AIS_AllSlides

April 5, 2018 | Author: Anonymous | Category: Documents
Share
Report this link


Description

A I S udit nformation ystem Peter Schiwek Solution Management Financials, SAP AG A udit I nformation S ystem Peter Schiwek Solution Management Financials, SAP AG Overview Evolution of Auditing AIS – The Tool Evaluation Methods Implementation Contacts SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 3 Evolution of Modern Auditing Rating Basel II IAS US-GAAP GoB GoBS GDPdU Sarbanes Oxley Act Every individual sees their environment from their own personal point of view. The auditor‘s duty is to make an objective judgment. Continuous Audit SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 4 Corporate Governance Rating Basel II IAS US-GAAP Sarbanes Oxley Act Software Certificate Parallel Valuation SEM Risk Mgmt, Consolidation, Bal. Scorecard, Man.Cockpit AS / DRB GoB GoBS GDPdU Continuous Audit / DART Audit Information System Archive Information System MIC Management of Internal Controls SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 5 Digital Audit A result-oriented audit view is - in an environment of mass transactions only possible with computer-supported audit or control procedures Au d i t I nformation S ystem SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 6 Overview Evolution of Auditing AIS – The Tool Evaluation Methods Implementation Contacts SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 7 Audit - Information - System Collection, structure, presetting of standard SAP Reporting Improvement of the audit process and of audit quality Individual selection and preparation of data Data export -document data -account balances -financial statement data Reconciled with: - ACL - IDEA - AuditAgent ... SAP DB SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 8 Audit Environment – External audit Prüfungsumgebung – Externes Audit Own Software (auditing approach) Audit planning Work program - System Audit - Business Audit SAP environment BKPF BSEG(..A) •Online controls on the SAP database GSEG SKA1/SKAT SKB1 SKC1A KNA1 KNB1 KNC1 ... ... ... Export interface Analysis software ( ACL / IDEA / … ) -System information -Reconciliation -Balance sheet/P+L -Balances -Accounts -Documents Line items Reporting software Balances Work Paper Report •Data export -Line items -Account balances SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 9 Audit Environment – Internal audit SAP environment Audit Management BKPF Planning Auditing Reporting Corrective Action Documentation Analysis Analysis software ( ACL / IDEA / … ) Line items BSEG(..A) •Online controls on the SAP database GSEG SKA1/SKAT SKB1 SKC1A KNA1 KNB1 KNC1 ... ... ... Export interface -System information -Reconciliation -Balance sheet/P+L -Balances -Accounts -Documents •Data export -Line items -Account balances SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 10 Audit Environment Audit Documentation / Maintenance Step n Step 1 ... SAP standard roles G/L accnts Customers Vendors Financial Instruments Data export Inventory Vendors Receivables Cash Personal expense Payables Inventory Customers ... Revenue Receivables Data export Revenue SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 11 Step 2 ... Step 3 Enterprise Process Risk Assessment Audit Measure Audit Result Step 4 Step 5 ... Step 6 ... Individual auditor menu Authors Bansbach Schübel Brösztl & Partner Deloitte & Touche Ernst & Young Deutsche Allgemeine Treuhand AG KPMG Deutsche Treuhand-Gesellschaft Price Waterhouse Coopers SAP User Groups Internal auditors from various companies SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 12 AIS, Views / Target Groups System Audit Business Audit Tax Audit Internal Auditors External Auditors Data Security Officers Tax Auditors Audit-specific documentation + training SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 13 The Audit Information System The Audit Information System facilitates smoother and better quality audits. It consists of a number of single roles and is a - Collection, - Structure, and - Default setup of SAP standard programs The AIS is the Toolbox of the auditor in SAP-Environment. SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 14 Structure and Operation For a specified organization, the auditor receives a selection of evaluation programs with preset control data for each audit area to be checked. SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 