Get documents about "Sap Audit Management Module - Excel
Description
Sap Audit Management Module document sample
Document Sample
Company (Name):
A total of 48 tests have been Contains detailed testing Links to the pre-populated test
Fiscal Year End (Date):
designed to evaluate ALL KEY risks instructions, rather than generic sheets with fill-in fields for
Tested on (Date)/ tested by (Name):
based on best practices and the descriptions of the tests to be company-specific information.
Tested in (System):
Payroll and HR (Personnel) - Audit Program for SAP R/3 - SAMPLE
Control Activity Control Control IT Nature Control Rating Query Testing Procedures: Testing Reference Conclusion
Activity Type Nature IT Dependent/ High/ No For each control activity selected for testing, auditor needs to perform adequate testing procedures to gain Reference to Effective/
Preventive/ Manual/ Non IT- Medium/ reasonable assurance that controls operate effectively in accordance with established policies, procedures, and supporting evidence Ineffective
Detective Automated Dependent Low guidelines. The following testing procedures will assist auditors in performing tests of control for each control considered pertinent
activity.
Hiring Personnel
Control Objective HR1: Additions to the payroll master files represent valid employees. All new employees are added to the payroll master files.
Control Objective Assertion: [Balance Sheet] Payroll related accruals / provisions & [Income Statement] Salaries, Wages & Related Expenses: Validity, Completeness
HR1.03: The personnel and the Preventive Automated IT Dependent High 2 A job is a general classification of task areas (e.g. head of department). A job is a standard description of an Tab 2
organizational reporting structure activity that can be performed by a person. Perform the following procedures to generate a listing of users with
are current. In addition to the written step- access to maintain or edit existing jobs in SAP R/3:
by-step instructions, screen-
Access to modify personnel and prints from SAP will be provided Execute transaction code SUIM
organizational reporting structure in to visually assist those new to Proceed to the Users By Authorization Values screen via "User " -> "Users By Complex Selection Criteria " ->
SAP R/3 is limited to appropriate the system. "By Authorization Values "
personnel.
AUTHORIZATION OBJECT 1:
• S_TCODE:
Covers ALL principal hr/payroll PO03 (Maintain Jobs)
subprocesses:
• Hiring Personnel AUTHORIZATION OBJECT 2:
• Terminating Personnel • PLOG:
• Recording Time Plan Version (PLVAR): * (means users authorized to maintain jobs in ANY/SOME plan version(s))
• Calculating Payroll Subtype (SUBTYP): * (means access to maintain ANY/SOME subtypes of given infotypes)
• Disbursing Payroll Planning Status (ISTAT): * (means ANY planning status in which the user is authorized for access)
• Maintaining Master Files Function Code (PPFCODE): INSE (Insert) OR AEND (Change) OR DEL (Delete) OR "*" (All/Any)
Infotype (INFOTYP): * (means users authorized to maintain jobs for ANY/SOME infotypes)
Object Type (OTYPE): C (means "Jobs") OR P (means "Persons/Employees") OR "*" (All/Any)
Export results to the Tab referenced in the "Testing Ref." Column for further analysis. Assess whether it is
appropriate for such users to have such access, based on their job responsibilities and established policies,
procedures, standards, and guidance. Compare the results of the test with the information obtained from the
interviews with the individuals responsible for the control activity. Investigate any discrepancies. Document your
conclusions.
f0874d57-315d-4814-973e-b6b813e1f160.xls Page 1 of 4
Exception Details Mitigating Controls Planned Remediation Procedures Planned Remediation Ref. to Post-
For ineffective controls For ineffective controls For ineffective controls Remediation Status Remediation
Date Completed/ Testing Details
For ineffective In Progress If applicable
controls
f0874d57-315d-4814-973e-b6b813e1f160.xls Page 2 of 4
f0874d57-315d-4814-973e-b6b813e1f160.xls Tab 2
Users with access to maintain or edit existing jobs in SAP R/3:
Count User ID User Name Locked? Valid From Valid Through User Type Access Exceptions Comments/ Exception
*Insert (Yes/No) *Exclude IDs that *Exclude D (System) and C Appropriate as per Noted? Detail
additional *Exclude locked user IDs are past their (Communication) IDs (no the Job (Yes/No)
rows as ("0" or "Blank" in this field validity date (no end user access); leave A Responsibilities?
needed means that user ID is access) (Dialog) and S (Service) IDs (Yes/No)
NOT locked) for analysis
1
2
3
4
5
Total 0 0 0
Page 3 of 4
f0874d57-315d-4814-973e-b6b813e1f160.xls Tab 8
Count Employee ID Employee Name Start Date Selected For Employee is a Approved By Approved On Exceptions Comments/ Exception Detail
*Insert * Do not list Testing? Valid New Hire? (Name, Title) (Date) Noted?
additional employees hired (Yes/No) (Yes/No) (Yes/No)
rows as before or after the
needed period of intended Complete for new employees selected for testing in Column "E". N/A for remaining new hires.
reliance
1
2
3
4
5
Total 0 0 0 0
Page 4 of 4
Other docs by odj14894
Grants to Fund Student Assistance Programs Information and Application Procedures 2008 2009 School Year
Views: 136 | Downloads: 0
