Audit-Relevant SAP Basics
Auditing an SAP system often requires "hacker"-like skills to be able to see behind the scenes of an application. To enable you to do this, the SAP system offers a wide range of search options and analysis tools. From a compliance perspective, two large a
- PDF / 29,153,483 Bytes
- 546 Pages / 490 x 697 pts Page_size
- 48 Downloads / 241 Views
Auditing and GRC Automation in SAP
123
Auditing and GRC Automation in SAP
Maxim Chuprunov
Auditing and GRC Automation in SAP
Maxim Chuprunov Riscomp GmbH Rothenthurm, Switzerland
ISBN 978-3-642-35301-7 ISBN 978-3-642-35302-4 (eBook) DOI 10.1007/978-3-642-35302-4 Library of Congress Control Number: 2013932469 ©2011 by Galileo Press, Bonn, Germany. Title of the German original: Handbuch SAP-Revision ISBN: 978-3-8362-1603-6 ACM Computing Classification (1998): J.1, K.4, K.5, K.6 Springer © Springer-Verlag Berlin Heidelberg 2013 This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilm or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer. Violations are liable to prosecution under the German Copyright Law. The use of general descriptive names, registered names, trademarks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. Printed on acid-free paper. Springer is part of Springer Science+Business Media www.springer.com
v
Foreword Over the last few years, financial statement scandals, cases of fraud and corruption, data protection violations, and other legal violations have led to numerous liability cases, damages claims, and loss of reputations. As a reaction to these developments, numerous regulations have been issued: Corporate Governance, Sarbanes-Oxley Act, IFRS, Basel II and III, Solvency II, BilMoG, to name just a few. The requirements behind these regulations are complex and no longer affect only internationally active listed companies – the topic of “compliance” has also found its way into management levels and monitoring bodies (such as supervisory boards, internal audit teams, auditing). Under the term compliance, we generally understand the observance of legislation, guidelines, and voluntary codes within an organization. There are generally recognized framework concepts for setting up a compliance management system (for example, COSO, OECD principles of corporate governance), along with framework concepts that emphasize the specific details of individual industries or compliance-relevant areas (for example, FDA compliance). The first step has been taken in many ways: organizations have reacted to the flood of national and international compliance laws and directives and have taken measures to ensure compliance. The task now is to integrate the individual activities, such as the internal control system, the risk management system, contract management, internal audit, etc. in a compliance management system and – as far as possible – to automate it in order to ac
