SAP runs SAP Audit Management

Transcrição

SAP runs SAP Audit Management
Einsatz der Audit Management Software bei SAP – Herausforderungen und Lösungen
Gerhard Hafner, SAP
SAP-Forum für Finanzmanagement und GRC, 13. – 14. April 2015
Public
Disclaimer
Die in diesem Dokument enthaltenen Informationen können ohne vorherige Ankündigung geändert
werden. Dieses Dokument wird ohne jede Gewährleistung seitens SAP bezüglich der Richtigkeit,
Vollständigkeit und Nutzung der enthaltenen Information und Angaben zur Verfügung gestellt. Es dient
ausschließlich Informationszwecken. SAP übernimmt keine Haftung für Fehler in dem oder für die
Vollständigkeit des Dokumentes, insbesondere nicht für die darin enthaltenen Informationen, Grafiken,
Links oder andere Angaben und Inhalte. SAP übernimmt keine Haftung für Schäden, weder
ausdrücklich noch stillschweigend, die sich aus dem Gebrauch des Dokumentes ergeben können,
insbesondere nicht für die Marktgängigkeit und der Eignung für einen bestimmten Zweck sowie für die
Gewährleistung der Nichtverletzung geltenden Rechts, es sei denn, dass Schäden durch Vorsatz oder
grobe Fahrlässigkeit seitens SAP verursacht wurden. Hiervon umfasst sind insbesondere direkte,
besondere, indirekte Schäden sowie Begleit- und Folgeschäden.
© 2015 SAP SE or an SAP affiliate company. All rights reserved.
Public
2
Ein Lösungsportfolio für den CFO: SAP Finance and Security
Financial
Planning and
Analysis
Accounting and
Financial Close
Treasury and
Financial Risk
Management
Collaborative
Finance
Operations
Enterprise
Compliance
and Security
Develop and
Translate Strategy
Accounting
Payments and Bank
Communications
Receivables
Management
Enterprise Risk
Management
Planning, Budgeting
and Forecasting
Entity Close
Cash and Liquidity
Management
Collaborative
Invoice to Pay
Controls and
Compliance Mgmt.
Profitability and
Cost Management
Corporate Close
Debt and Investment
Management
Travel Management
International Trade
Management
Monitoring and
Reporting
Reporting and
Disclosure
Financial Risk
Management
Financial Shared
Services
Identity and Access
Management
Financial Close
Governance
Commodity Risk
Management
Real Estate
Management
Enterprise Threat
Management
Fraud and Audit
Management
Public
3
Agenda
Transformation des Corporate Audit bei SAP
SAP Audit Management
 Manage
 Plan
 Perform
 Communicate
 Monitor
SAP Fraud Management
Zusammenfassung
Public
4
Transformation des Corporate
Audit bei SAP
Vision
SAP Corporate Audit Vision:
Corporate Audit makes:
relevant contributions to SAP’s success
as a trusted advisor and
as a source of talent for the entire organization
Public
6
The Changing Mandate of Internal Audit
Strategic Advisor
 The pace of technological change is increasing
 Stakeholders are demanding greater visibility into
everything on organization does
 Corporate Audit (Internal Audit) is expected to move
beyond the compliance activities, provide strategic
advice and business insight:
– Provide early warnings for potential risks
– Transformational
Mandate
– Organizational
– Business process/model– Product and technology
– Financials
Strategic
Advisor
Business
Insight
NonNegotiable
Compliance
Audit skills + business
knowledge + critical and
strategic thinking
Audit skills +
additional business
knowledge + critical
thinking
Basic audit skills, IT,
baseline critical
thinking
Public
7
Organizational structure
Chief Audit Executive (CAE)
Overall Responsibility for SAP´s Internal Audit Function
Strategy, Sales
& Services Audit
• Strategy Audits
• Transaction
Services
• Competitive
Environment
• Software &
Services
• Partner &
Ecosystem
• Service &
Support Delivery
Compliance &
Forensic Audit
Financial &
Operational
Audit
Information
Systems Audit
& Advisory
Audit
Operations
Talent Rotation
Program (TRP)
• Prevention
Audits
• Detection Audits
• Investigations
• IP Audits
• F&A
• Financial
Reporting
• HR
• Workforce
• Safeguarding
Assets
• Information
Technology
• Security
• Development
• System
Landscape
• Executive
Reporting
• Communication
& Information
Platform
• Central Report
Review
• Templates
• SOX Processes
• Quality
Assurance
• Program
Strategy and
Execution
• Talent
Performance &
Development
• Alignment with
HR Talent and
Recruiting
• Successful
Placement to
Business
Public
8
Audit process
 To achieve uniform audits, Corporate Audit developed the audit road map, which serves
as the model for the audit process for all standard audit topics.
 Each phase is divided into subphases, which must be executed in a specific sequence to
ensure that security and quality requirements are met.
DEMAND
MANAGEMENT
Audit Planning System
Audit Request
DELIVERY
REPORTING
Audit Announcement
Quality Review
Work Program
Draft Report
Fieldwork
Auditee Fedback
Working Papers
Final Report
Audit
File
FOLLOW-UP
Follow-Up
Activity on
Milestone Level
Follow-Up
Audit
as required
Escalation on demand
Public
9
SAP required a “state of the art” Audit System
 State of the art User Interface based
on Fiori
 Mobile enabled
 Embedded Reporting
 Role based authorization and approvals
 Highly integrated into Risk Management,
Fraud Management and SAP ERP
 Search in unstructured data
 Leveraging technology: HANA
 Fast implementation through streamlined
configuration templates
Public
10





