SAP runs SAP Audit Management
Transcrição
SAP runs SAP Audit Management
SAP runs SAP Audit Management Einsatz der Audit Management Software bei SAP – Herausforderungen und Lösungen Gerhard Hafner, SAP SAP-Forum für Finanzmanagement und GRC, 13. – 14. April 2015 Public Disclaimer Die in diesem Dokument enthaltenen Informationen können ohne vorherige Ankündigung geändert werden. Dieses Dokument wird ohne jede Gewährleistung seitens SAP bezüglich der Richtigkeit, Vollständigkeit und Nutzung der enthaltenen Information und Angaben zur Verfügung gestellt. Es dient ausschließlich Informationszwecken. SAP übernimmt keine Haftung für Fehler in dem oder für die Vollständigkeit des Dokumentes, insbesondere nicht für die darin enthaltenen Informationen, Grafiken, Links oder andere Angaben und Inhalte. SAP übernimmt keine Haftung für Schäden, weder ausdrücklich noch stillschweigend, die sich aus dem Gebrauch des Dokumentes ergeben können, insbesondere nicht für die Marktgängigkeit und der Eignung für einen bestimmten Zweck sowie für die Gewährleistung der Nichtverletzung geltenden Rechts, es sei denn, dass Schäden durch Vorsatz oder grobe Fahrlässigkeit seitens SAP verursacht wurden. Hiervon umfasst sind insbesondere direkte, besondere, indirekte Schäden sowie Begleit- und Folgeschäden. © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 2 Ein Lösungsportfolio für den CFO: SAP Finance and Security Financial Planning and Analysis Accounting and Financial Close Treasury and Financial Risk Management Collaborative Finance Operations Enterprise Compliance and Security Develop and Translate Strategy Accounting Payments and Bank Communications Receivables Management Enterprise Risk Management Planning, Budgeting and Forecasting Entity Close Cash and Liquidity Management Collaborative Invoice to Pay Controls and Compliance Mgmt. Profitability and Cost Management Corporate Close Debt and Investment Management Travel Management International Trade Management Monitoring and Reporting Reporting and Disclosure Financial Risk Management Financial Shared Services Identity and Access Management Financial Close Governance Commodity Risk Management Real Estate Management Enterprise Threat Management Fraud and Audit Management © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 3 Agenda Transformation des Corporate Audit bei SAP SAP Audit Management Manage Plan Perform Communicate Monitor SAP Fraud Management Zusammenfassung © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 4 Transformation des Corporate Audit bei SAP Vision SAP Corporate Audit Vision: Corporate Audit makes: relevant contributions to SAP’s success as a trusted advisor and as a source of talent for the entire organization © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 6 The Changing Mandate of Internal Audit Strategic Advisor The pace of technological change is increasing Stakeholders are demanding greater visibility into everything on organization does Corporate Audit (Internal Audit) is expected to move beyond the compliance activities, provide strategic advice and business insight: – Provide early warnings for potential risks – Transformational Mandate – Organizational – Business process/model– Product and technology – Financials © 2015 SAP SE or an SAP affiliate company. All rights reserved. Strategic Advisor Business Insight NonNegotiable Compliance Audit skills + business knowledge + critical and strategic thinking Audit skills + additional business knowledge + critical thinking Basic audit skills, IT, baseline critical thinking Public 7 Organizational structure Chief Audit Executive (CAE) Overall Responsibility for SAP´s Internal Audit Function Strategy, Sales & Services Audit • Strategy Audits • Transaction Services • Competitive Environment • Software & Services • Partner & Ecosystem • Service & Support Delivery Compliance & Forensic Audit Financial & Operational Audit Information Systems Audit & Advisory Audit Operations Talent Rotation Program (TRP) • Prevention Audits • Detection Audits • Investigations • IP Audits • F&A • Financial Reporting • HR • Workforce • Safeguarding Assets • Information Technology • Security • Development • System Landscape • Executive Reporting • Communication & Information Platform • Central Report Review • Templates • SOX Processes • Quality Assurance • Program Strategy and Execution • Talent Performance & Development • Alignment with HR Talent and Recruiting • Successful Placement to Business © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 8 Audit process To achieve uniform audits, Corporate Audit developed the audit road map, which serves as the model for the audit process for all standard audit topics. Each phase is divided into subphases, which must be executed in a specific sequence to ensure that security and quality requirements are met. DEMAND MANAGEMENT Audit Planning System Audit Request © 2015 SAP SE or an SAP affiliate company. All rights reserved. DELIVERY REPORTING Audit Announcement Quality Review Work Program Draft Report Fieldwork Auditee Fedback Working Papers Final Report Audit File FOLLOW-UP Follow-Up Activity on Milestone Level Follow-Up Audit as required Escalation on demand Public 9 SAP required a “state of the art” Audit System State of the art User Interface based on Fiori Mobile enabled Embedded Reporting Role based authorization and approvals Highly integrated into Risk Management, Fraud Management and SAP ERP Search in unstructured data Leveraging technology: HANA Fast implementation through streamlined configuration templates © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 10 SAP Audit Management Manage Plan Perform Communicate Monitor SAP solutions: Why SAP Audit Management? Simplify Gain Insight Collaboration Automate Visualize Process Excellence Integrate Analyze Workflows Unify Monitor Audit Team © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 12 SAP Audit Management Transform audit. Move beyond assurance Monitor Manage Monitor the disposition of results reported to management Establish a risk based plan, prioritize audit activities and align with the needs of the enterprise Communicate Plan Communicate the engagements objectives, scope, conclusions, findings and recommendations Develop and document a plan for each engagement Perform Identify, analyze and document relevant information © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 13 SAP Audit Management: The Users Transform audit. Move beyond assurance Key Benefits Simple, intuitive home screen for all users One UI for all devices, e.g. PC, tablet, smart phones Role based authorization is embedded Users configure the tiles they need for their home screen by adding or subtracting from the time menu © 2015 SAP SE or an SAP affiliate company. All rights reserved. Customized tiles are supported Public 14 SAP Audit Management Manage the audit activity Establish a framework for risk assessment and prioritization Communicate plans and resource requirements Deploy and appropriate resources Report plan performance to senior management and the Board Back © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 15 SAP Audit Management Manage the audit activity Establish a framework for risk assessment and prioritization Scope Key benefits Create a plan based on a documented risk based audit universe Permits audit planning based on risks identified Allows audit to identify and assess risks directly Auditors are able to assess each risk as part of the audit planning process © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 16 SAP Audit Management Manage the audit activity Communicate plans and resource requirements Scope Key benefits Auditable items are created and prioritized Audit plans are created and approved Creates auditable items Risk rates the auditable items Establishes and communicates a risk based plan The audit universe is defined in risk terms © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 17 SAP Audit Management Manage the audit activity Deploy appropriate resources Scope Staff each engagement with appropriate resources Key benefits Supervisors look up and assign staff resources Minimizes unproductive assignments Increases audit productivity and reduces unassigned time Audit staff and roles are identified and documented © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 18 SAP Audit Management Manage the audit activity Report plan performance to senior management and the Board Scope Report on completed and planned audits Key benefits Audit management can track performance against plan Boards and senior executives can assess audit performance Graphical views allow managers to plan audits based on current plan completion and status © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 19 SAP Audit Management Engagement planning Establish engagement objectives and scope Assess relevant risks Plan appropriate and sufficient resources Develop and document engagement work program © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 20 SAP Audit Management Engagement planning Establish engagement objectives and scope Scope Key benefits Audit scope is defined Audit objectives and scope are determined for each engagement Key elements of the audit are defined Audit scope is assigned and approved in the engagement planning process © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 21 SAP Audit Management Engagement planning Assess relevant risks Scope Key benefits Relevant risks are identified in SAP Risk Management Key elements of risk register are copied into the planned audit Integration with SAP Risk Management aligns audit with the business © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 22 SAP Audit Management Engagement planning Evaluate fraud risk Scope Key benefits 1 2 3 SAP