Skip to Content
SAP System Audit – Post Implementation Audit – Part 1
Author: Ranjit Simon John
One of the main challange faced by companies that has implemented SAP ERP (any ERP) will be to get a clear understanding of the current ERP system. Two or three years after implementation what will be status of the system.
The main areas of focus will be;
– Whether all the management controls are working fine
– Whether all the postings are being done as per accounting standards
– Whether proper documentation is being maintained
– Whether critical business related activites are done accurately etc.
A lot of practical difficulties arise in doing a ERP post implementation audit. Main challange is to frame the right set of questions and how to obtain answers for those. From my experience and research, I have prepared a question list of more than 500 questions both from the functional and technical side, which drill downs to the minutest level providing all the necessary data required for the audit.
SAP has provided a very powerful framework in the standard ERP package for conducting Audits, evaluvating them and taking corrective actions.
In this article I will explain how to set up the audit components, prepare audit and question list in SAP. Before starting the Audit user must have a clear understanding on the end result to be achieved from the audit.
User should have answer for the following questions before starting the Audit procedure;
  1. Kindl of Audit to be Conducted (Technical or Functional)
  2. Number of questions for the Audit
  3. Structure of list of Questions (Question drill down level)
  4. Valuation type of Questions
  5. Question Priorites
  6. What kind of Audit Controls to be implemented
  7. Audit purpose
  8. Audit Type
  9. Kind of rating for the questions
First we need to do few configuration changes to tune the audit as per our requirement.
Execute transaction SPRO –> SAP reference IMG –> Cross-Application Components –> Audit Management
Audit Management is diveded into four categories.
Blog 16.jpg
Figure 1.0
For setting structure list of questions;
Blog 1.jpg
Figure 2.0
Create what kind of Question Profile is required. I have created “Part-Sub Part-Element-Sub Element-Sub Qu” for the Audit purpose.
Blog2.jpg
Figure 3.0
Once the question profile is created you have to create the drill down level for the profile. Below attached is the pictorial representation of the drill down level for questions I created.
Blog 4.jpg
Figure 4.0
Blog 3.jpg
Figure 5.0
Similarly you can create  drill down level according to your requirement. After defining the question hirerachy you have to specify the Valuation Specification and the scores to be awared for each value.
Blog 5.jpg
Figure 6.0
I have created valuation 8003 Valuation of PRD system. By selecting the created valuation profile double click on the “valuation” icon on the right side. There we need to set the details of valuation and the scores we intend to provide for each.
Blog 6.jpg
Figure 7.0
After valuation profile is entered enter question priority.
Blog 7.jpg
Figure 8.0
Audit control / Audit Definition requirements has to be configured.
Blog 8.jpg
Figure 9.0
Now all the configuration related to conducting the Audit has been configured. Now we have to create Audit, Audit Plan, Question List.
Following are the main objects used for the Audit;
1) Audit Plan
  

The audit plan consists of all audits planned for a particular period of time. For example, all audits that are to be executed in the space of one year are defined in an annual audit plan. There is always only one current version of an audit plan, where all date shifts and the degree of completion for the individual audits can be found.

2) Audit
  

An audit, according to DIN EN ISO 9000, is a systematic, independent, and documented process used to obtain audit results and to evaluate these results objectively in order to determine to what extent the criteria of the audit have been fulfilled. 

3) Question List

Question lists are multilingual collections of questions that are answered during the execution of the audit . The allowed valuation can be planned for each hierarchy level.

4) Corrective Actions
These are actions that are deemed necessary to eliminate the cause of errors that were determined during the audit and to prevent the recursion of these errors. The corrective actions to be executed must be appropriate to the effects that the particular error has on the product.
5) Preventive Actions
These are actions that are deemed necessary to eliminate the causes of possible errors before they occur. The preventive actions to be executed must be appropriate to the effects that the possible error could have on the product.
 
An audit, according to DIN EN ISO 9000, is a systematic, independent, and documented process used to obtain audit results and to evaluate these results objectively in order to determine to what extent the criteria of the audit have been fulfilled.
Execute transaction PLMD_AUDIT, first create the question list required for the audit with the components newly configured.
Blog 9.jpg
Figure 10.0
For example purpose I have created questions up to 15 drill down level
Blog 10.jpg
Figure 11.0
Attaching one real scenario from my Audit question list.
Blog 11.jpgFigure 12.0
Once the question list has been created, you have to release the question list.
Blog 13.jpg
Figure 13.0
Blog 12.jpg
Figure 14.0
Once the question list is attached to the audit we need to evaluate the questions. Evaluvations will be based on the configuration done in SPRO.
Evaluvation:
Execute transaction PLM_AUDITMONITOR. Select the required fields and execute.
Blog 14.jpg
Figure 15.0
Select the required audit. Clisk on the Ovierview button. Clik the Validate button for valuation.
Blog 15.jpg
Figure 16.0
The main success factor for any audit depends on the questions used for the audit. Let me add few of the topics under which I have prepared the question list.
The main topics are;
  • System Overview
  • Security & Access Protection
  • Workbench Organizer
  • Transport System
  • Accessing and Logging DB Tables
  • Job Request Procedure
  • Documentations
  • System Logs
  • Batch Input Interface
  • Master Data Changes
  • Reconciling Posting Data Closing
  • Invoice Checking and Posting Run
  • Business Process Auditing
  • BASIS Audit
Once the audit question list is created / uploaded to SAP\, user must create a sample set of check list to be submitted to the client. The Check list should contain;
* All the documents that client has to Submit
* All the questions client has to answer.
Every company should run the audit at least twice a year to ensure that the system is working perfectly, no manipulations are done, to ensure 100% management control over the system ther by over the employees.
Also refer;
To report this post you need to login first.