15 Structure and Use Control data which occurs in multiple variants is defined as a variable - TableTVARVc - Arg. AUDI* This data is updated at the beginning of an audit with the function "Customizing AIS". This ensures proper control for all evaluations run during the course of the audit process. SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 16 Documentation in the Reporting Tree AIS Documentation Information on audit steps SAP Library Selected chapters IMG Documentation selected table areas Internet Links selected WEB Addresses SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 17 System Audit Information retrieval using existing programs sorted by component Users and Authorizations Repository / Tables ADM950 ADM960 CA940 System Audit AuditIS Development-IS Benutzer-IS Security guide ----------SAP SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 18 System Audit SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 19 Business Audit The closing operation view for a single company is possible Top Down View: Balance sheet / P&L Accounts Vouchers Procedures AC900/ FIN900 Business Audit AuditIS G/L IS Customer IS Vendor IS Assets IS Internationally deployable Audit guideline ---------User group SD MM PP QA PM HR FI CO AM PS WF IS SAP R/3 SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 20 Business Audit SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 21 Tax Audit Tax-Role Direct (Z1) and indirect (Z2) access to tax-relevant data. Data file analysis (Z3) D A R T (Data Retention Tool) Extraction and storage of tax-relevant data. Tax Audit Data file provided Direct / indirect data access WDE680 DART Source Extract Transaction data Transaction data ... Master data Master data Metadata Views Data provided (Z3) - SAP Audit Format - SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 22 Tax Audit SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 23 SAP Education Offerings – Corporate Governance Knowledge is Power, Knowledge is Productivity SAP FIN: mySAP ERP Financials Overview Gain an overview of the mySAP Financials solution, including data analysis FIN900: Auditing with SAP Understanding configuration for SAP system security and authorizations, including the Audit Information System FIN910: Management of Internal Controls Focus on configuration of the SAP MIC application suited for SOX / internal controls teams WDE680*: GDPdU in SAP Systemen Using the SAP DART tool to comply with German Steuersenkungsgesetz * this course is offered only in German SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 24 Overview Evolution of Auditing AIS – The Tool Evaluation Methods Implementation Contacts SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 25 Evaluation Methods, ABAP List SAP - DB Dialog ABAP Drilldown Allgemeiner Berichts- und AufbereitungsProzessor or Advanced Business Application Programming ABAP is the programming language used in R/3. Extract (flat file) SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 26 ABAP Reporting / Calling Up Reports Calling up reports using the application menu Report selection w/ GL Legal requirements Account G/L account balances Calling up reports directly using the system menu System Services Reporting Program: RFSSLD00 G/L Acct.balances RFSSLD00 SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 27 ABAP Reporting / Using Variants Call report G/L Account balances/RFSSLD00 with variant (1) Variants for RFSSLD00 VAR1 : Chart of accounts INT G/L Account 1-999 Company code Fiscal year VAR2 : Chart of accounts INT Company code VARn : G/L Account balances Chart of Accts. INT G/L Account 1-999 Company code 0001 Fiscal year 2999 T-BUK T-GJAHR T-BUK Table of variables G/L Acct.balances provided by program RFSSLD00 T-BILANZ T-BUK T-GJAHR2999 T-from/to INT 0001 0100 - 0999 SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 28 Evaluation Methods, Query List SAP - DB Dialog Query Drilldown SAP Query The application SAP Query is used to create lists not already contained in the SAP standard. It has been designed for users with little or no knowledge of the SAP programming language ABAP. SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 29 Extract (flat file) Query = Individual DB Inquiries Individual inquiries for information from the SAP database are solved with Query. Audit relevant data fields are setup in InfoSets. The auditor defines the