...does not exist. But let's have a look at data and process analytics that can be very useful in auditing this kind of processes. There is often the following problem: How can one pursue the numerous and extensive results in the first place? Is it necessary to investigate all cases of SAP data analytics? Often, there are way too many results and false positives! Frequently auditors are overwhelmed by the amount of results. In the following, I would like to explain how to proceed.
Part 6 of the series: "The digital Audit for Cross Process Weaknesses"
1. How the digital audit for cross process weaknesses works
2. Smart strategies to automatically audit master data and payments
3. Quick Guide: Auditing principles of orderly bookkeeping
4. What no one tells you about automatic analytics of SAP access protection
5. 3 top indicators for auditing process plausibility
6. A complete guide to Professional Judgement...
Divide et Impera
"Divide and rule" – says the Latin scholar. This simply means: when a task is too difficult, one can divide it into subgroups and deal with the smaller subgroups until all of them have been processed.
How does this affect the interpretation of SAP data analytics by the auditor?
In total I have implemented 125 indicators for SAP process weaknesses (about every process: purchase, order to cash, fixed assets and inventory, as well as cross process indicators). In this series different cross process indicators have been introduced.
During the implementation, the described problem of too many results arose and because of that a solution needed to be constructed.
I will elaborate this on the following example - let’s take this indicator:
FI documents posted during weekend
This indicator aims at identifying compliance and correctness.
The resulting risk:
The document will be marked, because fraudulent activities might have been performed outside regular business operations.
The criteria for this indicator is:
The document will be marked because it was performed on a weekend. Postings made by a system user will not be marked.
Let suppose that 12,745 documents are affected by this indicator. Quickly, the auditor comes up with the thought that he should never have done this data analytics! How are you supposed to follow 12.745 indications?
To encounter this problem, I have devised the concept of "profile", which was consistently implemented at zapliance. It's pretty simple: each document marked by an indicator is automatically sorted into a certain result group. How these result groups are build differs for each indicator and is related to the professional analytics target of the indicator. The purpose is that you only have to look at the result groups and not at all the individual documents in the groups.
Let's follow the example with the indicator "FI documents posted during weekend". This indicator maps its profiles according to the criterion "weekday" in combination with "document type". For example, three profiles are formed: "Saturday Goods Issue" (9,801 documents), "Sunday Credit Accounts" (77 documents) and "Saturday Goods Receipts" (2,867 documents).
The auditor can then concentrate on the profile, which he considers particularly relevant or valuable for documents posted during weekends. By looking at the profiles, it quickly becomes clear that goods issues and goods receipts are not critical on Saturdays, because the warehouse is regularly in use on that day. Therefore, credit balance documents on sundays remain interesting, because accountants normally do not work on sundays. Through the profiles a special focus is placed on the highest risks or most interesting cases. Following this approach, random samples lose methodological value.
It is no longer necessary to audit individual cases, but case groups, which makes the audit much more efficient and leads to a very good understanding of the audited entity.
In the example given, the question must therefore be considered:
What types of business transactions are unusual on saturdays or sundays?
... and the examination of the indicator would be completed.
Download for free
Would you like to download zap Audit or one of my ePapers for free?