SAP Audit Management - Public User Guide - 1.5 SP00
Uploaded by
Saqib NaseemSAP Audit Management - Public User Guide - 1.5 SP00
Uploaded by
Saqib NaseemUser Guide | PUBLIC
2022-03-14
SAP Audit Management for SAP S/4HANA
© 2022 SAP SE or an SAP affiliate company. All rights reserved.
THE BEST RUN
Content
1 What's New in SAP Audit Management for SAP S/4HANA 1.5 SP00. . . . . . . . . . . . . . . . . . . . . . 7
2 SAP Audit Management for SAP S/4HANA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3 Setting Up SAP Audit Management for SAP S/4HANA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.1 Home. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Available Apps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
3.2 Back-End Transactions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.3 Roles in SAP Audit Management for SAP S/4HANA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3.4 Browser Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.5 Language Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.6 Notifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Email Notification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Enable Notification Center on the Launchpad. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
3.7 SAP Jam Integration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
3.8 Data Migration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3.9 Working with Spreadsheet Templates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
3.10 Configure Workflows. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Predefined Status Schemas. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4 Managing Audit Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
4.1 Create Teams and Use Team Calendar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
4.2 Maintain List of Skills and Qualifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
4.3 Audit Staff Classification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
4.4 Set Up Profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Add Skills. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Add Qualifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Designate and Dismiss Substitutes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
4.5 Time Tracking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39
Record Time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
5 Master Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
5.1 Organizations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Create Organization Hierarchies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Create Organization Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Configure Organization Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Create Organizations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Upload Organizations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
SAP Audit Management for SAP S/4HANA
2 PUBLIC Content
5.2 Risk Register. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Views for Risks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Risk Type and Category. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Create Risks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Upload Risks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Risk Analysis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
Create Key Risk Indicators for Risks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52
Underlying Risks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Add Controls to Risks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Remove Risks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Restore Risks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
5.3 Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55
Views for Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Attributes of Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Create Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Upload Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Add Risks to Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
Design Control Effectiveness Rating Scale. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
5.4 Dimensions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Create Dimension Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62
Create Dimensions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Upload Dimensions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Assign Risks to Dimensions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
5.5 Import Master Data from SAP Process Control and SAP Risk Management. . . . . . . . . . . . . . . . . . . 64
Prerequisites for Import. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Import Organizations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Import Risks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Import Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68
Check Import Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Schedule Regular Import Jobs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Master Data Delimitation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Enable Import of Organizational Structure Changes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Manually Assign Organizations to Imported Risks and Controls. . . . . . . . . . . . . . . . . . . . . . . . . 70
Configure Navigation Path for Imported Organizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
5.6 Create Views for Risks and Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
6 Planning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
6.1 Audit Type, Category, and Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Audit Type Configuration Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
6.2 Audit Universe. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Auditable Item Lifecycle. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Create Auditable Items. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
SAP Audit Management for SAP S/4HANA
Content PUBLIC 3
Upload Auditable Items. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Delete an Auditable Item. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Mass Delete Auditable Items. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79
Close Auditable Items. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Reopen Closed Auditable Items. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
6.3 Audit Plans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Create Audit Plans. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Create Audits Based on Audit Plans. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84
Add Audits to Audit Plan. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85
6.4 Create Audits Directly. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
6.5 Copy Audits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
6.6 Create and Assign Audits in Resource Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
6.7 Assign People to Audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
6.8 Initiate Audits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
6.9 Delete Audits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
6.10 Cancel Audits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90
7 Preparation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
7.1 Audit Announcement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Create Announcement Letters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Announcement Letter Review. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Announcement Letter Distribution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
7.2 Risk Assessment in Audit Preparation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94
7.3 Design and Review Audit Execution Work Program. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
7.4 Work Program. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Configure Work Program Structure using Scope Schema. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Create Work Programs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Upload Work Program. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Copy Work Program from Other Audits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Audit Procedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99
8 Execution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
8.1 Perform Audit Procedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Perform Business Rule Ad Hoc Query. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109
Perform Detection Procedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
8.2 Evaluate Auditee's Responses to Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Audit Scoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
8.3 Evaluate Control Effectiveness. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
8.4 Work Done. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
8.5 Work Package Review. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Submit Work Packages for Review. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Review Work Packages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
SAP Audit Management for SAP S/4HANA
4 PUBLIC Content
8.6 Document and Communicate Audit Findings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Finding Type, Category, and Ranking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115
Finding ID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117
Create Findings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117
Communicate Findings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
8.7 Action Plans. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Action Plan Workflow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Create Action Plans. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Auditee: My Action Plans. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124
Change Action Plan ID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
8.8 Propose Risks to SAP Risk Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
8.9 Process Work Packages Offline. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
8.10 Reopen Work Program. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
9 Follow-Up. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
9.1 Track Ongoing Audits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129
9.2 Historical Audits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
9.3 Track Open Findings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
9.4 Historical Findings and Reopen Findings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
9.5 Track Open Action Plans. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
9.6 Historical Action Plans and Reopen Action Plans. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
10 Reporting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
10.1 Prepare Audit Reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
10.2 Review Audit Reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135
10.3 Issue Audit Reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
10.4 Close Audits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
11 Working Papers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
11.1 Working Paper Category. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
11.2 Create Working Papers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
11.3 Delete Working papers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
11.4 Working Papers Review. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Add Review Notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Reply to Review Notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Mark Review Notes as Cleared. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140
11.5 Online Viewing and Editing of Working Papers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
11.6 Manage Working Paper Versions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
11.7 Delete Working papers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
11.8 Set Working Papers Size Limit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
12 Audit Quality Assurance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
12.1 Quality Checkpoints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
SAP Audit Management for SAP S/4HANA
Content PUBLIC 5
13 Analytics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
13.1 Audit Management Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
14 Data Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
14.1 Removing User Names. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .145
14.2 Garbage Collector. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
14.3 Data Archiving in SAP Audit Management for SAP S/4HANA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
14.4 Displaying the Data Protection Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
15 Deleting Personal Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
SAP Audit Management for SAP S/4HANA
6 PUBLIC Content
1 What's New in SAP Audit Management for
SAP S/4HANA 1.5 SP00
Release 1.5 SP00 of SAP Assurance and Compliance Software for SAP S/4HANA introduces the following new
and changed features described below:
Available
Solution Title Description Version Type as of Action
SAP Audit New SAP 1.5 SP00 introduces the following SAP Fiori 1.5 SP00 New 2022-03-1 Info only
Managem Fiori apps apps: 4
ent for
● Organizations
SAP S/4H
● Dimensions
ANA
● Resource Management
● My Profile
● My Work Packages
● Review Work Packages
SAP Audit Depre The following old non-Fiori apps are deprecated: 1.5 SP00 Deleted 2022-03-1 Info only
cated
Managem 4
apps ● Organizations
ent for
● Dimensions
SAP S/4H
● Resource Management
ANA
● My Profile
SAP Audit Notifica Notification center on the Launchpad is avail 1.5 SP00 New 2022-03-1 Info only
able
Managem tion 4
ent for In addition to emails, notifications can also be
SAP S/4H delivered via the notification center on the SAP
ANA Audit Management Launchpad.
Configure URLs in emails
Configure the generation of URLs in email notifi
cations when the frontend and backend are de
ployed in different servers.
See Notifications [page 26].
SAP Audit Data Mi Enable customers who are moving to SAP Audit 1.5 SP00 New 2022-03-1 Info only
gration Management to mass migrate data to the SAP
Managem 4
Audit Management system.
ent for
SAP S/4H
ANA
SAP Audit Management for SAP S/4HANA
What's New in SAP Audit Management for SAP S/4HANA 1.5 SP00 PUBLIC 7
Available
Solution Title Description Version Type as of Action
SAP Audit Organiza The new Fiori app Organizations comes with 1.5 SP00 New 2022-03-1 Info only
tions new capabilities including:
Managem 4
ent for ● You can see the risks, controls, and audita
SAP S/4H ble items related to an organization and its
ANA audit history, audit findings, and action
plans.
● You can create multiple organization hier
archies to maintain the organization data
of your own company and other entities,
such as your vendors and partners.
● You can use organization types to catego
rize individual organizations.
● You can use drag and drop to change the
position of an organization across a hierar
chy.
● You can remove organizations.
● Custom defined fields are allowed.
See Organizations [page 41].
SAP Audit Dimen The new Fiori app Dimensions comes with new 1.5 SP00 New 2022-03-1 Info only
sions
Managem capabilities including: 4
ent for
● Dimensions can be structured into hierar
SAP S/4H
chies.
ANA
You can use drag and drop to change the
position of a dimension across a hierarchy.
● The KRIs of a dimension are inherited form
the assigned risks.
● Show the related auditable items and audit
history.
See Dimensions [page 61].
SAP Audit Risk View-dependent risk analysis 1.5 SP00 Changed 2022-03-1 Info only
Managem In the view-dependent risk analysis mode, the 4
ent for risk analysis documented in a view doesn't over
SAP S/4H write the analysis in other views.
ANA
See View-dependent and Version-based Risk
Analysis [page 52].
SAP Audit Management for SAP S/4HANA
8 PUBLIC What's New in SAP Audit Management for SAP S/4HANA 1.5 SP00
Available
Solution Title Description Version Type as of Action
SAP Audit Import Manually assign organizations to imported 1.5 SP00 Changed 2022-03-1 Info only
master risks and controls
Managem 4
data
ent for When risks and controls are imported, their or
SAP S/4H ganization assignment is also imported. Previ
ANA ously, you cannot change the organization as
signment. Now you are allowed to manually as
sign organizations in case you don't want to im
port organizations.
See Manually Assign Organizations to Imported
Risks and Controls [page 70].
Configure navigation path for imported organ
izations
Configure the application to which the source
object link of an imported organization redi
rects.