Audit Management is integrated with Fraud Management 1 Excel as a tool connecting to a Hana View e.g. for accounting 2 Suspicious invoices are identified 3 And the file uploaded to Audit Management Integration with SAP Fraud Management provides the capabilities needed to assess fraud risk © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 23 SAP Audit Management Engagement planning Plan appropriate and sufficient resources Scope Key benefits Estimate engagement time and cost © 2015 SAP SE or an SAP affiliate company. All rights reserved. Estimated resource requirements are captured Auditors are assigned to the engagement Public 24 SAP Audit Management Engagement planning Plan appropriate and sufficient resources Scope Key benefits Estimate engagement time and cost © 2015 SAP SE or an SAP affiliate company. All rights reserved. Auditor schedules are shown via a calendar Scheduling conflicts and availability is obvious at a glance Public 25 SAP Audit Management Engagement planning Develop and document engagement work program Scope Key benefits Work programs are stored in the system © 2015 SAP SE or an SAP affiliate company. All rights reserved. Auditors can select the appropriate work programs for the engagement Work programs can be shared and revised for future use Public 26 SAP Audit Management Perform the engagement Identify relevant information Perform analysis and evaluation Document engagement information Supervise the engagement Back © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 27 SAP Audit Management Perform the engagement Identify relevant information Scope Key benefits Identify sufficient, reliable, relevant and useful information Internal auditors can identify sufficient, reliable, relevant, and useful information to achieve the engagement’s objectives Audit files are secure and information may be accessed from any device © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 28 SAP Audit Management Perform the engagement Perform analysis and evaluation Scope Key benefits Allow auditors to analyze documents Internal auditors have the ability to access and analyze information from mobile devices Search capability unlocks information in audit files and makes it available for analysis and comparison © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 29 SAP Audit Management Perform the engagement Document engagement information Scope Key benefits Document relevant information to support the conclusions Complete capability for documenting and storing working papers Internal auditors can drag and drop appropriate documentation into their work papers Audio, video and other files can be captured and stored Documentation can be done using a mobile device Working paper files are indexed for easy reference © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 30 SAP Audit Management Communicate results Determine communication criteria Disseminate results Back © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 31 SAP Audit Management Communicate results Determine communication criteria Scope Key benefits Determine communication criteria A standard template is used to ensure communication criteria are established Ensures consistency in reporting Automates report preparation Reduces elapsed time to report © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 32 SAP Audit Management Communicate results Disseminate results Scope Key benefits Communicate departmental results Internal auditors create their own charts and reports on a variety of topics Ensures consistency and accuracy in reporting to audit committee and executives Reduces evaluation and monitoring effort and cost © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 33 SAP Audit Management Monitor progress Establish a follow up process to monitor management actions Monitor the disposition of consulting engagements Back © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 34 SAP Audit Management Monitor progress Establish a follow up process to monitor management actions Scope Key benefits Establish a system to monitor the disposition of results © 2015 SAP SE or an SAP affiliate company. All rights reserved. Auditors create ad hoc issues in the system Documents follow up activities Reduces evaluation and monitoring effort and cost Meets audit standards for follow up process Public 35 SAP Audit Management Monitor progress Monitor the disposition of engagements Scope Key benefits Monitor the disposition of engagements © 2015 SAP SE or an SAP affiliate company. All rights reserved. Audits and other engagements are tracked by status Completed and planned engagements shown separately Reduces manual effort and preparation time Conforms to professional standards for communication to management Public 36 SAP Audit Management powered by SAP HANA Streamline audits by leveraging technology to create, organize and share working papers