Title: Evolution%20of%20the%20Siemens%20Experience%20in%20its%20Effort%20to%20Test%20IT%20Controls%20on%20a%20Continuous%20Basis
1Evolution of the Siemens Experience in its Effort
to Test IT Controls on a Continuous Basis
Tenth Continuous Auditing Reporting Symposium
Meeting 11/4/2005
Rolf Haardörfer IT Audit Professional Siemens
Corporation
2Agenda
Operational Audit
- Overview of Siemens
- Benefits of Continuous Auditing
- Overview of Siemens SAP Audit Plan
- CA at Siemens Current Activities
- CA at Siemens Planned Activities
- Outlook and Next Steps
- Questions and Discussion
3Overview of Siemens
Operational Audit
- About 430,000 employees worldwide (70,000 thereof
in the United States) - Sales of EUR 75 billion in 2004
- Siemens has a large audit department executing
financial and operational audits throughout the
company - Siemens has selected SAP as their standard ERP
system - IT Audit Pool conducts all system related audits
for the majority of Operating Companies here in
the US including a SAP Certification Audit
4Benefits of CA at Siemens
Operational Audit
- Simplification of execution of SAP audits
- Continuous monitoring of the compliance level of
mandatory System Parameter settings. - Improved Governance (Fraud Detection, SOX
Compliance, Monitoring, etc.) - Move toward real-time reporting for management
and for the investment community. - Improve the skill level and quality of work life
of auditing personnel. - Reduces compliance and assurance costs (labor,
travel, outside assurance, etc.)
5Value Proposition
Operational Audit
- COST
- Consider a large multinational corporation with
400 auditors (internal external), each with a
fully absorbed (sal./fee, benefits, travel, etc.)
200,000/yr cost for a total annual compliance
cost of 80 million dollars. Assume further
that the proposed continuous auditing model
cost 1 million dollars to develop and implement
and only reduced manual compliance effort by 25
in the firm. The annual net estimated savings or
cost avoidance of this project for the firm
defined above would be - 19 Million dollars (Or nearly 100 million
dollars over 5 years)!
6Overview of Siemens SAP Audit Plan
Operational Audit
- Typical SAP audit takes about 75 person days
covering SAP modules FI, FI-AA, BA, Computer
Outsourcing, SD and MM - Overall about 200 audit action sheets (AAS)
- Audit Action plan (AAS) was developed in
cooperation with KPMG - About 25 percent can be automated without
additional formalization or re-engineering of the
controls
7SAP Audit Action SheetPart 1
Operational Audit
8SAP Audit Action SheetPart 2
Operational Audit
9Two Types of Audit Systems
Operational Audit
Independent System (Monitoring and Controlling
Layer)
Embedded AuditSystem
- ACL
- Approva BizRights
- Virsa
- Oversight
- E-Audit (Siemens)
- Rutgers CAR-Lab SAP model
- SAP Audit Information System
10CA at Siemens Current Activities
Operational Audit
- Utilization of Approva BizRights for monitoring
of Segregation of Duties (2 major Div.) - Purchase to Pay Process using ACLs Direct Link
and CCM CA model on 3 large SAP systems - Introduced at the beginning of 2005
- Significant payoff right away (duplicate invoice
payments, etc.) - Providing real procurement cycle data to Rutgers
CAR-Lab for statistical modeling to identify
possible anomalies.
11CA at Siemens Current Activities
Operational Audit
- Utilization of GL module from Approva BizRights
- Introduced in October 2005 for Monitoring of
Month End Closing, to be completed in mid 2006
for the GL Module. - Payoff (Helping with Month End Closing, Ensuring
transactions are complete with proper
authorizations) - Implementation of travel and expense (TE) module
from ACL - Planned introduction by the end of 2005
- Expected benefits Reduce Fraud (TE is one the
most prevalent areas for fraud).
12CA at Siemens - Planned Activities
Operational Audit
- Preventative / configurable controls strategy
- Utilize research from Rutgers CAR-Lab to
re-engineer our SAP audit plan to make it more
formalizable / automatable. - Support and promote the use and enhancement of CA
tools (Siemens Third party) at Siemens
Operating Regional Companies. - Demo and provide feedback to Siemens companies on
emerging CA tools and technology.
13CA at Siemens - Planned Activities
Operational Audit
- Utilization of SAP AIS module for execution of
SAP audits - Allows business to run reports themselves as
needed (e.g. Top 10 Security Issues) - IT Audit Pool has customized AIS to include
automatable audit sheets as predefined reports - Estimated reduction of SAP audit time of about 25
14Outlook and Next Steps
Operational Audit
- Further leverage Rutgers CAR-Lab research in
cooperation with External Auditors to Expand CA
scope at Siemens. - Utilization of SAP AIS module at more Operating
Companies as standard tool. - Audit Pool will work with Operating Companies to
identify and promote existing solutions as best
practices. - Audit Pool plans on piloting CA software
solutions as a part of a regular SAP audits.
15Questions?
Operational Audit
Thank You! Rolf Haardörfer Siemens Corporation
IT Audit Pool