Auditing SAP S/4HANA

Ulteriori informazioni

Performing or preparing for an SAP S/4HANA audit? This is the comprehensive guide you need! Understand what goes into an audit, from the objectives and timing to the reporting process. Prepare an audit roadmap for the system as a whole, and drill down into specific domains: financials, order-to-cash, purchase-to-pay, and forecast-to-stock. Expert tips and tricks will have you prepared for your audit-whether you're the auditor or the auditee.
Highlights:

• Implementation and upgrades
• Internal controls
• Basis settings
• Security
• Financial reporting
• Order-to-cash
• Purchase-to-pay
• Forecast-to stock
• Tips and tricks
• Documentation

Sommario

... Preface ... 17

... Why This Book Is Important ... 17

... The Structure of This Book ... 20

... How to Use This Book ... 21

... Disclaimer ... 25

... International Issues ... 26

... Acknowledgments ... 27

... Parting Note to the Readers of This Book ... 28

1 ... Introduction for Auditors ... 29

1.1 ... How SAP S/4HANA Differs from Other ERP Systems ... 30

1.2 ... Terminology ... 35

1.3 ... Planning the Audit and System Assessment ... 42

1.4 ... Recent Updates to SAP Control-Related Functionality ... 46

1.5 ... Major Differences Between SAP S/4HANA and SAP ERP ... 48

1.6 ... Collecting and Documenting Evidence for Audit Workpapers ... 52

1.7 ... Useful Resources ... 55

1.8 ... Summary ... 56

2 ... Understanding Audits as a Non-Auditor ... 57

2.1 ... Audit Overview ... 58

2.2 ... Types of Auditors ... 60

2.3 ... Categories of Audit Objectives ... 65

2.4 ... Auditing Principles and Considerations ... 67

2.5 ... Understanding the Audit ... 72

2.6 ... Audit Reporting ... 83

2.7 ... Rules of Engagement ... 86

2.8 ... Common Problems and Solutions ... 88

2.9 ... Emerging Audit Technologies ... 95

2.10 ... Summary ... 98

3 ... The Typical SAP Audit ... 99

3.1 ... Timing for the Audit ... 99

3.2 ... The Building Blocks of an SAP S/4HANA Audit ... 102

3.3 ... SAP S/4HANA Internal Control Maturity Model ... 117

3.4 ... The Start of the Audit ... 120

3.5 ... Summary ... 126

4 ... SAP S/4HANA Implementations and Upgrades ... 127

4.1 ... What Is a Control-Conscious Implementation? ... 127

4.2 ... Reasons for Designing Internal Controls During an Implementation ... 131

4.3 ... Creating a Control-Conscious Integrated Implementation Team ... 139

4.4 ... Designing Effective Controls ... 150

4.5 ... Common SAP S/4HANA Audit-Related Implementation Issues ... 158

4.6 ... Control Considerations by Implementation Phase ... 162

4.7 ... Auditing the SAP S/4HANA Implementation or Upgrade ... 171

4.8 ... Summary ... 173

5 ... IT General Controls, Basis Settings, and Security ... 175

5.1 ... IT General Controls ... 175

5.2 ... Basis Settings and Transport Considerations ... 186

5.3 ... SAP User Security ... 208

5.4 ... SAP Fiori Security ... 220

5.5 ... SAP HANA Database and Platform Security ... 225

5.6 ... Special Considerations for SAP S/4HANA Cloud ... 229

5.7 ... Cybersecurity ... 242

5.8 ... Summary ... 243

6 ... Record-to-Report Cycle ... 245

6.1 ... Record-to-Report Cycle in SAP S/4HANA ... 246

6.2 ... Risks ... 248

6.3 ... Understanding the Enterprise Structure ... 250

6.4 ... Key Concepts ... 253

6.5 ... Master Data ... 255

6.6 ... Security Considerations ... 258

6.7 ... Understanding and Testing Common Controls ... 263

6.8 ... Additional Procedures and Considerations ... 291

6.9 ... Useful Audit-Relevant Report Highlights ... 292

6.10 ... Summary ... 296

7 ... Order-to-Cash Cycle ... 299

7.1 ... Order-to-Cash Cycle in SAP S/4HANA ... 300

7.2 ... Risks ... 302

7.3 ... Understanding the Enterprise Structure ... 304

7.4 ... Key Concepts ... 307

7.5 ... Master Data ... 307

7.6 ... Security Considerations ... 316

7.7 ... Understanding and Testing Common Controls ... 322

7.8 ... Additional Procedures and Considerations ... 344

7.9 ... Useful Audit-Relevant Report Highlights ... 348

7.10 ... Summary ... 353

8 ... Purchase-to-Pay Cycle ... 355

8.1 ... Purchase-to-Pay Cycle in SAP S/4HANA ... 356

8.2 ... Risks ... 357

8.3 ... Understanding the Enterprise Structure ... 360

8.4 ... Key Concepts ... 362

8.5 ... Master Data ... 363

8.6 ... Security Considerations ... 374

8.7 ... Understanding and Testing Common Controls ... 380

8.8 ... Additional Procedures and Considerations ... 401

8.9 ... Useful Audit-Relevant Report Highlights ... 404

8.10 ... Summary ... 409

9 ... Forecast-to-Stock Cycle ... 411

9.1 ... Forecast-to-Stock Cycle in SAP S/4HANA ... 412

9.2 ... Risks ... 413

9.3 ... Understanding the Enterprise Structure ... 416

9.4 ... Key Concepts ... 417

9.5 ... Master Data ... 421

9.6 ... Security Considerations ... 425

9.7 ... Understanding and Testing Common Controls ... 427

9.8 ... Useful Audit-Relevant Report Highlights ... 433

9.9 ... Summary ... 441

10 ... Audit Tips, Tricks, and Tools ... 443

10.1 ... The Audit Information System ... 443

10.2 ... Data Analysis Techniques for Uncovering Audit and Compliance Issues ... 448

10.3 ... SAP Governance, Risk, and Compliance Solutions ... 459

10.4 ... Continuous Auditing, Monitoring, and Risk Assessment ... 460

10.5 ... Robotic Process Automation ... 461

10.6 ... Summary ... 466

11 ... Final Audit Preparations ... 467

11.1 ... Overview ... 468

11.2 ... Pre-Planning ... 469

11.3 ... Documentation: Preparing an Audit Information Repository ... 471

11.4 ... Systems: Preparing for the Auditor ... 487

11.5 ... Employees: Preparing Your Team ... 490

11.6 ... Summary ... 492

... The Author ... 493

... Index ... 495

Info autore

Steve Biskie is the Best Practices Director for ACL Services Ltd, a worldwide provider of audit analytics software. He is also the founder of SAP Audit Solutions, a consultancy focused on helping companies manage the SAP audit process. He has been involved in the audit of SAP systems and implementation of GRC in SAP environments since 1993as an external auditor (with Deloitte), internal auditor, consultant, and project team member. He is a nationally-recognized expert on SAP audit and control, and speaks frequently on the subject at various conferences (GRC2008 and SAPPHIRE).

Riassunto

Performing or preparing for an SAP S/4HANA audit? This is the comprehensive guide you need! Understand what goes into an audit, from the objectives and timing to the reporting process. Prepare an audit roadmap for the system as a whole, and drill down into specific domains: financials, order-to-cash, purchase-to-pay, and forecast-to-stock. Expert tips and tricks will have you prepared for your audit—whether you’re the auditor or the auditee.

Highlights:

Implementation and upgrades
Internal controls
Basis settings
Security
Financial reporting
Order-to-cash
Purchase-to-pay
Forecast-to stock
Tips and tricks
Documentation