IP Audits

Workforce

Communication & Information Platform

Performance & Development

Safeguarding

Partner & Ecosystem

Assets

Alignment with

 

Central Report

HR Talent and

Service & Support Delivery

Review

Recruiting

Templates

Successful

 

SOX Processes

Placement to

Quality Assurance

Business

Audit process

To achieve uniform audits, Corporate Audit developed the audit road map, which serves

as the model for the audit process for all standard audit topics.

 Each phase is divided into subphases, which must be executed in a specific sequence
 Each phase is divided into subphases, which must be executed in a specific sequence to
ensure that security and quality requirements are met.
DEMAND
DELIVERY
REPORTING
FOLLOW-UP
MANAGEMENT
Audit Announcement
Quality Review
Audit Planning System
Follow-Up
Follow-Up
Work Program
Draft Report
Audit
Activity on
Audit
Fieldwork
Auditee Fedback
File
Milestone Level
as required
Audit Request
Working Papers
Final Report
Escalation on demand

SAP required a “state of the art” Audit System

State of the art User Interface based on Fiori

Mobile enabled

Embedded Reporting

Role based authorization and approvals

Highly integrated into Risk Management,

Fraud Management and SAP ERP

Search in unstructured data

Leveraging technology: HANA

Fast implementation through streamlined configuration templates

implementation through streamlined configuration templates © 2015 SAP SE or an SAP affiliate company. All rights
SAP Audit Management  Manage  Plan  Perform  Communicate  Monitor

SAP Audit Management

Manage

Plan

Perform

Communicate

Monitor

SAP Audit Management  Manage  Plan  Perform  Communicate  Monitor

SAP solutions: Why SAP Audit Management?

SAP solutions: Why SAP Audit Management? Simplify Gain Insight Collaboration Automate Visualize  

Simplify

Gain Insight

Collaboration

Automate

Visualize

 

Integrate

Analyze

Process Excellence Workflows Audit Team

Unify

Monitor

SAP Audit Management

Transform audit. Move beyond assurance

Monitor

Monitor the disposition of results reported to management

Communicate

Communicate the engagements objectives, scope, conclusions, findings and recommendations

objectives, scope, conclusions, findings and recommendations Manage Establish a risk based plan, prioritize audit

Manage

Establish a risk based plan, prioritize audit activities and align with the needs of the

enterprise

audit activities and align with the needs of the enterprise Plan Develop and document a plan
audit activities and align with the needs of the enterprise Plan Develop and document a plan

Plan

Develop and document a plan for each engagementactivities and align with the needs of the enterprise Plan Perform Identify, analyze and document relevant

Perform

Identify, analyze and document relevant information

SAP Audit Management: The Users

Transform audit. Move beyond assurance

Users configure the tiles they need for their home screen by adding or subtracting from
Users configure the tiles they need
for their home screen by adding or
subtracting from the time menu

Key Benefits

Simple, intuitive home screen for all users

One UI for all devices, e.g. PC, tablet, smart phones

Role based authorization is embedded

Customized tiles are supported

SAP Audit Management

Manage the audit activity

SAP Audit Management Manage the audit activity Establish a framework for risk assessment and prioritization Communicate
SAP Audit Management Manage the audit activity Establish a framework for risk assessment and prioritization Communicate
SAP Audit Management Manage the audit activity Establish a framework for risk assessment and prioritization Communicate

Establish a framework for risk

assessment and prioritization

Communicate plans and resource requirementsEstablish a framework for risk assessment and prioritization Deploy and appropriate resources Report plan performance to

Deploy and appropriateprioritization Communicate plans and resource requirements resources Report plan performance to senior management and

resources

Report plan performance to senior management and the Boardand resource requirements Deploy and appropriate resources Back © 2015 SAP SE or an SAP affiliate

Back

SAP Audit Management

Manage the audit activity

SAP Audit Management Manage the audit activity Establish a framework for risk assessment and prioritization Scope

Establish a framework for risk assessment and prioritization

Scope

Key benefits

Create a plan based on a documented risk based audit

universe

Permits audit planning based on risks identified

Allows audit to identify and assess risks directly

 Allows audit to identify and assess risks directly Auditors are able to assess each risk

Auditors are able to assess

each risk as part of the audit

planning process

assess each risk as part of the audit planning process © 2015 SAP SE or an

SAP Audit Management

Manage the audit activity

SAP Audit Management Manage the audit activity Communicate plans and resource requirements Scope Key benefits 

Communicate plans and resource requirements

Scope

Key benefits

Auditable items are created and prioritized

Audit plans are created and approved

Creates auditable items

Risk rates the auditable items

 The audit universe is defined in risk terms
The audit universe is defined
in risk terms

Establishes and communicates a risk based plan

SAP Audit Management

Manage the audit activity

SAP Audit Management Manage the audit activity Deploy appropriate resources Scope Key benefits  Staff each

Deploy appropriate resources

Scope

Key benefits

Staff each engagement with appropriate resources

Supervisors look up and assign

staff resources

Minimizes unproductive assignments

Increases audit productivity and reduces unassigned time

Increases audit productivity and reduces unassigned time Audit staff and roles are identified and documented ©

Audit staff and roles are identified and documented

SAP Audit Management

Manage the audit activity

SAP Audit Management Manage the audit activity Report plan performance to senior management and the Board

Report plan performance to senior management and the Board

Scope

Key benefits

Report on completed and planned audits

Audit management can track

completed and planned audits  Audit management can track performance against plan  Boards and senior

performance against plan

Boards and senior executives can assess audit performance

Graphical views allow managers to plan audits based on current plan

completion and status

SAP Audit Management

Engagement planning

SAP Audit Management Engagement planning Establish engagement objectives and scope Assess relevant risks Plan appropriate
SAP Audit Management Engagement planning Establish engagement objectives and scope Assess relevant risks Plan appropriate

Establish engagement objectives and scopeSAP Audit Management Engagement planning Assess relevant risks Plan appropriate and sufficient resources Develop and

Assess relevant risksplanning Establish engagement objectives and scope Plan appropriate and sufficient resources Develop and

Plan appropriate and sufficient resourcesengagement objectives and scope Assess relevant risks Develop and document engagement work program © 2015 SAP

Develop and document engagement work programrelevant risks Plan appropriate and sufficient resources © 2015 SAP SE or an SAP affiliate company.

SAP Audit Management

Engagement planning

SAP Audit Management Engagement planning Establish engagement objectives and scope Scope Key benefits  A u

Establish engagement objectives and scope

Scope

Key benefits

Audit scope is defined

Audit objectives and scope are

determined for each

e d  Audit objectives and scope are determined for each engagement  Key elements of

engagement Key elements of the audit are defined

Audit scope is assigned and approved in the engagement planning process

SAP Audit Management

Engagement planning

SAP Audit Management Engagement planning Assess relevant risks Scope Key benefits  Relevant risks are identified

Assess relevant risks

Scope

Key benefits

Engagement planning Assess relevant risks Scope Key benefits  Relevant risks are identified in SAP Risk

Relevant risks are identified in SAP Risk Management

Key elements of risk register are copied into the planned audit

Integration with SAP Risk Management aligns audit with the business

SAP Audit Management

Engagement planning

SAP Audit Management Engagement planning Evaluate fraud risk Scope Key benefits 1  2 SAP Audit

Evaluate fraud risk

Scope

Key benefits

1  2 SAP Audit Management is integrated with Fraud Management 1 Excel as a
1
2
SAP Audit Management is
integrated with Fraud
Management
1
Excel as a tool connecting to a Hana View e.g.
for accounting
2
Suspicious invoices are identified
3
3
And the file uploaded to Audit Management
Integration with SAP Fraud Management
provides the capabilities needed to
assess fraud risk

SAP Audit Management

Engagement planning

SAP Audit Management Engagement planning Plan appropriate and sufficient resources Scope Key benefits  Estimate

Plan appropriate and sufficient resources

Scope

Key benefits

Estimate engagement time and cost

Estimated resource

requirements are captured

t e d r e s o u r c e requirements are captured  Auditors

Auditors are assigned to the engagement

SAP Audit Management

Engagement planning

SAP Audit Management Engagement planning Plan appropriate and sufficient resources Scope Key benefits  Estimate

Plan appropriate and sufficient resources

Scope

Key benefits

Estimate engagement time and cost

Scope Key benefits  Estimate engagement time and cost  A u d i t o

Auditor schedules are shown via

a calendar

Scheduling conflicts and availability is obvious at a glance

SAP Audit Management

Engagement planning

SAP Audit Management Engagement planning Develop and document engagement work program Scope Key benefits  Work

Develop and document engagement work program

Scope

Key benefits

Work programs are stored in the system

Key benefits  Work programs are stored in the system  A u d i t

Auditors can select the

appropriate work programs for

the engagement Work programs can be shared and revised for future use

SAP Audit Management

Perform the engagement

SAP Audit Management Perform the engagement Identify relevant information Perform analysis and evaluation Document
SAP Audit Management Perform the engagement Identify relevant information Perform analysis and evaluation Document

Identify relevant informationSAP Audit Management Perform the engagement Perform analysis and evaluation Document engagement information Supervise the

Perform analysis and evaluationPerform the engagement Identify relevant information Document engagement information Supervise the engagement

Document engagement informationrelevant information Perform analysis and evaluation Supervise the engagement Back © 2015 SAP SE or an

Supervise the engagementanalysis and evaluation Document engagement information Back © 2015 SAP SE or an SAP affiliate company.

Back

SAP Audit Management

Perform the engagement

SAP Audit Management Perform the engagement Identify relevant information Scope Key benefits  Identify sufficient,

Identify relevant information

Scope

Key benefits

Identify sufficient, reliable, relevant and useful information

sufficient, reliable, relevant and useful information  Internal auditors can identify sufficient, reliable,

Internal auditors can identify sufficient, reliable, relevant,

and useful information to achieve the engagement’s

objectives Audit files are secure and information may be accessed from any device

are secure and information may be accessed from any device © 2015 SAP SE or an

SAP Audit Management

Perform the engagement

SAP Audit Management Perform the engagement Perform analysis and evaluation Scope Key benefits  Allow auditors

Perform analysis and evaluation

Scope

Key benefits

Perform analysis and evaluation Scope Key benefits  Allow auditors to analyze documents  Internal

Allow auditors to analyze documents

Internal auditors have the ability to access and analyze

information from mobile devices

to access and analyze information from mobile devices Search capability unlocks information in audit files and

Search capability unlocks information in audit files and makes it available for analysis and comparison

SAP Audit Management

Perform the engagement

SAP Audit Management Perform the engagement Document engagement information Scope Key benefits Document relevant

Document engagement information

Scope

Key benefits

Document relevant information to support the conclusions

Complete capability for documenting and storing working

papers

Internal auditors can drag and drop appropriate documentation into their work papers

Audio, video and other files can be captured and stored

 Audio, video and other files can be captured and stored  Documentation can be done

Documentation can be done using a mobile device

Working paper files are indexed for easy reference

SAP Audit Management

Communicate results

SAP Audit Management Communicate results Determine communication criteria Disseminate results Back © 2015 SAP SE or
SAP Audit Management Communicate results Determine communication criteria Disseminate results Back © 2015 SAP SE or

Determine communication criteria

Disseminate results

Back

SAP Audit Management

Communicate results

SAP Audit Management Communicate results Determine communication criteria Scope Key benefits  Determine communication

