Read Microsoft PowerPoint - SAPBusProc.PPT text version

SAP: Business Process Controls and AIS

Jennifer Hahn Michael Juergens Deloitte & Touche ISACA Spring Conference April 27, 1999

Presentation Outline

SAP: Business Process Controls and AIS

SAP Module Overview s SAP Business Process Overview s Audit Information System (AIS) Overview

s

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

2

1

SAP: Business Process Controls and AIS

SAP Module Overview

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

3

SAP R/3 Modules

SAP: Business Process Controls and AIS

SD

Sales & Distribution

FI

Financial Accounting

MM PP

Materials Mgmt. Production Planning

CO

Controlling

AM

R/3

Client / Server ABAP/4

HR IS

Industry Solutions

Fixed Assets Mgmt.

QM

Quality Management

PS

Project System

PM

Plant Maintenance

WF

Workflow

Human Resources

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

4

2

SAP Modules - Functional Category

SAP: Business Process Controls and AIS

Functional Category

s s s s

Financial Applications Logistics Applications Human Resources Cross Applications Industry Solutions

Financial Applications

FI, CO, EC, IM, TR, AM, PS

Logistics Applications

SD, MM, PM, PP, QM, LO

Human Resources

PA, PD

Cross Applications

WF, OC, AL, CAD. DMS, ALE,

EDI, I/Net, EC s

Industry Solutions

IS

5

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

Financial Accounting

SAP: Business Process Controls and AIS

q q

General Ledger Accounts Receivable Accounts Payable Tax and Financial Reports Special Purpose Ledger Legal Consolidations

FI

q q

q q

Financial Applications. . . . . . . .

© 1999 Deloitte & Touche LLP. All rights reserved. Bpcontrols.ppt

6

3

Controlling

SAP: Business Process Controls and AIS

q q

Cost Center Accounting Profit Center Accounting Product Cost Controlling Profitability Analysis Activity Cost Management Internal Orders

CO

q

q q

q

Financial Applications. . . . . . . .

© 1999 Deloitte & Touche LLP. All rights reserved. Bpcontrols.ppt

7

Fixed Asset Management

SAP: Business Process Controls and AIS

q q q q

Depreciation Property Values Insurance Policies Capital Investment Grants

AM

Financial Applications. . . . . . . .

© 1999 Deloitte & Touche LLP. All rights reserved. Bpcontrols.ppt

8

4

Project System

SAP: Business Process Controls and AIS

q q

Project Tracking Work Breakdown Structure Budget Management Cost and Revenue Planning Networks and Resources

PS

q q

q

Financial Applications. . . . . . . .

© 1999 Deloitte & Touche LLP. All rights reserved. Bpcontrols.ppt

9

Sales and Distribution

SAP: Business Process Controls and AIS

q q

Computer Aided Sales Quotations Sales Order Management Pricing Delivery Invoicing

SD

q q q q

Logistics Applications . . . . . . . .

© 1999 Deloitte & Touche LLP. All rights reserved. Bpcontrols.ppt

10

5

Materials Management

SAP: Business Process Controls and AIS

q q q q q

Procurement Inventory Management Vendor Evaluation Invoice Verification Warehouse Management

MM

Logistics Applications . . . . . . . .

© 1999 Deloitte & Touche LLP. All rights reserved. Bpcontrols.ppt

11

Production Planning

SAP: Business Process Controls and AIS

q

Sales & Operations Planning Demand Management Material Requirements Planning Production Activity Control Capacity Planning

q

PP

q

q

q

Logistics Applications . . . . . . . .

© 1999 Deloitte & Touche LLP. All rights reserved. Bpcontrols.ppt

12

6

Quality Management

SAP: Business Process Controls and AIS

q

Quality Certificates Inspection Processing Planning Tools Quality Control Quality Notifications

QM

q q q q

Logistics Applications . . . . . . . .

© 1999 Deloitte & Touche LLP. All rights reserved. Bpcontrols.ppt

13

Plant Maintenance

SAP: Business Process Controls and AIS

q q

Plant Maintenance Equipment and Technical Objects Preventive Maintenance Service Management Maintenance Order Management

PM

q q q

Logistics Applications . . . . . . . .

© 1999 Deloitte & Touche LLP. All rights reserved. Bpcontrols.ppt

14

7

Human Resources

SAP: Business Process Controls and AIS

q

Personnel Administration Payroll, Benefits Time Management Planning and Development Organization Management

q

HR

q q

q

Human Resources. . . . . . . .

© 1999 Deloitte & Touche LLP. All rights reserved. Bpcontrols.ppt

15

Cross Applications

SAP: Business Process Controls and AIS

q q q

WF

q q q

q

SAP Business Workflow SAP Office SAP ArchiveLink EDI Communication Application Link Enabled (ALE) Others

Cross Applications. . . . . . . .