record structure, selection and sort criteria, summaries, statistics, ranking list, and the layout of an evaluation. The export of a flat-file enables continued, problem-free processing. Query processing Definition of individual lists Record Selections Download Starting lists SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 30 Query SQ02 InfoSets SQ03 User groups Selection of a logical database Grouping fields Definition of help fields Administrative level Assignment of users to functional areas Benutzer und InfoSets zuordnen Operational level SQ01 Queries Definition of lists Starting lists SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 31 ABAP Reporting / Query Logical database e.g. SD F Report (ABAP) (Selection + formatting) List ABAPReporting SAP - DB SAP DB Reportgenerator Query InfoSet Query •List definition •Execute Create a list with Report: Instructions of a programming language (ABAP) Query: Description of a desired result SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 32 SAP Data Organization Administrative view Master data / Documents / ... Master Documents SKA1 Physical view Database tables: SKB1 GLT0* BS I S BKPF BSEG Logical view Logical database: (e.g. SD F) SKA1 SKB1 SKB1 (Chart of accts.) (Company code) (Fiscal year) S K C 1* S K C 1* BS I S BKPF BSEG SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 33 GSEG Logical database, Data Retrieval, Output Customer KNA1 CoCd KNB1 Year KNC1 4711 0001 1996 1 1 4712 0002 1997 4 5 8 2 0001 1997 7 9 3 1996 6 1995 10 1996 8 11 4711 0001 2 4712 0002 1996 1997 3 4 5 t 1996 1997 6 7 printline 1 printline 2 printline 2 printline 2 printline 2 1 3 4 6 7 SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 34 Logical database, InfoSet, Query A/R : DD F KNA1 KNB1 KNC1 (Doc. index) BSID (..EXT) BSIK (..EXT) BSIS (..EXT) Docs : BR F BKPF BSEG(..A) GSEG(..A) A/P : KD F LFA1 LFB1 LFC1 Logical database DD F InfoSet FI DD Queries Data export / Document analysis: KD F FI KD SD F FI SD BR F FI BR ED OD DD EK OK DK PK ES OS EB G/L : SD F SKA1 / SKAT SKB1 SKC1A Offsett.acct.analysis: Variance analysis inc./outg. payments: Compare payment terms: P D Document Journal: JB SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 35 Log. Database, BR_F or DD_F, KD_F, SD_F DocNo 010123 DocNo 010123 02.01.00 CB 02.01.00 CB 01 01 50 50 50 50 01 01 50 50 50 50 50 50 Cust1 Cust1 Cust1 Sales1 Sales1 Tax Tax Tax Cust2 Cust2 Cust2 Sales1 Sales1 Sales2 Sales2 Sales2 Tax Tax Tax Debit Debit Debit Credit Credit Credit Credit Credit Debit Debit Debit Credit Credit Credit Credit Credit Credit Credit Credit 1.000 1.000 950 950 50 50 2.000 2.000 1.500 1.500 400 400 100 100 Total volume DocNo 010124 DocNo 010124 04.01.00 CB 04.01.00 CB DocNo 010123 DocNo 010123 DocNo 010123 DocNo 010123 DocNo 010123 DocNo 010123 DocNo 010124 DocNo 010124 DocNo 010124 DocNo 010124 DocNo 010124 DocNo 010124 DocNo 010124 DocNo 010124 02.01.00 CB 02.01.00 CB 02.01.00 CB 02.01.00 CB 02.01.00 CB 02.01.00 CB 04.01.00 04.01.00 04.01.00 04.01.00 04.01.00 04.01.00 04.01.00 04.01.00 CB CB CB CB CB CB CB CB 01 01 50 50 50 50 01 01 50 50 50 50 50 50 Cust1 Cust1 Sales1 Sales1 Tax Tax Cust2 Cust2 Sales1 Sales1 Sales2 Sales2 Tax Tax Debit Debit Credit Credit Credit Credit Debit Debit Credit Credit Credit Credit Credit Credit 1.000 1.000 950 950 50 50 2.000 2.000 1.500 1.500 400 400 100 100 Export out of BR_F from DocNo 010123 to DocNo 010124 DocNo 010123 DocNo 010123 DocNo 010124 DocNo 010124 02.01.00 CB 02.01.00 CB 04.01.00 CB 04.01.00 CB 50 50 50 50 Sales1 Sales1 Sales1 Sales1 Credit Credit Credit Credit 950 950 1.500 1.500 Export out of SD_F, G/L account: Sales1 Export out of DD_F, Account: Cust1 DocNo 010123 02.01.00 CB 01 Cust1 Debit 1.000 SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 36 Query, Output format Online list Interactive list Export general Export -SAP Audit Format- •Query-User Exit, Private Storage •AIS - Include module, RXQUEU00 SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 37 Online-Controls: Special Queries for AIS Document analysis • Documents in general • A/P A/R G/L line items flexible selection for the data retrieval flexible analysis of the data deemed critical using ALV functions Dubious Documents • Document Journal (with holiday calendar) Posted on Sunday or holidays? Posted at unusual times? ... Account Analysis • A/R • A/P • G/L accounts Offsetting account analysis Even distribution of postings? (in Days/Months/Year) Unusual document origin? (manual, SD, MM, HR, ...) Posted in timely manner? (BUDAT – CPUDAT) Documents with the greatest volume (+/-) SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 38 Online-Controls: Special Queries for AIS Comparison of Terms • A/R • A/P Terms and conditions, base date, days 1, %, days 2, %, net Values in document - Values in master data =Variance (shows manual changes) Variance Analysis • A/R (Payments received) • A/P (Payments sent) Payments out of the norm - Standard condition per master data (days / %) - Condition taken as found in document - Variance (shows payment tendency) Critical Clearing Processes • A/R Clearing of a non-payment-related transaction ? Clearing via reversal ? SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 39 Account Analysis G/L A/P A/R Offsetting Accounts Buchungsvolumen (Query – ABAP list) Daily Volume Timely Update Business Transact. Documents SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 40 AIS – Export of Data G/L Account Balances Document Data Document Items - G/L Account - Customer - Vendor OI‘s per Key Date - Customer SAP Audit - Vendor Format Master Data Records and Document Data from Archive Balance Audit Trail - G/L Account - Customer - Vendor Tax-relevant Data SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 41 AIS – Export of Data SAP DB Download Single audit Stochastic auditing methods (statistical sampling algorithms) ACL IDEA ... SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 42 AIS – Export of Data (Defined Output Record) SAP- ABAP Reporting (Several exp. reports) SAP- ABAP Query SAP DB (Individually formatted) (Download) (Download ) - ASC - BIN - DBF - IBM - WK1 - DAT Company Mister & Sons Balance list per 12/31/YYYY Acct. Name/Location Amount 4715 4899 Anthony Oregon Karl Liverpool 100.00 23.50 - SAP Audit Format - Total 123.50 SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 43 AIS – Export of Data SAP Audit Format Batch SAP - DB Data retrieval User-Exit Established analysis software for auditing TemSe Online Download - SAP Audit Format - Pfad (DIR_DATA): D:\usr\sap\U9C\D60\data SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 44 AIS – Export of Data (Query – Private file) SAP - DB SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 45 AIS – Export of Data, Meta data Field catalog Field documentation + current table content Download - SAP Audit Format 1.Header line | Field name 2.Header line | Description 3.Header line | Field label 4.Header line | Data type 5.Header line | Field length 6.Header line | Decimals 7.Header line | Currency 8.Header line | Special type 9.Data record | Field 1 Field name Description Field label Datentyp Field length Decimals Currency Special type Field 2 Field name Description Field label Datentyp Field length Decimals Currency Special type Field 3 Field . . . Desc. . Field. . . Datentyp Field. . . Deci. . . Curr. . . Speci . . Field n SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 46 SAP Audit Format: as easy as it gets SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 47 SAP Program with archive access (FI example) Archive files R/3 Online-DB OnlineArchive Development Kit (ADK) Archive Information System (AS) Document Relationship Browser (DRB) sequential read of archive files: • Logical Database BRF - RFBELJ00 - RFBELJ10 - RFEPOJ00 -... - Query EB Compact Document Journal Document Journal Line Item Journal Index access to a single data object: • FB03 Display Document *** AIS *** Export/analysis from document database SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 48 Online Evaluation Although Data is Archived R/3 Online-DB Online- Master records Customer1 100 Document index : Cust.1| 4711 | 100 : Documents : 4710 | | | 4711 | | : 01 02 02 01 02 | | | | | Cust.5 Sales Shipping Cust. 1 Sales | | | | | 350 300 50 100 100 |... |... |... |... |... Sales 100 Line Item Journal OI / AP Lists Queries (AIS) SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 49 Account Update, a Database for Auditors? SAP Online - DB Master records Archive files KL_F Documents KL_F Classical account update - SAP Audit Format - SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 50 Query: Authorization Checks Function: Object class: Object: S_Query Basis development environment Field: Activity Value: '23' S_Query Activity '02' S_Program P_Group P_Action “nnnnnnnn” “Submit” Application authorizations SAP DB SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 51 Activity '03' Evaluation Methods, Drilldown Reporting List SAP - DB Dialog Drilldown Reporting SAP drilldown reporting With drilldown reporting, SAP provides you with an interactive information system to let you evaluate the data collected in your application. Drilldown Extract (flat file) SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 52 Data Recall Facility Fin.Statmnt Vers. • Assets • Liabilities • P&L from/to Acct.No. GLT0 | Reporting Year | RY-1 | RY-2 | ... RY-n | Column | 1/12 | 1/4 | 1/2 | 1/1 | | Calculation column(s) | x | Financial Statement analysis Row | Financial stmnt ratios| | calculation row(s) | | Balance display | Cell y SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 53 Data Recall Facility Report • 0SAPBLNCE-01 Comparison of actual values between years Method A GLT0 • 0SAPAUDIT-01 Financial statement key figures F • 0SAPAUDIT-40 • 0SAPAUDIT-41 • 0SAPAUDIT-42 Export G/L balances Compare year-end balances (absolute,%) Compare balance carried forward with balance brought forward D D D A=Financial statement analysis F=Fin. stmnt key figures D=Balance display SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 54 Drilldown Reporting (Data recall facility) SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 55 Balance Sheet Ratios (Data Recall Facility) Standardization of annual report ratios. The use of financial statement ratios created in the Audit Information System and their publication in annual reports is designed to smooth the transition to comparative investment, financial and profitability analysis. Economic performance is measured using period comparisons (in this instance, of up to five years in length). SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 56 Transferring Balance Sheet Data (Data Recall Facility) G/L Account info system Balances Financial statement data SAP DB Interface External analysis tools ( ACL / IDEA / ... ) • Audit • Report preparation SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 57 Balance Transfer (Data recall facility) G / L : SD F SKA1 / SKAT SKB1 SKC1A SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 58 Balance transfer (Data recall facility) SAP - DB SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 59 Evaluation Methods, Information Systems List SAP - DB Dialog Information Systems Component-specific information tools: General Ledger Accounts Receivable Accounts Payable Logistics Repository ... Information System Information System Information System Information System Information System Drilldown Extract (flat file) SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 60 Customer / Vendor Information System SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 61 Evaluation Methods, DART List SAP - DB Dialog DART Drilldown Data Retention Tool ( D A R T ): Data retention and evaluation of Tax-relevant data. Data extraction and storage View query Export function (SAP-Audit-Format) SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 62 Extract (flat file) Export of Tax Relevant Data (DART) SAP Online - DB DART Source Extract Transaction data Transaction data ... Master data Master data Metadata Consistent data, prepared to meet the requirements of a tax auditor. SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 63 Assessment: „ Tax-relevant data“ Views Data provided (Z3) - SAP Audit Format - DART - Audit Track – Outgoing from FI DART extracts documents from financial accounting with the associated preceding and follow-on documents. Company code Fiscal year Periods Valuation area Starting point: Financial accounting FI CO ... Cost accounting AM Asset accounting SD MM Sales and distribution documents Material documents SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 64 DART – Extraction Valuation area (example) ANEK AM document header Valuation conditions Asset value fields ANEP AM document item Cost center Internal order WBS element Profit center Asset Customer GLT0 Asset assignments Company code years, periods G/L account balance KNC1 Customer balances ANEA Proportional values LFC1 Supplier balances VBRK SD billing header BKPF FI document header Supplier Plant BSEG FI document item VBRP Billing item KONV Pricing conditions Product PAYR FI payment transfer VBAK SD document Address VBAP Sales document item MKPF MM document header VBPA Sales document