Between the acquisition of an asset and its retirement, there can be many stumbling blocks along the way. By using data analysis in SAP, an auditor can find out a great deal. That is the reason why I would like to introduce you to the basics of a fixed asset audit and the challenges that may be involved.
We will be focusing on the 7 areas:
- The necessary data structure
- Asset acquisition
- Asset master data
- Manipulated asset retirement
- Segregation of duties
Before embarking on a process audit of fixed assets in SAP involving extensive data analyses, even for the purposes of a digital audit, our examination should still be based on a knowledge of the actual processes related to assets. In our methodology, the SAP processes for fixed assets implemented in the SAP system must first be determined empirically in the SAP database. Only then can data analyses be carried out on the basis of known processes for fixed assets. The determination and reconstruction of all processes is carried out by the Financial Process Mining Algorithm we have developed.
How do fixed asset processes differ from other processes in SAP?
As a rule, processes in the area of fixed assets are shorter than purchasing or sales processes. In the field of asset acquisition, there is an overlap with the normal purchasing process. The other processes, e.g. the posting of depreciation and the asset retirement are time- or event-related and involve only one or a few process steps. There may be corresponding overlaps with the sales process in the case of asset retirement. The Financial Process Mining Algorithm also takes account of procedures in the area of fixed assets, so that all individual processes in this area are known by applying the algorithm.
How does the data analysis work?
Once all processes have been reconstructed by the Financial Process Mining Algorithm, the data analyses are carried out in the form of various data indicators. An indicator always represents a question relevant to the audit. A document may or may not be affected by an indicator. An indicator thus gives a "black-and-white picture" of the situation and divides all documents into a set of documents affected by the indicator and into a set of unaffected documents.
SAP stores all data, e.g. by means of a transaction, the date, affected asset, etc. in different tables. If the transaction was executed, this leads to a document being generated in SAP which can only be deleted at considerable cost, if at all. In this context, the restrictions on the erasure of electronic data according to §239 of the German Commercial Code (Handelsgesetzbuch – HGB), which we will not go into further at this point, are also of key importance. Instead, reversal entries must be made to correct any errors that may have occurred. The reversal entries also generate a document in SAP and refer to the object to be reversed. This results in a sequence of actions that can be reconstructed using the Financial Process Mining Algorithm already mentioned above. The most important SAP tables for auditing SAP fixed assets and inventory for the auditor are:
- ANKA:Asset Classes (General Data)
- ANKT: Asset Classes (Description)
- ANLH:Main Asset Number
- ANLA:Asset Master Record Segment
- ANLB:Depreciation Terms
- ANLC:Asset Value Fields
- ANLP:Asset Periodic Values
- MARA:General Material Data
- MBEW:Material Valuation
- MKPF:Header Material Document
- MSEG:Document Segment Material
Certain documents in accounting also refer to documents in fixed assets. Most of the time, they relate to business transactions involving fixed assets, like asset acquisition, or asset retirement. While on the subject of accounting tables in SAP, we should also mention the SAP table BSEG which references the data field ANLN1 (Asset Number) and ANLN2 (Asset Subnumber).
Data extraction can be hard when it comes to SAP. There are several tools which do exist on the market, but often an ABAP program is needed in the SAP system. This can however be the first “showstopper”, because transactions into a SAP system often require a Change Management Process. This can take a long time, due to the various authorization steps involved.
But there is also a way to extract data manually using an SAP dialog. You can for instance use the SAP transaction SE16. Unfortunately, though, this does involve a lot of manual work and can be very a cumbersome process.
By using Remote Function Call (RFC), there is another way of extracting data from your SAP system. You only need a SAP user with corresponding user access rights to call the Remote Function Call component. One of the big advantages of this is that you do not need to install any ABAP programs in your SAP system. Compared to other techniques, RFC is pretty old and can sometimes be slow, though it is well-established and available in all SAP systems. RFC can thus be a convenient and effective way of optimizing data extraction and can be used to extract data for analysis from the SAP system with relative ease.