© 1999 Deloitte & Touche LLP. All rights reserved. Bpcontrols.ppt

16

8

Industry Solutions

SAP: Business Process Controls and AIS

q q q

IS

q q q q q

Banks Hospitals Oil Companies Publishing Sector Telecommunications Retail Utilities Others

Industry Solutions. . . . . . . .

© 1999 Deloitte & Touche LLP. All rights reserved. Bpcontrols.ppt

17

SAP: Business Process Controls and AIS

Basis Component Overview

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

18

9

Basis Component

SAP: Business Process Controls and AIS

q

ABAP/4 Development Workbench Computer Center Management System Authorization Concept Transport System Database Administration

BC

q

q q q

Basis Component. . . . . . . .

© 1999 Deloitte & Touche LLP. All rights reserved. Bpcontrols.ppt

19

SAP: Business Process Controls and AIS

SAP Business Process Overview

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

20

10

SAP Business Processes

SAP: Business Process Controls and AIS

s

Over 1200 business processes defined by SAP

­ Highly flexible ­ Customized to fit each company ­ Companies choose the business processes that they want to implement

s

Every SAP installation is different

­ It is important to have clear understanding of business processes that are effected by the SAP implementation ­ These business processes should be mapped to the corresponding SAP modules that are implemented

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

21

Example Business Process - Sales

SAP: Business Process Controls and AIS

Product Costing Profitability Analysis

Planning MPS

Sales Order

MRP run

Planned Order

Production Order

Delivery

Billing

Customer Payment

Goods Issue

Goods Receipt

Goods Issue

Purchase Requisition

Raw

Goods Receipt

Finished

Modules s MM s PP

Vendor Customer G/L Account Material

Purchase Order

Invoice Receipt

Vendor Payment

s SD s FI/CO

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

22

11

SAP: Business Process Controls and AIS

Linking SAP Modules, Business Processes and Audit

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

23

Audit Challenges

SAP: Business Process Controls and AIS

s

SAP Modules

­ Three Main Functional Categories ­ Multitude of Modules ­ Multitude of Sub-Modules

s

SAP Business Processes

­ 1200+ Processes

s

Audit Processes

­ Business Process Cycles

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

24

12

Linking Audit Cycles to SAP Modules

SAP: Business Process Controls and AIS

Audit Business Cycles Treasury Fixed Assets Expenditure Revenue Inventory Management Payroll and Personnel

SAP Module Functional Category Financial Applications

Logistics Applications

Human Resources

Basis Component Cross Applications Industry Solutions

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

25

SAP: Business Process Controls and AIS

Audit Information System (AIS)

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

26

13

AIS - History and Background

SAP: Business Process Controls and AIS

s

Requested by

­ Internal Auditors, ­ External Auditors, and ­ Company Management

s

s

Designed by SAP in response to requirements for a tool to find, evaluate and download information from SAP easily Includes:

­ Audit Report Tree (transaction code: SECR) ­ Report tree includes Systems and Financial audit tasks, reports and tests for additional modules are under development ­ Evaluation and notes can be entered into the specific tasks to monitor progress of tasks

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

27

AIS - History and Background

SAP: Business Process Controls and AIS

s

To provide a mechanism and structure for collection, and presentation of standard SAP reporting The goal is improvement of audit quality through real-time auditing To provide company specific, individual selection and preparation of data needs and requirements for reporting and review To provide the ability to download data into flat files for analysis with external tools

­ ­ ­ ­ AuditAgent ACL IDEA Baetge

s

s

A

IS

s

SAP - DB

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

28

14

What is AIS?

SAP: Business Process Controls and AIS

s

s s s

s

s

A collection of SAP reports / queries based on a reporting tree A tool for auditing an SAP system Utilizes existing SAP functionality Designed to rationalize and facilitate the audit process Organizes all audit related activities under one umbrella Aims to improve the quality of an audit

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

29

What does AIS do?

SAP: Business Process Controls and AIS

© 1998 SAP AG. All rights reserved. © 1999 Deloitte & Touche LLP. All rights reserved. Bpcontrols.ppt

30

15

What does AIS do?

SAP: Business Process Controls and AIS

© 1998 SAP AG. All rights reserved. © 1999 Deloitte & Touche LLP. All rights reserved. Bpcontrols.ppt

31

AIS Features and Functions

SAP: Business Process Controls and AIS

s s s s

s

Tool for performing both System and Business Audits Provides auditors with the ability to document and monitor the progress of an audit Reports and queries can be customized for each user Allows auditors to evaluate information or download data to be used by CAAT tools such as ACL Different views allow external auditors (both financial and systems auditors) and internal auditors to use the system simultaneously

Bpcontrols.ppt

© 1999 Deloitte & Touche LLP. All rights reserved.

32

16

AIS - System Audits

SAP: Business Process Controls and AIS

s

Using the AIS System Audit tree users can:

­ ­ ­ ­ ­ ­ ­ ­ ­ Review system configuration settings Review parameters settings Monitor operations Review various logs Review background processing Review security settings Perform user security audits Review transport related activities Review print and spool administration

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

33

AIS - Business Audits

SAP: Business Process Controls and AIS

s

Using the AIS Business Audit tree users can:

­ ­ ­ ­ ­ Perform various audit related queries Produce various audit related reports Review organization structure Review document structure, ranges, posting keys etc. Review client setup (number of accounts, assets, customers, vendors, materials etc.) ­ Review chart of accounts ­ Produce financial reports (balance sheets, P&L, ratio analysis etc.) ­ Review account balances

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

34

17

Audit Status Analysis

SAP: Business Process Controls and AIS

s

AIS uses Status Analysis functionality to:

­ Summarize, maintain and monitor details of the audit progress of specific testing, and for audit management ­ Easily and quickly identify problem areas ­ Document results of tests offering drill-down functionality ­ Notes exist in SAP R/3 version 3.1G+

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

35

Audit Status Analysis

SAP: Business Process Controls and AIS

s

Status Analysis functionality and capabilities improves the ability of Audit management to track tasks performed within SAP:

­ Percentage of completed audit steps for an audit objective via traffic lights: ­ Creation of separate documentation for the node of each separate user view ­ Ability to identify the number of views a node is assigned to, with the associated status of completion for each view ­ Tracking of changes made to the notes to a responsible person

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

36

18

Audit Status Analysis

SAP: Business Process Controls and AIS

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

37

Audit Report Tree

SAP: Business Process Controls and AIS

s

The audit report tree contains two standard views:

­ Financial Audit (AUDIT_FI) ­ Systems Audit (AUDIT_SECR)

s

Each view contains:

­ Auditing procedures and documentation tools ­ Audit evaluations (including data and key controls within the configuration) ­ Data download tools through links to Data Analysis Tools, such as ACL (automated) or IDEA (through Monarch)

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

38

19

Audit Report Tree

SAP: Business Process Controls and AIS

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

39

AIS and SAP versions

SAP: Business Process Controls and AIS

s

Versions 3.1I and 4.5B+

­ An integral part of the SAP Basis Component

s

Only works on certain releases of R/3

­ ­ ­ ­ 3.0D, 3.0E, 3.0F 3.1G, 3.1H, 3.1I 4.0A, 4.0B, 4.0C 4.5A, 4.5B, 4.6A

s

Not all functions are available in each version, as functionality is based on the release level

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

40

20

AIS - Relevant OSS Notes

SAP: Business Process Controls and AIS

s

Online System Support (OSS) Notes:

­ 13719 - Transport Files to load AIS onto SAP for versions 3.0D on ­ 41475 - Copying report variants between clients ­ 77503 - AIS Overview, Auditor's configuration of Views, Variants and Ratios ­ 85344 - Performance concerns when AIS is installed ­ 100609 - Basis Installation Steps ­ 128256 - Missing English Texts ­ 129170 - Download of Query Data ­ 133914 - Conversion of drill-down reports

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

41

SAP: Business Process Controls and AIS

AIS Business Case

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

42

21

AIS Advantages

SAP: Business Process Controls and AIS

s s s s s s s s s

Centralized auditing Continuous auditing Teaming of internal and external audit efforts More efficient use of time One report tree Simplify data extraction Potential to have all SAP reports in AIS only Custom views AIS is free

Bpcontrols.ppt

© 1999 Deloitte & Touche LLP. All rights reserved.

43

AIS Disadvantages

SAP: Business Process Controls and AIS

s s s s s s s s s

Variant review after every SAP upgrade Reports must be configured SAP knowledge required to interpret results Over auditing Under auditing Access to SAP Auditability of the Financial (FI) module Only Reliance on the SAP system is assumed AIS is not mature

Bpcontrols.ppt

© 1999 Deloitte & Touche LLP. All rights reserved.

44

22

Questions and Information

SAP: Business Process Controls and AIS

Presenter Information:

Jennifer Hahn 714-436-7171 Michael Juergens 714-436-7276

© 1999 Deloitte & Touche LLP. All rights reserved.

Bpcontrols.ppt

45

23

Information

Microsoft PowerPoint - SAPBusProc.PPT

23 pages

Find more like this

Report File (DMCA)

Our content is added by our users. We aim to remove reported files within 1 working day. Please use this link to notify us:

Report this file as copyright or inappropriate

553783


You might also be interested in

BETA
Microsoft Word - GHVMLS Exclusive Right to Rent.doc
Microsoft Word - MMI Lending Manual.doc
200907.pub
Wal-Mart 2008 Associate Benefits Book