partner MSEG MM document item Key Selection criteria EKKO COBK LIKP SD delivery header CO document header MM purchasing document Transaction data Master data EKPO COEP LIPS Delivery item CO document item Purchasing document item COFIS SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 65 FI/CO reconciliation posting DART - View Definition > 1.200 Join-Bedingungen abrufbar (Tabelle TXW_C_RELA ) für eventuelle manulle Join-Pflege SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 66 DART – Output options DART Source Extract SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 67 Further Processing in an Evaluation Tool SAP Audit Format enables a very easy transfer to evaluation programs such as ACL and IDEA. SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 68 Tools Used for Online and Batch Controls ABAP Query Drilldown Reporting Information Systems DART SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 69 Overview Evolution of Auditing AIS – The Tool Evaluation Methods Implementation Contacts SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 70 User Master Data and Authorizations To facilitate working with the AIS, the auditor needs a user in the SAP System. This user master record requires a wide range of display authorizations. Auditor Several single roles have been defined for the AIS. These single roles are divided into two groups: - Transaction roles - Authorization roles For a better overview, all single roles are combined to a composite role (SAP_AUDITOR). Installation recommendation: SAP Note 451 960 SAP - DB SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 71 Installation recommendation : SAP AIS – Single roles SAP_AUDITOR_ADMIN SAP_AUDITOR_BA_ORGA SAP_AUDITOR_BA_FI_GL SAP_AUDITOR_BA_FI_AA SAP_AUDITOR_BA_FI_AR SAP_AUDITOR_BA_FI_AP Z_AUDITOR_BA_ORGA Z_AUDITOR_BA_FI_GL User Copy / Modification composite roles AUDITOR_ADMIN A I S Administrator AUDITOR_INTERNAL_SA System Auditor AUDITOR_INTERNAL_BA Business Auditor ... SAP_AUDITOR_ADMIN_A SAP_AUDITOR_BA_A Z_AUDITOR_BA_A AUDITOR_EXTERNAL External Auditor ... SAP_AUDITOR_TAX_FI AUDITOR_EXTERNAL_TAX Tax Auditor ... SAP_AUDITOR_TAX_FI_A SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 72 Installation recommendation : 1. Copy composite role SAP_AUDITOR into the customer specific name space 2. Copy single roles as well SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 73 Installation recommendation : 3. Maintain and generate AIS authorization roles SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 74 Installation recommendation : 4. Assign AIS composite role Z_AUDITOR to the audit user A user menu is only visible if a role with a menu is assigned to the user. SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 75 Installation Recommendation 5. Activate the user menu The user menu can be activated or deactivated generally using a Customizing switch: Table Switch SSM_CUST ALL_USER_MENUS_OFF = YES ALL_USER_MENUS_OFF = NO Other required switch settings: Switch Switch DELETE_DOUBLE_TCODES = NO SORT_USER_MENU = NO The user menu and/or SAP Menu can also be activated or deactivated for specific users with the setting: ALL_USER_MENUS_OFF = YES. Table Switch Switch USERS_SSM User Menu SAP Menu SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 76 SAP single roles Meaning Composite role „SAP_AUDITOR“ Central Authorizations Administration System Audit (System Audit - Business Audit) Authorization roles Transaction roles AIS - Audit Information System SAP_AUDITOR_A SAP_AUDITOR_ADMIN SAP_AUDITOR_SA SAP_AUDITOR_ADMIN_A SAP_CA_AUDITOR_SYSTEM ( SAP_CA_AUDITOR_SYSTEM_DISPLAY ) Repository / Tables Users and Authorizations Business Audit - Individual Financial Statements Organizational Overview Financial Statements - General • Closing (GLTO) • Data Export • Special Ledger SAP_AUDITOR_SA_CUS_TOL SAP_AUDITOR_SA_CCM_USR SAP_CA_AUDITOR_SYSTEM SAP_CA_AUDITOR_SYSTEM SAP_AUDITOR_BA_ORGA SAP_AUDITOR_BA_A SAP_AUDITOR_BA_FI_GL SAP_AUDITOR_BA_EXPORT_DATA SAP_AUDITOR_BA_FI_SL SAP_AUDITOR_BA_A SAP_AUDITOR_BA_A SAP_AUDITOR_BA_FI_SL_A Beginning with the following support packages, the System Audit is available in the SAP_BASIS component: 6.20 SAPKB62043 6.40 SAPKB64005 (see also note 754273) SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 77 SAP single roles Meaning Business Audit - Individual Financial Statements Balance Sheet - Assets • Fixed Assets • Real Estate • Material