valid as of May 23, 2022
The zapAudit web application uses more than 150 audit indicators to analyze SAP data for profitability, accounting compliance, access protection, and process standardization. It automates data collection and data processing, taking into account methods of econometrics, statistics, and process mining. The analysis includes the reconstruction and evaluation of all business processes such as purchasing, sales, asset accounting, financial accounting, access authorizations, including separation of duties (SoD)) conflicts, superuser, and much more. All results are available via the interactive front-end in the browser for analysis by any number of users (zapAudit report) or can be exported as Excel (exports zapAudit report data). It is possible to evaluate and acknowledge the results directly in the software (Professional Judgement).
1. zapAudit Features
- Web application
- One central installation
- Usable with any number of users
- User administration
- A role/authorization concept is integrated into the application so that access can be controlled.
- Project management
A zapAudit project analyzes exactly one company code for one fiscal year. It includes the FI data for exactly one fiscal year from one SAP company code on one SAP client. Change documents, asset data, master data, and other data from 1.5 to 2 years in the past are also taken into account for each project for the complete reconstruction of all business processes. A zapAudit project goes through the following phases:
- Create master data
- In the master data, basic settings such as the name or the data source to be used for the project are defined.
- Define data scope
- SAP company code and a fiscal year for the data pull are defined here.
- The exact zapAudit data scope can be downloaded as Excel during project creation in the software (~120 SAP tables).
- Review of the pseudonymization of personal data
- Define SAP server connections
- Using the SAP connection data, zapAudit establishes a connection to the SAP server and is able to extract the relevant tables for the audit.
- Data extraction
- During data extraction, zapAudit establishes a connection to the SAP server and performs a data print. This contains the necessary data for the audit.
- Data Processing
- Data Preparation
- Financial Process Mining (reconstruction of all business processes)
- Indicators Audit (calculation of ~150 indicators)
- The currently valid list of indicators can be found at: List of all zapAudit indicators
- zapAudit Report (requires activation)
- Indicator Audit
- Profile audit
- Document Audit
- Professional Judgement
- Process visualization (process mining)
- Real-Time Filter
- Excel Export
2. License conditions
The Response Key to be purchased are specified in the offer according to the following parameters:
Performance Period: the performance period for the use of the software starts with your acceptance of the offer (the purchase of the digital product) and ends after the term formulated in the offer. During this period, zapAudit Response Keys can be used to activate zapAudit projects.
SAP clients: If the quotation specifies a limitation of clients, this limitation applies to the specified number of clients within an SAP system.
SAP company codes: If the offer includes a limitation of company codes, this limitation applies to the specified number of company codes within an SAP client.
Fiscal years: If the offer provides for a limitation of fiscal years, this limitation applies to the named fiscal years in SAP.
Number of users: unlimited.
Number of zapAudit projects: unlimited.
3. Data protection
For the analysis, all required data is copied from SAP and stored locally in the installation path. The SAP data does not leave the company.
zapliance GmbH has no access to the zapAudit installation or the data of the zapAudit projects.
4. Requirements for the use of zapAudit
General requirements for the use of zapAudit
- Administrator rights to install zapAudit on a notebook or server
- An update of the SAP system / import of ABAP is not necessary
- No installation of a database is necessary
- All data is stored in a file database exclusively locally and remains in the company
- Data retrieval and processing can take several days, depending on the size of the data set
- The hardware used only requires a network connection to the SAP system for the duration of the data retrieval process
Additional requirements for the data migration phase
- Availability and accessibility of the following SAP function modules:
- SAP user with access rights to the function modules:
- SAP library SAP-JCO 64bit (requires SUSER in SAP Store)
- Network connection and network shares to the SAP system
- Connection data to the SAP “Application Server” or “Message Server”
- Message Server (MSHOST)
- Message server port
- SAP system name (R3NAME)
- Application server group
- SAP Router String
- SAP Application Server
- SAP system number
- SAP system name (R3NAME)
- SAP Router String
- Hardware requirements for the computer:
- Windows 64bit operating system (e.g. Windows 7, 8, 8.1, 10, 11)
- Recommended main memory (RAM)
- At least 32 GB for company codes/fiscal year up to 1 million BSEG entries
- At least 64 GB for company codes/fiscal year up to 6 million BSEG entries
- At least 128 GB for company codes/fiscal year with more than 6 million BSEG entries
- Modern multi-core processor (i7 or comparable)
- 1TB SSD hard disk (formatted with NTFS file system)
- Optional: USB 3.0 or newer (when using an external SSD hard drive)
Prerequisites for the data processing phase
- The hardware requirements differ depending on the amount of data. A high-performance system with the above hardware requirements is recommended for data extraction and processing.
- The Customer shall ensure that (network) access to the Customer’s SAP systems – or the direct use of zap Audit on the Customer’s systems – and, if applicable, on an SAP test system (with updated original data stock) is enabled for zapAudit. The customer is responsible for and will, if necessary, take appropriate measures to ensure that no damage (virus attack, system crash, etc.) occurs as a result of accessing or using the software in the customer’s systems. Within the scope of the use of the software, the Customer shall be responsible for compliance with all statutory provisions (in particular data protection and labor law provisions) as well as for the involvement of the data protection officer and the works council, if required.
- The data scope of the data print as well as the definition of which columns might contain personal data is predefined in zapAudit. The client is responsible for checking the data scope, including the columns marked for pseudonymization, and for verifying it in the software prior to the data extraction. zapAudit automatically fully pseudonymizes all columns that are defined as personal data in the preparation based on the “public key” of the asymmetric key pair that can be generated by the client. The “private key” generated by the client is not known to zapliance GmbH and is the sole responsibility of the client. De-pseudonymization of the data is not technically possible in zapAudit.
The Customer shall ensure the logical and physical security of the IT infrastructure on which the Digital Products, the data generated by the Digital Products and/or zapAudit are operated, or to which the Digital Products, the data generated by the Digital Products and/or zapAudit are transported or transferred. In addition, the client guarantees the interface security between the SAP systems, zapAudit as well as the web browser that is accessed. Subject to the provision in section 7 of the GTC, zapliance GmbH is not liable for damages due to lack of access protection, lack of security, lack of archiving, and lack of encryption of the client’s data.