Mobile capability to instantly capture audit evidence Global monitoring of findings and follow up Intuitive and user friendly interface Elevate the impact of audit efforts by using technology to provide insight on key business risks Integration with SAP Fraud Management, SAP Risk Management and SAP Process Control Configurable screens and views for better management and reporting Flexible audit universe with resource planning and scheduling Amplify the influence and value of internal audit by using next generation analytics to provide advice beyond the obvious SAP HANA in-memory database for high speed processing and total search capability SAP HANA based predictive analytics for planning, monitoring and deep analytical insights Collaborative tools to maximize continuous stakeholder engagement More information and 3 day free trial © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 37 SAP Fraud Management SAP Fraud Management powered by SAP HANA Detect fraud in real Investigate fraudulent Prevent fraud by time within business processes and by mass detection by multi-rule strategies transactions efficiently with alert management capabilities and network analyzer tool stopping fraudulent business transactions and process optimization Improve Performance by realtime calibration and simulation on current and historical data Powered by SAP HANA – high performing, configurable and scalable standard solution Link: Predefined Business Content More info and 3 day free trial © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 39 Zusammenfassung Management Summary SAP Audit Management supports transformation of Internal Audit Process Excellence of Internal Audit including Quality Assurance One source of truth Leverage latest technology including mobile enablement Integration with Fraud Management, Risk Management, Process Control © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 41 Vielen Dank! Contact information: Gerhard Hafner Chief Product Owner (Fraud, Audit, Screening) Governance Risk & Compliance Dietmar-Hopp-Allee 16 69190 Walldorf, Germany E-mail: [email protected] © 2015 SAP SE or an SAP affiliate company. All rights reserved. © 2015 SAP SE oder ein SAP-Konzernunternehmen. Alle Rechte vorbehalten. Weitergabe und Vervielfältigung dieser Publikation oder von Teilen daraus sind, zu welchem Zweck und in welcher Form auch immer, ohne die ausdrückliche schriftliche Genehmigung durch SAP SE oder ein SAP-Konzernunternehmen nicht gestattet. SAP und andere in diesem Dokument erwähnte Produkte und Dienstleistungen von SAP sowie die dazugehörigen Logos sind Marken oder eingetragene Marken der SAP SE (oder von einem SAP-Konzernunternehmen) in Deutschland und verschiedenen anderen Ländern weltweit. Weitere Hinweise und Informationen zum Markenrecht finden Sie unter http://global.sap.com/corporate-de/legal/copyright/index.epx. Die von SAP SE oder deren Vertriebsfirmen angebotenen Softwareprodukte können Softwarekomponenten auch anderer Softwarehersteller enthalten. Produkte können länderspezifische Unterschiede aufweisen. Die vorliegenden Unterlagen werden von der SAP SE oder einem SAP-Konzernunternehmen bereitgestellt und dienen ausschließlich zu Informationszwecken. Die SAP SE oder ihre Konzernunternehmen übernehmen keinerlei Haftung oder Gewährleistung für Fehler oder Unvollständigkeiten in dieser Publikation. Die SAP SE oder ein SAP-Konzernunternehmen steht lediglich für Produkte und Dienstleistungen nach der Maßgabe ein, die in der Vereinbarung über die jeweiligen Produkte und Dienstleistungen ausdrücklich geregelt ist. Keine der hierin enthaltenen Informationen ist als zusätzliche Garantie zu interpretieren. Insbesondere sind die SAP SE oder ihre Konzernunternehmen in keiner Weise verpflichtet, in dieser Publikation oder einer zugehörigen Präsentation dargestellte Geschäftsabläufe zu verfolgen oder hierin wiedergegebene Funktionen zu entwickeln oder zu veröffentlichen. Diese Publikation oder eine zugehörige Präsentation, die Strategie und etwaige künftige Entwicklungen, Produkte und/oder Plattformen der SAP SE oder ihrer Konzernunternehmen können von der SAP SE oder ihren Konzernunternehmen jederzeit und ohne Angabe von Gründen unangekündigt geändert werden. Die in dieser Publikation enthaltenen Informationen stellen keine Zusage, kein Versprechen und keine rechtliche Verpflichtung zur Lieferung von Material, Code oder Funktionen dar. Sämtliche vorausschauenden Aussagen unterliegen unterschiedlichen Risiken und Unsicherheiten, durch die die tatsächlichen Ergebnisse von den Erwartungen abweichen können. Die vorausschauenden Aussagen geben die Sicht zu dem Zeitpunkt wieder, zu dem sie getätigt wurden. Dem Leser wird empfohlen, diesen Aussagen kein übertriebenes Vertrauen zu schenken und sich bei Kaufentscheidungen nicht auf sie zu stützen. © 2015 SAP SE or an SAP affiliate company. All rights reserved. Public 43