Inventories • Accounts Receivable • • Customers - Master Data • • Accounts Receivable • Treasury • Cash Journal Balance Sheet - Liabilities and Equity • Accounts Payable • • Vendors - Master Data • • Accounts Payable (System Audit - Business Audit) Authorization roles Transaction roles SAP_AUDITOR_BA_FI_AA SAP_AUDITOR_BA_RE SAP_AUDITOR_BA_MM_IM SAP_AUDITOR_BA_FI_AA_A SAP_AUDITOR_BA_RE_A SAP_AUDITOR_BA_MM_IM_A SAP_AUDITOR_BA_FI_ARMD SAP_AUDITOR_BA_FI_AR SAP_AUDITOR_BA_CFM SAP_AUDITOR_BA_FI_CJ SAP_AUDITOR_BA_FI_ARMD_A SAP_AUDITOR_BA_A SAP_AUDITOR_BA_CFM_A SAP_AUDITOR_BA_FI_CJ_A SAP_AUDITOR_BA_FI_APMD SAP_AUDITOR_BA_FI_AP SAP_AUDITOR_BA_FI_APMD_A SAP_AUDITOR_BA_A SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 78 SAP single roles Meaning Business Audit - Individual Financial Statements P&L • Sales Revenue • Raw Materials Consumed • • Purchasing • • Eingangsrechnung • Personnel Expenses • • Human Resources Segment Reporting • Profit Center Accounting Internal Activity Allocation - Consolidated Financial Statements Consolidation - Data Privacy Protection Data Protection (System Audit - Business Audit) Authorization roles Transaction roles SAP_AUDITOR_BA_SD SAP_AUDITOR_BA_SD_A SAP_AUDITOR_BA_MM_PUR SAP_AUDITOR_BA_MM_IV SAP_AUDITOR_BA_MM_PUR_A SAP_AUDITOR_BA_MM_IV_A SAP_AUDITOR_BA_HR SAP_AUDITOR_BA_HR_A SAP_AUDITOR_BA_EC_PCA SAP_AUDITOR_BA_CO SAP_AUDITOR_BA_EC_PCA_A SAP_AUDITOR_BA_CO_A SAP_AUDITOR_BA_EC_CS SAP_AUDITOR_BA_EC_CS_A SAP_AUDITOR_DS SAP_AUDITOR_DS_A SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 79 SAP single roles Meaning ( Tax Audit ) Authorization roles Transaction roles Composite role „SAP_AUDITOR_TAX“ Central Authorizations SAP_AUDITOR_TAX_A Tax Audit, Asset Accounting Tax Audit, Controlling/Project System Tax Audit, Financials Tax Audit, Materials Management Tax Audit, Sales and Distribution Tax Audit, Treasury SAP_AUDITOR_TAX_AA SAP_AUDITOR_TAX_COPS SAP_AUDITOR_TAX_FI SAP_AUDITOR_TAX_MM SAP_AUDITOR_TAX_SD SAP_AUDITOR_TAX_TR SAP_AUDITOR_TAX_AA_A SAP_AUDITOR_TAX_COPS_A SAP_AUDITOR_TAX_FI_A SAP_AUDITOR_TAX_MM_A SAP_AUDITOR_TAX_SD_A SAP_AUDITOR_TAX_TR_A SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 80 Preparatory Work In order to work with the AIS, the following needs to first be completed: - Maintain the AIS Roles - Set up user master records Set up the online help Maintain the selection variables Import recherche reports Activate user exit „SQUE0001, ABAP/4-Query: Private storage of data“ All additional maintenance steps are optional and merely serve to optimize the use of the AIS functions. SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 81 Quick Links http://service.sap.com/ais http://service.sap.com/dart http://service.sap.com/gdpdu http://service.sap.com/qm Audit Information System Data Retention Tool Tax Reduction Law Audit Management SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 82 AIS in SAP Demo System IDES R/3 A I S has been set up in the SAP I D E S Demo System. Log on with user AUDITOR_FIN (Rel. 4.70). welcom e SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 83 AIS in SAP Demo System IDES R/3 AUDITOR_FIN welcome Please note: In the IDES System, the authorizations for user AUDITOR_FIN are assigned via the IDES profile R3_BASIC. The AIS authorization roles are not considered. SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 84 The Development History of AIS Until SAP Release 4.6C, AIS was realized using a menu technique (transaction SECR). As of SAP Release 4.6, AIS is part of the SAP Standard System As of SAP Release 4.6C (Support Package SAPKH46C27), the technical implementation of AIS in the program has been changed to a role-based maintenance environment (transaction PFCG). Additional development of AIS will only be carried out in this new environment. SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 85 Vision: Primary data SAP R/3 Audit Framework Audit Warehouse (SAP BW) Defined structures in a standard audit format Requests Offers Conditions CO docs - View G/L accts ... Auditing • Local Audit • Collaborative Audit Auditor-Workplace - Extractors - Material docs ... FI docs Doc history Cust. Asset accts Vendors CRM / SRM / ... - Extractors - MM accts Acct. history Table 000 Table BSL Third-party software - Extractors - Table 001 ... Table 005 Table history • Long term archive • Auditable SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 86 SAP Notes SAP Release: 