16 Comments

You must be Logged on to comment or reply to a post.

  1. Amos Weiss

    Hi,

    I need to do a Hierarchical question list & put different weighting for each element (branch)/question.
    Of course, every branch has to sum all the branches/questions lists below it.
    My problem is what to put in the weighting for each brance/question. Only integer allowed.

    It looks like this:

    == Branch1 70% – Weighting=?

    ========= Question 11 20% – Weighting=?

    ========= Branch 11 50% – Weighting=?

    ================ Question 111 40% (50% is the 100% for this branch) – Weighting=?

    ================ Question 112 10% (50% is the 100% for this branch) – Weighting=?

    ===========================================================================

    == Branch2 20% – Weighting=?

    ========= Question 21 2% – Weighting=?

    ========= Branch 21 7% – Weighting=?

    ================ Question 211 3% (7% is the 100% for this branch) – Weighting=?

    ================ Question 212 4% (7% is the 100% for this branch) – Weighting=?

    ========= Question 23 2% – Weighting=?

    ========= Question 24 9% – Weighting=?

    ===========================================================================

    == Branch3 10% – Weighting=?

    ========= Question 31 6% (10% is the 100% for this branch) – Weighting=?

    ========= Question 32 4% (10% is the 100% for this branch) – Weighting=?

    ===========================================================================

    Thanks, Amos.

    (0) 
      1. Amos Weiss

        Hello Ranjit,

        There is a saying, that if you wait long enough, things are solved by themselves…

        Yes I did, thanks for asking.

        Here is the solution:

        == Branch1 70% – Weighting=1

        ========= Question 11 20% – Weighting=20

        ========= Branch 11 50% – Weighting=1

        ================ Question 111 40% (50% is the 100% for this branch) – Weighting=40

        ================ Question 112 10% (50% is the 100% for this branch) – Weighting=10

        ===========================================================================

        == Branch2 20% – Weighting=1

        ========= Question 21 2% – Weighting=2

        ========= Branch 21 7% – Weighting=1

        ================ Question 211 3% (7% is the 100% for this branch) – Weighting=3

        ================ Question 212 4% (7% is the 100% for this branch) – Weighting=4

        ========= Question 23 2% – Weighting=2

        ========= Question 24 9% – Weighting=9

        ===========================================================================

        == Branch3 10% – Weighting=1

        ========= Question 31 6% (10% is the 100% for this branch) – Weighting=6

        ========= Question 32 4% (10% is the 100% for this branch) – Weighting=4

        If my questions are from 1 to 5, the points will be from 100 to 500 max.

        Best  regards,

        Amos.

        (0) 
  2. Ranjit Simon John Post author

    Hi Amos,

    Great to know that it was solved. I am finding difficulty in ranking the questions and uploading the questions from excell to PLMD_AUDIT.

    Can you help me .

    Regards

    Ranjit Simon

    (0) 
    1. Amos Weiss

      Hi Ranji,

      I am also trying to find a way to creae an Audit from Excell.

      Tried with LSMW and batch input and no success.

      If you have something please let me know.

      Amos.

      (0) 
  3. Neftalí López

    Hi Ranjit.

    First of all thank you very much, I have been very useful.

    I want to implement Audit Management. I have an scenario almost complete in a stage to be used, but still I have to resolve some things. The most important point is that I don’t know how the user can give her answers to the questions. I tried using PLM_AUDIT_MONITOR for searching my Audit Test as the Business Partner that I have previously assigned with the role BUP003 and  I can see the Question List but only in View Mode and I can’t view the Fields to give the answers.

    How the user can give her answers to the questions?

    Regards.

    (0) 
  4. David Bredow

    Good afternoon

     

    This is very useful.

    I was wondering whether there are companies you could recommend to undertake an audit of our current system.

    We are looking to begin the next stage of development but we are sure whether we should be using our SAP Business One  (Hanna) or looking to use Oracle for slicing and dicing the business information?

    I would like to use SAP, but I am worried that the old phrase of sh*t in and sh*t out will mean we throw good money after bad – unless we sort out our foundation system.

     

    Kind regards
    David

     

    (0) 
    1. Ranjit Simon John Post author

      Hi David,

       

      Great to know that my efforts were helpful. I am not sure on which companies perform system audit. I am now specializing on SAP audit and trying to complete one round of in house audit.

      Will update you if I come across any partner.

      Yes you absolutely right, we need to make sure our foundation is strong before making any further step. SAP HANA should be my recommendation. What exactly are you looking for in your business information project (mid level reports / dynamic dashboards …)

       

      Thanks & Regards

      Simon John

       

      (0) 

Leave a Reply