Erpsapbusproc

1

SAP: Business Process Controlsand AIS

Jennifer Hahn

Michael Juergens

Deloitte & Touche

ISACA Spring Conference

April 27, 1999

2© 1999 Deloitte & Touche LLP. All rights reserved. Bpcontrols.ppt

SAP: Business Process Controls and AIS

Presentation Outline

■ SAP Module Overview■ SAP Business Process Overview■ Audit Information System (AIS) Overview

2



SAP Module Overview



R/3Client / Server

ABAP/4

FIFinancial

Accounting

COControlling

AMFixed Assets

Mgmt.

PSProjectSystem

WFWorkflow

ISIndustry

Solutions

MMMaterials

Mgmt.

HRHuman

Resources

SDSales &

Distribution

PPProductionPlanning

QMQuality

Manage-ment PM

Plant Main-tenance

SAP R/3 Modules

3



SAP Modules - Functional Category

■ Financial Applications� FI, CO, EC, IM, TR, AM, PS

■ Logistics Applications� SD, MM, PM, PP, QM, LO

■ Human Resources� PA, PD

■ Cross Applications� WF, OC, AL, CAD. DMS, ALE,

EDI, I/Net, EC

■ Industry Solutions� IS

Financial Applications

Logistics Applications

Human Resources

Industry Solutions

Functional Category

Cross Applications



Financial Accounting

● General Ledger

● Accounts Receivable

● Accounts Payable

● Tax and FinancialReports

● Special Purpose Ledger

● Legal Consolidations

FI

Financial Applications. . . . . . . .

4



Controlling

● Cost Center Accounting

● Profit Center Accounting

● Product CostControlling

● Profitability Analysis

● Activity CostManagement

● Internal Orders

CO




Fixed Asset Management

● Depreciation

● Property Values

● Insurance Policies

● Capital InvestmentGrants

AM


5



Project System

● Project Tracking

● Work BreakdownStructure

● Budget Management

● Cost and RevenuePlanning

● Networks and Resources

PS




Sales and Distribution

● Computer Aided Sales

● Quotations

● Sales Order Management

● Pricing

● Delivery

● Invoicing

SD

Logistics Applications . . . . . . . .

6



Materials Management

● Procurement

● Inventory Management

● Vendor Evaluation

● Invoice Verification

● Warehouse Management

MM




Production Planning

● Sales & OperationsPlanning

● Demand Management

● Material RequirementsPlanning

● Production ActivityControl

● Capacity Planning

PP


7



Quality Management

● Quality Certificates

● Inspection Processing

● Planning Tools

● Quality Control

● Quality Notifications

QM




Plant Maintenance

● Plant Maintenance

● Equipment and TechnicalObjects

● Preventive Maintenance

● Service Management

● Maintenance OrderManagement

PM


8



Human Resources

● PersonnelAdministration

● Payroll, Benefits

● Time Management

● Planning andDevelopment

● OrganizationManagement

HR

Human Resources. . . . . . . .



Cross Applications

● SAP Business Workflow● SAP Office● SAP ArchiveLink● EDI● Communication● Application Link Enabled

(ALE)● Others

WF

Cross Applications. . . . . . . .

9



Industry Solutions

● Banks● Hospitals● Oil Companies● Publishing Sector● Telecommunications● Retail● Utilities● Others

IS

Industry Solutions. . . . . . . .



Basis Component Overview

10



Basis Component

BC

Basis Component. . . . . . . .

● ABAP/4 DevelopmentWorkbench

● Computer CenterManagement System

● Authorization Concept

● Transport System

● Database Administration



SAP Business Process Overview

11



SAP Business Processes

■ Over 1200 business processes defined by SAP– Highly flexible– Customized to fit each company– Companies choose the business processes that they

want to implement

■ Every SAP installation is different– It is important to have clear understanding of business

processes that are effected by the SAP implementation– These business processes should be mapped to the

corresponding SAP modules that are implemented



Example Business Process - Sales

SalesOrder

MRPrun

PlanningMPS

PlannedOrder

PurchaseRequisition

ProductionOrder

Delivery BillingCustomerPayment

PurchaseOrder

InvoiceReceipt

VendorPayment

GoodsIssue

GoodsReceipt

GoodsReceipt

GoodsIssue

ProductCosting

ProfitabilityAnalysis

Raw Finished

Vendor

Customer

Material

G/L Account

Modules

■ MM

■ PP

■ SD

■ FI/CO

12



Linking SAP Modules, Business Processes and Audit



Audit Challenges

■ SAP Modules– Three Main Functional Categories– Multitude of Modules– Multitude of Sub-Modules

■ SAP Business Processes– 1200+ Processes

■ Audit Processes– Business Process Cycles

13



Linking Audit Cycles to SAP Modules

Expenditure

Fixed Assets

Inventory Management

Payroll and Personnel

Revenue

TreasuryFinancial Applications

Logistics Applications

Human Resources

Cross Applications

Industry Solutions

Audit Business Cycles

Basis Component

SAP Module Functional Category



Audit Information System (AIS)

14



AIS - History and Background

■ Requested by– Internal Auditors,– External Auditors, and– Company Management

■ Designed by SAP in response to requirements fora tool to find, evaluate and download informationfrom SAP easily

■ Includes:– Audit Report Tree (transaction code: SECR)– Report tree includes Systems and Financial audit tasks, reports

and tests for additional modules are under development– Evaluation and notes can be entered into the specific tasks to

monitor progress of tasks



AIS - History and Background

■ To provide a mechanism and structurefor collection, and presentation ofstandard SAP reporting

■ The goal is improvement of audit qualitythrough real-time auditing

■ To provide company specific, individualselection and preparation of data needsand requirements for reporting andreview

■ To provide the ability to download datainto flat files for analysis with externaltools

– AuditAgent– ACL– IDEA– Baetge

A I S

SAP - DB

15



What is AIS?

■ A collection of SAP reports / queries based on areporting tree

■ A tool for auditing an SAP system

■ Utilizes existing SAP functionality

■ Designed to rationalize and facilitate the auditprocess

■ Organizes all audit related activities under oneumbrella

■ Aims to improve the quality of an audit



What does AIS do?

© 1998 SAP AG. All rights reserved.

16



What does AIS do?

© 1998 SAP AG. All rights reserved.



AIS Features and Functions

■ Tool for performing both System and BusinessAudits

■ Provides auditors with the ability to document andmonitor the progress of an audit

■ Reports and queries can be customized for eachuser

■ Allows auditors to evaluate information ordownload data to be used by CAAT tools such asACL

■ Different views allow external auditors (bothfinancial and systems auditors) and internalauditors to use the system simultaneously

17



AIS - System Audits

■ Using the AIS System Audit tree users can:– Review system configuration settings– Review parameters settings– Monitor operations– Review various logs– Review background processing– Review security settings– Perform user security audits– Review transport related activities– Review print and spool administration



AIS - Business Audits

■ Using the AIS Business Audit tree users can:– Perform various audit related queries– Produce various audit related reports– Review organization structure– Review document structure, ranges, posting keys etc.– Review client setup (number of accounts, assets,

customers, vendors, materials etc.)– Review chart of accounts– Produce financial reports (balance sheets, P&L, ratio

analysis etc.)– Review account balances

18



Audit Status Analysis

■ AIS uses Status Analysis functionality to:– Summarize, maintain and monitor details of the audit

progress of specific testing, and for audit management– Easily and quickly identify problem areas– Document results of tests offering drill-down

functionality– Notes exist in SAP R/3 version 3.1G+




■ Status Analysis functionality and capabilitiesimproves the ability of Audit management to tracktasks performed within SAP:– Percentage of completed audit steps for an audit

objective via traffic lights:– Creation of separate documentation for the node of

each separate user view– Ability to identify the number of views a node is

assigned to, with the associated status of completionfor each view

– Tracking of changes made to the notes to aresponsible person

19






Audit Report Tree

■ The audit report tree contains two standard views:– Financial Audit (AUDIT_FI)– Systems Audit (AUDIT_SECR)

■ Each view contains:– Auditing procedures and documentation tools– Audit evaluations (including data and key controls

within the configuration)– Data download tools through links to Data Analysis

Tools, such as ACL (automated) or IDEA (throughMonarch)

20



Audit Report Tree



AIS and SAP versions

■ Versions 3.1I and 4.5B+– An integral part of the SAP Basis Component

■ Only works on certain releases of R/3– 3.0D, 3.0E, 3.0F– 3.1G, 3.1H, 3.1I– 4.0A, 4.0B, 4.0C– 4.5A, 4.5B, 4.6A

■ Not all functions are available in each version, asfunctionality is based on the release level

21



AIS - Relevant OSS Notes

■ Online System Support (OSS) Notes:– 13719 - Transport Files to load AIS onto SAP for

versions 3.0D on– 41475 - Copying report variants between clients– 77503 - AIS Overview, Auditor’s configuration of Views,

Variants and Ratios– 85344 - Performance concerns when AIS is installed– 100609 - Basis Installation Steps– 128256 - Missing English Texts– 129170 - Download of Query Data– 133914 - Conversion of drill-down reports



AIS Business Case

22



AIS Advantages

■ Centralized auditing

■ Continuous auditing

■ Teaming of internal and external audit efforts

■ More efficient use of time

■ One report tree

■ Simplify data extraction

■ Potential to have all SAP reports in AIS only

■ Custom views

■ AIS is free



AIS Disadvantages

■ Variant review after every SAP upgrade

■ Reports must be configured

■ SAP knowledge required to interpret results

■ Over auditing

■ Under auditing

■ Access to SAP

■ Auditability of the Financial (FI) module Only

■ Reliance on the SAP system is assumed

■ AIS is not mature

23



Questions and Information

Presenter Information:Jennifer Hahn714-436-7171Michael Juergens714-436-7276

Erpsapbusproc

Documents

Transcript of Erpsapbusproc