0077503 0100609 0182699 0197137 0162971 0133914 0190767 0202497 0376779 0496534 0202504 0328019 0451960 0544650 0662882 0751970 0754273 Audit Information System (AIS) Audit Information System (AIS) - installation Download of Query data (user exit) Query Download from EBCDIC server AIS version history 3.x 4.0 4.5 Conversion of drill-down Collect note Collect note RSQUEU01: Missing FM "F4IF_INT_TABLE_..." Query export of large data Collect note AIS Structure AUDIT_ALL does not exist AIS Role Concept Collect note Behavior of system variants for AIS Collect note Availability of Systemaudit X X X 4.5 X X X X X X 4.6A X 4.6B X 4.6C X 4.70 X 5.00 X X X X X X X X X X X X X X X X X X X X X X X X X SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 87 Overview Evolution of Auditing AIS – The Tool Evaluation Methods Implementation Contacts SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 88 Contacts Development Project Management AIS Business AUDIT Tax-Audit Peter Schiwek, SAP AG FAX: +49 6227 78-16378 E-Mail: [email protected] System AUDIT Product Management SAP Security E-Mail: [email protected] International Training (AC900) / Consulting Fadi Naoum, SAP Phone: +49-170-8555448 E-Mail: [email protected] SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 89 Contacts Rollout Region BeNeLux Max Lamberts, SAP NEDERLAND FAX: +31 73/645 7 698 E-Mail: [email protected] Region Brazil Sueli Nascimento, SAP BRASIL FAX: +55 11550523072554 E-Mail: [email protected] Region Deutschland Lars Gartenschläger, SAP DEUTSCHLAND FAX: +49 6227 78-33090 E-Mail: [email protected] Region Finland Matti Halonen, SAP FINLAND FAX: +358 9/2536-4444 E-Mail: [email protected] Region France Andre Streissel, SAP FRANCE FAX: +49-6227-7-53848 E-Mail: [email protected] SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 90 Region Japan Takashi Yamada, SAP JAPAN (Head) FAX: +81-3-3273-5697 E-Mail: [email protected] Region Österreich Jörg Hippa, SAP Österreich FAX: +43 1/28822-333 E-Mail: [email protected] Region Schweiz Thomas Pfeifer, SAP SCHWEIZ FAX: E-Mail: [email protected] Region UK Martin Wilson, SAP UK FAX: +44 20-89176465 E-Mail: [email protected] Region USA, Canada, South America David E. Nelson, SAP America FAX: +00-1-404 943-2950 E-Mail: [email protected] 7 Key Points about SAP Audit Information System 1. SAP Audit Information System (AIS) is the auditor‘s toolbox in the SAP environment. It provides a structured, easy-to-learn access to audit-relevant data in the SAP system. AIS is being used by external auditors, internal auditors, tax auditors and data security officers. There are comprehensive online controls for system audit, business audit, and tax audit. AIS supports data export of master data, account balances, and documents to 3rd party audit and analysis tools. AIS can be implemented fast and with low effort, and easily adjusted to the requirements of the customer. AIS does only require few system resources. 2. 3. 4. 5. 6. 7. SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 91 Copyright 2004 SAP AG. All Rights Reserved No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft®, WINDOWS®, NT®, EXCEL®, Word®, PowerPoint® and SQL Server® are registered trademarks of Microsoft Corporation. IBM®, DB2®, DB2 Universal Database, OS/2®, Parallel Sysplex®, MVS/ESA, AIX®, S/390®, AS/400®, OS/390®, OS/400®, iSeries, pSeries, xSeries, zSeries, z/OS, AFP, Intelligent Miner, WebSphere®, Netfinity®, Tivoli®, Informix and Informix® Dynamic ServerTM are trademarks of IBM Corporation in USA and/or other countries. ORACLE® is a registered trademark of ORACLE Corporation. UNIX®, X/Open®, OSF/1®, and Motif® are registered trademarks of the Open Group. Citrix®, the Citrix logo, ICA®, Program Neighborhood®, MetaFrame®, WinFrame®, VideoFrame®, MultiWin® and other Citrix product names referenced herein are trademarks of Citrix Systems, Inc. HTML, DHTML, XML, XHTML are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology. JAVA® is a registered trademark of Sun Microsystems, Inc. JAVASCRIPT® is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. MarketSet and Enterprise Buyer are jointly owned trademarks of SAP AG and Commerce One. SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves information purposes only. National product specifications may vary. SAP AG 2004-10-13, Audit Information System, Rel. 4.6C / 4.70, Peter Schiwek 92


Comments

Copyright © 2025 UPDOCS Inc.