Evolution of the Siemens Experience in its Effort to Test IT Controls on a Continuous Basis
Rolf HaardörferIT Audit Professional Siemens Corporation
Tenth Continuous Auditing & Reporting Symposium Meeting 11/4/2005
Agenda
Overview of Siemens Benefits of Continuous Auditing Overview of Siemens SAP Audit Plan CA at Siemens – Current Activities CA at Siemens – Planned Activities Outlook and Next Steps Questions and Discussion
Operational Audit
Overview of Siemens
About 430,000 employees worldwide (70,000 thereof in the United States)
Sales of EUR 75 billion in 2004 Siemens has a large audit department
executing financial and operational audits throughout the company
Siemens has selected SAP as their standard ERP system
IT Audit Pool conducts all system related audits for the majority of Operating Companies here in the US including a SAP Certification Audit
Operational Audit
Benefits of CA at Siemens
Simplification of execution of SAP audits Continuous monitoring of the compliance
level of mandatory System Parameter settings.
Improved Governance (Fraud Detection, SOX Compliance, Monitoring, etc.)
Move toward real-time reporting for management and for the investment community.
Improve the skill level and quality of work life of auditing personnel.
Reduces compliance and assurance costs (labor, travel, outside assurance, etc.)
Operational Audit
Value Proposition
COST:
• Consider a large multinational corporation with 400 auditors (internal & external), each with a fully absorbed (sal./fee, benefits, travel, etc.) $200,000/yr cost for a total annual compliance cost of $80 million dollars. Assume further that the proposed continuous auditing model cost $1 million dollars to develop and implement and only reduced manual compliance effort by 25% in the firm. The annual net estimated savings or cost avoidance of this project for the firm defined above would be:
$19 Million dollars (Or nearly $100 million dollars over 5 years)!
Operational Audit
Overview of Siemens SAP Audit Plan
Typical SAP audit takes about 75 person days covering SAP modules FI, FI-AA, BA, Computer Outsourcing, SD and MM
Overall about 200 audit action sheets (AAS)
Audit Action plan (AAS) was developed in cooperation with KPMG
About 25 percent can be automated without additional formalization or re-engineering of the controls
Operational Audit
SAP Audit Action SheetPart 1
Operational Audit
SAP Audit Action SheetPart 2
Operational Audit
Pseudo code developed from Rutgers CAR-Lab to automate Audit sheet
Two Types of Audit Systems
ACL Approva
BizRights Virsa Oversight E-Audit (Siemens) Rutgers CAR-Lab
SAP model
Independent System
(Monitoring and Controlling Layer)
Embedded AuditSystem
SAP Audit Information System
Operational Audit
Utilization of Approva BizRights for monitoring of Segregation of Duties (2 major Div.)
Purchase to Pay Process using ACL’s Direct Link and CCM CA model on 3 large SAP systems Introduced at the beginning of 2005 Significant payoff right away
(duplicate invoice payments, etc.) Providing real procurement cycle data
to Rutgers CAR-Lab for statistical modeling to identify possible anomalies.
Operational Audit
CA at Siemens – Current Activities
Utilization of GL module from Approva BizRights Introduced in October 2005 for
Monitoring of Month End Closing, to be completed in mid 2006 for the GL Module.
Payoff –(Helping with Month End Closing, Ensuring transactions are complete with proper authorizations)
Implementation of travel and expense (T&E) module from ACL Planned introduction by the end of 2005 Expected benefits – Reduce Fraud (T&E is
one the most prevalent areas for fraud).
Operational Audit
CA at Siemens – Current Activities
Preventative / configurable controls strategy:
• Utilize research from Rutgers CAR-Lab to re-engineer our SAP audit plan to make it more formalizable / automatable.
• Support and promote the use and enhancement of CA tools (Siemens & Third party) at Siemens Operating & Regional Companies.
• Demo and provide feedback to Siemens companies on emerging CA tools and technology.
Operational Audit
CA at Siemens - Planned Activities
• Utilization of SAP AIS module for execution of SAP audits• Allows business to run reports
themselves as needed (e.g. Top 10 Security Issues)
• IT Audit Pool has customized AIS to include automatable audit sheets as predefined reports
• Estimated reduction of SAP audit time of about 25%
Operational Audit
CA at Siemens - Planned Activities
Outlook and Next Steps
Further leverage Rutgers CAR-Lab research in cooperation with External Auditors to Expand CA scope at Siemens.
Utilization of SAP AIS module at more Operating Companies as standard tool.
Audit Pool will work with Operating Companies to identify and promote existing solutions as best practices.
Audit Pool plans on piloting CA software solutions as a part of a regular SAP audits.
Operational Audit
Operational Audit Questions?
Thank You!Rolf HaardörferSiemens Corporation IT Audit Pool