More Related Content
Similar to Erpsapbusproc (20)
Erpsapbusproc
- 1. SAP: Business Process Controls
and AIS
Jennifer Hahn
Michael Juergens
Deloitte & Touche
ISACA Spring Conference
April 27, 1999
Presentation Outline
SAP: Business Process Controls and AIS
SAP Module Overview
s SAP Business Process Overview
s Audit Information System (AIS) Overview
s
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
2
1
- 2. SAP: Business Process Controls and AIS
SAP Module Overview
© 1999 Deloitte & Touche LLP. All rights reserved.
3
Bpcontrols.ppt
SAP R/3 Modules
SAP: Business Process Controls and AIS
SD
FI
Sales &
Distribution
Financial
Accounting
MM
PP
CO
Materials
Mgmt.
Controlling
AM
Production
Planning
R/3
QM
Quality
Management
PM
Fixed Assets
Mgmt.
Client / Server
ABAP/4
Plant Maintenance
PS
Project
System
WF
Workflow
HR
© 1999 Deloitte & Touche LLP. All rights reserved.
IS
Human
Resources
Industry
Solutions
Bpcontrols.ppt
4
2
- 3. SAP Modules - Functional Category
SAP: Business Process Controls and AIS
Functional Category
Financial Applications
Logistics Applications
s
Š FI, CO, EC, IM, TR, AM, PS
s
Logistics Applications
Š SD, MM, PM, PP, QM, LO
s
Human Resources
Financial Applications
Human Resources
Š
s
Cross Applications
PA, PD
Cross Applications
Š WF, OC, AL, CAD. DMS, ALE,
EDI, I/Net, EC
Industry Solutions
s
Industry Solutions
Š IS
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
5
Financial Accounting
SAP: Business Process Controls and AIS
q
q
Accounts Receivable
q
Accounts Payable
q
Tax and Financial
Reports
q
Special Purpose Ledger
q
FI
General Ledger
Legal Consolidations
Financial Applications. . . . . . . .
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
6
3
- 4. Controlling
SAP: Business Process Controls and AIS
q
q
Profit Center Accounting
q
Product Cost
Controlling
q
Profitability Analysis
q
Activity Cost
Management
q
CO
Cost Center Accounting
Internal Orders
Financial Applications. . . . . . . .
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
7
Fixed Asset Management
SAP: Business Process Controls and AIS
q
q
Property Values
q
Insurance Policies
q
AM
Depreciation
Capital Investment
Grants
Financial Applications. . . . . . . .
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
8
4
- 5. Project System
SAP: Business Process Controls and AIS
q
q
Work Breakdown
Structure
q
Budget Management
q
Cost and Revenue
Planning
q
PS
Project Tracking
Networks and Resources
Financial Applications. . . . . . . .
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
9
Sales and Distribution
SAP: Business Process Controls and AIS
q
q
Quotations
q
Sales Order Management
q
Pricing
q
Delivery
q
SD
Computer Aided Sales
Invoicing
Logistics Applications . . . . . . . .
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
10
5
- 6. Materials Management
SAP: Business Process Controls and AIS
q
q
Inventory Management
q
Vendor Evaluation
q
Invoice Verification
q
MM
Procurement
Warehouse Management
Logistics Applications . . . . . . . .
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
11
Production Planning
SAP: Business Process Controls and AIS
q
q
Demand Management
q
Material Requirements
Planning
q
Production Activity
Control
q
PP
Sales & Operations
Planning
Capacity Planning
Logistics Applications . . . . . . . .
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
12
6
- 7. Quality Management
SAP: Business Process Controls and AIS
q
q
Inspection Processing
q
Planning Tools
q
Quality Control
q
QM
Quality Certificates
Quality Notifications
Logistics Applications . . . . . . . .
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
13
Plant Maintenance
SAP: Business Process Controls and AIS
q
q
Equipment and Technical
Objects
q
Preventive Maintenance
q
Service Management
q
PM
Plant Maintenance
Maintenance Order
Management
Logistics Applications . . . . . . . .
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
14
7
- 8. Human Resources
SAP: Business Process Controls and AIS
q
q
Payroll, Benefits
q
Time Management
q
Planning and
Development
q
HR
Personnel
Administration
Organization
Management
Human Resources. . . . . . . .
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
15
Cross Applications
SAP: Business Process Controls and AIS
q
q
q
WF
q
q
q
q
SAP Business Workflow
SAP Office
SAP ArchiveLink
EDI
Communication
Application Link Enabled
(ALE)
Others
Cross Applications. . . . . . . .
