A protocol for continuous monitoring and assurance Gerard

Скачать презентацию A protocol for continuous monitoring and assurance Gerard

1e248c1c54e93db917630f4a678dd850.ppt

Количество слайдов: 16

A protocol for continuous monitoring and assurance Gerard A. (Rod) Brennan, Siemens Corporation Miklos A. Vasarhelyi, Rutgers University © 2007. Siemens Product Lifecycle Management Software Inc. All rights reserved Siemens PLM Software

Outline §Motivation §Implementation: of accredited control monitoring software §Reengineering: Rationalization and reorganization of the audit program §Automation: of elements not in the adopted software solution © 2007. Siemens Product Lifecycle Management Software Inc. All rights reserved Page 2 Siemens PLM Software

A 3 pronged approach to audit automation §Automate audit plan using delivered Rule Sets: Est 25% of a typical manual audit plan §Automate using external data sets (Static & Variable): Est an additional 25% a typical manual audit plan §Re-enginer manual controls into automated controls with improved control precision: Est an additional 25% a typical manual audit plan Total = Automation Opportunity ~75%!! © 2007. Siemens Product Lifecycle Management Software Inc. All rights reserved Page 4 Siemens PLM Software

SAP Certification Audit, cont. Ø The certification audit program utilized by Siemens IT Audit Pool covers eight functional areas within the SAP environment. 1. BC – Basis System 2. CO - Computer Operations and Outsourcing 3. FI – Financial Accounting 4. FI – AA – Asset Accounting 5. SD – Sales and Distribution 6. MM – Material Management 7. PS – Project System 8. HR – Human Resources Ø These audit programs include relevant automated and manual internal controls related to IT general, and automated and manual application (e. g. , business) controls. Ø The SAP certification audit is not only controls-focused; many auditees have optimized their SAP system based on knowledge gained through the audit © 2007. Siemens Product Lifecycle Management Software Inc. All rights reserved Page 6 Siemens PLM Software

Proposed Audit Automation Project: Goals and Objectives -- Jan 2008 Ø Siemens AG has recognized a clear opportunity to leverage audit automation tools and technology to improve compliance, mitigate fraud, assure conformance to processes, and reduce cost of compliance. Ø The proposed project will leverage A&D PL’s successful installation of Approva Biz. Rights to build a working model for tactically deploying and achieving the above objectives, while at the same time obtaining the 4 -year SAP certification. Ø A 2 day feasibility and scoping session was held at PL’s Maryland Heights, MO office to review the audit program and validate assumptions on feasibility of Approva Biz. Rights utilization -- high potential for automation identified!. Ø Participants: Ø Siemens North America operational audit lead Ø PL IT and IA representatives Ø Rutgers University, Continuous Audit and Reporting Laboratory ØApprova © 2007. Siemens Product Lifecycle Management Software Inc. All rights reserved Page 7 Siemens PLM Software

Value Proposition (Cost and Quality) Quality Ø Continuous versus point-in-time/periodic auditing Ø Information on the full population in SAP vs. sample-based Ø Deterrent to fraud (including collusive fraud) Creating a “perception of monitoring” within the organization Ø Sustainability of the control environment thru real-time updates and alerts to management personnel Ø Assures process conformance and business process optimization Cost Ø Savings through cash flow improvements (e. g. , vendors with unusually accelerated payment terms; customers with delayed payment terms) Ø Savings from other process improvements, systems optimization Ø Savings from improved fraud deterrents 1 ØA&D PL specific: ØFor 3 of every 4 years, eliminate ~ 500 man-hours of IT GCC and application control testing (@ $137/hr = $68, 750/year for PL) ØSignificantly reduce 475 man-hours of annual KPMG IT audit hours (@ $200/hr and 50% reduction, $47, 500/year) 1 - 2007 Fraud Report by ACFE estimated fraud costs as up to 5% of revenues in most organizations General – Siemens IT audit pool billing rate is $137/hour; KPMG is $200/hr in Siemens North America © 2007. Siemens Product Lifecycle Management Software Inc. All rights reserved Page 8 Siemens PLM Software

Technology Requirements Technology ØA&D PL already has the following Approva modules “live” in production. These will be heavily utilized as part of this project: Ø Authorizations Insight Ø Access Mgmt Insight Ø User Activity Insight Ø Procure-to-Pay Insight Ø Order-to-Cash Insight ØThe following modules will be required and will be installed at A&D PL for the project: ØFinancial Close Insight ØGeneral Computer Controls Insight ØInsight Authoring Studios © 2007. Siemens Product Lifecycle Management Software Inc. All rights reserved Page 9 Siemens PLM Software

Project Deliverables 1. SAP certificate for A&D PL’s systems 2. Siemens operational audit’s “Teammate” working papers to support all work performed 3. Final/validated Approva Biz. Rights rule books held by A&D PL 1 4. Re-engineered audit action sheets held by Siemens Operational Audit 2 5. Final validation of re-engineered approach by KPMG 6. Case study 7. 1 Made available to other Siemens businesses upon request. © 2007. Siemens Product Lifecycle Management Software Inc. All rights reserved Page 10 Siemens PLM Software

Scope Definition ØRedefine the SAP certification audit with a focus on audit automation and continuous controls monitoring. ØRestructure/re-engineer the SAP certification audit program, enhancing clarity on automated versus manual tests ØProduce tactical case-study illustrating ‘old way’ versus ‘new way’ in certifying an SAP system Ø Case study will be made available within Siemens Ø Case study will be made available to Approva and Rutgers for their support and respective investment ØComplete the SAP audit and receive 4 -year certificate for A&D PL ØKey point: Tests that (1) cannot be automated and (2) have already been performed in 2007 SOX will not be re-performed. Siemens Operational Audit will give credit for work performed, and rely on 2007 SOX testing. © 2007. Siemens Product Lifecycle Management Software Inc. All rights reserved Page 12 Siemens PLM Software

Proposed Methodology/Protocol (Jan – Feb 2008) Ø Create a schematic for an automated audit approach building on the PL installed Approva base and the SAP certification audit (see below) Ø Create a development team made up of representatives from PL IT & IA, SC Audit, Rutgers Univ and Approva. Ø Create specific time phased work packages for all participants Ø Process Steps: Ø Secure, install and test Financial Close & Gen. Computing Controls (GSS) modules from Approva ON PL’s platform Ø Systematically map each AAS (SAP Cert Audit) to the Approva toolset and eliminate redundancies. © 2007. Siemens Product Lifecycle Management Software Inc. All rights reserved Page 13 Siemens PLM Software

Proposed Methodology/Protocol (Jan – Feb 2008) Ø Identify automation opportunities in 4 key areas: 1. Using Approva standard rules 2. Creating new rules using Approva Authoring Studio 3. Re-engineer manual AAS to use automated controls 4. Re-bundle manual controls in consolidated Audit Plan Ø Test & cleanse automated controls & workflow Ø Reorganize and restructure audit action sheets and submit for approval to CFA and KPMG Ø Document this process for repeatability at other Siemens locations © 2007. Siemens Product Lifecycle Management Software Inc. All rights reserved Page 14 Siemens PLM Software

MCP Management O pe ra tin g Auditor Al A. A. S (audit Action Items) From Siemens Approva and other literature Page 16 s low F Master rm Ala g Audit ratin e Audit Program Op Parameterization Audit ar m Evidence Fl Receptacle ow s Tool CA Control Dashboard Other Static Parameters Inference Engine Evergreen Opinion Deterministic Data Extraction Stochastic External Snapshot Table comparisons Class of Other Auditable Actions ---Remote Interactive Sustainable Audit Mail Object of Audit Communic. Other Management Verification Tool Processes Tool © 2007. Siemens Product Lifecycle Management Software Inc. All rights reserved Siemens PLM Software