Verfügbarkeit: Auditing and GRC automation in SAP

Auditing and GRC automation in SAP:

Gespeichert in:

Bibliographische Detailangaben
1. Verfasser:	Chuprunov, Maxim (VerfasserIn)
Format:	Buch
Sprache:	English
Veröffentlicht:	Berlin [u.a.] Springer 2013
Schlagworte:	SAP ERP Innenrevision SAP GRC Corporate Governance Compliance-System
Online-Zugang:	Inhaltstext Inhaltsverzeichnis
Beschreibung:	XXXII, 525 S. Ill., graph. Darst. 240 mm x 168 mm
ISBN:	9783642353017

Internformat

MARC


LEADER	00000nam a2200000 c 4500
001	BV040985667
003	DE-604
005	20131112
007	t
008	130507s2013 gw ad\|\| \|\|\|\| 00\|\|\| eng d
015			\|a 12,N51 \|2 dnb
016	7		\|a 1028688261 \|2 DE-101
020			\|a 9783642353017 \|c Gb. : ca. EUR 74.85 (DE) (freier Pr.), ca. EUR 76.95 (AT) (freier Pr.), ca. sfr 93.50 (freier Pr.) \|9 978-3-642-35301-7
024	3		\|a 9783642353017
028	5	2	\|a Best.-Nr.: 86079246
035			\|a (OCoLC)844097143
035			\|a (DE-599)DNB1028688261
040			\|a DE-604 \|b ger \|e rakddb
041	0		\|a eng
044			\|a gw \|c XA-DE-BE
049			\|a DE-1050 \|a DE-573
082	0		\|a 658.4012028553 \|2 22/ger
084			\|a ST 510 \|0 (DE-625)143676: \|2 rvk
084			\|a ST 610 \|0 (DE-625)143683: \|2 rvk
084			\|a 004 \|2 sdnb
100	1		\|a Chuprunov, Maxim \|e Verfasser \|0 (DE-588)143206575 \|4 aut
240	1	0	\|a Handbuch SAP-Revision
245	1	0	\|a Auditing and GRC automation in SAP \|c Maxim Chuprunov
264		1	\|a Berlin [u.a.] \|b Springer \|c 2013
300			\|a XXXII, 525 S. \|b Ill., graph. Darst. \|c 240 mm x 168 mm
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
650	0	7	\|a SAP ERP \|0 (DE-588)4841146-2 \|2 gnd \|9 rswk-swf
650	0	7	\|a Innenrevision \|0 (DE-588)4072820-1 \|2 gnd \|9 rswk-swf
650	0	7	\|a SAP GRC \|0 (DE-588)7613461-1 \|2 gnd \|9 rswk-swf
650	0	7	\|a Corporate Governance \|0 (DE-588)4419850-4 \|2 gnd \|9 rswk-swf
650	0	7	\|a Compliance-System \|0 (DE-588)4442497-8 \|2 gnd \|9 rswk-swf
689	0	0	\|a SAP ERP \|0 (DE-588)4841146-2 \|D s
689	0	1	\|a SAP GRC \|0 (DE-588)7613461-1 \|D s
689	0	2	\|a Compliance-System \|0 (DE-588)4442497-8 \|D s
689	0	3	\|a Innenrevision \|0 (DE-588)4072820-1 \|D s
689	0	4	\|a Corporate Governance \|0 (DE-588)4419850-4 \|D s
689	0		\|5 DE-604
776	0	8	\|i Erscheint auch als \|n Online-Ausgabe \|z 978-3-642-35302-4
856	4	2	\|m X:MVB \|q text/html \|u http://deposit.dnb.de/cgi-bin/dokserv?id=4204162&prov=M&dok_var=1&dok_ext=htm \|3 Inhaltstext
856	4	2	\|m DNB Datenaustausch \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=025963550&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
943	1		\|a oai:aleph.bib-bvb.de:BVB01-025963550

Datensatz im Suchindex

_version_	1806324730119061504
adam_text	IMAGE 1 CONTENTS LIST OF ABBREVIATIONS XXIX I FROM LEGISLATION TO CONCEPT: ICS AND COMPLIANCE IN THE ERP ENVIRONMENT 1 LEGAL REQUIREMENTS IN ICS COMPLIANCE 3 1.1 DEFINITION OF TERMS AND DIFFERENTIATION 3 1.1.1 COMPLIANCE 3 1.1.2 INTERNAL CONTROL SYSTEM (ICS) 4 1.2 LEGAL ICS REQUIREMENTS AROUND THE W O R L D - T H E MANY FACES O F SOX 5 1.2.1 SOX IN THE USA 5 1.2.2 SOX IN CANADA (NL 52-109) 7 1.2.3 SOX IN JAPAN 7 1.2.4 SOX IN CHINA 8 1.3 ICS REQUIREMENTS IN EUROPE 8 1.3.1 EIGHTH EU DIRECTIVE 8 1.3.2 GERMANY 9 1.3.3 SWITZERLAND 10 1.3.4 AUSTRIA 11 1.3.5 UNITED KINGDOM O F GREAT BRITAIN AND NORTHERN IRELAND 11 1.3.6 FRANCE 12 1.3.7 DENMARK 12 1.3.8 ITALY 12 1.3.9 SPAIN 13 1.4 ICS REQUIREMENTS IN THE FINANCIAL SECTOR 13 1.4.1 SOLVENCY II IN THE INSURANCE INDUSTRY 14 1.4.2 BASEL II AND III IN BANKING 15 1.5 ICS AS CONTRIBUTING FACTOR T O BUSINESS SUCCESS? 