Continuous Auditing Applications for SAP/R3

Vincent Rykes

City of Edmonton

Session Overview

• Introduction

• Benefits of CAA

• Key Requirements for CAA

• SAP Data: Information and Sources

• CAA Tools

• Levels of Automation

• Example of a Fully Automated ACL CAA Batch

• Potential SAP CAA’s

• Questions

Introduction

• Definition of Continuous Auditing Application (CAA)

“A continuous audit is a methodology that enables independent auditors to provide written assurance on a subject matter using a series of auditors' reports issued simultaneously with, or a short period of time after, the occurrence of events underlying the subject matter”.

Source: CICA/AICPA Continuous Auditing Research Report 1999.

• Generic Definition of CAA

› Real time or near real time

› Periodic

› Produce information relevant for decision makers

• Session Objectives

› General theory and methodology

› Identify some of the technical issues and obstacles

› Go through an example of a fully automated SAP CAA

› Provide some examples of possible CAA’s

Benefits of CAA’s

• Timely

• Comprehensive

• Cost Effective

• Feedback loop for corporate governance frameworks

• Satisfy new audit and regulatory standards

• Be proactive regarding identifying indicators of fraud and/or errors

• Dynamic

Key Requirements for CAA’s• Organizational Support

• Planning Requirements

› knowledge of the underlying business processes

› how manual and machine processes manifest themselves into data

› buy-in from the affected business area

› roles and responsibilities for investigation and resolution of anomalies identified

• Reliable and accurate data sources

• Sufficient and appropriate access, tools and skills

• Timely and effective reporting mechanism

SAP Data: Information and Sources

spsp

SPSP

SP

SP

• Audit Information System (SECR)

› Standard queries - FI, GL, Vendor, Customer

› ABAP Queries

› ABAP/4 Dictionary

• Transactions and Reports

› Use F1-Technical Information to obtain information on tables and fields

• DART (FTW0)

• Quick Viewer (SQVI)

• Data Browser (SE16)

• ACL Direct Link

CAA Tools

SPSP

• SAP Audit Information System

› periodically run a transaction, report and/or ABAP query and save it a variant

› some audit procedures come standard

› e.g. duplicate invoice numbers

• General Audit Software

› ACL - SAP Certified Partner

› ACL Direct Link allows direct access to databases

• Spreadsheet and Database Applications

Levels of Automation

• Fully automatic

› Scheduling software

› ACL Direct Link

• Interactive

› ACL batch with dialogue

• Custom batches or queries/transactions/reports

› Create variants in SAP

› Audit software batches

Example of a Fully Automated ACL CAA Batch (page 1)

Example of a Fully Automated ACL CAA Batch (page 2)

Potential SAP CAA’s

• HR

› New employees

› Overtime

• MM

› Inventory adjustments

› New vendors

› Duplicate invoices

• FI

› Journal entries

› Offsetting account analysis

• Other

› Compliance with Privacy Legislation

› Compliance with Sarbanes-Oxley Act

Questions

• Resources:

• Websites› http://www.continuousauditing.org/

› http://business.tamu.edu/cca/

• ACL Documentation

› ACL User Guide – Chapter 8

› ACL Command - Volume 12, No3

• vincent.rykes@edmonton.ca

• Questions ?

Thank you for attending!Please remember to complete and return your evaluation form following this session.

Session Code: 512