Information Technology Reference
In-Depth Information
in SAP. The experts should also have experience in auditing or using SAP in order to per-
form an effective IS audit.
SAP as an ERP system is able to provide an end-to-end system which would automate most
of the enterprise business processes. Common implementation of SAP includes modules
such as material management, sales and distribution, finance and controlling, quality man-
agement, project systems, and human resources.
Audit objectives would include generic or highly technical tasks. Other audit objectives
would include auditing input systems, processing systems, output systems, and integration
between the application system and databases. The IS auditor would also be required to
audit other databases linked to SAP ERP. It is always essential that effective controls are
put in place which will ensure that there is data integrity when data is being transferred
from one database to the other. The SAP ERP application has many features which the IS
auditor needs to review.
SAP has its own standards, and ISACA has also developed standards for auditing SAP.
The SAP standards and guidelines are more specific to the ERP application. An IS auditor
would be effective in the audit if he made reference to both documents. The ISACA stand-
ard and guidelines will highlight the professional standards required to perform a success-
ful SAP audit. The standards and guidelines from SAP will focus on how to configure and
operate the application system.
The tools used to perform an IS audit on SAP would include compliance templates, data
extraction tools, database analysis tools, and software interrogation tools. Audit trails and
other system reporting tools are useful to the IS auditor as they contain a lot of important
data.
The IS audit team, apart from making use of a SAP expert, can also make use of another
expert. A data analyst or CAATs auditor can also be invited to carry out data investigations
where the IS audit team would like to investigate further if the data on SAP contains errors,
misposting, or fraud. The CAATs expert would perform investigations and analyse the data
for any possible errors and make appropriate recommendations to the IS audit team.
The IS auditor requires good SAP technical skills and experience to be able to perform an
effective audit which will achieve the objectives of the engagement. If the IS audit team
does not have SAP skills, they can use other experts to provide SAP skills.
CAATs Auditing
CAATs auditing is the use of data analysis tools such as Excel, Audit Command Language
(ACL), or IDEA to conduct investigations on data extracted from an application system or
database. IS auditors would normally perform an IT general controls audit and, if they find
Search WWH ::
Custom Search