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
16
8
- 9. Industry Solutions
SAP: Business Process Controls and AIS
q
q
q
IS
q
q
q
q
q
Banks
Hospitals
Oil Companies
Publishing Sector
Telecommunications
Retail
Utilities
Others
Industry Solutions. . . . . . . .
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
17
SAP: Business Process Controls and AIS
Basis Component Overview
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
18
9
- 10. Basis Component
SAP: Business Process Controls and AIS
q
q
Computer Center
Management System
q
Authorization Concept
q
Transport System
q
BC
ABAP/4 Development
Workbench
Database Administration
Basis Component. . . . . . . .
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
19
SAP: Business Process Controls and AIS
SAP Business Process Overview
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
20
10
- 11. SAP Business Processes
SAP: Business Process Controls and AIS
s
Over 1200 business processes defined by SAP
– Highly flexible
– Customized to fit each company
– Companies choose the business processes that they
want to implement
s
Every SAP installation is different
– It is important to have clear understanding of business
processes that are effected by the SAP implementation
– These business processes should be mapped to the
corresponding SAP modules that are implemented
© 1999 Deloitte & Touche LLP. All rights reserved.
21
Bpcontrols.ppt
Example Business Process - Sales
SAP: Business Process Controls and AIS
Product
Costing
Planning
MPS
Sales
Order
MRP
run
Planned
Order
Production
Order
Goods
Issue
Raw
Purchase
Requisition
Profitability
Analysis
Delivery
Goods
Receipt
Billing
Goods
Issue
Finished
Goods
Receipt
Vendor
Modules
s MM
Customer
G/L Account
Material
Customer
Payment
s PP
Purchase
Order
© 1999 Deloitte & Touche LLP. All rights reserved.
Invoice
Receipt
Bpcontrols.ppt
Vendor
Payment
s SD
s FI/CO
22
11
- 12. SAP: Business Process Controls and AIS
Linking SAP Modules, Business
Processes and Audit
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
23
Audit Challenges
SAP: Business Process Controls and AIS
s
SAP Modules
– Three Main Functional Categories
– Multitude of Modules
– Multitude of Sub-Modules
s
SAP Business Processes
– 1200+ Processes
s
Audit Processes
– Business Process Cycles
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
24
12
- 13. Linking Audit Cycles to SAP Modules
SAP: Business Process Controls and AIS
Audit Business Cycles
SAP Module Functional Category
Treasury
Fixed Assets
Expenditure
Revenue
Financial Applications
Logistics Applications
Inventory
Management
Payroll and
Personnel
Human Resources
Basis Component
Cross Applications
Industry Solutions
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
25
SAP: Business Process Controls and AIS
Audit Information System (AIS)
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
26
13
- 14. AIS - History and Background
SAP: Business Process Controls and AIS
s
Requested by
– Internal Auditors,
– External Auditors, and
– Company Management
s
s
Designed by SAP in response to requirements for
a tool to find, evaluate and download information
from SAP easily
Includes:
– Audit Report Tree (transaction code: SECR)
– Report tree includes Systems and Financial audit tasks, reports
and tests for additional modules are under development
– Evaluation and notes can be entered into the specific tasks to
monitor progress of tasks
© 1999 Deloitte & Touche LLP. All rights reserved.
27
Bpcontrols.ppt
AIS - History and Background
SAP: Business Process Controls and AIS
s
s
© 1999 Deloitte & Touche LLP. All rights reserved.
To provide company specific, individual
selection and preparation of data needs
and requirements for reporting and
review
s
SAP - DB
The goal is improvement of audit quality
through real-time auditing
s
A
To provide a mechanism and structure
for collection, and presentation of
standard SAP reporting
To provide the ability to download data
into flat files for analysis with external
tools
IS
–
–
–
–
Bpcontrols.ppt
AuditAgent
ACL
IDEA
Baetge
28
14
- 15. What is AIS?
SAP: Business Process Controls and AIS
s
s
s
s
s
s
A collection of SAP reports / queries based on a
reporting tree
A tool for auditing an SAP system
Utilizes existing SAP functionality
Designed to rationalize and facilitate the audit
process
Organizes all audit related activities under one
umbrella
Aims to improve the quality of an audit
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
29
What does AIS do?
SAP: Business Process Controls and AIS
© 1998 SAP AG. All rights reserved.
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
30
15
- 16. What does AIS do?
SAP: Business Process Controls and AIS
© 1998 SAP AG. All rights reserved.