If you have already managed to extract the relevant data from your SAP system and set up the data structure, then you are ready to go. You now have the foundations you need to perform further analyses. At this point, there is another key question you have to ask yourself: What exactly do I want to know from the data I have extracted? In what follows, we will provide some examples by way of illustration. If you have already defined some questions that you want to ask, you then have to think about what data fields and combinations of data fields are necessary for you to do your analysis. In the area of fixed assets and inventory, we have developed 22 indicators / audit questions to analyze critical data fields and identify the corresponding documents. Every indicator is therefore related to a process, a process area, and an audit objective, and thus covers a certain risk. As I have already mentioned, I am going to introduce you to some of the indicators in more detail in what follows. The focus will be on the process areas of asset master data, asset acquisition, asset depreciation, asset retirement and segregation of duties. If you are interested at this point and want to know more, you can download all of our 22 indicators in the area of fixed assets and inventory here:
Examples for indicators relating to asset acquisition are: Fixed asset acquisition without an invoice, rare fixed asset transactions or the temporary deactivation of fixed assets. Let’s take a closer look at the fixed asset acquisition without an invoice indicator.
As already mentioned, every indicator is associated with an audit objective. Because of a lack of correctness, this indicator is dedicated to the compliance and correctness audit objective. The corresponding risk should be clear to every auditor – a posting has been made without an invoice. Thus, transparency has been affected at the very least and you should take a closer look at the related bank accounts. You may be dealing with a typical case of fraud. The criteria for a document getting marked is once again pretty straightforward: A document will be marked because it contains an asset acquisition (BSEG-ANBWA=100) but an incoming invoice is missing (credit position related to a vendor BSEG-KOART=K). Assets under construction are not included in the analysis.
After purchasing an asset, a master record is maintained for every asset in SAP. Unfortunately, incorrectly entered or missing data may occur as a result of human interaction with the ERP system. For this reason, we have implemented indicators for implausible fixed asset depreciation start dates, missing fixed asset master records, incomplete fixed asset master data and much more. If we take a closer look at the missing fixed asset master record indicator, we will see that more than one SAP table is used to save information on master data. This indicator, for example, checks for the absence of an asset in the SAP tables ANLH (main asset number), ANLA (asset master record segment) and ANLB (depreciation terms). If a reference is missing from these SAP tables, the corresponding document will be marked and shown in the user interface of zap Audit.
Related to asset acquisition, the data analysis for asset depreciation works in pretty much the same way. Examples of relevant audit questions in this area are: is there fixed asset depreciation of more than 50% of activation value, or fixed asset appreciation or a fixed asset with a negative book value? Here, we will take a closer look at the issue of a fixed asset with a negative book value: this is related to the audit objective of compliance and correctness. You may however want to ask yourself the question how this phenomenon has occurred in the first place. If the reason for a negative book value becomes clear, then the related risk should be obvious. In our audit methodology, a document will be marked if the cumulative depreciation (prior years + current year) exceeds the cumulative costs of acquisition. In this way, the risk of incorrectly calculated depreciations can be clearly shown.
Normally, you would think that there is not much risk associated with the possibility of asset retirement, right? If so, then I am afraid I have to disappoint you. It is precisely in this very area that there can be a great deal of potential for financial losses which may go unnoticed. Three examples for audit questions that we have already implemented are: Fixed asset procured and retired within one year, fixed asset retirement with only small profit, or P&L loss at retirement or sale of asset. The weaknesses addressed can already be identified from the names of the indicators. There is a high potential for fraudulent conduct which can affect P&L. Fixed asset retirement with only small profit is pretty self-explanatory: this indicator is related to the audit objective of opportunities for savings and addresses the risk that fixed assets were sold for a price below their actual value. In what cases, will a document be marked? The answer is simple: when the profit is less than 5% of the acquisition costs.
We have written about this topic on several occasions already. However, it is also of relevance for fixed assets. We explained our approach in this area in greater detail in one of our recent blog posts on the topic of identifying conflicts of segregation of duties thanks to our Financial Process Mining algorithm. Even in the area of fixed assets, one is never safe from the risk of conflicts of SoD. Once again, we should also underline here that our methodology does not just check what is theoretically possible, but what has actually happened.
The following are examples of specific conflicts of SoD in the field of fixed assets that can be detected using our methodology:
- Pay a vendor invoice and hide it via asset depreciation
- Create an invoice via ERS GR & hide it via asset depreciation
- Maintain an asset and capitalize or add costs to master record
- Maintain an asset and manipulate the receipt of the asset
- Remove material by adjusting out via WM physical invoice
- Maintain service or material master data & add items to purchase agreements