Manage
Plan
Perform
Communicate
Monitor
SAP solutions: Why SAP Audit Management?
Simplify
Gain Insight
Collaboration
Automate
Visualize
Process Excellence
Integrate
Analyze
Workflows
Unify
Monitor
Audit Team
Public
12
Transform audit. Move beyond assurance
Monitor
Manage
Monitor the disposition of
results reported to
management
Establish a risk based plan,
prioritize audit activities and
align with the needs of the
enterprise
Communicate
Plan
Communicate the
engagements objectives,
scope, conclusions,
findings and
recommendations
Develop and document a
plan for each engagement
Perform
Identify, analyze and document
relevant information
Public
13
SAP Audit Management: The Users
Transform audit. Move beyond assurance
Key Benefits
Simple, intuitive home screen for
all users
One UI for all devices, e.g. PC,
tablet, smart phones
Role based authorization is
embedded
Users configure the tiles they need
for their home screen by adding or
subtracting from the time menu
Customized tiles are supported
Public
14
Manage the audit activity
Establish a framework for risk
assessment and prioritization
Communicate plans and resource
requirements
Deploy and appropriate
resources
Report plan performance to senior
management and the Board
Back
Public
15
Establish a framework for risk assessment and prioritization
Scope
Key benefits
 Create a plan based on a documented risk based audit
universe
 Permits audit planning based on risks identified
 Allows audit to identify and assess risks directly
Auditors are able to assess
each risk as part of the audit
planning process
Public
16
Communicate plans and resource requirements
Scope
Key benefits
 Auditable items are created and prioritized
 Audit plans are created and approved
 Creates auditable items
 Risk rates the auditable items
 Establishes and communicates a risk based plan
The audit universe is defined
in risk terms
Public
17
Deploy appropriate resources
Scope
 Staff each engagement with appropriate resources
Key benefits
 Supervisors look up and assign
staff resources
 Minimizes unproductive
assignments
 Increases audit productivity and
reduces unassigned time
Audit staff and roles are
identified and documented
Public
18
Report plan performance to senior management and the Board
Scope
 Report on completed and planned audits
Key benefits
 Audit management can track
performance against plan
 Boards and senior executives
can assess audit performance
Graphical views allow
managers to plan audits
based on current plan
completion and status
Public
19
Engagement planning
Establish engagement objectives and
scope
Assess relevant risks
Plan appropriate and sufficient
resources
Develop and document engagement
work program
Public
20
Engagement planning
Establish engagement objectives and scope
Scope
Key benefits
 Audit scope is defined
 Audit objectives and scope are
determined for each
engagement
 Key elements of the audit are
defined
Audit scope is assigned and
approved in the engagement
planning process
Public
21
Engagement planning
Assess relevant risks
Scope
Key benefits
 Relevant risks are identified in
SAP Risk Management
 Key elements of risk register are
copied into the planned audit
Integration with SAP Risk
Management aligns audit
with the business
Public
22
Engagement planning
Evaluate fraud risk
Scope
Key benefits
1
2
3
 SAP Audit Management is
integrated with Fraud
Management
1
Excel as a tool connecting to a Hana View e.g.
for accounting
2
Suspicious invoices are identified
3
And the file uploaded to Audit Management
Integration with SAP Fraud Management
provides the capabilities needed to
assess fraud risk
Public
23
Engagement planning
Plan appropriate and sufficient resources
Scope
Key benefits
 Estimate engagement time and cost
 Estimated resource
requirements are captured
 Auditors are assigned to the
engagement
Public
24
Engagement planning
Plan appropriate and sufficient resources
Scope
Key benefits
 Estimate engagement time and cost
 Auditor schedules are shown via
a calendar
 Scheduling conflicts and
availability is obvious at a glance
Public
25
Engagement planning
Develop and document engagement work program
Scope
Key benefits
 Work programs are stored in the system
 Auditors can select the
appropriate work programs for
the engagement
 Work programs can be shared
and revised for future use
Public
26
Perform the engagement
Identify relevant information
Perform analysis and evaluation
Document engagement information
Supervise the engagement
Back
Public
27
Identify relevant information
Scope
Key benefits
 Identify sufficient, reliable, relevant and useful information
 Internal auditors can identify sufficient, reliable, relevant,
and useful information to achieve the engagement’s
objectives
 Audit files are secure and information may be accessed
from any device
Public
28
Perform analysis and evaluation
Scope
Key benefits
 Allow auditors to analyze documents
 Internal auditors have the ability to access and analyze
information from mobile devices
Search capability unlocks information in
audit files and makes it available for
analysis and comparison
Public
29
Document engagement information
Scope
Key benefits
Document relevant information to support the conclusions
 Complete capability for documenting and storing working
papers
 Internal auditors can drag and drop appropriate
documentation into their work papers
 Audio, video and other files can be captured and stored
 Documentation can be done using a mobile device
 Working paper files are indexed for easy reference
Public
30
Communicate results
Determine communication criteria
Disseminate results
Back
Public
31
Communicate results
Determine communication criteria
Scope
Key benefits
 Determine communication criteria
 A standard template is used to ensure communication
criteria are established
 Ensures consistency in reporting
 Automates report preparation
 Reduces elapsed time to report
Public
32
Communicate results
Disseminate results
Scope
Key benefits
 Communicate departmental results
 Internal auditors create their own charts and reports on a
variety of topics
 Ensures consistency and accuracy in reporting to audit
committee and executives
 Reduces evaluation and monitoring effort and cost
Public
33
Monitor progress
Establish a follow up
process
to monitor management
actions
Monitor the disposition of
consulting engagements
Back
Public
34
Monitor progress
Establish a follow up process to monitor management actions
Scope
Key benefits
 Establish a system to monitor the disposition of results




