CONTINUOUS AUDITING - UPDATE. Travis S. Moser, CISA

Similar documents
Winshuttle for Finance Clinton Jones Director of Solution Management for Finance - Winshuttle

The Road to Continuous Assurance. Jason A. Gross, CPA, CIA, CFE, CISA, ACDA Vice President, Controls Management Siemens Financial Services, Inc.

SAP GRC Risk Identification and Remediation

A Financial Executive s Guide to Internal Controls & Fraud Prevention in the Cloud

SEGREGATION OF DUTIES for SAP

... Preface Acknowledgments SAP Governance, Risk, and Compliance Overview Planning SAP GRC Implementations...

Internal Controls Over Financial Reporting (ICoFR) Overview and Practical Aspects

Ambulance Contract Billing Report October 12, 2016 KEY CONTROL FINDING RECOMMENDATION STATUS The City should:

Managing Risk in Your P2P Process: 10 Ways that Automation Can Help Mitigate Risk

INTERNAL CONTROLS FOR NONPROFITS

The Road to Continuous Assurance. Jason A. Gross, CPA, CIA, CFE, CISA, ACDA Vice President, Controls Management Siemens Financial Services, Inc.

Proactively Managing ERP Risks. January 7, 2010

Seal Off Your Profit Leaks

SAP Business One designed for all your small and midsize company s needs

INTERNAL CONTROLS FOR NONPROFITS

Oracle Approvals Management (AME) drives approvals of Invoice images. Julie Peters, Equinix, Inc. Carin Chase, IT Convergence, Inc.

JD Edwards EnterpriseOne Financial Management Overview

Welcome to the course on the working process across branch companies.

Continuous Controls Monitoring for Transactions: The Next Frontier for GRC Automation

GFMIS. MIS MIS - BW SEM Operating System SAP R/3 (GFMIS) FI CO. e-payroll, e-pension AFMIS. ก ก (e-catalog,e-shopping list

<Insert Picture Here> JD Edwards EnterpriseOne Financial Management

What does an external auditor look for in SAP R/3 during SOX 404 Audits? Ram Bapu, CISSP, CISM Sandra Keigwin, CISSP

OAUG / DOAG SIG DAY Vienna Sept 27 th 2010 Oracle Governance Risk and Compliance OAUG. August 2010

Intacct Inventory & Stock Sync

Using data analytics and continuous auditing for effective risk management

The Financial Edge. The Financial Edge. An Introduction

Continuous Monitoring: Getting Results Today!

File. Audit. City Auditor

PEORIA COUNTY, ILLINOIS

INTERNAL AUDIT DIVISION

Business Requirements Definitions

ILLUSTRATIVE RISKS OF MATERIAL MISSTATEMENT, RELATED CONTROL OBJECTIVES AND CONTROL ACTIVITIES. (Refer paragraphs 77 and 100)

Take Identity and Access Management to the Next Level Securely. Matthew Pecorelli

WORKSHOP 84 STREAMLINING COMPLIANCE THROUGH GRC INTEGRATING A-123 UPDATES AND MORE!

End-to-end Business Management Solution for Small to Mid-sized Businesses

INTERNAL CONTROLS FOR NONPROFITS

The Next Level of Controls Automation: How you can fully automate controls testing in financial systems by combining MetricStream and IRC

ISACA Charlotte Chapter

IT Service Delivery And Support

Step inside your new look business with SAP Business One. SAP Solution Brief SAP Solutions for Small Midsize Businesses

Delivering high-integrity accounting with Xero

Material available on web at

CENTRAL FLORIDA EXPRESSWAY AUTHORITY

Welcome to the introduction of the Intercompany Integration Solution for SAP Business One. In this course, we present the highlights of the basic

Plugging the Gaps in Financial Controls Monitoring

ACL ESSENTIALS. Get insight into your ERP process health, compliance & financial exposure SEGEREGATION OF DUTIES

Step inside your new look business with SAP Business One

Managed Print Integration Services/ Print Services (MPIS/PS) Responsible/Accountable/Support/Consulted/Informed (RASCI) Matrix

CHAPTER 5 INFORMATION TECHNOLOGY SERVICES CONTROLS

Materials Management

Internal Financial Controls (IFC) - An Overview

Internal Financial Control (IFC)& Internal Financial Controls over Financial Reporting (IFCoFR)

MICROSOFT DYNAMICS 365 / BUSINESS CENTRAL

DNA of the CFO: Disruptive technologies that will reshape finance as we know it. February 22, 2017

Mobility and Analytics in Finance

SAP Business One. A Single System to Streamline Your Entire Business

TRUCKEE MEADOWS COMMUNITY COLLEGE VENDING SERVICES Internal Audit Report July 1, 2013 through March 31, 2015

Preparing for a Headache-free Audit

+44 (0) Adalyser Audit 1.0 Overview

Internal Audit Work Plan

Taking a Global, Value Added Approach to Compliance: Designing, Automating and Implementing an Integrated Controls Management Process

PRIVY COUNCIL OFFICE. Audit of PCO s Accounts Payable Function. Final Report

Inventory and Labor. Fast Casual Solution. Back Office. Example Reports Version Cash Management. Forecast Engine.

Using Data Analytics in Audits

HCL S ACCELERATORS FOR GUIDEWIRE IMPLEMENTATION

Market Data Reporting

SAP Solution Brief SAP Solutions for Small Businesses and Midsize Companies SAP Business One. by Automating Intercompany Transactions

FUNCTION: To Protect and Enhance the Nonprofit Organization s Capacity to Serve the Community.

General Government and Gainesville Regional Utilities Vendor Master File Audit

Progressus PSA: Capabilities That Drive Your People to Perform

REPORT 2016/078 INTERNAL AUDIT DIVISION. Audit of Umoja implementation in Nairobi-based entities

White Paper. The simpro Accounting Link integration

Sanjay Srinivas PH:

Identifying Proactive Process Solutions for Key Payroll and Time Management Controls. Bhavesh Bhagat, EnCrisp

Introduction: Improving internal controls: the EY guide for humanitarian aid organizations. Humanitarian aid resource and delivery framework

Financial Controls Checklist

LEASE ACCOUNTING AND YOUR OTHER FINANCIAL SYSTEMS THE ENTERPRISE SYSTEMS THAT TRACK LEASING DATA. Developed For:

IT Audit Process. Michael Romeu-Lugo MBA, CISA March 27, IT Audit Process. Prof. Mike Romeu

Michael Diet Director, Intensum Luxembourg

Maxim Chuprunov. Auditing and. GRC Automation. in SAP. ^ Springer

FINANCIAL ACCOUNTING

Intelligent automation controls and internal audit considerations. April 2018

MIS 5121: ERP Systems - Course Schedule

Seattle Public Schools The Office of Internal Audit

Sarbanes-Oxley: Company Case Study - Viacom Inc. IT General Controls - Sustaining Compliance Efforts. Anthony Noble VP, IT Internal Audit

SHOULD YOUR BARCODE LABELING SOLUTION BE FULLY INTEGRATED WITH YOUR BUSINESS SYSTEM?

IDEAS Product Overview

Abila MIP Fund Accounting

SAP Business One for NGO s Step inside your new look business

Why Oracle GRC with every E-Business Suite Upgrade

Automating Audit Analytics: The benefits, the concepts and the road to Continuous Auditing

REPORT 2014/162 INTERNAL AUDIT DIVISION

SYSPRO Product Roadmap Q Version 03

Landscape Deployment Recommendations for SAP Assurance and Compliance Software for SAP S/4HANA. SAP SE November 2017

Internal Audit Report - Contract Compliance Cycle Audit Department of Technology Services: SHI International Corporation Contract Number

Financial Statement Close Process

Unleashing the Power of R12: The Mechanics of Ledger Sets and Secondary Ledgers

PREPARING A RISK BASED AUDIT WORK PROGRAM

Release 11 Feature Highlights

2. Which of the following statements is true when configuring a group chart of accounts?

Transcription:

CONTINUOUS AUDITING - UPDATE Travis S. Moser, CISA

CONTINUOUS ASSURANCE FRAMEWORK Third Line of Defense: IA provides independent assurance Second Line of Defense: Functions oversee risks First Line of Defense: Management owns and manages risks Audit Testing of Continuous Monitoring (First and Second Lines of Defense) Continuous Monitoring Continuous Auditing Business Processes and Transactions 2

KEY ASSUMPTIONS Global SAP instance Global business process owners Tool SAP GRC Suite Process Control 3

TERMINOLOGY Configuration Control settings, security levels, parameters, and reference data that enforce authorization, accuracy, and completeness of transaction processing. affects system function, performance, and automated controls 4

CA / CTM AT TIMKEN WHAT STHEDIFFERENCE? Continuous Auditing A method used to perform control and risk assessments automatically on a more frequent basis. includes monitoring a system s global configuration settings, access controls, and rules that define the parameters of how an event or transaction can be initiated, processed, and recorded. Continuous Transaction Monitoring A management process that monitors on an ongoing basis whether internal controls are operating effectively includes the creation of rules and tests run against the actual flow of transactions 5

Preventive Automated preventive Real-time detective Detective Per transaction Low effort to operate 100% coverage on transactions Daily/ multiple times per day Low effort to operate 100% coverage on transactions CONTROLS Manual approvals Physical access Segregation of duties System calculations Workflow (SAP)- based approvals Workflow (Oversight)- based alerts Physical counts & checks Detective report reviews Spreadsheet reconciliations 6

CA TIMKEN S NEED Increase frequency of control testing Evaluate SAP configuration globally Ensure controls applied consistently Ensure future implementations are configured consistently 7

ADVANTAGES TO PROCESS CONTROL Reduces monitoring and resource effort for manual control testing Monitors Global SAP configuration Issues identified in real-time (or close thereto) Enables moving to standardized key controls for Global SAP entities by Business Process Performs automated controls testing on a continuous basis at the process level 8

PROCESS CONTROL BIG PICTURE 9 Source: http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/b04161e6-5cfe-2e10-4b90-815a3a2027c2?quicklink=index&overridelayout=true&53051436052091

CONTINUOUS AUDITING Define Data Source and Business Rules Data Source Business Rule 10

PROCESS CONTROL Data Source Type Configurable ABAP Report SAP Query SoD Integration External Partner Process Integration BW Query Event Programmed Usage Defines a query against tables in the monitored SAP backend system. Leverage suitable ABAP Reports already available Leverage query results to gather and present information from an SAP system to PC Use to invoke Access Control risk analysis in the context of PC controls Web Services based to monitor SAP backend applications from SAP partners and other vendors Use to query directly against the underlying databases of non-sap applications via JDBC/ODBC, or even integrate Use to invoke queries against SAP Business Warehouse Use to respond to messages that external systems send to Process Control Use to call ABAP programs for complex processing 11

CONTINUOUS AUDITING (INTERNAL AUDIT S ROADMAP- 2016) 2011 Configuration assessment 2013 Walkthrough 2015 CA / CTM alignment 2015 Application Controls 2016 PTP Configuration 12

CA 2016 Processes Risks Controls Rules Fixed Assets 2 2 8 Inventory Management 2 7 11 Order to Cash 7 12 21 Purchase to Pay Record to Report 5 5 10 4 4 7 IT General Controls 2 4 8 Total 22 34 65 13

CONTINUOUS AUDITING (INTERNAL AUDIT S ROADMAP- UPDATED) 2016 External Audit 2017 SAP Application Controls 2017 External Audit 2018 Application Controls 2018 PTP Configuration 14

CA WHAT TIMKEN DOES Processes Risks Controls Rules Fixed Assets 3 4 11 Inventory Management 3 11 16 Order to Cash 8 15 24 Purchase to Pay Record to Report 5 6 13 3 6 16 IT General Controls 2 3 8 Total 24 45 88 15

CONTINUOUS AUDITING Automated Test Rules Facilitate Continuous Monitoring of controls Rule Script Rule Criteria http://help.sap.com/saphelp_grcpc25/helpdata/en/06/ded8d06faf487ba348dde612c2760c/content.htm 16

CONTINUOUS AUDITING Process Control Monitoring Business Rule Data Source Business Rules Business Rules 17

CONTINUOUS AUDITING EXAMPLE Risk: Accounts Payable may be inaccurate if cash disbursements are inaccurate or not recorded timely. Control: An invoice is prevented from being entered more than once into the system. Rule: The rule verifies that the duplicate invoice verification check is performed based on vendor reference number. 18

CONTINUOUS AUDITING EXAMPLE Set Check for Duplicate Invoices OMRDC Logistics Invoice Configuration Vendor Currency Gross Invoice Amount Company Code Invoice Date Reference document number 19

CONTINUOUS AUDITING EXAMPLE Set Check for Duplicate Invoices OMRDC 20

21 CONTINUOUS AUDITING EXAMPLE

22 CONTINUOUS AUDITING EXAMPLE

23 CONTINUOUS AUDITING EXAMPLE

24 CONTINUOUS AUDITING EXAMPLE

25 CONTINUOUS AUDITING EXAMPLE

26 CONTINUOUS AUDITING EXAMPLE

27 CONTINUOUS AUDITING EXAMPLE

28 CONTINUOUS AUDITING EXAMPLE

FREQUENCY OF CA Annually Semi Annually Quarterly Monthly Weekly Daily More than Daily

30 ISSUE WORKFLOW

31 ISSUE WORKFLOW

SUMMARY Continuous Auditing Framework Increasing frequency of control testing Monitoring Global SAP configuration changes 32

CHALLENGES / LESSONS LEARNED Change Logging activated SCU3 Leverage and confirm prior year workpapers when automating application controls Value Check vs. Change Log Check Mirror Timken s SAP change management process Contacts Contacts - Contacts 33

OPPORTUNITIES / WHERE ARE WE GOING? Analyze and implement SAP s delivered rules Expand into other company systems Complete automated controls from Configuration assessment Continue to improve / challenge risk and control matrix Leverage existing SAP queries and reports 34

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback