zapliance SAP Audit approach


A unique SAP Audit approach

Developed for SAP ERP process audits

The approach developed by zapliance gives auditors excellent process transparency and enables them to utilize process mining procedures, as well as the questions asked by the auditors relating to the information obtained from the mining. The zap Audit completely automates the audit of SAP-related data and processes from time of data extraction until production of the zap Audit report.

Why is this important?


  1. Automation frees more time for actual auditing activities and also eliminates the risk of manual error.
  2. Mapping processes with audit findings and recommendations reduces risk of false positives. Although conventional data analysis tools also suggest questions to auditors, they are unable to adapt these to process context.
  3. Real processes in SAP are complex. Although conventional process mining techniques yield a true and correct visualization of these processes, they fail to provide any guidance whatsoever on which processes to audit. 

Finding solutions to these challenges is what zap Audit is about.




1. Data Extraction

Automated data download from SAP

zap Audit does not work directly in the productive SAP; it uses a data copy of the relevant data fields extracted from the client’s SAP system. The zap Audit will not affect normal operation or performance of your SAP system in any way. Nothing has to be installed on your SAP system in order to enable this data extraction. All that is needed for the zap Audit is a normal SAP user account with read access rights and the connection data to the SAP system.

What is the most convenient way to extract data from SAP?

The first step in a zap Audit project is to define the fiscal year and the company code in scope. zap Audit will then extract the specific data for your scope. Automatic pseudomization of personalized data and database encryption ensure tight security for your SAP data. zapliance has at no time access to your data.



2. Financial Process Mining

Reconstruction of business processes based on the financial statements

Prior to start of the actual SAP process audit, the financial process mining algorithm first reconstructs all factual processes that lead to an entry in the financial statements. This is called sequencing. It delivers chronologically sorted chains of related SAP documents. 

All ledger postings are sequenced and the result explains the entire process history as summarized in the balance sheet and the income statement.

After reconstruction of the financial processes, zap Audit completes them by adding the referenced supporting documents: purchase orders, purchase requests, goods received, sales orders, sales shipments, sales bills, change documents and master data changes. All processes, especially Order-to-Cash, Purchase-to-Pay and Fixed-Assets are reconstructed end-to-end, if the relevant data are available in SAP.                

These sequences provide the informational basis for a modern risk- and process-oriented audit and are a major item in digitization of the audit. 



Prof. Dr. Nick Gehrke, Data Scientist

Audit digitization means automation of activities that are automatable. 

This enables the auditor to concentrate on more essential content-related tasks.

Experience obtained with automated process and data analytics, supported by the auditor’s professional judgment of the audit results, forms the basis for ongoing development of digitized auditing methods and design of the necessary algorithms for creation of a source of collective audit intelligence.


3. Process Audit

125 Auditors’ questions relating to SAP processes

zapliance uses so-called dragnet investigation in its process audits. This is based on a methodology used by investigative authorities worldwide. The zap Audit dragnet search contains more than 125 indicators uses high-end analytics to identify significant process-related findings.

Each indicator is in the form of an audit-relevant question relating to the processes and data under investigation. They include items like, for example:

  • duplicate payment analysis
  • purchase order changes after bill receipt
  • multiple changes in master data field
  • conflicts on segregation of duties

Segregation of duties analysis is a unique feature developed by zap Audit. It examines and analyzes each actual process involving a user account where a segregation conflict has occurred.

Findings discovered by the dragnet investigation are not simply listed without comment. They are related to each other within the context of the process. This reveals whether a series of findings occur simultaneously within any given sequence. This is the essence of a dragnet investigation. Repeated findings involving critical sequences, documents, suppliers and customers make it possible to identify issues quickly and accurately as well as minimizing the incidence of false positives. More time can be devoted to the actual audit.


4. zap Audit Report

Convenient presentation of auditor’s findings and recommendations

The zap audit report enables the auditor to quickly identify the items requiring listing as findings in an SAP process. It is an interactive report, in which the auditor is automatically navigated to the most important items in the results. The zap audit report enables analysis of all findings from various perspectives, e.g. indicator, vendor, customer, account, user account or fixed asset. Where necessary, each investigated item can be retraced to the relevant document. All results can be exported in Excel and csv format.



5. Professional Judgement

zap Audit supports most important player - the auditor 

zap Audit offers an enormous automation and analysis potential for the process audit. It provides unique insights into a company’s situation, and its stringent, process-oriented approach reduces false positives to an absolute minimum.

But, in the final analysis, it is still the experienced auditor who has to assess the significance of the audit’s findings and make the relevant recommendations. zap Audit guides the auditor interactively through the key findings.

The zap Audit does not mean replacement of the human auditor by a machine. Its role is to give forward-looking auditors a new, cutting-edge tool, with which they can demonstrate their value to the client company.

On presentation of the zap Audit report, the findings contained in it must be reviewed and validated within the client’s organization. The findings highlighted by the automated results have to be transformed into clear recommendations formulated by an experienced audit professional.

By relieving the auditor of time-consuming data collection and analysis tasks, zap Audit helps him focus on his role of professionally experienced anchorman responsible for steering the audit process.

The auditor can devote more time to audit findings that really matter!


6. Collective Audit Intelligence

The intelligent machine is getting smarter and smarter

zapliance has already developed a series of solutions for digitization of audit processes… but there are still many more ideas and new features waiting to be realized. The scope of zap Audit’s functions is continually being expanded. The latest version of zap Audit is always available for download to all active clients at no additional charge.

The core idea motivating this ongoing development work is: How can zap Audit help its clients identify weaknesses in their organizations even more accurately and reliably?

We use methods borrowed from data mining in this development work. We also lift relevant findings from past audits and input these into our reference database of accumulated experience for use in future audits. Our goal is to create an intelligent system with predictive analytic functionalities. When confronted with new sets of data, this system will ideally be able to draw its own conclusions based on analogous past experience.

zap Audit will gradually be expanded to contain the accumulated knowledge of hundreds of auditors – who will all be working for you!

We have named this vision Collective Audit Intelligence.