Auditors create ad hoc issues in the system
Documents follow up activities
Reduces evaluation and monitoring effort and cost
Meets audit standards for follow up process
Public
35
Monitor progress
Monitor the disposition of engagements
Scope
Key benefits
 Monitor the disposition of engagements




Audits and other engagements are tracked by status
Completed and planned engagements shown separately
Reduces manual effort and preparation time
Conforms to professional standards for communication to
management
Public
36
powered by SAP HANA
Streamline audits by
leveraging technology to
create, organize and share
working papers
 Mobile capability to instantly
capture audit evidence
 Global monitoring of findings and
follow up
 Intuitive and user friendly interface
Elevate the impact of audit
efforts by using technology
to provide insight on key
business risks
 Integration with SAP Fraud
Management, SAP Risk
Management and SAP Process
Control
 Configurable screens and views for
better management and reporting
 Flexible audit universe with resource
planning and scheduling
Amplify the influence and
value of internal audit by
using next generation
analytics to provide advice
beyond the obvious
 SAP HANA in-memory database
for high speed processing and total
search capability
 SAP HANA based predictive
analytics for planning, monitoring
and deep analytical insights
 Collaborative tools to maximize
continuous stakeholder
engagement
More information and 3 day free trial
Public
37
powered by SAP HANA
Detect fraud in real
Investigate fraudulent
Prevent fraud by
time within business
processes and by mass
detection by multi-rule
strategies
transactions efficiently
with alert management
capabilities and network
analyzer tool
stopping fraudulent
business transactions
and process
optimization
Improve
Performance by realtime calibration and
simulation on current
and historical data
Powered by SAP HANA – high performing, configurable and scalable standard solution
Link: Predefined Business Content
More info and 3 day free trial
Public
39
Zusammenfassung
Management Summary
 SAP Audit Management supports transformation of
Internal Audit
 Process Excellence of Internal Audit including Quality
Assurance
 One source of truth
 Leverage latest technology including mobile
enablement
 Integration with Fraud Management, Risk Management,
Process Control
Public
41
Vielen Dank!
Contact information:
Gerhard Hafner
Chief Product Owner (Fraud, Audit, Screening)
Governance Risk & Compliance
Dietmar-Hopp-Allee 16
69190 Walldorf, Germany
E-mail: [email protected]
© 2015 SAP SE oder ein SAP-Konzernunternehmen.
Alle Rechte vorbehalten.
Weitergabe und Vervielfältigung dieser Publikation oder von Teilen daraus sind, zu welchem Zweck und in welcher Form auch immer, ohne die ausdrückliche schriftliche