Determine communication criteria

Scope

Key benefits

Determine communication criteria

Scope Key benefits  Determine communication criteria  A standard template is used to ensure communication

A standard template is used to ensure communication

criteria are established

Ensures consistency in reporting

Automates report preparation

Reduces elapsed time to report

SAP Audit Management

Communicate results

SAP Audit Management Communicate results Disseminate results Scope Key benefits  Communicate departmental results 

Disseminate results

Scope

Key benefits

Communicate departmental results

Scope Key benefits  Communicate departmental results  Internal auditors create their own charts and reports

Internal auditors create their own charts and reports on a

variety of topics

Ensures consistency and accuracy in reporting to audit committee and executives

Reduces evaluation and monitoring effort and cost

SAP Audit Management

Monitor progress

SAP Audit Management Monitor progress Establish a follow up process to monitor management actions Monitor the
SAP Audit Management Monitor progress Establish a follow up process to monitor management actions Monitor the

Establish a follow up

process

to monitor management actions Monitor the disposition of consulting engagements

Back

SAP Audit Management

Monitor progress

SAP Audit Management Monitor progress Establish a follow up process to monitor management actions Scope Key

Establish a follow up process to monitor management actions

Scope

Key benefits

Establish a system to monitor the disposition of results

Establish a system to monitor the disposition of results  Auditors create ad hoc issues in

Auditors create ad hoc issues in the system

Documents follow up activities

Reduces evaluation and monitoring effort and cost

Meets audit standards for follow up process

SAP Audit Management

Monitor progress

SAP Audit Management Monitor progress Monitor the disposition of engagements Scope Key benefits  Monitor the

Monitor the disposition of engagements

Scope

Key benefits

Monitor the disposition of engagements

Key benefits  Monitor the disposition of engagements  Audits and other engagements are tracked by

Audits and other engagements are tracked by status

Completed and planned engagements shown separately

Reduces manual effort and preparation time

Conforms to professional standards for communication to management

SAP Audit Management

powered by SAP HANA

Streamline audits by leveraging technology to create, organize and share working papers

Mobile capability to instantly capture audit evidence

Global monitoring of findings and follow up

Intuitive and user friendly interface

and follow up  Intuitive and user friendly interface Elevate the impact of audit efforts by

Elevate the impact of audit efforts by using technology to provide insight on key business risks

Integration with SAP Fraud Management, SAP Risk Management and SAP Process Control

Configurable screens and views for better management and reporting

Flexible audit universe with resource planning and scheduling

audit universe with resource planning and scheduling Amplify the influence and value of internal audit by

Amplify the influence and value of internal audit by using next generation analytics to provide advice

beyond the obvious

SAP HANA in-memory database for high speed processing and total search capability

SAP HANA based predictive analytics for planning, monitoring and deep analytical insights

Collaborative tools to maximize continuous stakeholder engagement

tools to maximize continuous stakeholder engagement More information and 3 day free trial © 2015 SAP
SAP Fraud Management

SAP Fraud Management

SAP Fraud Management

SAP Fraud Management

powered by SAP HANA

Detect fraud in real time within business processes and by mass detection by multi-rule strategies
Detect fraud in real
time within business
processes and by mass
detection by multi-rule
strategies
Investigate fraudulent
Prevent fraud by
transactions efficiently
with alert management
capabilities and network
analyzer tool
stopping fraudulent
business transactions
and process
optimization
Improve
Performance by real-
time calibration and
simulation on current
and historical data
Powered by SAP HANA – high performing, configurable and scalable standard solution
scalable standard solution Link: Predefined Business Content More info and 3 day free trial © 2015
scalable standard solution Link: Predefined Business Content More info and 3 day free trial © 2015
Predefined Business Content More info and 3 day free trial © 2015 SAP SE or an
Predefined Business Content More info and 3 day free trial © 2015 SAP SE or an
Zusammenfassung

Zusammenfassung

Zusammenfassung

Management Summary

 SAP Audit Management supports transformation of Internal Audit  Process Excellence of Internal Audit
 SAP Audit Management supports transformation of
Internal Audit
 Process Excellence of Internal Audit including Quality
Assurance
 One source of truth
 Leverage latest technology including mobile
enablement
 Integration with Fraud Management, Risk Management,
Process Control
Vielen Dank! Contact information: Gerhard Hafner Chief Product Owner (Fraud, Audit, Screening) Governance Risk &

Vielen Dank!

