Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

Evolution of the Siemens Experience in its Effort to Test IT Controls

advertisement 
Evolution of the Siemens
Experience in its Effort to Test IT
Controls on a Continuous Basis
Rolf Haardörfer
IT Audit Professional
Siemens Corporation
Tenth Continuous Auditing & Reporting
Symposium Meeting 11/4/2005
Agenda
Operational Audit







Overview of Siemens
Benefits of Continuous Auditing
Overview of Siemens SAP Audit Plan
CA at Siemens – Current Activities
CA at Siemens – Planned Activities
Outlook and Next Steps
Questions and Discussion
Operational Audit
Overview of Siemens
 About 430,000 employees worldwide
(70,000 thereof in the United States)
 Sales of EUR 75 billion in 2004
 Siemens has a large audit department
executing financial and operational audits
throughout the company
 Siemens has selected SAP as their
standard ERP system
 IT Audit Pool conducts all system related
audits for the majority of Operating
Companies here in the US including a SAP
Certification Audit
Operational Audit
Benefits of CA at Siemens
 Simplification of execution of SAP audits
 Continuous monitoring of the compliance
level of mandatory System Parameter
settings.
 Improved Governance (Fraud Detection,
SOX Compliance, Monitoring, etc.)
 Move toward real-time reporting for
management and for the investment
community.
 Improve the skill level and quality of work life
of auditing personnel.
 Reduces compliance and assurance costs
(labor, travel, outside assurance, etc.)
Value Proposition
Operational Audit
COST:
•
Consider a large multinational corporation with 400
auditors (internal & external), each with a fully
absorbed (sal./fee, benefits, travel, etc.) $200,000/yr
cost for a total annual compliance cost of $80 million
dollars. Assume further that the proposed continuous
auditing model cost $1 million dollars to develop and
implement and only reduced manual compliance effort
by 25% in the firm.
The annual net estimated savings or cost avoidance
of this project for the firm defined above would be:
$19 Million dollars
(Or nearly $100 million dollars over 5 years)!
Operational Audit
Overview of Siemens SAP Audit Plan
 Typical SAP audit takes about 75 person
days covering SAP modules FI, FI-AA, BA,
Computer Outsourcing, SD and MM
 Overall about 200 audit action sheets (AAS)
 Audit Action plan (AAS) was developed in
cooperation with KPMG
 About 25 percent can be automated without
additional formalization or re-engineering of
the controls
Operational Audit
SAP Audit Action Sheet
Part 1
Operational Audit
SAP Audit Action Sheet
Part 2
Pseudo code
developed from
Rutgers CAR-Lab to
automate Audit sheet
Two Types of Audit Systems
Operational Audit
Independent System
(Monitoring and
Controlling Layer)






ACL
Approva BizRights
Virsa
Oversight
E-Audit (Siemens)
Rutgers CAR-Lab
SAP model
Embedded Audit
System
 SAP Audit
Information System
Operational Audit
CA at Siemens – Current Activities
 Utilization of Approva BizRights for
monitoring of Segregation of Duties (2
major Div.)
 Purchase to Pay Process using ACL’s Direct
Link and CCM CA model on 3 large SAP
systems
 Introduced at the beginning of 2005
 Significant payoff right away (duplicate
invoice payments, etc.)
 Providing real procurement cycle data to
Rutgers CAR-Lab for statistical modeling to
identify possible anomalies.
Operational Audit
CA at Siemens – Current Activities
 Utilization of GL module from Approva
BizRights
 Introduced in October 2005 for
Monitoring of Month End Closing, to be
completed in mid 2006 for the GL Module.
 Payoff –(Helping with Month End Closing,
Ensuring transactions are complete with
proper authorizations)
 Implementation of travel and expense (T&E)
module from ACL
 Planned introduction by the end of 2005
 Expected benefits – Reduce Fraud (T&E
is one the most prevalent areas for fraud).
Operational Audit
CA at Siemens - Planned Activities
Preventative / configurable controls strategy:
• Utilize research from Rutgers CAR-Lab to
re-engineer our SAP audit plan to make it
more formalizable / automatable.
• Support and promote the use and
enhancement of CA tools (Siemens & Third
party) at Siemens Operating & Regional
Companies.
• Demo and provide feedback to Siemens
companies on emerging CA tools and
technology.
Operational Audit
CA at Siemens - Planned Activities
•
•
Utilization of SAP AIS module for execution of SAP audits
• Allows business to run reports themselves as needed (e.g. Top
10 Security Issues)
• IT Audit Pool has customized AIS to include automatable audit
sheets as predefined reports
Estimated reduction of SAP audit time of about 25%
Operational Audit
Outlook and Next Steps
 Further leverage Rutgers CAR-Lab research in
cooperation with External Auditors to Expand CA
scope at Siemens.
 Utilization of SAP AIS module at more Operating
Companies as standard tool.
 Audit Pool will work with Operating Companies
to identify and promote existing solutions as best
practices.
 Audit Pool plans on piloting CA software
solutions as a part of a regular SAP audits.
Operational Audit
Questions?
Thank You!
Rolf Haardörfer
Siemens Corporation IT Audit Pool
Related documents
Marketing Plan Rubric
Marketing Plan Rubric
Big Data As Complementary Audit Evidence
Big Data As Complementary Audit Evidence
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
system audit - Study Channel
system audit - Study Channel
As the 2nd largest business support solutions (BSS) provider, CSG
As the 2nd largest business support solutions (BSS) provider, CSG
Internal Auditor Job Description
Internal Auditor Job Description
Download
advertisement