Finding implausible SAP processes and how to audit them will be explained in today’s blog post. Three cross process indicators are presented as examples. This way you can analyze SAP processes differing from your targeted processes. If several implausible SAP processes come together at some point, this kind of SAP cross process analytics get very interesting.
Part 5 of the series: “The digital Audit for Cross Process Weaknesses”
1. How the digital audit for cross process weaknesses works
2. Smart strategies to automatically audit master data and payments
3. Quick Guide: Auditing principles of orderly bookkeeping
4. What no one tells you about automatic analytics of SAP access protection
5. 3 top indicators for auditing process plausibility
6. A complete guide to Professional Judgement…
If you haven’t read about the concept of indicators, I would recommend doing this first.
Three TOP indicators for implausible processes
Every indicator is associated with a process, a process area, an audit objective and a risk respectively. In the following, three selected indicators in the area of SAP process plausibility are presented.
In total, I have developed and implemented 20 indicators for the area of cross processes. You can download the details about all cross process indicators here.
Documents posted by users with high reversal rates
This indicator aims at identifying process standardization.
The resulting risk:
High reversal rates of users are indicators for transactions prone to error.
The criteria for this indicator is:
The document will be marked when the posting user has a reversal rate>=20% or belongs to the top 20% of users with reversals. Only reversal documents are listed.
Cyclic change of a field
This indicator aims at identifying process standardization.
The resulting risk:
There is the risk that critical fields were changed multiple times to circumvent internal controls.
The criteria for this indicator is:
The document will be marked when the same data field was changed more than one time within a sequence. The change was cyclic meaning it was changed and then changed back to the initial value.
CPD documents
This indicator aims at identifying compliance and correctness.
The resulting risk:
High potential for fraud because standard vendor controls have been circumvented.
The criteria for this indicator is:
The document will be marked when it is flagged with CPD (Conto pro Diverse).