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
31
AIS Features and Functions
SAP: Business Process Controls and AIS
s
s
s
s
s
Tool for performing both System and Business
Audits
Provides auditors with the ability to document and
monitor the progress of an audit
Reports and queries can be customized for each
user
Allows auditors to evaluate information or
download data to be used by CAAT tools such as
ACL
Different views allow external auditors (both
financial and systems auditors) and internal
auditors to use the system simultaneously
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
32
16
- 17. AIS - System Audits
SAP: Business Process Controls and AIS
s
Using the AIS System Audit tree users can:
–
–
–
–
–
–
–
–
–
Review system configuration settings
Review parameters settings
Monitor operations
Review various logs
Review background processing
Review security settings
Perform user security audits
Review transport related activities
Review print and spool administration
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
33
AIS - Business Audits
SAP: Business Process Controls and AIS
s
Using the AIS Business Audit tree users can:
–
–
–
–
–
Perform various audit related queries
Produce various audit related reports
Review organization structure
Review document structure, ranges, posting keys etc.
Review client setup (number of accounts, assets,
customers, vendors, materials etc.)
– Review chart of accounts
– Produce financial reports (balance sheets, P&L, ratio
analysis etc.)
– Review account balances
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
34
17
- 18. Audit Status Analysis
SAP: Business Process Controls and AIS
s
AIS uses Status Analysis functionality to:
– Summarize, maintain and monitor details of the audit
progress of specific testing, and for audit management
– Easily and quickly identify problem areas
– Document results of tests offering drill-down
functionality
– Notes exist in SAP R/3 version 3.1G+
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
35
Audit Status Analysis
SAP: Business Process Controls and AIS
s
Status Analysis functionality and capabilities
improves the ability of Audit management to track
tasks performed within SAP:
– Percentage of completed audit steps for an audit
objective via traffic lights:
– Creation of separate documentation for the node of
each separate user view
– Ability to identify the number of views a node is
assigned to, with the associated status of completion
for each view
– Tracking of changes made to the notes to a
responsible person
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
36
18
- 19. Audit Status Analysis
SAP: Business Process Controls and AIS
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
37
Audit Report Tree
SAP: Business Process Controls and AIS
s
The audit report tree contains two standard views:
– Financial Audit (AUDIT_FI)
– Systems Audit (AUDIT_SECR)
s
Each view contains:
– Auditing procedures and documentation tools
– Audit evaluations (including data and key controls
within the configuration)
– Data download tools through links to Data Analysis
Tools, such as ACL (automated) or IDEA (through
Monarch)
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
38
19
- 20. Audit Report Tree
SAP: Business Process Controls and AIS
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
39
AIS and SAP versions
SAP: Business Process Controls and AIS
s
Versions 3.1I and 4.5B+
– An integral part of the SAP Basis Component
s
Only works on certain releases of R/3
–
–
–
–
s
3.0D, 3.0E, 3.0F
3.1G, 3.1H, 3.1I
4.0A, 4.0B, 4.0C
4.5A, 4.5B, 4.6A
Not all functions are available in each version, as
functionality is based on the release level
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
40
20
- 21. AIS - Relevant OSS Notes
SAP: Business Process Controls and AIS
s
Online System Support (OSS) Notes:
– 13719 - Transport Files to load AIS onto SAP for
versions 3.0D on
– 41475 - Copying report variants between clients
– 77503 - AIS Overview, Auditor’s configuration of Views,
Variants and Ratios
– 85344 - Performance concerns when AIS is installed
– 100609 - Basis Installation Steps
– 128256 - Missing English Texts
– 129170 - Download of Query Data
– 133914 - Conversion of drill-down reports
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
41
SAP: Business Process Controls and AIS
AIS Business Case
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
42
21
- 22. AIS Advantages
SAP: Business Process Controls and AIS
s
s
s
s
s
s
s
s
s
Centralized auditing
Continuous auditing
Teaming of internal and external audit efforts
More efficient use of time
One report tree
Simplify data extraction
Potential to have all SAP reports in AIS only
Custom views
AIS is free
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
43
AIS Disadvantages
SAP: Business Process Controls and AIS
s
s
s
s
s
s
s
s
s
Variant review after every SAP upgrade
Reports must be configured
SAP knowledge required to interpret results
Over auditing
Under auditing
Access to SAP
Auditability of the Financial (FI) module Only
Reliance on the SAP system is assumed
AIS is not mature
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
44
22
- 23. Questions and Information
SAP: Business Process Controls and AIS
Presenter Information:
Jennifer Hahn
714-436-7171
Michael Juergens
714-436-7276
© 1999 Deloitte & Touche LLP. All rights reserved.
Bpcontrols.ppt
45
23