Contact information:

Gerhard Hafner Chief Product Owner (Fraud, Audit, Screening) Governance Risk & Compliance

Dietmar-Hopp-Allee 16 69190 Walldorf, Germany

E-mail: gerhard.hafner@sap.com

© 2015 SAP SE or an SAP affiliate company. All rights reserved.

© 2015 SAP SE oder ein SAP-Konzernunternehmen. Alle Rechte vorbehalten.

Weitergabe und Vervielfältigung dieser Publikation oder von Teilen daraus sind, zu welchem Zweck und in welcher Form auch immer, ohne die ausdrückliche schriftliche Genehmigung durch SAP SE oder ein SAP-Konzernunternehmen nicht gestattet.

SAP und andere in diesem Dokument erwähnte Produkte und Dienstleistungen von SAP sowie die dazugehörigen Logos sind Marken oder eingetragene Marken der SAP SE (oder von einem SAP-Konzernunternehmen) in Deutschland und verschiedenen anderen Ländern weltweit. Weitere Hinweise und Informationen zum Markenrecht finden Sie unter http://global.sap.com/corporate-de/legal/copyright/index.epx.

Die von SAP SE oder deren Vertriebsfirmen angebotenen Softwareprodukte können Softwarekomponenten auch anderer Softwarehersteller enthalten.

Produkte können länderspezifische Unterschiede aufweisen.

Die vorliegenden Unterlagen werden von der SAP SE oder einem SAP-Konzernunternehmen bereitgestellt und dienen ausschließlich zu Informationszwecken. Die SAP SE oder ihre Konzernunternehmen übernehmen keinerlei Haftung oder Gewährleistung für Fehler oder Unvollständigkeiten in dieser Publikation. Die SAP SE oder ein SAP-Konzernunternehmen steht lediglich für Produkte und Dienstleistungen nach der Maßgabe ein, die in der Vereinbarung über die jeweiligen Produkte und Dienstleistungen ausdrücklich geregelt ist. Keine der hierin enthaltenen Informationen ist als zusätzliche Garantie zu interpretieren.

Insbesondere sind die SAP SE oder ihre Konzernunternehmen in keiner Weise verpflichtet, in dieser Publikation oder einer zugehörigen Präsentation dargestellte Geschäftsabläufe zu verfolgen oder hierin wiedergegebene Funktionen zu entwickeln oder zu veröffentlichen. Diese Publikation oder eine zugehörige Präsentation, die Strategie und etwaige künftige Entwicklungen, Produkte und/oder Plattformen der SAP SE oder ihrer Konzernunternehmen können von der SAP SE oder ihren Konzernunternehmen jederzeit und ohne Angabe von Gründen unangekündigt geändert werden. Die in dieser Publikation enthaltenen Informationen stellen keine Zusage, kein Versprechen und keine rechtliche Verpflichtung zur Lieferung von Material, Code oder Funktionen dar. Sämtliche vorausschauenden Aussagen unterliegen unterschiedlichen Risiken und Unsicherheiten, durch die die tatsächlichen Ergebnisse von den Erwartungen abweichen können. Die vorausschauenden Aussagen geben die Sicht zu dem Zeitpunkt wieder, zu dem sie getätigt wurden. Dem Leser wird empfohlen, diesen Aussagen kein übertriebenes Vertrauen zu schenken und sich bei Kaufentscheidungen nicht auf sie zu stützen.