Genehmigung durch SAP SE oder ein SAP-Konzernunternehmen nicht gestattet.
SAP und andere in diesem Dokument erwähnte Produkte und Dienstleistungen von SAP sowie die dazugehörigen Logos sind Marken oder eingetragene Marken der
SAP SE (oder von einem SAP-Konzernunternehmen) in Deutschland und verschiedenen anderen Ländern weltweit.
Weitere Hinweise und Informationen zum Markenrecht finden Sie unter http://global.sap.com/corporate-de/legal/copyright/index.epx.
Die von SAP SE oder deren Vertriebsfirmen angebotenen Softwareprodukte können Softwarekomponenten auch anderer Softwarehersteller enthalten.
Produkte können länderspezifische Unterschiede aufweisen.
Die vorliegenden Unterlagen werden von der SAP SE oder einem SAP-Konzernunternehmen bereitgestellt und dienen ausschließlich zu Informationszwecken.
Die SAP SE oder ihre Konzernunternehmen übernehmen keinerlei Haftung oder Gewährleistung für Fehler oder Unvollständigkeiten in dieser Publikation.
Die SAP SE oder ein SAP-Konzernunternehmen steht lediglich für Produkte und Dienstleistungen nach der Maßgabe ein, die in der Vereinbarung über die jeweiligen
Produkte und Dienstleistungen ausdrücklich geregelt ist. Keine der hierin enthaltenen Informationen ist als zusätzliche Garantie zu interpretieren.
Insbesondere sind die SAP SE oder ihre Konzernunternehmen in keiner Weise verpflichtet, in dieser Publikation oder einer zugehörigen Präsentation dargestellte
Geschäftsabläufe zu verfolgen oder hierin wiedergegebene Funktionen zu entwickeln oder zu veröffentlichen. Diese Publikation oder eine zugehörige Präsentation,
die Strategie und etwaige künftige Entwicklungen, Produkte und/oder Plattformen der SAP SE oder ihrer Konzernunternehmen können von der SAP SE oder ihren
Konzernunternehmen jederzeit und ohne Angabe von Gründen unangekündigt geändert werden.
Die in dieser Publikation enthaltenen Informationen stellen keine Zusage, kein Versprechen und keine rechtliche Verpflichtung zur Lieferung von Material, Code oder
Funktionen dar. Sämtliche vorausschauenden Aussagen unterliegen unterschiedlichen Risiken und Unsicherheiten, durch die die tatsächlichen Ergebnisse von den
Erwartungen abweichen können. Die vorausschauenden Aussagen geben die Sicht zu dem Zeitpunkt wieder, zu dem sie getätigt wurden. Dem Leser wird empfohlen,
diesen Aussagen kein übertriebenes Vertrauen zu schenken und sich bei Kaufentscheidungen nicht auf sie zu stützen.
Public
43

SAP runs SAP Audit Management

Transcrição

Documentos relacionados

Manual Steps for SAP Note 1694947

Manual Steps for SAP Note 1692016

What`s New on the SAP Support Portal

Bill McDermott

Manual Steps for SAP Note 1692016

Opening Address – Bill McDermott

Release Notes (Notas do Release)

Notas de versão - SAP Help Portal

Curriculum para Academia CO

Inclusions and Decorations