Introduction 12-Jan 1 19-Jan 26-Jan 2 What is ERP? SAP Modules and functionality and its relation to Business Cycles AGAS: 3.1.3 (Figure 3.2) Real World: Control Failures - Enron Case The Importance of establishing an SAP specific internal control framework Case Study Introduction & preparation SAP Overview & Navigation No Class - tin Luther King Holiday AGAS: Chap 1 - all Chap 2 (ICS Assurance in Practice) Chap 3: section 3.1 only (ICS Content in SAP ERP) Real World: Control Failures - Read 1: AGAS - Chapters 1, Business Organization, Functions, System Components, Processes AGAS:Chap 5.1 SAP: Table controlled Application 2, 3.1 and 11 Due Jan 25 Controls and Assertions AGAS: Chap 1 - all Chap 2 (ICS Assurance in Practice) Chap 3: section 3.1 only (ICS Content in SAP ERP) SAP Business Process Controls - Human Resources AGAS:Chap 11 (Data Compliance in SAP Human Capital Mgmt) Master Data Considerations Case Study: Procure to Pay 1-6
Real World: Control Failures - Read 2: AGAS - Chapters 9.1, AGAS:Chap 12 (Fraud in an SAP 9.2, 9.3 and 12 Due Feb 1 Fraud System) 2-Feb 3 SAP Business Process Controls - Materials AGAS:Chap 9.1-9.3 (Controls in Exercise 1: GBI - Procure to Management Procure to Pay Proces) Pay Due Feb 5 Case Study: Procure to Pay 7-14 Real World: Control Failures - Read 3: AGAS - Chapters 10 9-Feb 4 16-Feb 5 23-Feb 6 SAP Business Process Controls -Sales & Distribution Types of Controls : Compare and Contrast Case Study: Order to Cash 1-8 Real World: Control Failures - SAP Business Process Controls -Sales & Distribution Configuration Control of Risks Case Study: Order to Cash 9-15 Real World: Control Failures - Exam 1 General Computer vs. SAP System Controls Case Study: Order to Cash 16-23 AGAS:Chap 10 (Controls in Order to Cash Process) AGAS:Chap 10 (Controls in Order to Cash Process)?? - how to audit? Or config behind?? Due Feb 8 Exercise 2: GBI - Order to Cash Due Feb 26 2- No Class - Spring Break
Read 4: AGAS - Chapters 5.2 and 8 Due ch 8 11:59 SAP ECC Security: Authorization Concept AGAS: Chap 5.2 (Authorizations) PM 9-7 16-23- 30-8 9 10 SAP Business Process Controls - Financial Accounting & Controlling AGAS: Chap 8 (Controls in Financial Accounting) Case Study: Journal Entries 1, 2 Read 5: AGAS - Chapters 9.4 Due ch 15 Real World: Control Failures - Cadillac Business Controls: Inventory AGAS:Chap 9.4 Control for Stocks Exercise 3: GBI - Journal SAP ECC Security: Authorization Concept Entries Due ch 19 11:59 PM Case Study: Journal Entries 3, 4 SAP ECC Security: User Mgmt, Roles, Authorizations AGAS:Chap 6.3 (System Users) Segregation of Duties (SOD) Control Case Study: SOD 1, 2 Data Migration / Conversion Segregation of Duties (SOD) Control SAP ECC Security: Advanced Authorization Case Study: SOD 3, 4 Read 6: To Be Determined... Due ch 29 Exercise 4: GBI - SOD: Segregation of Duties Due April 2
6-Apr 11 Exam 2 System and Integration Controls: Intro AGAS:Chap 6.1, 6.2 (ITGeneral Controls in SAP) Read 7: A7GAS - Chapters 6.1 and 6.2 Due April 5 The importance of IT Controls Framework Introduction 13-Apr 12 20-Apr 13 27-Apr 14 System and Integration Controls Case Study: SAP Security Review Exercise The importance of IT Controls Framework Configuration Control and Auditing Real World: Control Failures - Student Security in Other SAP Components Governance Risk and Compliance (GRC) AGAS:Chap 6.4 (Security and Authorization Controls) Chap 7 General Application Controls in SAP ERP) AGAS:Chap 4.3 SAP GRC AGAS: Figure 16.5 (GRC- PC org units and controls) Read 8: AGAS - Chapters 6.3 and 7 Due April 12 11:59 PM Read 9: AGAS - Chapter 4.3 Due April 26 Final Exercise: Internal Control Framework Due April 30
4-May Final Exam (3) Abbreviations and Definitions AGAS : Auditing and GRC Automation in SAP - text book by Chuprunov, Maxim GBI : SAP ERP Global Bike Inc.