16 1.6 SUMMARY 17 2 THE AUDITOR IS COMING: WHEN, WHY, AND HOW TO COPE 19 2.1 ICS IN THE IT ENVIRONMENT FROM THE VIEW OF AUDITING 19 2.1.1 THE CHALLENGE PRESENTED BY INFORMATION TECHNOLOGY 20 2.1.2 TRANSACTION AUDIT AS AUDIT APPROACH IN THE IT ENVIRONMENT 21 HTTP://D-NB.INFO/1028688261 IMAGE 2 2.1.3 APPROACHES FOR A TRANSACTION AUDIT: FOCUS ON ICS 22 2.1.4 ICS AND MANDATORYTRANSACTION AUDIT 23 22 ICS ASSURANCE IN PRACTICE 26 22.1 THE AUDITOR'S FOCUS 26 22.2 SELECTED AUDITING PRINCIPLES 27 22.3 TYPES O F EXTERNAL AUDIT IN THE ERP ENVIRONMENT 29 22.4 RECOMMENDATIONS FOR WORKING WITH THE AUDITOR 31 2 3 SUMMARY 34 3 ICS REQUIREMENTS AND ERP SYSTEMS: BASIC PRINCIPLES, FRAMEWORKS, STRUCTURE 35 3.1 DEFINING ICS CONTENT IN THE SAP ERP ENVIRONMENT 35 3.1.1 ICS BASIC PRINCIPLES IN THE ERP ENVIRONMENT: FROM GAAP TO GAPCAS 35 3.1.2 WHO DEFINES THE RULES IN THE SAP ENVIRONMENT? 37 3.1.3 CONTROL IDENTIFICATION PROCESS 38 3.1.4 STRUCTUREOF A CLASSIC ICS FRAMEWORK IN THE ERP ENVIRONMENT 40 3.1.5 STRUCTURE O F EFFICIENCY-ORIENTED AND PROFITABILITY-ORIENTED CONTROLS IN THE ERP ENVIRONMENT 45 3 2 ICS-RELEVANT REFERENCE MODELS AND STANDARDS 47 32.1 COSO 47 3 2 2 COBIT 48 32.3 ITIL 48 32.4 GAIT 49 32.5 ITAF 50 32.6 RISK IT 51 32.7 VALLT 51 32.8 CMMI 52 32.9 MOF 53 3.2.10 ISO 27K 54 32.11 PCI-DSS 54 32.12 SUMMARY VIEW O F REFERENCE MODELS 54 3 3 SUMMARY 56 4 HOW DOES SAP DEAL WITH RISK-AND COMPLIANCE-RELATED TOPICS? 57 4.1 SOFTWARE CERTIFICATION 57 4.1.1 SAP NOTE 671016 58 4.12 CERTIFICATION REPORTS 58 4 2 COMPLIANCE-RELEVANT GUIDES 61 4.2.1 SAP ONLINE RESOURCES 61 IMAGE 3 4.2.2 SECURITY GUIDES 63 4.2.3 DSAG GUIDES: AUDIT GUIDES, DATA PROTECTION GUIDES 68 4.3 INTEGRATED APPROACH IN SAP GRC 10.0 AND FURTHER COMPLIANCE-RELEVANT SOLUTIONS 68 4.3.1 SAP GOVERNANCE, RISK, AND COMPLIANCE SUITE 10.0 69 4.3.2 SAP PROCESS CONTROL 10.0 70 4.3.3 SAP ACCESS CONTROL 10.0 72 4.3.4 POLICY MANAGEMENT 77 4.3.5 SAP RISK MANAGEMENT 10.0 77 4.3.6 SUMMARY OVERVIEW O F INTEGRATION SCENARIOS IN SAP GRC 10.0 79 4.3.7 SAP AUDIT MANAGEMENT 79 4.3.8 SAP AUDIT INFORMATION SYSTEM 81 4.3.9 SAP SECURITY OPTIMIZATION SERVICE 82 4.3.10 RSECNOTETOOL 82 4.4 COMPLIANCE-RELEVANT CONTENT 82 4.4.1 DIRECT ICS CONTENT: WHAT CONTROLS ARE AVAILABLE IN SAP? 83 4.4.2 CONTENT WITH ICS RELEVANCE: STANDARD BUSINESS PROCESSES AND CONTROLS IN SAP 89 4.5 SUMMARY 92 II FROM CONCEPT TO CONTENT: AUDIT GUIDE FOR SAP ERP 5 AUDIT-RELEVANT SAP BASICS 95 5.1 IN THE BEGINNING WAS THE TABLE: SAP AS TABLE-CONTROLLED APPLICATION 96 5.1.1 DATA IN AN SAP SYSTEM 97 5.1.2 CONTROLS IN THE SAP SYSTEM 102 5.1.3 TABLE-SPECIFIC SEARCH 103 5.1.4 TRANSACTION-SPECIFIC SEARCH 109 5.1.5 PROGRAM-SPECIFIC SEARCH 111 5.1.6 THE RELATIONSHIP BETWEEN PROGRAMS AND TRANSACTIONS 111 5.1.7 THE RELATIONSHIP BETWEEN PROGRAMS AND TABLES 113 5.1.8 SUMMARY O F THE SEARCH OPTIONS IN SAP 116 5.1.9 ORGANIZATIONAL STRUCTURES IN THE SAP SYSTEM 117 5.2 AUTHORIZATIONS 118 5.2.1 FLOW AND HIERARCHY O F AUTHORIZATION CONTROLS .' 119 5.2.2 AUTHORIZATION OBJECTS 119 5.2.3 DETERMINING AUTHORIZATION OBJECTS 122 5.2.4 ROLES IN THE SAP SYSTEM 125 5.2.5 USERS IN THE SAP SYSTEM 127 5.2.6 USER TYPES IN SAP 128 IMAGE 4 52.7 EXAMPLEOF AN AUTHORIZATION ANALYSIS 129 5.3 SUMMARY 130 6 IT GENERAL CONTROLS IN SAP ERP 131 6.1 ORGANIZATIONAL CONTROLS 131 6.1.1 IT ORGANIZATION 131 6.1.2 IT OUTSOURCING: WHO IS RESPONSIBLE FOR THE CONTROLS? 132 6.1.3 GUIDELINES AND DOCUMENTATION 135 6 2 CONTROLS IN THE AREA O F CHANGE MANAGEMENT AND DEVELOPMENT 136 62.1 SAP SYSTEM LANDSCAPE 136 6 2 2 CHANGE AND TRANSPORT MANAGEMENT 137 62.3 CLIENT CONTROL 140 62.4 MAINTENANCE AND UPDATES 142 62.5 SAP SOLUTION MANAGER 143 6.3 SECURITY CONTROLS FOR ACCESS T O THE SAP SYSTEM AND FOR AUTHENTICATION 145 6.3.1 IDENTITY AND LIFE CYCLE O F THE USER 145 6.3.2 PASSWORD PROTECTION 146 6.3.3 HANDLING STANDARD USERS 148 6.3.4 EMERGENCY USER CONCEPT 150 6.4 SECURITY AND AUTHORIZATION CONTROLS WITHIN SAP ERP 150 6.4.1 PROTECTING PROGRAMS AND TRANSACTIONS-BASIC LEVEL 151 6.42 PROTECTING PROGRAMS AND TRANSACTIONS - ADVANCED LEVEL 154 6.4.3 PROTECTING TABLES 158 6.4.4 CONTROLLING AUTHORIZATION CHECKS 159 6.4.5 CRITICAL ADMINISTRATION TRANSACTIONS 161 6.4.6 CONSIDERATION O F THE PRINCIPLEOF SEGREGATION O F DUTIES 161 6.5 SUMMARY 163 7 GENERAL APPLICATION CONTROLS IN SAP ERP . 165 7.1 THE PRINCIPLE OF UNALTERABILITY 165 7.1.1 PROTECTING DATA IN TABLES 166 7.12 DEBUGGING 166 7.1.3 MODIFIABILITY O F DOCUMENTS 168 72 CONTROLS FOR DATA-RELATED TRACEABILITY 169 72.1 CHANGE DOCUMENTS IN SAP 169 7 2 2 TABLE LOGGING 171 72.3 DOCUMENT NUMBER ASSIGNMENT 173 7.3 TRACEABILITY O F USER ACTIVITIES IN SAP 174 7.3.1 SYSTEM LOG 174 IMAGE 5 7.3.2 SECURITY AUDIT LOG 176 7.3.3 HISTORY O F TRANSACTION CALLS 177 7.3.4 TRACEABILITY O F SYSTEM CHANGES IN THE CHANGE AND TRANSPORT MANAGEMENT SYSTEM (CTS) 178 7.4 CROSS-PROCESS PROCESSING CONTROLS 179 7.4.1 MONITORING UPDATE TERMINATIONS 180 7.4.2 COMPLETENESS O F THE ALE INTERFACE PROCESSING 182 7.4.3 REMOTE FUNCTION CALL CONNECTIONS 184 7.4.4 COMPLETENESS O F BATCH INPUT PROCESSING 185 7.5 SUMMARY 187 8 CONTROLS IN FINANCIAL ACCOUNTING 189 8.1 UNDERLYING CONTROL MECHANISMS IN GENERAL LEDGER ACCOUNTING (FI-GL) 189 8.1.1 PRINCIPLE: REAL-TIME POSTINGS 190 8.1.2 FINANCIAL STATEMENTS 192 8.1.3 G/L ACCOUNT MASTER DATA 193 8.1.4 CHECKING THAT TRANSACTION FIGURES ARE CONSISTENT WITH THE ACCOUNTING RECONCILIATION 195 8.1.5 SELECTED CONTROLS FOR CLOSING OPERATIONS 195 8.1.6 RECONCILIATION WORK IN FI-GL 197 8.2 CONTROLS OVER THE ACCURACY AND QUALITY OF DATA IN GENERAL LEDGER ACCOUNTING 198 8.2.1 ACCURATE ACCOUNT DETERMINATION 198 8.2.2 FIELD STATUS GROUPS 199 8.2.3 CALCULATING TAXES FOR MANUAL POSTINGS 200 8.2.4 VALIDATIONS IN SAP 202 8.2.5 FOREIGN CURRENCIES 203 8.3 COMPLETENESS OF PROCESSING IN GENERAL LEDGER ACCOUNTING 205 8.3.1 DOCUMENT PARKING 205 8.3.2 RECURRING ENTRIES 207 8.3.3 RECONCILIATION LEDGER 208 8.4 DATA SECURITY AND PROTECTION IN GENERAL LEDGER ACCOUNTING 209 8.4.1 PROTECTING COMPANY CODES 209 8.4.2 TOLERANCE GROUPS 212 8.4.3 PROTECTING MASTER DATA 212 8.4.4 CRITICAL TRANSACTIONS 215 8.4.5 SEGREGATION O F DUTIES IN GENERAL LEDGER ACCOUNTING 217 8.5 CONTROLS IN ASSET ACCOUNTING (FI-AA) 218 8.5.1 BASICS O F ASSET ACCOUNTING IN SAP 218 IMAGE 6 8.5.2 DEFAULT VALUES FOR ASSET CLASSES 219 8.5.3 ACCOUNT DETERMINATION IN ASSET ACCOUNTING 220 8.5.4 CONSISTENCY CHECK FOR ACCOUNT DETERMINATION AND CONFIGURATION 221 8.5.5 DEPRECIATION 221 8.5.6 ASSET HISTORY SHEET 225 8.5.7 LOW VALUE ASSETS 226 8.5.8 AUTHORIZATION CONTROL IN ASSET ACCOUNTING 227 8.5.9 CRITICAL AUTHORIZATIONS IN ASSET ACCOUNTING 228 8.6 CONTROLS IN ACCOUNTS PAYABLE (FI-AP) AND ACCOUNTS RECEIVABLE (FI-AR) 229 8.6.1 ACCURACY O F THE RECONCILIATION ACCOUNTS 229 8.6.2 PAYMENT FUNCTIONS 230 8.6.3 ONE-TIME CUSTOMERS AND VENDORS - CAUTION! 232 8.6.4 AGEING STRUCTURE AND VALUE ADJUSTMENTS 234 8.6.5 SEGREGATION O F DUTIES FOR MASTER DATA MAINTENANCE 234 8.7 SUMMARY 235 9 CONTROL MECHANISMS IN THE SAP ERP-SUPPORTED PROCURE TO PAY PROCESS 237 9.1 ORDERING 238 9.1.1 MAINTENANCE O F THE ORGANIZATIONAL STRUCTURES CONSISTENT WITH AUTHORIZATIONS 238 9.1.2 SEGREGATION O F DUTIES IN ORDERING 239 9.2 GOODS RECEIPTS AND INVOICE VERIFICATION 242 9.2.1 GOODS RECEIPTS'. CRITICAL MOVEMENT TYPES 242 9 2 2 3-WAY MATCH AND PAYMENT BLOCKS IN LOGISTICS INVOICE VERIFICATION 243 9 2 3 CHECK FOR DUPLICATE INVOICE ENTRY 245 9.3 GR/IR ACCOUNT 245 9.3.1 CLEARING THE GR/IR ACCOUNT 245 9.32 CLOSING OPERATIONS AND REPORTING O F THE GR/IR ACCOUNT IN THE BALANCE SHEET 247 9.4 CONTROLS FOR STOCKS 249 9.4.1 MAINTENANCEOF MATERIAL MASTER DATA 249 9.4.2 NON-VALUATED STOCK VALUE AND SPLIT VALUATION 250 9.4.3 ACCOUNT DETERMINATION FOR MATERIAL MOVEMENTS 251 9.4.4 CORRECTION O F STOCK VALUES: INVENTORY AND MATERIAL DEVALUATIONS 253 9.4.5 RELEASE OF SCRAPPING 254 9.4.6 PRODUCT COST ACCOUNTING 255 9.4.7 GOODS ISSUES FROM NON-VALUATED STOCK 257 9.5 CORPORATE GOVERNANCE 257 9.6 SUMMARY 258 IMAGE 7 10 CONTROL MECHANISMS IN THE SAP ERP-SUPPORTED ORDER TO CASH PROCESS 259 10.1 CONTROLS IN THE PREPARATORY SALES AND DISTRIBUTION PHASE 260 10.1.1 CONTROLS DURING ORDER ENTRY 260 10.12 QUALITY O F CUSTOMER MASTER DATA 261 10.1.3 SEGREGATION O F DUTIES FOR MASTER DATA MAINTENANCE 262 10.1.4 CREDIT LIMIT ASSIGNMENT AND CONTROL 263 10.2 CONTROLS IN ORDER FULFILLMENT AND REVENUE RECOGNITION 264 10.2.1 CONTROLS FOR DELIVERY O F GOODS 265 10.22 PRICING AND DETERMINATION O F SALES TAX 266 10.2.3 RETURN DELIVERIES AND CREDIT MEMOS 269 10.2.4 BILLING DUE LIST 269 10.2.5 COMPLETENESS O F ACCOUNTING ENTRY O F BILLING DOCUMENTS 270 10.2.6 DUNNING 271 10.3 SUMMARY 274 1 1 DATA PROTECTION COMPLIANCE IN SAP ERP HUMAN CAPITAL MANAGEMENT 275 11.1 LEGAL DATA PROTECTION REQUIREMENTS 275 11.1.1 DATA PROTECTION 276 11.1.2 BASIC PRINCIPLES: EUROPEAN UNION DIRECTIVE 277 11.1.3 CO-DETERMINATION AND EMPLOYEE DATA PROTECTION 283 11.1.4 EXCURSION: PROTECTION O F PATIENT DATA 285 11.2 GENERAL DATA PROTECTION-RELEVANT CONTROL MECHANISMS IN SAP 286 11.2.1 TRACING CHANGES T O PERSONAL DATA 287 11.2.2 LOGGING REPORT CALLS IN SAP ERP HCM 288 11.2.3 DELETING DATA AND MAKING IT UNRECOGNIZABLE 288 11.2.4 PERSONAL DATA OUTSIDE SAP ERP HCM 289 11.3 SPECIAL REQUIREMENTS OF SAP ERP HCM 290 11.4 AUTHORIZATIONS AND ROLES IN SAP ERP HCM 290 11.4.1 DIFFERENTIATING ATTRIBUTES IN SAP ERP HCM 291 11.42 PERSONNEL EVENTS 293 11.4.3 STRUCTURAL AUTHORIZATIONS 296 11.4.4 AUTHORIZATION MAIN SWITCHES 299 11.5 SUMMARY 301 12 FRAUD IN AN SAP SYSTEM 303 12.1 INTRODUCTION T O "FRAUD" 303 12.1.1 TYPES O F FRAUD 303 12.1.2 FRAUD AND THE SAP SYSTEM 305 IMAGE 8 122 FRAUD SCENARIOS IN SAP BASIS 306 12.2.1 "WRITE-DEBUGGING" AUTHORIZATIONS 306 12.2.2 PROCESSING A BATCH INPUT SESSION UNDER A DIFFERENT USER ID 307 12.3 FRAUD SCENARIOS IN THE GENERAL LEDGER 308 12.3.1 FRAUDULENT MANUAL DOCUMENT POSTINGS IN THE GENERAL LEDGER 308 12.32 IDENTIFICATION AND ANALYSIS O F MANUAL JOURNAL ENTRIES 309 12.4 FRAUD SCENARIOS IN THE SALES AREA 311 12.4.1 ISSUING FICTITIOUS INVOICES TO FICTITIOUS CUSTOMERS 311 12.42 GRANTING IMPROPER CREDIT MEMOS OR DISCOUNTS 312 12.4.3 EXCESSIVE USE O F FREE GOODS 313 12.4.4 IMPROPER WRITE-OFF O F OPEN CUSTOMER RECEIVABLES 314 12.5 FRAUD SCENARIOS IN PERSONNEL ACCOUNTING 315 12.5.1 FICTITIOUS EMPLOYEES 315 12.52 LIMITED ACCESS T O OWN HR DATA 316 12.5.3 SEGREGATION O F DUTIES FOR CONFIDENTIAL DATA 316 12.6 SUMMARY 317 13 EXCURSION: FDA COMPLIANCE AND CONTROLS IN SAP 319 13.1 LEGAL REQUIREMENTS IN THE MANUFACTURE O F FOOD AND MEDICINAL PRODUCTS 319 13.1.1 FDA-RELEVANT LEGAL REQUIREMENTS IN AN INTERNATIONAL COMPARISON 320 13.12 GXP-THE FDA BASIC PRINCIPLES 321 13.1.3 IT FROM THE VIEW O F FDA COMPLIANCE 322 13.2 VALIDATION OF IT SYSTEMS 322 13.2.1 VALIDATION PROCEDURE 323 13.22 CONTROLS IN IMPLEMENTATION PROCESSES 324 13.3 FDA COMPLIANCE IN IT-SUPPORTED BUSINESS PROCESSES 325 13.3.1 EXAMPLES: CONTROLS IN PROCUREMENT 325 13.32 EXAMPLES: CONTROLS IN PRODUCTION MANAGEMENT 325 13.3.3 EXAMPLES: CONTROLS IN QUALITY MANAGEMENT 326 13.3.4 EXAMPLES: CONTROLS IN ASSET MAINTENANCE 326 13.3.5 EXAMPLES: CONTROLS FOR BATCH TRACEABILITY 327 13.3.6 EXAMPLES: CONTROLS IN WAREHOUSE MANAGEMENT PROCESSES 327 13.4 OBSERVING FDA COMPLIANCE FOR SYSTEM MAINTENANCE, SYSTEM UPDATES, AND SYSTEM CHANGES 328 13.5 SUMMARY 329 14 EXAMPLES OF EFFICIENCY-ORIENTED AND PROFITABILITY-ORIENTED ANALYSIS SCENARIOS IN SAP ERP 331 14.1 PROCESS-RELATED DATA ANALYSES 331 IMAGE 9 14.1.1 COMPARISON O F THE PURCHASE ORDER DATE WITH THE GOODS RECEIPT DATE 332 14.1.2 TIMELY RELEASE OR CREATION O F PURCHASE REQUISITIONS AND PURCHASE ORDERS 336 14.1.3 TIME BETWEEN INCOMING PURCHASE ORDER AND CONFIRMATION O F THE CUSTOMER ORDER. 343 14.1.4 TEN FURTHER EXAMPLES O F POSSIBLE DATA-BASED PROCESS ANALYSES 344 14.2 ANALYSIS OF MASTER DATA QUALITY 344 142.1 QUALITY O F CUSTOMER MASTER DATA 345 14.2.2 PRODUCED MATERIALS WITH NO BILL O F MATERIALS 346 142.3 RECONCILIATION O F MATERIAL COSTS WITHIN A COMPANY CODE 347 14.2.4 TEN FURTHER EXAMPLES O F POSSIBLE MASTER DATA ANALYSES 349 14.3 MANUAL DATA CHANGES 349 14.3.1 CHANGES T O PURCHASE REQUISITIONS 350 14.32 CHANGES T O PURCHASING DOCUMENTS 351 14.3.3 CHANGES T O SALES DOCUMENTS 355 14.3.4 MANUAL DATA CHANGES-TEN FURTHER EXAMPLES 357 14.4 SUPPLEMENTING SAP ERP STANDARD REPORTS 358 14.4.1 PLANNING PARAMETERS ADDED T O STOCK ANALYSES 358 14.4.2 CUSTOMER MASTER DATA ADDED TO CREDIT MANAGEMENT ANALYSIS 359 14.5 SUMMARY 360 III FROM CONCEPT AND CONTENT TO IMPLEMENTATION: AUTOMATION OF AN INTERNAL CONTROL SYSTEM 15 ICS AUTOMATION: HOW TO SET THE COSO CUBE IN MOTION 363 15.1 BASIC CONCEPT OF ICS AUTOMATION 363 15.1.1 COSO CUBE IN ACTION 364 15.1.2 CONCEPT O F ICS AUTOMATION 365 15.2 ICS-RELEVANT OBJECTS AND DOCUMENTATION 367 15.2.1 ORGANIZATIONAL UNITS 367 15.2.2 PROCESSES 368 15.2.3 CONTROLS 369 15.2.4 CONTROL OBJECTIVES 370 15.2.5 RISKS 371 15.2.6 ACCOUNT GROUPS 371 15.2.7 EXAMPLE O F AN ICS DATA MODEL 372 15.3 BASIC SCENARIOS OF ICS ACTIVITIES 373 15.3.1 DOCUMENTATION 374 15.32 SELECTION AND PRIORITIZATION O F CONTROL ACTIVITIES 374 15.3.3 CONTROL EXECUTION 375 15.3.4 DESIGN TEST 376 IMAGE 10 15.3.5 EFFECTIVENESS TEST 376 15.3.6 SURVEY 377 15.3.7 RISK ASSESSMENT 377 15.3.8 REMEDIATION 378 153.9 SIGN-OFF 378 15.3.10 REPORT EVALUATION 379 15.3.11 PERSONS AS LINKS BETWEEN ICS OBJECTS AND ACTIVITIES 379 15.4 SUMMARY 380 16 ICS AUTOMATION USING SAP PROCESS CONTROL 381 16.1 INTRODUCTION: ICS IMPLEMENTATION WITH SAP PROCESS CONTROL 381 162 TECHNICAL IMPLEMENTATION 383 162.1 TECHNICAL ARCHITECTURE AND INSTALLATION 383 162.2 INITIAL CONFIGURATION O F THE STANDARD FUNCTIONS 385 162.3 INFORMATION SOURCES ON IMPLEMENTING, OPERATING, AND UPGRADING SAP PROCESS CONTROL 386 16.3 DATA MODEL 388 16.3.1 ICS MASTER DATA IN SAP PROCESS CONTROL 388 16.3.2 ICS DATA MODEL IN SAP PROCESS CONTROL 391 16.3.3 CENTRAL VS. LOCAL ICS MASTER DATA 392 16.3.4 TIME DEPENDENCY O F ICS MASTER DATA 393 16.3.5 TRACEABILITY O F CHANGES 395 16.3.6 CONCEPT O F OBJECT-RELATED SECURITY 395 16.3.7 CUSTOMER-SPECIFIC FIELDS 396 16.3.8 MULTIPLE COMPLIANCE FRAMEWORK CONCEPT 399 16.4 IMPLEMENTATION OF THE ICS PROCESS 400 16.4.1 ICS DOCUMENTATION PROCESS 401 16.42 SCOPING PROCESS 405 16.4.3 PLANNING PROCESS, TESTS, AND ASSESSMENTS 409 16.4.4 ISSUE REMEDIATION PROCESS 416 16.4.5 REPORTING 424 16.5 ICS AND COMPLIANCE IMPLEMENTATION: ROLES 427 16.5.1 AUTHORIZATION MODEL IN SAP PROCESS CONTROL 427 16.52 OBJECT-RELATED SECURITY IN ACTION 428 16.5.3 FIRST LEVEL VS. SECOND LEVEL AUTHORIZATIONS 429 16.5.4 PREDEFINED BEST PRACTICE ROLE CONCEPT IN SAP 431 16.5.5 ADJUSTING THE ROLES 431 16.6 SAP PROCESS CONTROL AS GRC COMPONENT - NEW FEATURES AND DEVELOPMENTS . 433 16.6.1 POLICY MANAGEMENT AND OTHER NEW FEATURES IN RELEASE 10.0 433 IMAGE 11 16.6.2 INTEGRATION WITH SAP ACCESS CONTROL 434 16.6.3 INTEGRATION WITH SAP RISK MANAGEMENT 435 16.6.4 MERGING GRC, STRATEGY, AND PERFORMANCE TOPICS 437 16.7 SUMMARY 439 17 IMPLEMENTATION OF AUTOMATED TEST AND MONITORING SCENARIOS IN THE SAP ERP ENVIRONMENT 441 17.1 AUTOMATED TEST AND MONITORING SCENARIOS IN THE SAP ENVIRONMENT 441 17.1.1 OFFLINE CAAT TOOLS 442 17.1.2 ONLINE CAAT REPORTS AND EVALUATIONS 445 17.1.3 COMPLIANCE MANAGEMENT SOFTWARE 446 17.2 AUTOMATED TESTS AND MONITORING IN SAP SOLUTIONS FOR GRC RELEASE 10.0-INTRODUCTION 448 17.2.1 CONTINUOUS MONITORING FRAMEWORK 448 17.2.2 CONTINUOUS MONITORING FRAMEWORK - POTENTIAL AND EXPECTATIONS 450 17.3 SETTING UP CMF SCENARIOS IN SAP PROCESS CONTROL 453 17.3.1 CONNECTING SAP SOLUTIONS FOR GRC WITH BUSINESS APPLICATIONS 453 17.3.2 DATA SOURCES IN SAP PROCESS CONTROL 456 17.3.3 CREATING BUSINESS RULES IN CMF 460 17.3.4 MONITORING DATA CHANGES IN CMF 462 17.3.5 AUTOMATION USING PREDEFINED BEST PRACTICE SCENARIOS 465 17.3.6 CONNECTING CONTROLS WITH RULES 467 17.3.7 AND OFF YOU GO! 468 17.4 POTENTIAL O F CMF SCENARIOS IN SAP PROCESS CONTROL 469 17.4.1 USE O F SAP NETWEAVER BUSINESS WAREHOUSE FOR CONTINUOUS MONITORING 470 17.4.2 THOUGHTS ABOUT SAP BUSINESSOBJECTS 471 17.5 SUMMARY 472 18 EXPERIENCES FROM PRACTICE AND PROJECTS 473 18.1 PRACTICAL EXPERIENCES: PROJECTS FOR ICS AND COMPLIANCE AUTOMATION 473 18.1.1 TOOLS FOR IMPLEMENTATION 473 18.1.2 BEST PRACTICE PROJECT STRUCTURE FOR ICS IMPLEMENTATION 475 18.1.3 BUSINESS BLUEPRINT 475 18.1.4 ICS CONTENT 477 18.1.5 FACTORS THAT INFLUENCE THE PROJECT EXPENSE 479 18.1.6 SUCCESS FACTORS 480 18.2 PROJECT EXAMPLES FOR ICS AND COMPLIANCE AUTOMATION 482 18.2.1 COVERAGE O F SWISS COMPLIANCE REQUIREMENTS AT KUONI 482 18.2.2 INTEGRATED GRC APPROACH AT TECAN 485 IMAGE 12 18.3 SOX AT ERICSSON 488 18.3.1 ICS FRAMEWORK AT ERICSSON 489 18.3-2 SOX COMPLIANCE PROCESS AT ERICSSON 491 18.3.3 EXPERIENCES FROM PREVIOUS PROJECTS 494 18.3.4 OPTIMIZATION POTENTIAL 495 18.3.5 STEPS TOWARDS OPTIMIZATION 495 18.4 REVIEW OF THE STAGES OF EVOLUTION OF THE ICS AND CONCLUSION 496 REFERENCES 501 THE AUTHOR OF THIS BOOK 503 CONTRIBUTORS TO THIS BOOK 505 INDEX 509
any_adam_object	1
author	Chuprunov, Maxim
author_GND	(DE-588)143206575
author_facet	Chuprunov, Maxim
author_role	aut
author_sort	Chuprunov, Maxim
author_variant	m c mc
building	Verbundindex
bvnumber	BV040985667
classification_rvk	ST 510 ST 610
ctrlnum	(OCoLC)844097143 (DE-599)DNB1028688261
dewey-full	658.4012028553
dewey-hundreds	600 - Technology (Applied sciences)
dewey-ones	658 - General management
dewey-raw	658.4012028553
dewey-search	658.4012028553
dewey-sort	3658.4012028553
dewey-tens	650 - Management and auxiliary services
discipline	Informatik Wirtschaftswissenschaften
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>00000nam a2200000 c 4500</leader><controlfield tag="001">BV040985667</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20131112</controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">130507s2013 gw ad\|\| \|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="015" ind1=" " ind2=" "><subfield code="a">12,N51</subfield><subfield code="2">dnb</subfield></datafield><datafield tag="016" ind1="7" ind2=" "><subfield code="a">1028688261</subfield><subfield code="2">DE-101</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9783642353017</subfield><subfield code="c">Gb. : ca. EUR 74.85 (DE) (freier Pr.), ca. EUR 76.95 (AT) (freier Pr.), ca. sfr 93.50 (freier Pr.)</subfield><subfield code="9">978-3-642-35301-7</subfield></datafield><datafield tag="024" ind1="3" ind2=" "><subfield code="a">9783642353017</subfield></datafield><datafield tag="028" ind1="5" ind2="2"><subfield code="a">Best.-Nr.: 86079246</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)844097143</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)DNB1028688261</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rakddb</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="044" ind1=" " ind2=" "><subfield code="a">gw</subfield><subfield code="c">XA-DE-BE</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-1050</subfield><subfield code="a">DE-573</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">658.4012028553</subfield><subfield code="2">22/ger</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 510</subfield><subfield code="0">(DE-625)143676:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 610</subfield><subfield code="0">(DE-625)143683:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">004</subfield><subfield code="2">sdnb</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Chuprunov, Maxim</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)143206575</subfield><subfield code="4">aut</subfield></datafield><datafield tag="240" ind1="1" ind2="0"><subfield code="a">Handbuch SAP-Revision</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Auditing and GRC automation in SAP</subfield><subfield code="c">Maxim Chuprunov</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Berlin [u.a.]</subfield><subfield code="b">Springer</subfield><subfield code="c">2013</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XXXII, 525 S.</subfield><subfield code="b">Ill., graph. Darst.</subfield><subfield code="c">240 mm x 168 mm</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">SAP ERP</subfield><subfield code="0">(DE-588)4841146-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Innenrevision</subfield><subfield code="0">(DE-588)4072820-1</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">SAP GRC</subfield><subfield code="0">(DE-588)7613461-1</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Corporate Governance</subfield><subfield code="0">(DE-588)4419850-4</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Compliance-System</subfield><subfield code="0">(DE-588)4442497-8</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">SAP ERP</subfield><subfield code="0">(DE-588)4841146-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">SAP GRC</subfield><subfield code="0">(DE-588)7613461-1</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="2"><subfield code="a">Compliance-System</subfield><subfield code="0">(DE-588)4442497-8</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="3"><subfield code="a">Innenrevision</subfield><subfield code="0">(DE-588)4072820-1</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="4"><subfield code="a">Corporate Governance</subfield><subfield code="0">(DE-588)4419850-4</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Online-Ausgabe</subfield><subfield code="z">978-3-642-35302-4</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">X:MVB</subfield><subfield code="q">text/html</subfield><subfield code="u">http://deposit.dnb.de/cgi-bin/dokserv?id=4204162&prov=M&dok_var=1&dok_ext=htm</subfield><subfield code="3">Inhaltstext</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">DNB Datenaustausch</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=025963550&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-025963550</subfield></datafield></record></collection>
id	DE-604.BV040985667
illustrated	Illustrated
indexdate	2024-08-03T00:38:20Z
institution	BVB
isbn	9783642353017
language	English
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-025963550
oclc_num	844097143
open_access_boolean
owner	DE-1050 DE-573
owner_facet	DE-1050 DE-573
physical	XXXII, 525 S. Ill., graph. Darst. 240 mm x 168 mm
publishDate	2013
publishDateSearch	2013
publishDateSort	2013
publisher	Springer
record_format	marc
spelling	Chuprunov, Maxim Verfasser (DE-588)143206575 aut Handbuch SAP-Revision Auditing and GRC automation in SAP Maxim Chuprunov Berlin [u.a.] Springer 2013 XXXII, 525 S. Ill., graph. Darst. 240 mm x 168 mm txt rdacontent n rdamedia nc rdacarrier SAP ERP (DE-588)4841146-2 gnd rswk-swf Innenrevision (DE-588)4072820-1 gnd rswk-swf SAP GRC (DE-588)7613461-1 gnd rswk-swf Corporate Governance (DE-588)4419850-4 gnd rswk-swf Compliance-System (DE-588)4442497-8 gnd rswk-swf SAP ERP (DE-588)4841146-2 s SAP GRC (DE-588)7613461-1 s Compliance-System (DE-588)4442497-8 s Innenrevision (DE-588)4072820-1 s Corporate Governance (DE-588)4419850-4 s DE-604 Erscheint auch als Online-Ausgabe 978-3-642-35302-4 X:MVB text/html http://deposit.dnb.de/cgi-bin/dokserv?id=4204162&prov=M&dok_var=1&dok_ext=htm Inhaltstext DNB Datenaustausch application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=025963550&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis
spellingShingle	Chuprunov, Maxim Auditing and GRC automation in SAP SAP ERP (DE-588)4841146-2 gnd Innenrevision (DE-588)4072820-1 gnd SAP GRC (DE-588)7613461-1 gnd Corporate Governance (DE-588)4419850-4 gnd Compliance-System (DE-588)4442497-8 gnd
subject_GND	(DE-588)4841146-2 (DE-588)4072820-1 (DE-588)7613461-1 (DE-588)4419850-4 (DE-588)4442497-8
title	Auditing and GRC automation in SAP
title_alt	Handbuch SAP-Revision
title_auth	Auditing and GRC automation in SAP
title_exact_search	Auditing and GRC automation in SAP
title_full	Auditing and GRC automation in SAP Maxim Chuprunov
title_fullStr	Auditing and GRC automation in SAP Maxim Chuprunov
title_full_unstemmed	Auditing and GRC automation in SAP Maxim Chuprunov
title_short	Auditing and GRC automation in SAP
title_sort	auditing and grc automation in sap
topic	SAP ERP (DE-588)4841146-2 gnd Innenrevision (DE-588)4072820-1 gnd SAP GRC (DE-588)7613461-1 gnd Corporate Governance (DE-588)4419850-4 gnd Compliance-System (DE-588)4442497-8 gnd
topic_facet	SAP ERP Innenrevision SAP GRC Corporate Governance Compliance-System
url	http://deposit.dnb.de/cgi-bin/dokserv?id=4204162&prov=M&dok_var=1&dok_ext=htm http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=025963550&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT chuprunovmaxim handbuchsaprevision AT chuprunovmaxim auditingandgrcautomationinsap

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Fernleihe Bestellen Achtung: Nicht im THWS-Bestand! Beschreibung

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge