1 / 15

Evolution of the Siemens Experience in its Effort to Test IT Controls on a Continuous Basis

Evolution of the Siemens Experience in its Effort to Test IT Controls on a Continuous Basis. Tenth Continuous Auditing & Reporting Symposium Meeting 11/4/2005. Rolf Haardörfer IT Audit Professional Siemens Corporation. Agenda. Operational Audit. Overview of Siemens

bertha
Download Presentation

Evolution of the Siemens Experience in its Effort to Test IT Controls on a Continuous Basis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Evolution of the Siemens Experience in its Effort to Test IT Controls on a Continuous Basis Tenth Continuous Auditing & Reporting Symposium Meeting 11/4/2005 Rolf Haardörfer IT Audit Professional Siemens Corporation

  2. Agenda Operational Audit • Overview of Siemens • Benefits of Continuous Auditing • Overview of Siemens SAP Audit Plan • CA at Siemens – Current Activities • CA at Siemens – Planned Activities • Outlook and Next Steps • Questions and Discussion

  3. Overview of Siemens Operational Audit • About 430,000 employees worldwide (70,000 thereof in the United States) • Sales of EUR 75 billion in 2004 • Siemens has a large audit department executing financial and operational audits throughout the company • Siemens has selected SAP as their standard ERP system • IT Audit Pool conducts all system related audits for the majority of Operating Companies here in the US including a SAP Certification Audit

  4. Benefits of CA at Siemens Operational Audit • Simplification of execution of SAP audits • Continuous monitoring of the compliance level of mandatory System Parameter settings. • Improved Governance (Fraud Detection, SOX Compliance, Monitoring, etc.) • Move toward real-time reporting for management and for the investment community. • Improve the skill level and quality of work life of auditing personnel. • Reduces compliance and assurance costs (labor, travel, outside assurance, etc.)

  5. Value Proposition Operational Audit • COST: • Consider a large multinational corporation with 400 auditors (internal & external), each with a fully absorbed (sal./fee, benefits, travel, etc.) $200,000/yr cost for a total annual compliance cost of $80 million dollars. Assume further that the proposed continuous auditing model cost $1 million dollars to develop and implement and only reduced manual compliance effort by 25% in the firm. The annual net estimated savings or cost avoidance of this project for the firm defined above would be: • $19 Million dollars (Or nearly $100 million dollars over 5 years)!

  6. Overview of Siemens SAP Audit Plan Operational Audit • Typical SAP audit takes about 75 person days covering SAP modules FI, FI-AA, BA, Computer Outsourcing, SD and MM • Overall about 200 audit action sheets (AAS) • Audit Action plan (AAS) was developed in cooperation with KPMG • About 25 percent can be automated without additional formalization or re-engineering of the controls

  7. SAP Audit Action SheetPart 1 Operational Audit

  8. Pseudo code developed from Rutgers CAR-Lab to automate Audit sheet SAP Audit Action SheetPart 2 Operational Audit

  9. Two Types of Audit Systems Operational Audit • ACL • Approva BizRights • Virsa • Oversight • E-Audit (Siemens) • Rutgers CAR-Lab SAP model Independent System (Monitoring and Controlling Layer) Embedded AuditSystem • SAP Audit Information System

  10. CA at Siemens – Current Activities Operational Audit • Utilization of Approva BizRights for monitoring of Segregation of Duties (2 major Div.) • Purchase to Pay Process using ACL’s Direct Link and CCM CA model on 3 large SAP systems • Introduced at the beginning of 2005 • Significant payoff right away (duplicate invoice payments, etc.) • Providing real procurement cycle data to Rutgers CAR-Lab for statistical modeling to identify possible anomalies.

  11. CA at Siemens – Current Activities Operational Audit • Utilization of GL module from Approva BizRights • Introduced in October 2005 for Monitoring of Month End Closing, to be completed in mid 2006 for the GL Module. • Payoff –(Helping with Month End Closing, Ensuring transactions are complete with proper authorizations) • Implementation of travel and expense (T&E) module from ACL • Planned introduction by the end of 2005 • Expected benefits – Reduce Fraud (T&E is one the most prevalent areas for fraud).

  12. CA at Siemens - Planned Activities Operational Audit • Preventative / configurable controls strategy: • Utilize research from Rutgers CAR-Lab to re-engineer our SAP audit plan to make it more formalizable / automatable. • Support and promote the use and enhancement of CA tools (Siemens & Third party) at Siemens Operating & Regional Companies. • Demo and provide feedback to Siemens companies on emerging CA tools and technology.

  13. CA at Siemens - Planned Activities Operational Audit • Utilization of SAP AIS module for execution of SAP audits • Allows business to run reports themselves as needed (e.g. Top 10 Security Issues) • IT Audit Pool has customized AIS to include automatable audit sheets as predefined reports • Estimated reduction of SAP audit time of about 25%

  14. Outlook and Next Steps Operational Audit • Further leverage Rutgers CAR-Lab research in cooperation with External Auditors to Expand CA scope at Siemens. • Utilization of SAP AIS module at more Operating Companies as standard tool. • Audit Pool will work with Operating Companies to identify and promote existing solutions as best practices. • Audit Pool plans on piloting CA software solutions as a part of a regular SAP audits.

  15. Questions? Operational Audit Thank You! Rolf Haardörfer Siemens Corporation IT Audit Pool

More Related