150 likes | 278 Views
Evolution of the Siemens Experience in its Effort to Test IT Controls on a Continuous Basis. Tenth Continuous Auditing & Reporting Symposium Meeting 11/4/2005. Rolf Haardörfer IT Audit Professional Siemens Corporation. Agenda. Operational Audit. Overview of Siemens
E N D
Evolution of the Siemens Experience in its Effort to Test IT Controls on a Continuous Basis Tenth Continuous Auditing & Reporting Symposium Meeting 11/4/2005 Rolf Haardörfer IT Audit Professional Siemens Corporation
Agenda Operational Audit • Overview of Siemens • Benefits of Continuous Auditing • Overview of Siemens SAP Audit Plan • CA at Siemens – Current Activities • CA at Siemens – Planned Activities • Outlook and Next Steps • Questions and Discussion
Overview of Siemens Operational Audit • About 430,000 employees worldwide (70,000 thereof in the United States) • Sales of EUR 75 billion in 2004 • Siemens has a large audit department executing financial and operational audits throughout the company • Siemens has selected SAP as their standard ERP system • IT Audit Pool conducts all system related audits for the majority of Operating Companies here in the US including a SAP Certification Audit
Benefits of CA at Siemens Operational Audit • Simplification of execution of SAP audits • Continuous monitoring of the compliance level of mandatory System Parameter settings. • Improved Governance (Fraud Detection, SOX Compliance, Monitoring, etc.) • Move toward real-time reporting for management and for the investment community. • Improve the skill level and quality of work life of auditing personnel. • Reduces compliance and assurance costs (labor, travel, outside assurance, etc.)
Value Proposition Operational Audit • COST: • Consider a large multinational corporation with 400 auditors (internal & external), each with a fully absorbed (sal./fee, benefits, travel, etc.) $200,000/yr cost for a total annual compliance cost of $80 million dollars. Assume further that the proposed continuous auditing model cost $1 million dollars to develop and implement and only reduced manual compliance effort by 25% in the firm. The annual net estimated savings or cost avoidance of this project for the firm defined above would be: • $19 Million dollars (Or nearly $100 million dollars over 5 years)!
Overview of Siemens SAP Audit Plan Operational Audit • Typical SAP audit takes about 75 person days covering SAP modules FI, FI-AA, BA, Computer Outsourcing, SD and MM • Overall about 200 audit action sheets (AAS) • Audit Action plan (AAS) was developed in cooperation with KPMG • About 25 percent can be automated without additional formalization or re-engineering of the controls
SAP Audit Action SheetPart 1 Operational Audit
Pseudo code developed from Rutgers CAR-Lab to automate Audit sheet SAP Audit Action SheetPart 2 Operational Audit
Two Types of Audit Systems Operational Audit • ACL • Approva BizRights • Virsa • Oversight • E-Audit (Siemens) • Rutgers CAR-Lab SAP model Independent System (Monitoring and Controlling Layer) Embedded AuditSystem • SAP Audit Information System
CA at Siemens – Current Activities Operational Audit • Utilization of Approva BizRights for monitoring of Segregation of Duties (2 major Div.) • Purchase to Pay Process using ACL’s Direct Link and CCM CA model on 3 large SAP systems • Introduced at the beginning of 2005 • Significant payoff right away (duplicate invoice payments, etc.) • Providing real procurement cycle data to Rutgers CAR-Lab for statistical modeling to identify possible anomalies.
CA at Siemens – Current Activities Operational Audit • Utilization of GL module from Approva BizRights • Introduced in October 2005 for Monitoring of Month End Closing, to be completed in mid 2006 for the GL Module. • Payoff –(Helping with Month End Closing, Ensuring transactions are complete with proper authorizations) • Implementation of travel and expense (T&E) module from ACL • Planned introduction by the end of 2005 • Expected benefits – Reduce Fraud (T&E is one the most prevalent areas for fraud).
CA at Siemens - Planned Activities Operational Audit • Preventative / configurable controls strategy: • Utilize research from Rutgers CAR-Lab to re-engineer our SAP audit plan to make it more formalizable / automatable. • Support and promote the use and enhancement of CA tools (Siemens & Third party) at Siemens Operating & Regional Companies. • Demo and provide feedback to Siemens companies on emerging CA tools and technology.
CA at Siemens - Planned Activities Operational Audit • Utilization of SAP AIS module for execution of SAP audits • Allows business to run reports themselves as needed (e.g. Top 10 Security Issues) • IT Audit Pool has customized AIS to include automatable audit sheets as predefined reports • Estimated reduction of SAP audit time of about 25%
Outlook and Next Steps Operational Audit • Further leverage Rutgers CAR-Lab research in cooperation with External Auditors to Expand CA scope at Siemens. • Utilization of SAP AIS module at more Operating Companies as standard tool. • Audit Pool will work with Operating Companies to identify and promote existing solutions as best practices. • Audit Pool plans on piloting CA software solutions as a part of a regular SAP audits.
Questions? Operational Audit Thank You! Rolf Haardörfer Siemens Corporation IT Audit Pool