See Configure Navigation Path for Imported Or
ganizations [page 71].
Remove delimited data
When the import job detects that the source ob
ject of an organization, risk, or control in the
source system is delimited, the organization,
risk, or control will be removed from SAP Audit
management.
See Master Data Delimitation [page 70].
SAP Audit Where- When you try to remove an organization, dimen 1.5 SP00 New 2022-03-1 Info only
used sion, risk, or control that is still being used, an
Managem 4
check error box pops up with a Show Where Used List
ent for
button.
SAP S/4H
ANA When you try to delete a working paper that is
still being used, an error box pops up with a
Show Where Referenced List button.
SAP Audit Historical When you access an outdated organization, di 1.5 SP00 New 2022-03-1 Info only
version in mension, risk, control, or working paper from a
Managem 4
dicator historical audit, the message "This version is not
ent for
the latest" is shown.
SAP S/4H
ANA
SAP Audit Management for SAP S/4HANA
What's New in SAP Audit Management for SAP S/4HANA 1.5 SP00 PUBLIC 9
Available
Solution Title Description Version Type as of Action
SAP Audit Resources The new Fiori app Resources Management 1.5 SP00 New 2022-03-1 Info only
Manage
Managem comes with new capabilities including: 4
ment
ent for
● Group audit staff into teams.
SAP S/4H
● Create new audits.
ANA
● Check the unassigned audits.
See Managing Audit Resources [page 34].
SAP Audit My Profile The new Fiori app My Profile comes with new ca 1.5 SP00 New 2022-03-1 Info only
Managem pabilities including: 4
ent for
● Upload profile photos.
SAP S/4H
● More personal information.
ANA
● Calendar with more views.
● Specify the time period for substitution.
See Set Up Profile [page 37].
SAP Audit Audit type New audit type 1.5 SP00 New 2022-03-1 Info only
Managem The new audit type Partner is introduced. 4
ent for
Map organization types to audit types
SAP S/4H
ANA You can restrict the organization types that are
relevant to a certain audit type.
See Audit Type, Category, and Group [page
72].
SAP Audit Copy au You can create a new audit by copying an exist 1.5 SP00 New 2022-03-1 Info only
dits ing one.
Managem 4
ent for See Copy Audits [page 86].
SAP S/4H
ANA
SAP Audit Work pro Copy function enhancement 1.5 SP00 Changed 2022-03-1 Info only
gram
Managem The filters Audit Status, Audit Type, Audit 4
ent for Group , and Audit Category are provided to help
SAP S/4H you find audits more easily when copying work
ANA programs.
SAP Audit Risk As Perform risk assessment in the audit prepara 1.5 SP00 New 2022-03-1 Info only
sessment tion phase to obtain more understanding of the
Managem 4
in Audit auditee and their environment as the basis of
ent for
Prepara your audit.
SAP S/4H tion Phase
ANA See Preparation [page 91].
SAP Audit Management for SAP S/4HANA
10 PUBLIC What's New in SAP Audit Management for SAP S/4HANA 1.5 SP00
Available
Solution Title Description Version Type as of Action
SAP Audit Go to The buttons Go to previous procedure and Go to 1.5 SP00 New 2022-03-1 Info only
next/ next procedure are available on the screen of a
Managem 4
previous procedure, which help you easily navigate
ent for
procedure across the procedures within a work package.
SAP S/4H
ANA
SAP Audit Test Pro Attach links to steps 1.5 SP00 New 2022-03-1 Info only
cedures
Managem When creating a test procedure, you can attach 4
ent for links to a step. For example, for a step of in
SAP S/4H specting sales documents, you can attach the
ANA link to the sales system where the sales orders
can be found.
See Enable Links for Test Steps [page 100].
SAP Audit Business Use parameters for ad hoc queries 1.5 SP00 Changed 2022-03-1 Info only
rule pro
Managem You can define the output fields, the filter crite 4
cedure
ent for ria, and the deficiency criteria for a business
SAP S/4H rule ad hoc query.
ANA
See Business Rule Procedure [page 107].
SAP Audit Detection Create findings 1.5 SP00 Changed 2022-03-1 Info only
procedure
Managem You can create findings as results of detection 4
ent for procedures.
SAP S/4H
Reopen detection procedure
ANA
You can reopen a completed detection proce
dure.
SAP Audit Submit You can enable a review process for the com 1.5 SP00 New 2022-03-1 Info only
work pleted work packages.
Managem 4
package
ent for See Work Package Review [page 114].
for review
SAP S/4H
ANA
SAP Audit Finding Make Ranking optional 1.5 SP00 Changed 2022-03-1 Info only
Managem You can make field Ranking optional using Cus 4
ent for tomizing activity Maintain Field Attributes.
SAP S/4H
Check if Executive Responsible is assigned
ANA
A new quality checkpoint "Executive Responsi
ble must be assigned" is available.
Reference
The Reference field is now a link to a work pack
age rather than plain text.
SAP Audit Management for SAP S/4HANA
What's New in SAP Audit Management for SAP S/4HANA 1.5 SP00 PUBLIC 11
Available
Solution Title Description Version Type as of Action
SAP Audit Action Change deadline 1.5 SP00 Changed 2022-03-1 Info only
plan
Managem The buttons Extend Deadline and Advance 4
ent for Deadline are provided for changing the deadline
SAP S/4H of an action plan.
ANA
Sub action plans inherit information from pa
rent action plans
A sub action plans inherits the due date and the
responsible person from its parent action plan.
SAP Audit Work Rich text available 1.5 SP00 Changed 2022-03-1 Info only
Done
Managem You can use a rich text editor to create work 4
Notes
ent for done notes.
SAP S/4H
ANA
SAP Audit Working Reply to review notes 1.5 SP00 New 2022-03-1 Info only
Paper
Managem You can add replies to a review note of a working 4
ent for paper.
SAP S/4H
See Reply to Review Notes [page 140].
ANA
Activity history
Activity history is available for working papers.
SAP Audit Customiz Customizing activity Maintain E-mail 1.5 SP00 Changed 2022-03-1 Info only
ing activ Notifications for Audit Activities has been re
Managem 4
ity renam named Maintain Notifications for Audit
ent for
ing Activities.
SAP S/4H
ANA
SAP Audit Analytics CDS views are provided for reporting. 1.5 SP00 Changed 2022-03-1 Info only
Managem See Analytics and Reporting. 4
ent for
SAP S/4H Note
ANA
SAP Audit Management no longer provides
HANA views for analytics.
SAP Audit Management for SAP S/4HANA
12 PUBLIC What's New in SAP Audit Management for SAP S/4HANA 1.5 SP00
Available
Solution Title Description Version Type as of Action
SAP Audit Role New role: Partner 1.5 SP00 New 2022-03-1 Info only
Managem A new application role Partner and the corre 4
ent for sponding PFCG role SAP_GRCAUD_PARTNER
SAP S/4H are introduced.
ANA
New role: External Auditor
A new application role External Auditor and the
corresponding PFCG role SAP_GRCAUD_EX
TERNAL_AUDITOR are introduced.
Custom application role
● You can make custom application roles
specific to certain audit types. See Make
Custom Application Roles Specific to Audit
Types.
● Custom application roles are now sup
ported for object type Finding.
SAP Audit Field Set Hide obsolete field choices 1.5 SP00 New 2022-03-1 Info only
Managem tings For choice fields such as Audit Type, you can 4
ent for hide choices that are no longer needed so they
SAP S/4H are not available for selection.
ANA
See Hide Field Choices.
Technical Details
The application component for SAP Audit Management for SAP S/4HANA is GRC-AUD.
Related Information
What's New in SAP Assurance and Compliance Software for SAP S/4HANA 1.5 SP00
What's New in SAP Assurance and Compliance Software for SAP S/4HANA
SAP Audit Management for SAP S/4HANA [page 14]
SAP Audit Management for SAP S/4HANA
What's New in SAP Audit Management for SAP S/4HANA 1.5 SP00 PUBLIC 13
2 SAP Audit Management for
SAP S/4HANA
SAP Audit Management for SAP S/4HANA is a solution for building audit plans, preparing audits, and analyzing
relevant results.
SAP Audit Management for SAP S/4HANA provides an end-to-end audit management solution that can be
used to build audit plans, prepare audits, analyze relevant information, document result, form an audit opinion,
communicate results, and monitor progress. The key features include the following:
● Full mobile-enablement and easy access from multiple devices and platforms
● Full coverage of the audit roadmap; including planning, preparation, execution, report, and follow-up
● Flexible Audit Universe that serves as a single source for audits and monitors audit requests globally
● Integration with third-party systems such as SAP Business Integrity Screening and SAP Risk Management
● Powerful working paper management that allows you to create audit documents via drag-and-drop, single-
click access to the documents, and management review
● Global monitoring of findings and following up on the progress of actions
● Powerful search function that helps you find the target information easily
● Clear and intuitive user interface design that improves user experience and boosts efficiency
In SAP Audit Management for SAP S/4HANA, the auditing process is divided into five phases: planning,
preparation, execution, reporting, and follow-up. Different audit tasks are performed in different phases.
The following figure illustrates the workflow of an audit. Note that the roles only serve as an example of a typical
auditing scenario in an organization. You may have different roles for each action depending on your
authorization settings.
SAP Audit Management for SAP S/4HANA
14 PUBLIC SAP Audit Management for SAP S/4HANA
SAP Audit Management for SAP S/4HANA
SAP Audit Management for SAP S/4HANA PUBLIC 15
SAP Audit Management for SAP S/4HANA
Note
The audit announcement letter approval process is an optional feature depending on the audit status
schema configuration.
This documentation is generally structured in accordance with the above five phases. It includes the following
sections:
● Setting Up SAP Audit Management for SAP S/4HANA [page 18]
In this section you will find information about roles and back-end transactions in SAP Audit Management.
● Home [page 18]
Home is the starting point of SAP Audit Management. It gives you an overview of the status and progress of
your current tasks, and is a portal to access your tasks.
● Master Data [page 41]
The master data section provides you with information about risks, controls, dimensions, and
organizational units that can be used for risk-based auditing.
● Planning [page 72]
In the audit planning phase, overall strategies and focus areas are defined for your organization. In this
section, you will find the information about the audit universe and audit plans, and the procedures to create
auditable items, audits, and audit plans.
● Preparation [page 91]
In this section, you will find out how to prepare detailed work programs for the assigned audits, how to
assign responsible persons to detailed work packages, and how to review the work programs. Optionally,
you can also prepare an audit announcement letter and distribute it to the stakeholders.
● Execution [page 109]
The execution phase is when all the actual field work takes place. Here you will find out how to manage
working papers, how to document your audit work, and how to create findings and propose action plans
based on your audit evidence.
● Reporting [page 134]
In the audit reporting phase, audit reports are prepared based on the auditor’s work. In this section, you will
find the information about the drafting, reviewing, and issuing of audit reports.
● Follow-Up [page 129]
In this section, you will find information about following up on the findings and action plans resulted from
the auditing process.
● Working Papers [page 138]
In this section, you will find information about how to create, edit, review, and manage versions of audit
working papers through the audit lifecycle.
● SAP Audit Management Extensibility Guide
The Extensibility Guide provides advanced information about extending the functionality of the solution for
you to further explore the potential of the product.
● Data Protection [page 145]
For more information about the terminology used, see SAP Glossary.
For more information about corrections made to the product assistance after shipment, see SAP Note
3050167 .
SAP Audit Management for SAP S/4HANA
16 PUBLIC SAP Audit Management for SAP S/4HANA
Related Information
SAP Assurance and Compliance Software for SAP S/4HANA
What's New in SAP Assurance and Compliance Software for SAP S/4HANA 1.5 SP00
SAP Audit Management for SAP S/4HANA
SAP Audit Management for SAP S/4HANA PUBLIC 17
3 Setting Up SAP Audit Management for
SAP S/4HANA
Several settings need to be adjusted in order to set up SAP Audit Management for SAP S/4HANA.
In the following sections you will find the information you need to set up the application, including
authorizations, transactions, language settings, and browser settings:
● Back End Transactions for SAP Audit Management [page 21]
● Roles in SAP Audit Management [page 22]
● Browser Settings [page 26]
● Language Settings [page 26]
● SAP Jam Integration [page 28]
Additional Information
For more technical information, see the Installation Guide, and the Security Guide on the SAP Help Portal at
http://help.sap.com/audit_s4.
3.1 Home
The home page is the starting point of the application. It is based on the SAP Fiori launchpad and can be called
using transaction /UI2/FLP.
The launchpad opens a home page that contains predefined content, divided into groups. Each group contains
tiles that represent business applications. Clicking or tapping a tile launches the underlying application.
The following functions are available on the home page:
● Personalization
The group My Home is, by default, the first group on your home page. Other groups may also be visible to
you, as defined by your administrator.
You can personalize the application home page by selecting Edit Home Page. Once you do, you can add
groups and tiles. As well, you can rearrange existing tiles by dragging them to a new location in a group or
moving them to another group.
Choose Settings to display the user account, or to change the appearance or language and regional
settings of your screen.
Choose App Finder to search the catalogs for all available tiles.
● Search
With the search, you can find predefined objects, such as detection strategies, alerts, events and
documents in alerts.
SAP Audit Management for SAP S/4HANA
18 PUBLIC Setting Up SAP Audit Management for SAP S/4HANA
You can use the search as follows:
Your Input Symbol Result
shares warrants None Finds results that contain both the word “shares” and the word “warrants”.
shares OR warrants OR Finds results that contain either the word “shares” or the word “warrants”.
shares‑warrants ‑ Finds results that contain the word “shares” but not the word “warrants”.
warr* * Finds results containing words that start with “warr”, for example “warrants”,
“warranty”, and “warranted”.
“with best regards” “” Finds results that contain the exact phrase “with best regards”.
Note
If you can't find the expected results try again using *, for example *12345 or *john*.
The search is not case-sensitive.
In SAP Audit Management, the following objects can be searched using the search from the SAP Fiori
launchpad:
● Auditable items
● Audits
● Findings and actions
● Working papers, reports, announcement letters, and attachments
● Risks and controls (latest version)
● Dimensions
Available Tiles
See Available Apps [page 20]
More Information
For more information about the SAP Fiori launchpad, see Using the Launchpad and Personalizing the
Launchpad on the SAP Help Portal.
SAP Audit Management for SAP S/4HANA
Setting Up SAP Audit Management for SAP S/4HANA PUBLIC 19
3.1.1 Available Apps
The apps in SAP Audit Management.
App
Approve Audit Report
Approve Audit Preparation
Audit Management Overview
Audit Universe
Controls
Dimensions
Display Historical Audits
Display Historical Action Plans
Display Historical Findings
Initiate Audit
My Action Plans
Manage Audit Plans
My Findings
My Ongoing Audits
My Work Packages
My Recent Objects
Organizations
Prepare Audits
Record Time
Resource Management
Review Work Packages
Risk Register
Track Ongoing Audits
Track Open Action Plans
SAP Audit Management for SAP S/4HANA
20 PUBLIC Setting Up SAP Audit Management for SAP S/4HANA
App
Track Open Findings
Note
The legacy non-Fiori apps are out of maintenance.
3.2 Back-End Transactions
Transactions can be used in the back-end for SAP Audit Management for SAP S/4HANA.
The following transactions are available in the SAP Audit Management menu:
Transaction Name Transaction Code Path
Start SAP Audit Manage /UI2/FLP
SAP Menu Audit Management Start SAP Audit
ment
Management
Delete Auditable Items GRCAUD_DEL_AUD_ITEM
SAP Menu Audit Management Tools Delete
Auditable Items
Data Protection
Menu path: SAP Menu Audit Management Data Protection
Transaction Name Transaction Code Description
Remove User Names ACS_DP_ANONYMIZATION Use this function to remove user names for data that is
not going to be archived.
Garbage Collector ACS_DP_GCO Use this function to delete unwanted data.
Display Data Protection ACS_DP_LOG Use this function to display the application log for data
Logs protection activities.
Archive Administration SARA Use this function to archive data.
Data Destruction ILM_DESTRUCTION Use this function to delete archived data.
SAP Audit Management for SAP S/4HANA
Setting Up SAP Audit Management for SAP S/4HANA PUBLIC 21
Transaction Name Transaction Code Description
SRALMANAGER
Read Access Logging Use this function to monitor and log read access to sensi
Manager tive data.
3.3 Roles in SAP Audit Management for SAP S/4HANA
SAP Audit Management for SAP S/4HANA has two types of roles: application roles and PFCG roles.
Application Roles
Application roles are the roles you see on the user interface, for example, audit manager, audit lead, and
auditor. You can assign these roles to users when you create an audit object.
An application role is only meaningful when it is mapped to a PFCG role, because all user authorizations and
menu access derive from the relevant PFCG roles. You can define whether an application role is mandatory, and
whether it can be mapped to multiple PFCG roles. You can also specify the identity providers for different
application roles in Customizing.
The following application roles are delivered by SAP Audit Management for SAP S/4HANA:
Role ID Role Name What does this role do?
ACT_RESP Action Responsible Person The person who is responsible for the
actions proposed in the audit finding.
ADTB_REQ Auditable Item: Requested By The person who requested the audita
ble item in the audit universe.
ADTB_RES Auditable Item: Responsible Person The person who is responsible for en
suring that the item is audited.
AUDITOR Auditor The person who performs auditing in an
audit engagement. An auditor:
● Manages working papers
● Creates findings, and action plans
SAP Audit Management for SAP S/4HANA
22 PUBLIC Setting Up SAP Audit Management for SAP S/4HANA
Role ID Role Name What does this role do?
AUD_LEAD Audit Lead The audit lead is an auditor who per
forms the following additional duties:
● Prepares work programs
● Prepares the audit report
It is mandatory to have an audit lead for
an audit and only one audit lead is al
lowed for one audit.
AUD_MGR Audit Manager The audit manager creates and initiates
audits, organizes resources for the au
dits, and reviews audit work programs
and reports.
It is mandatory to have an audit man
ager for an audit and only one audit
manager is allowed for one audit.
CAE Chief Audit Executive The chief audit executive (CAE) pre
pares the audit plan for the organization
based on risk assessments, overlooks
the auditing process, ensures that the
audit plan is carried out, and communi
cates the audit results to the senior
management and the board.
EXE_RESP Executive Responsible The executive responsible is the person
who is responsible for the activity or
process to be audited, for example,
someone from the management in the
auditee’s organization.
EXT_AUD External Auditor External auditors are auditors outside
your organization, who are hired by you
to conduct your internal audit or to au
dit your partners.
PARTNER Partner Entities that have partnership with you
whom you have interest in auditing,
such as your suppliers. You can assign
the role to the staff in your partner enti
ties who act as the primary contact for
the audit and will be required to assist
in the audit.
SCOPE_RESP Scope Responsible Person A person assigned to a scope and re
sponsible for the completion of the
scope.
SAP Audit Management for SAP S/4HANA
Setting Up SAP Audit Management for SAP S/4HANA PUBLIC 23
Role ID Role Name What does this role do?
TASK_RESP Task Responsible Person A task responsible person is an auditor
who performs a task, for example, an
audit procedure.
PFCG Roles
PFCG roles are back-end roles that provide authorizations and access to menu items. PFCG roles are used in
the following two ways:
● PFCG roles can be assigned to users. When you assign a PFCG role to a user, the user can have the
authorizations and accesses that are defined in the PFCG role.
● PFCG roles can also be mapped to application roles. When a PFCG role is mapped to an application role,
only users who have the same PFCG role can be assigned to this application role during the creation of an
audit object.
Example
PFCG role SAP_GRCAUD_AUDIT_MANAGER is mapped to application role AUD_MGR. When you create an
audit, only the users with the same PFCG role assigned can be selected as the audit manager.
If another PFCG role is also mapped to AUD_MGR, then users with this role assigned can also be
selected.
Access to the apps on the SAP Audit Management Launchpad are granted by the Fiori roles.
In SAP Audit Management, the following standard PFCG roles and corresponding Fiori roles are provided:
Name PFCG Role Fiori Role
SAP Audit Management: Chief Audit SAP_GRCAUD_CAE SAP_BR_ACS_CAE
Executive
SAP Audit Management: Audit Man SAP_GRCAUD_AUDIT_MANAGER SAP_BR_ACS_AUDIT_MANAGER
ager
SAP Audit Management: Auditor SAP_GRCAUD_AUDITOR SAP_BR_ACS_AUDITOR
SAP Audit Management: External Audi SAP_GRCAUD_EXTERNAL_AUDITOR SAP_BR_ACS_EXTERNAL_AUDITOR
tor
SAP Audit Management: Action Plan SAP_GRCAUD_ACTION_RESP SAP_BR_ACS_ACTION_RESP
Responsible (Auditee)
SAP Audit Management: Executive Re SAP_GRCAUD_EXECUTIVE_RESP SAP_BR_ACS_EXECUTIVE_RESP
sponsible (Auditee)
SAP Audit Management: Partner SAP_GRCAUD_PARTNER SAP_BR_ACS_AUDIT_PARTNER
SAP Audit Management for SAP S/4HANA
24 PUBLIC Setting Up SAP Audit Management for SAP S/4HANA
Name PFCG Role Fiori Role
SAP Audit Management: System Ad SAP_GRCAUD_SYSTEM_ADMIN /
ministrator
SAP Business Integrity Screening: SAP_GRCAUD_FRAUD_INTEGRATION SAP_BR_ACS_AUDIT_INT_FRAUD
Manager
Note
This role is designed for auditors
and audit leads to
● Create detection strategies
and assign them to tasks
● Execute detection strategies,
analyze the execution results,
and classify alerts
Note
The above PFCG roles contain all authorizations and menu entries that are available for SAP Audit
Management. This list should only be used as a template. For use in a production system, you must create
your custom roles based on these roles, and modify the authorizations and menu entries according to your
requirements.
To enable users to send e-mail notifications of audit activities, the following background processing
authorization must be maintained for the relevant PFCG roles:
Authorization Object Field Value
S_BTCH_ADM BTCADMIN Y
S_BTCH_JOB JOBACTION RELE
JOBGROUP ''
Alternatively, you can also make a copy of standard role SAP_GRCAUD_FRAUD_INTEGRATION and assign it to
your user. This role already contains the above required authorization.
For more information about PFCG roles, see the Security Guide at http://help.sap.com/audit_s4.
More Information
For more information about how to maintain application roles and role mappings, see the Customizing
activities and their documents under PFCG SAP Audit Management Basic Settings Role Settings .
SAP Audit Management for SAP S/4HANA
Setting Up SAP Audit Management for SAP S/4HANA PUBLIC 25
3.4 Browser Settings
It is possible to alter browser settings according to your preferences.
For more information about supported browsers, see Browser and Platform Support.
Follow Up Tasks After Importing a Transport – All Browsers (Optional)
The browser cache is deleted automatically and periodically. However, if you want, you can run the
report /UI5/APP_INDEX_CALCULATE to perform an immediate refresh.
See also Updating the SAPUI5 Application Index
3.5 Language Settings
When you start the application, the language that is displayed depends on the following:
● If you select the language on the logon screen, your selection is transferred to the back end with the URL
parameter.
● If you use single sign-on (SSO), the language of the browser settings is transferred to the back end.
Note
The language settings defined in the User Maintenance (transaction SU01) in the back end has no influence
on the application.
If a text is not available in the logon language, the corresponding text in a fallback language is displayed. Usually
the fallback language is English, but in some functions, the “secondary language” defined in the application
server is used. To achieve uniform behavior, SAP recommends using English as the secondary language.
3.6 Notifications
SAP Audit Management provides automatic and configurable notifications.
Notifications can be delivered in the following two forms. You can enable either or both of them.
● Emails
See Email Notification [page 27].
● Notification Center on the SAP Audit Management Fiori Launchpad
See Enable Notification Center on the Launchpad [page 28].
SAP Audit Management for SAP S/4HANA
26 PUBLIC Setting Up SAP Audit Management for SAP S/4HANA
3.6.1 Email Notification
3.6.1.1 Enable Email Notification
Enable email notifications.
Procedure
1. Go to Customizing activity Configure Notification Channels.
2. Enable the channel EMAIL.
3. Optional: If the frontend and backend are deployed in different servers, follow Configure URLs in Emails
When Frontend and Backend Are Separate [page 27] to configure the generation of the URLs contained in
emails.
3.6.1.2 Configure URLs in Emails When Frontend and
Backend Are Separate
Configure the generation of URLs in email notifications when the frontend and backend are deployed in
different servers.
Context
SAP Audit Management sends email notifications that contain links. For example, when an audit is initiated, an
email notification containing the link to the audit is sent.
When the frontend and the backend are deployed in different servers, the host and the client in the URLs of the
links must point to the frontend.
Procedure
1. Go to transaction SE16.
2. Enter the table name HTTPURLLOC.
3. Choose Create Entries.
4. Choose New Entries.
SAP Audit Management for SAP S/4HANA
Setting Up SAP Audit Management for SAP S/4HANA PUBLIC 27
5. Fill in the required fields. For the purpose of the fields and how to fill them in, see Configuration Table
HTTPURLLOC.
For the field APPLICATN, please enter SAPGRCAM<Your frontend client>. For example, SAPGRCAM110.
3.6.1.3 Disable Case Sensitivity for Email Addresses
Disable case sensitivity for email addresses.
By default, e-mail addresses are case sensitive in SAP Audit Management. For example, if you maintain the e-
mail address [email protected] in your user's master data, you cannot send back documents to the system using
[email protected] even if your e-mail client does not differentiate the two addresses.
You can turn off the case-sensitivity setting in Customizing activity Maintain Case Sensitivity Setting.
3.6.2 Enable Notification Center on the Launchpad
Send notifications via the Notification Center on the SAP Audit Management Launchpad.
Procedure
1. Go to Customizing activity Configure Notification Channels.
2. Enable the channel FIORI.
3. Follow the How to Setup Notifications in Fiori 2.0 step-by-step guide to finish the set-up.
3.7 SAP Jam Integration
The application offers an optional integration of SAP Jam, the SAP tool for collaborative work and coordination.
For help with using SAP Jam for collaboration, see http://help.sap.com/jam .
SAP Jam must be added to the SAP Fiori launchpad. If you do not find SAP Jam in your Home screen, then see
Adding SAP Jam to the SAP Fiori Launchpad in the Installation and Configuration Guide at http://help.sap.com/
audit_s4.
SAP Audit Management for SAP S/4HANA
28 PUBLIC Setting Up SAP Audit Management for SAP S/4HANA
3.8 Data Migration
If you plan to move to SAP Audit Management, you can migrate your data to the SAP Audit Management
system using the predefined spreadsheet templates.
The following data can be migrated:
● Audits
● Findings
● Action Plans
You have to migrate audits first, and then findings and then action plans. This is because findings are
dependent on audits and action plans are dependent on findings.
Migrate Audits
To migrate audits,
1. Go to Customizing activity Data Migration Migrate Audits .
2. Download the template.
3. Enter your audits in the downloaded template. The downloaded template contains the following sheets:
Sheet Description
Audits Enter the basic information of audits in this sheet, such as
their titles and time period.
Auditable Items With the Auditable Items sheet, you can assign auditable
items to audits.
You can only select from the auditable items listed in the
Auditable Item List sheet.
Auditable Item List The Auditable Item List sheet lists all of the auditable
items you have created in SAP Audit Management
Audit Universe . You cannot create new auditable items
using this sheet.
People With the People sheet, you can assign people to audits by
assigning users to roles.
You can only select from the users and roles listed in the
Roles and Users List sheet.
Roles and Users List The Roles and Users List sheet lists all the users in your
system and the roles for the object type Audit.
SAP Audit Management for SAP S/4HANA
Setting Up SAP Audit Management for SAP S/4HANA PUBLIC 29
Sheet Description
Organization With the Organization sheet, you can assign organizations
to audits.
You can only select from the organizations listed in the Or
ganization List sheet.
Organization List The Organization List sheet lists all the organizations you
have maintained in the Organizations app in SAP Audit
Management. You cannot create new organizations using
this sheet.
Working Paper Categories The Working Paper Categories sheet lists all the working
paper categories you have defined.
Working Paper With the Working Paper sheet, you can upload audit work
ing papers. To do so, enter the local path to the file to be
uploaded in the Working Paper File Path field.
4. After you have maintained your audits in the spreadsheet, go to Customizing activity Migrate Audits to
upload the spreadsheet.
You are required to fill in the Scope Name. An empty work program will be automatically generated for each
migrated audit. The scope name you entered will be used as the name of the nodes in the work program.
Migrate Findings
To migrate findings,
1. Go to Customizing activity Data Migration Migrate Findings .
2. Download the template.
3. Enter your audit findings in the downloaded template. The downloaded template contains the following
sheets:
Sheet Description
Findings In this sheet, you choose audits by ID and then enter find
ings per audit.
Organization With the Organization sheet, you can assign organizations
to findings.
You can only select from the organizations listed in the Or
ganization List sheet.
Organization List The Organization List sheet lists all the organizations you
have maintained in the Organizations app in SAP Audit
Management. You cannot create new organizations using
this sheet.
SAP Audit Management for SAP S/4HANA
30 PUBLIC Setting Up SAP Audit Management for SAP S/4HANA
Sheet Description
People With the People sheet, you can assign people to findings
by assigning users to roles.
You can only select from the users and roles listed in the
Roles and Users List sheet.
Roles and Users List The Roles and Users List sheet lists all the users in your
system and the roles for the object type Finding.
4. After you have maintained your findings in the spreadsheet, go to Customizing activity Migrate Findings to
upload the spreadsheet.
Migrate Action Plans
To migrate action plans,
1. Go to Customizing activity Data Migration Migrate Action Plans .
2. Download the template.
3. Enter your audit action plans in the downloaded template. The downloaded template contains the following
sheets:
Sheet Description
Action In this sheet, choose findings by ID and enter action plans
per finding.
People With the People sheet, you can assign people to action
plans by assigning users to roles.
You can only select from the users and roles listed in the
Roles and Users List sheet.
Roles and Users List The Roles and Users List sheet lists all the users in your
system and the roles for the object type Action.
Attachments With this sheet, you can upload attachments for your ac
tion plans. To do so, enter the local path to the file to be
uploaded in the File Path field.
4. After you have maintained your action plans in the spreadsheet, go to Customizing activity Migrate Action
Plans to upload the spreadsheet.
SAP Audit Management for SAP S/4HANA
Setting Up SAP Audit Management for SAP S/4HANA PUBLIC 31
3.9 Working with Spreadsheet Templates
SAP Audit Management provides the functionality for users to upload data using standard templates.
For example, you can download a template, maintain data offline for controls, risks, dimensions, auditable
items, and work programs, and upload it to the system. These standard templates are delivered by SAP and are
designed to work with most spreadsheet tools. However, there are a few tips that you need to know before you
jump in and maintain the data.
● Required and Optional Fields
Required fields are distinguished from optional fields by an asterisk (*). You must make an entry in all
required fields to successfully upload data.
Note
In the work program template, required fields are not marked.
● Valid Input Area
Each template has a valid input area. Only the data within the valid input area are recognized and uploaded
to the system. By default, the first row after the heading row is marked as the valid input area. You can
expand this area by placing your cursor over the lower-right corner of the area and dragging it to the
desired position.
● Data Validation
Data validations may be applied to the cells where restriction of data input is needed. Here is a list of input
formats you'll see in a template:
○ Drop-down list: Select values from the list only.
○ Date: Enter a date in the correct format. To check which date format is accepted, press CTRL + ; , and
the current date will be displayed. Enter your date in the same format.
○ User: Only back-end user names are accepted.
○ Text: Length limit may be applied to a text field.
● Text Format
Make sure you enter texts without any formatting in the cells. Formatted texts may cause unexpected
errors during upload and are not recognized by the system.
3.10 Configure Workflows
Learn about how to configure the workflow in SAP Audit Management.
SAP Audit Management enables you to use different workflows depending on audit types.
The workflow is determined by the so-called status schema. A status schema defines:
● The initial status.
● A sequence of actions that trigger status change.
● The resulting status of an action.
● The roles that can perform an action, also known as agents.
To configure workflows,
SAP Audit Management for SAP S/4HANA
32 PUBLIC Setting Up SAP Audit Management for SAP S/4HANA
1. Define status schemas in Customizing activity Define Audit Status Schema.
You can use predefined status schemas or create your own status schemas.
2. Apply status schemas to audit types in Customizing activity Define Audit Types.
3.10.1 Predefined Status Schemas
SAP Audit Management provides predefined status schemas.
Predefined Status Schemas
Business Objects Status Schema
Action Plan (ACTION) ● DEFAULT
● DFLT_ADTE
Audit (AUDIT) ● DEFAULT
● DFLT_ANN
● DFLT_QUA
● DFLT_RA
Auditable Items (ADTBL) ● DEFAULT
Business Rule Procedure (CTASK) ● DEFAULT
Control (CTRL) ● DEFAULT
Dimensions (DIM) ● DEFAULT
Detection Procedures (DTASK) ● DEFAULT
Finding (FIND) ● DEFAULT
Question Procedure (QTASK) ● DEFAULT
Risk (RISK) ● DEFAULT
Test Procedure (MTASK) ● DEFAULT
Work Program (SCOPE) ● DEFAULT
● DFLT_RA
This schema includes the risk assessment process.
SAP Audit Management for SAP S/4HANA
Setting Up SAP Audit Management for SAP S/4HANA PUBLIC 33
4 Managing Audit Resources
SAP Audit Management allows you to manage your audit resources.
Prerequisites
Sync the audit staff member list in SAP Audit Management with your identity providers in Customizing activity
Sync Audit Staff with Users from Identity Provider.
Key Features
● Group audit staff into teams and use team calendar to track schedules.
See Create Teams and Use Team Calendar [page 34].
● Maintain skills and qualifications.
See Maintain List of Skills and Qualifications [page 35].
● Classify audit staff into job groups and job levels and set daily pay rates to track audit cost.
See Audit Staff Classification [page 36].
● Audit staff can set up their profile.
See Set Up Profile [page 37].
● Track the time your audit staff spend on audits.
See Time Tracking [page 39].
4.1 Create Teams and Use Team Calendar
In the Resource Management app, you can group audit staff into teams and use team calendar to track the
schedules of a group of people and manage projects.
For example, you can group people with similar working roles or job levels into a team, and when you schedule a
new project, you can check their calendar to decide who is available for this project.
Create Teams
To create a team,
1. Choose Maintain Teams.
2. Choose Create Team.
SAP Audit Management for SAP S/4HANA
34 PUBLIC Managing Audit Resources
3. Enter a name for the team.
4. Select team members.
Use Team Calendar
The team calendar in Resource Management shows who is working on which audit and when.
● You can use two calendar views -Day and Month.
● To show the calendar of a team, select the team in the drop-down next to Month.
● On the calendar, you can drag and drop a draft audit to change its planned time period.
4.2 Maintain List of Skills and Qualifications
Maintain a list of audit-relevant skills and qualifications and so when your auditors set up their profile, they can
specify which of the skills and qualifications they possess. When resourcing audit projects, you can select
auditors by skills and qualifications.
Skills
To maintain a skill list, use Customizing activity Maintain Skills for Audit Staff.
You can use skill sets to categorize skills.
Example
Skill Set Skills
Business ● Risk management skills
● Accounting experience
IT ● Data analytics
● IT security and infrastructure knowledge
Regulatory Knowledge ● SOX
● Internal policies
Qualifications
To maintain a qualification list, use Customizing activity Maintain Qualifications for Audit Staff.
SAP Audit Management for SAP S/4HANA
Managing Audit Resources PUBLIC 35
Example
● Certified Internal Auditor
● Certified Public Accountant
4.3 Audit Staff Classification
Use job groupings and job levels to classify your audit staff.
Job Group, Job Level, and Day Rate
In Customizing activity Maintain Day Rates and Job Levels for Auditors, you can
● Create job groups
● Create a level structure within a job group
● Set job levelspecific day rate
Note
Day rate is the amount of money paid for a single working day. Staff wages are calculated based on
their day rates and recorded working hours, which will then be added to the actual cost of audits.
Assign Staff to Job Groups and Levels
Follow the steps below to assign your audit staff to job groups and identify their job levels.
Note
You need to first maintain a file template for scenario STAFF_LVL in Customizing activity Maintain
Templates for File Generation. You can copy the sample file template STF_LVL_UP from client 000.
1. Go to transaction GRCAUD_UPD_STF_LVL.
2. Download the spreadsheet template that lists your audit staff.
3. In the Staff Level ID column of the template, choose a job group and a job level for each staff member.
4. Go back to transaction GRCAUD_UPD_STF_LVL and upload the spreadsheet.
SAP Audit Management for SAP S/4HANA
36 PUBLIC Managing Audit Resources
4.4 Set Up Profile
Set up your work profile in the My Profile app.
In My Profile, you can
● Upload profile picture
Upload a profile picture to help other users know who you are. If there is no profile picture, your initials are
displayed.
● Add skills
Add and rate your skills.
● Add qualifications
Add your qualifications.
● Designate substitutes
Designate another user as your substitute so that they can perform your tasks.
● Check the work calendar
Use the calendar to show your work schedule.
● See audit history
You can see a list of audits assigned to you, including the historical audits, ongoing audits, and draft audits.
4.4.1 Add Skills
Add and rate your skills.
Procedure
1. Go to the Skills section.
2. Choose Edit.
A list of skills is shown.
3. Rate a skill that you possess using a fivestart scale. Leave the skills that you don't possess unrated.
4. Save.
SAP Audit Management for SAP S/4HANA
Managing Audit Resources PUBLIC 37
4.4.2 Add Qualifications
Add your qualifications.
Procedure
1. Go to the Qualifications section.
2. Choose Add.
3. Select a qualification that you've gained.
4. Fill in the validity period of the qualification.
5. Save.
To delete a qualification or change its validity, choose Edit.
4.4.3 Designate and Dismiss Substitutes
You can designate another user as your substitute so that they can perform your tasks.
Note
It is suggested you designate an user who has the same role or permissions as yours as your Substitute. If
you are an audit manager and designate an auditor as your Substitute, that Substitute may not be able to
perform your tasks because he or she doesn't have the audit manager permissions.
Designate a substitute
To designate a substitute,
1. In the Substitute section, choose Edit.
2. Select a user as your substitute.
3. Fill in the time period during which the user acts as your substitute.
You can have only one substitute for a certain time period.
Dismiss a substitute
Your substitute is automatically dismissed when the substitution end date is reached.
You can also manually dismiss your substitute. To do so,
SAP Audit Management for SAP S/4HANA
38 PUBLIC Managing Audit Resources
1. In the Substitute section, choose Edit.
2. In the Edit Substitute pop-up, choose Delete.
4.5 Time Tracking
SAP Audit Management enables you to track the time your auditors spend on audits and other activities.
Activity Types
You need to define the allowed activity types for time recording, such as Audit, Annual Leave, Sick Leave, and
Training. To define activity types, use Customizing activity Maintain Activity Types.
Set Working Hour Thresholds
In Customizing activity Define Daily Working Hours, you can set the standard daily working hours and a
maximum daily working hour limit.
Record time
Staff can record the time they spend on activities. The time recorded for audit activities are added to the actual
effort and used to calculate the actual cost of audits.
For how to record time, see Record Time [page 39].
4.5.1 Record Time
Staff can record the hours that they spend on audits and other activities.
Procedure
1. Go to the Record Time app.
2. In the calendar, select a date, or a date range by choosing a start date and an end date.
3. Choose Add in the Details section.
SAP Audit Management for SAP S/4HANA
Managing Audit Resources PUBLIC 39
4. Select an activity in the Activity Type field.
5. Enter the daily hours spent on the activity in Hours per Day.
If the number is smaller than the standard daily working hours, the selected dates will be marked as
Insufficient. If the number is greater than the standard daily working hours but smaller than the maximum
daily working hours, the selected dates will be marked as Overtime.
6. Choose Apply to save
Results
Each audit has an Actual Effort field, the value of which is automatically generated by combining the work hours
entered by all the involved auditing staff for that audit.
The Actual Effort field is editable by default. To prevent its value from being changed manually, we recommend
that you set the field ACTUAL_EFFORT in the Customizing activity Maintain Field Attributes by Status Schema
as read-only.
SAP Audit Management for SAP S/4HANA
40 PUBLIC Managing Audit Resources
5 Master Data
In SAP Audit Management, master data refers to organizations, risks, controls, and dimensions.
SAP Audit Management allows you to create master data, upload master data using spreadsheets, and import
from SAP Process Control or SAP Risk Management.
You can establish linkage between master data, such as between risks and controls.
5.1 Organizations
You can maintain the organization data of your company, customers, vendors, and other entities in SAP Audit
Management and use them for auditing purpose.
For example, you can link risks and controls to organizations. When planning risk-based audits, you can select
the relevant organizations for audits.
Basic Concepts
Organization Hierarchy
An organization hierarchy can be used to represent the hierarchical structure of an entity, such as your
company, or used as a catalog of organizations serving the same purpose for your company, such as your
vendors.
Organization
The nodes in a hierarchy are referred to as organizations.
● Root Organization
A root organization is one without a parent organization.
● Child Organization
A child organization is one with a parent organization.
Organization Type
You can use organization types to categorize organizations. It's mandatory to specify which organization type is
allowed in a certain organization hierarchy.
Organization Group
You can use organization groups to control the authorizations to create, change, display, and delete
organizations.
SAP Audit Management for SAP S/4HANA
Master Data PUBLIC 41
Working with Organizations
1. Create organization hierarchies to maintain the organization data of different entities.
See Create Organization Hierarchies [page 42].
2. Define organization types and map to organization hierarchies.
See Create Organization Types [page 42].
3. Configure organization groups.
See Configure Organization Groups [page 43].
4. Create and maintain organizations.
You have the following options to create and maintain organizations:
○ Create organizations individually
See Create Organizations [page 43].
○ Upload organizations in bulk using a spreadsheet
See Upload Organizations [page 44].
○ Import organizations from SAP Process Control or SAP Risk Management
See Import Master Data from SAP Process Control and SAP Risk Management [page 64].
5.1.1 Create Organization Hierarchies
You can create organization hierarchies in Customizing activity Define Organization Hierarchies.
SAP Audit Management provides the following predefined organization hierarchies:
● Internal
● Supplier
● Partner
5.1.2 Create Organization Types
Create organization types and map them to organization hierarchies.
Create Organization Types
You can create organization types in Customizing activity Define Organization Types.
SAP Audit Management delivers the following predefined organization types:
● Internal
● Supplier
● Partner
SAP Audit Management for SAP S/4HANA
42 PUBLIC Master Data
Map Organization Types to Organization Hierarchies
You can map organization types to organization hierarchies in Customizing activity Define Organization
Hierarchies.
By mapping organization types to organization hierarchies, you specify which organization type is allowed in a
certain organization hierarchy. Only one organization type is allowed for an organization hierarchy
Example
If you map the organization type Internal to the organization hierarchy Internal, then only organizations of the
type Internal are allowed in the organization hierarchy Internal.
5.1.3 Configure Organization Groups
Use organization groups to control users' authorization to create, update, display, and delete specific
organizations.
Procedure
1. Create organization groups in Customizing activity Define Organization Groups.
2. Go to the transaction PFCG.
3. Assign authorizations to PFCG roles.
Assign the Display, Create, Change, and/or Delete authorization for organization groups to PFCG roles via
the authorization object ACS_ORG, and then the roles can display, create, change, and/or delete
organizations in the organization groups.
4. Assign users to PFCG roles.
5.1.4 Create Organizations
Create a new organization.
Prerequisites
You have authorizations for the organization group in which you want to create the new organization. See
Configure Organization Groups [page 43].
SAP Audit Management for SAP S/4HANA
Master Data PUBLIC 43
Procedure
1. Go to the Organizations app.
2. Select an organization hierarchy.
3. Choose one of the following:
○ To create a root organization, choose Create directly.
○ To create a child organization, choose its parent first and then choose Create.
4. Enter the following information for the new organization:
Field Description
Name The name of the organization.
Description The description of the organization.
Type The organization type is prefilled according to the current
hierarchy.
Group You can choose an organization group for root organiza
tions. Child organizations inherit the organization group
from their parent organization.
You can change the organization group of root organiza
tions, and then the change will apply to the child organiza
tions.
After you have created an organization, you can click on it to go to its detail page, where you can edit and
see its information, including the risks, controls, auditable items, audit history and so on.
5.1.5 Upload Organizations
You can upload new organizations in bulk using a spreadsheet template.
Prerequisites
You have authorizations for the organization groups to which you want to upload the new organizations. See
Configure Organization Groups [page 43].
Context
You can only upload organizations to one organization hierarchy at a time.
SAP Audit Management for SAP S/4HANA
44 PUBLIC Master Data
Procedure
1. Go to the Organizations app.
2. Choose Mass Upload Download Template .
3. Enter organizations in the downloaded spreadsheet template.
Field Description
Name The name of the organization.
Description A description of the organization.
Parent For root organizations, leave the field empty.
For child organizations, select its direct parent in the field.
You can select from those organizations you have already
entered in the spreadsheet.
Organization Group The group of child organizations must be the same with
their parents.
4. In the Organizations app, select an organization hierarchy and then choose Mass Upload Upload to
upload the spreadsheet.
5.2 Risk Register
The Risk Register app is the repository of the risks in your organization, which is essential for developing risk-
based audit plans.
Key Features
With the Risk Register app, you can
● Use different views to examine risks from different perspectives, such as internal audit and risk
management.
See Views for Risks [page 46].
● Create risks individually
See Create Risks [page 48].
● Upload risks in bulk using a spreadsheet
See Upload Risks [page 49].
● Document risk analysis
See Risk Analysis [page 50].
● Use key risk indicators to monitor changes in risk exposure level and contribute to the early warning signs.
See Create Key Risk Indicators for Risks [page 52].
● Understand a risk more clearly by breaking it down to underlying risks.
SAP Audit Management for SAP S/4HANA
Master Data PUBLIC 45
See Underlying Risks [page 53].
● Link risks to controls. By doing so, when scoping audits based on risks, you can identify the controls that
need to be tested.
See Add Controls to Risks [page 54].
5.2.1 Views for Risks
The Risk Register app enables you to use different views to examine risks from different perspectives.
Pre-defined Views
Risk Register comes with two predefined views: Internal Audit and Risk Management.
● Internal Audit
This view is intended for the risks that you want to focus your audit on. Only risks in this view can be
selected for audits.
● Risk Management
This view can be used to store the risks imported from the SAP Process Control or SAP Risk Management
system.
Working with Views
● You can only create and edit risks in the Internal Audit view.
● Risks can be imported from one view to another. See Import Risks Between Views [page 47].
● You can create your own views. See Create Views for Risks and Controls [page 71].
Example Use of Views
If your SAP Process Control or SAP Risk Management is integrated with SAP Audit Management, you can base
your internal audit on the risks stored in SAP Process Control or SAP Risk Management.
1. Import risks from SAP Process Control or SAP Risk Management.
The risks are stored in the Risk Management view in the Risk Register app.
See Import Master Data from SAP Process Control and SAP Risk Management [page 64].
2. In the Risk Register app, import the risks from the Risk Management view to the Internal Audit view.
3. In the Internal Audit view, you can assess the risks from the internal audit perspective and select them for
audits.
SAP Audit Management for SAP S/4HANA
46 PUBLIC Master Data
5.2.1.1 Import Risks Between Views
Import risks from one view to another in the Risk Register app.
Context
The following procedure describes the steps to import individual risks from one view to another. You can use
the program GRCAUD_IMPORT and the Connector LOCAL to import all risks from Risk Management view to
Internal Audit view.
Procedure
1. In Risk Register, select the view to which you want to import risks.
2. Choose Import.
3. In the drop-down box, select the view from which you want to import risks.
4. Select the risks you want to import.
5.2.2 Risk Type and Category
Use risk types and categories to categorize risks.
Risk Type
You can use risk types to indicate on which level a risk occurs, such as the enterprise level and the operational
level.
To create risk types, use Customizing activity Define Risk Type.
SAP Audit Management delivers a predefined risk type: Enterprise.
Risk Category
You can use risk categories to indicate the areas where risks occur, such as financial risks and IT risks.
To create risk categories, use Customizing activity Define Risk Categories.
SAP Audit Management delivers the following predefined risk categories:
SAP Audit Management for SAP S/4HANA
Master Data PUBLIC 47
● Compliance
● External
● Financial
● IT
● Organizational
● Project Management
A risk category can be broken down to child risk categories. For example, financial risks may have the child
categories: credit risks, liquidity risks and so on.
5.2.3 Create Risks
Create a risk.
Procedure
1. In Risk Register, select the Internal Audit view.
2. Choose Create Risk.
3. Enter the following information for the risk:
Field Description
Title The name of the risk.
Organization The organization that the risk is related to.
Description A description of the risk.
Validity The validity period of the risk.
Risk Type The type of the risk.
Risk Category The category that this risk falls under.
4. Choose Save.
Next Steps
Document the risk analysis, key risk indicators, underlying risks, and controls.
SAP Audit Management for SAP S/4HANA
48 PUBLIC Master Data
5.2.4 Upload Risks
You can upload risks in bulk using a spreadsheet template.
Procedure
1. Go to the Risk Register app.
2. Select the Internal Audit view.
3. Choose Mass Upload Download Template .
4. Enter risks in the downloaded spreadsheet template.
The template contains the following sheets:
Sheet Description
Risks In this sheet, enter the following information of risks:
○ Title
○ Description
○ Organization
You can check the Organizations List sheet for the
available organizations.
○ Valid From
○ Valid To
○ Risk Type
Controls In this sheet, you can assign controls to risks.
You can check the Controls List sheet for the available
controls.
Organizations list This sheet lists all the available organizations. You cannot
add new organizations in this sheet.
Controls list This sheet lists all the available controls. You cannot add
new controls in this sheet.
5. In the Risk Register app, select the Internal Audit view, and choose Mass Upload Upload to upload
the spreadsheet.
The risks entered in the spreadsheet are uploaded to the Internal Audit view.
Next Steps
In the Risk Register app, document the risk analysis, key risk indicators, and underlying risks for the uploaded
risks.
SAP Audit Management for SAP S/4HANA
Master Data PUBLIC 49
5.2.5 Risk Analysis
In the Risk Register app, you can document the following information of a risk:
● Inherent and Residual Likelihood level
● Inherent and Residual Impact Level
● Inherent and Residual Risk Level
Working with Risk Analysis
● You need to configure the likelihood, impact, and risk level scales first.
See Configure Likelihood, Impact, and Risk Levels [page 51].
● When a risk is imported from SAP Risk Management, its analysis is also be imported.
5.2.5.1 Create Risk Analysis
Create analysis for a risk.
Context
You can create analysis multiple times. The analysis history is shown. You can't delete the anlysis.
Procedure
1. In the Risk Register app, select the Internal Audit view.
2. Select the risk.
3. Go to the Analysis section.
4. Choose Analyze.
5. Enter the inherent risk and residual risk.
6. Save.
SAP Audit Management for SAP S/4HANA
50 PUBLIC Master Data
5.2.5.2 Configure Likelihood, Impact, and Risk Levels
Configure rating scales for evaluation of the likelihood level, impact level, and risk level of risks.
Likelihood Level
You can configure the likelihood level scale in Customizing activity Maintain Likelihood Levels.
SAP Audit Management delivers the following predefined likelihood levels:
● Rare
● Unlikely
● Possible
● Likely
● Certain
You can use the Green, Yellow, and Red colors to represent the levels.
Impact Level
You can configure the impact level scale in Customizing activity Maintain Impact Levels.
SAP Audit Management delivers the following predefined impact levels:
● Insignificant
● Minor
● Moderate
● Major
● Catastrophic
You can use the Green, Yellow, and Red colors to represent the levels.
Risk Level
You can configure the risk level scale in Customizing activity Maintain Risk Levels.
SAP Audit Management delivers the following predefined risk levels:
● High
● Medium
● Low
You can use the Green, Yellow, and Red colors to represent the levels.
SAP Audit Management for SAP S/4HANA
Master Data PUBLIC 51
5.2.5.3 View-dependent and Version-based Risk Analysis
Two risk analysis sync modes are available for risks that exist in multiple views: the view-dependent mode and
the version-based mode.
● View-dependent
The analysis in a view will not overwrite that in other views until you import the risk from the view to others.
For example, create a new analysis for a risk in the Internal Audit view. The analysis will not be synced to the
Risk Management view until you import the risk from the Internal Audit view to Risk Management view.
● Version-based
When the views have the same version of a risk, the analysis in a view will overwrite that in other views.
For example, when the Internal Audit view and the Risk Management view has the same version of a risk,
you create a new analysis in the Internal Audit view, and then the analysis will also be synced to the Risk
Management view.
To switch the mode, use Customizing activity Enable View-Dependent Risk Analysis.
5.2.6 Create Key Risk Indicators for Risks
Create key risk indicators (KRIs) for a risk and record the KRI values at a specific point in time.
Prerequisites
Set the maximum KRI value in Customizing activity Set Max Risk Score. The limit applies to all KRIs.
Procedure
1. Go to the Risk Register app and select the Internal Audit view.
2. Select the risk.
3. Go to the Key Risk Indicators section.
4. Choose Create.
5. Enter the following information for the KRI:
Field Description
Title The name of the KRI.
Description A description of the KRI.
Value The current value of the KRI.
SAP Audit Management for SAP S/4HANA
52 PUBLIC Master Data
Results
KRIs are editable. For example, you can manually update their values when there are changes.
5.2.7 Underlying Risks
You can understand a risk more clearly by breaking it down to more specific risks, which are referred to as the
underlying risks in SAP Audit Management.
A risk is referred to as the parent risk of its underlying risk.
Please be aware of the following restrictions:
● A risk can have only one parent risk.
● Circular dependency is not allowed. For example, there is circular dependency when Risk A is the parent of
Risk B, Risk B is the parent of Risk C, and Risk C is the parent of Risk A.
5.2.7.1 Add Underlying Risks
Specify the underlying risks of a risk.
Prerequisites
The underlying risks must already be documented in Risk Register Internal Audit .
Procedure
1. Go to the Risk Register app and select the Internal Audit view.
2. Select the risk.
3. Go to Underlying Risks section.
4. Choose Assign.
5. Select risks.
Note
Those risks that already have a parent risk or will cause circular dependency are not available for
selection.
SAP Audit Management for SAP S/4HANA
Master Data PUBLIC 53
5.2.8 Add Controls to Risks
Add controls to a risk so when the risk is selected for auditing, you can identify the controls that need to be
tested.
Prerequisites
The controls are already documented in the Internal Audit view in the Controls app.
For more information, see Controls [page 55].
Procedure
1. Go to the Risk Register app and select the Internal Audit view.
2. Select the risk.
3. Go to the Controls section.
4. Choose Assign.
5. Select controls.
Results
After you add a control to a risk, the risk will also be displayed for the control in the Controls app.
5.2.9 Remove Risks
You can remove risks from Risk Register if it's no longer needed.
Prerequisites
Risks that are being used cannot be removed.
SAP Audit Management for SAP S/4HANA
54 PUBLIC Master Data
Procedure
1. In the Risk Register app, select a view.
2. Select a risk.
3. Choose the Remove button.
The removed risks are no longer visible in Risk Register.
To restore the removed risks. See Restore Risks [page 55].
5.2.10 Restore Risks
If you accidentally remove a risk, you can restore it.
Procedure
1. In Risk Register, select the view from which the risk was removed.
2. Choose Import.
3. In the drop-down, choose Removed.
The risks that were removed from the view are shown.
4. Select the risk you want to restore.
Results
The risk goes back to the view from which it was removed.
5.3 Controls
The Controls app is the repository of controls.
Key Features
With the Controls app, you can
● Use different views to examine controls from different perspectives, such as internal audit and risk
management
SAP Audit Management for SAP S/4HANA
Master Data PUBLIC 55
See Views for Controls [page 56].
● Create controls individually
See Create Controls [page 59].
● Upload controls in bulk using a spreadsheet
See Upload Controls [page 59].
● Link a control to the risks that it is intended to mitigate
See Add Risks to Controls [page 60].
● View the control test results and any audit findings relevant to a control
5.3.1 Views for Controls
The Controls app enables you to use different views to examine controls from different perspectives.
Pre-defined Views
The Controls app comes with two predefined views: Internal Audit and Risk Management.
● Internal Audit
This view is intended for the controls that you want to focus your audits on. Only controls in this view can
be added to risks and selected for audits.
● Risk Management
This view can be used to store the controls imported from the SAP Process Control or SAP Risk
Management system.
Working with Views
● You can only create and update controls in the Internal Audit view.
● Controls can be imported from one view to another. See Import Controls Between Views [page 57].
● You can create your own views. See Create Views for Risks and Controls [page 71].
Example Use of Views
If your SAP Process Control or SAP Risk Management is integrated with SAP Audit Management, you can audit
the internal controls stored in SAP Process Control or SAP Risk Management.
1. Import controls from SAP Process Control or SAP Risk Management.
The controls are stored in the Risk Management view in the Controls app.
See Import Master Data from SAP Process Control and SAP Risk Management [page 64].
2. In the Controls app, import controls from the Risk Management view to the Internal Audit view.
3. In the Internal Audit view, you can edit the controls, if needed.
SAP Audit Management for SAP S/4HANA
56 PUBLIC Master Data
5.3.1.1 Import Controls Between Views
Import controls from one view to another in the Controls app.
Context
The following procedure describes the steps to import individual controls from one view to another. In addition,
you can use the program GRCAUD_IMPORT and the Connector LOCAL to import all controls from Risk
Management view to Internal Audit view.
Procedure
1. In the Controls app, select the view to which you want to import controls.
2. Choose Import.
3. In the drop-down box, select the view from which you want to import controls.
4. Select the controls you want to import.
5.3.2 Attributes of Controls
5.3.2.1 Control Category
The attribute Control Category is used to group controls according to their area and level.
You can define control categories in Customizing activity Maintain Control Attribute Values.
SAP Audit Management provides the following predefined control categories:
● Direct Entity Level Controls (ELC)
● IT General Control
● Transaction Level Control
5.3.2.2 Control Nature
The attribute Control Nature indicates the activities involved in a control.
You can define control nature options in Customizing activity Maintain Control Attribute Values.
SAP Audit Management provides the following predefined control nature options:
● Adjustment
SAP Audit Management for SAP S/4HANA
Master Data PUBLIC 57
● Authorization
● Initiation
● Match
● Processing
● Reconciliation
● Recording
● Restricted Access
● Review
● Safeguarding of Assets
● Segregation of Duties
5.3.2.3 Control Automation
The attribute Control Automation indicates whether a control is manual or automated.
You can define control automation options in Customizing activity Maintain Control Attribute Values.
SAP Audit Management delivers the following predefined control automation options:
● Automated
● Semi-Automated
● Manual
5.3.2.4 Control Significance
The attribute Control Significance indicates the importance of a control.
You can define control significance options in Customizing activity Maintain Control Attribute Values.
SAP Audit Management delivers the following predefined control significance options:
● Key Control
● Standard Control
Key controls are those of which the effectiveness has material impact on the achievement of your
organization’s objectives, and standard controls have less material impact.
SAP Audit Management for SAP S/4HANA
58 PUBLIC Master Data
5.3.3 Create Controls
Create a control.
Procedure
1. Go to the Controls app.
2. Select the Internal Audit view.
3. Choose Create Control.
4. Enter the following information for the control:
Field Description
Title The name of the control.
Organization The organizations related to the control.
Description A description of the control.
Validity The validity of the control.
Control Category Attributes of the control.
Control Significance
Control Automation
Control Nature
5. Choose Save.
5.3.4 Upload Controls
Upload new controls in bulk using a spreadsheet template.
Procedure
1. Go to the Controls app.
2. Select the Internal Audit view.
3. Choose Mass Upload Download Template .
SAP Audit Management for SAP S/4HANA
Master Data PUBLIC 59
4. Enter controls in the downloaded spreadsheet template.
The template contains the following sheets.
Sheet Description
Controls In this sheet, you can enter the following information of
controls:
○ Title
○ Description
○ Organization
You can check the Organizations List sheet for the
available organizations.
○ Valid From
○ Valid To
○ Control Category
○ Control Nature
○ Control Automation
○ Control Significance
○ Control Status
Organizations list This sheet lists all the organizations for your reference.
You cannot add new organizations in this sheet.
5. In the Controls app, select the Internal Audit view, and choose Mass Upload Upload to upload the
spreadsheet.
The controls entered in the spreadsheet are uploaded to the Internal Audit view.
5.3.5 Add Risks to Controls
You can link a control to the risks that it is intended to mitigate.
Prerequisites
The risks are already documented in the Internal Audit view in the Risk Register app.
Procedure
1. Go to the Controls app.
2. Select the control in the Internal Audit view.
3. Go to the Risks section.
4. Choose Assign.
SAP Audit Management for SAP S/4HANA
60 PUBLIC Master Data
5. Select risks.
Results
After you add a risk to a control, the control will also be displayed for the risk in Risk Register.
5.3.6 Design Control Effectiveness Rating Scale
You can design a rating scale for evaluating the effectiveness of controls.
To design the rating scale, use Customizing activity Maintain Control Effectiveness Settings.
SAP Audit Management delivers the following ratings:
● Effective
● Partially Effective
● Ineffective
5.4 Dimensions
Using different dimensions enables you to understand the risks in your organization and conduct audit through
different lenses.
Dimensions can be business processes, product lines, legal entities, IT systems, regulations, and so on.
Associating risks with the dimensions enabling a multi-dimensional view of your internal audit activity. For
example, you can focus your audit on the risks in certain business processes, or answer questions like how
many critical audit findings are related to an IT system, or understand what coverage an audit plan provides for
a legal entity.
Key Features
SAP Audit Management allows you to
● Identify the dimension types you need. Example dimension types are business process, plant, and IT
system.
See Create Dimension Types [page 62].
● Document the dimensions under a type.
Hierarchical structure is allowed.
○ Root dimension
A root dimension is one without a parent dimension.
○ Child dimension
SAP Audit Management for SAP S/4HANA
Master Data PUBLIC 61
A child dimension is one with a parent dimension.
See Create Dimensions [page 62] or Upload Dimensions [page 63].
● Associate risks with a dimension.
See Assign Risks to Dimensions [page 63].
● View the audit history of a dimension.
5.4.1 Create Dimension Types
You can create dimension types in Customizing activity Maintain Dimension Types.
SAP Audit Management delivers the following dimension types:
● Function
● Process
● Site
5.4.2 Create Dimensions
Create a dimension.
Procedure
1. Go to the Dimensions app.
2. Select a dimension type.
3. Choose one of the following:
○ To create a root dimension, choose Create Root Dimension .
○ To create a child dimension, select its parent and then choose Create Child Dimension .
4. Enter the following information for the new dimension:
Field Description
Title The name of dimension
Description A description of the dimension.
SAP Audit Management for SAP S/4HANA
62 PUBLIC Master Data
5.4.3 Upload Dimensions
You can upload new dimensions in bulk using a spreadsheet template.
Context
You can only upload dimensions of the same type together at a time.
Procedure
1. In the Dimensions app, choose Mass Upload Download Template .
2. Enter dimensions in the downloaded spreadsheet template.
○ To create a root dimension, leave the Parent field empty.
○ To create a child dimension, in the Parent field select its direct parent dimension. You can select from
those dimensions you have already entered in the spreadsheet.
3. In the Dimensions app, select a dimension type and then choose Mass Upload Upload to upload the
spreadsheet.
Results
The dimensions entered in the spreadsheet are uploaded to the selected dimension type.
5.4.4 Assign Risks to Dimensions
You can assign a risk to a dimension to indicate that they are associated.
Prerequisites
The risks are already documented in the Internal Audit view in the Risk Register app.
SAP Audit Management for SAP S/4HANA
Master Data PUBLIC 63
Procedure
1. In the Dimensions app, select the dimension.
2. Go to the Risks section.
3. Choose Assign.
4. Select risks.
Results
When risks are assigned to a dimension, the KRIs of the risks are also assigned. The Highest Risk Score of a
dimension is the highest KRI value among these risks.
5.5 Import Master Data from SAP Process Control and SAP
Risk Management
You can import master data from SAP Process Control or SAP Risk Management.
Introduction
The following objects can be imported:
● Organizations
● Risks
● Controls
It's recommended that you import in the order Organizations Risks Controls .
Note
The assignment relationship between objects can also be imported, such as assignment of controls to
risks. However, if controls have never been imported yet when you import risks, the assignment of controls
to risks cannot be imported. To solve this issue, you can import risks again after you have imported
controls.
How to Import Master Data
See:
Prerequisites for Import [page 65]
SAP Audit Management for SAP S/4HANA
64 PUBLIC Master Data
Import Organizations [page 66]
Import Risks [page 66]
Import Controls [page 68]
Check Import Log [page 69]
Schedule Regular Import Jobs [page 69]
Source Information of Imported Objects
Imported objects come with the following source information:
Field Description
Source System Type The type of the source system, e.g. SAP Risks Management
or SAP Process Control.
Source System The exact system or server from which the object is im
ported, namely the connector you use for importing.
Source Object A hyper link, by clicking on which you'll be navigated to the
source object in the source system. The link text shows the
ID of the object in the source system (Source ID).
5.5.1 Prerequisites for Import
Fulfill the prerequisites to import master data from SAP Process Control or SAP Risk Management.
● Create a connector for importing master data in the Customizing activity Set Up Connectors.
● Map values for the fields, such as the likelihood level of risks and effectiveness ratings of controls, between
SAP Audit Management and SAP Process Control or SAP Risk Management in Customizing activity Map
Field Values.
● Make sure the following authorization are assigned to your role via the authorization object AUD_VIEW:
ACTVT 16 (Execute)
AUD_VIEW View ID
BO_SERVICE Execute
● Implement the SAP Note 2952423 to import the risk category and underlying risks.
SAP Audit Management for SAP S/4HANA
Master Data PUBLIC 65
5.5.2 Import Organizations
Import organizations from SAP Process Control or SAP Risk Management.
Prerequisites
See Prerequisites for Import [page 65].
Procedure
1. Go to the transaction GRCAUD_IMPORT_ORG or run the program GRCAUD_IMPORT_ORG.
2. Select a connector.
3. In the Hierarchy Type field, enter the organization hierarchy to which you want to import organizations.
4. In the Organization Type field, enter the organization type mapped to the organization hierarchy.
5. In the Default Group field, enter the organization group to which you want to import organizations.
6. Optional: If you want to import any certain organization, enter its ID in the Orgunit ID field.
7. Choose Execute.
Results
● Organizations are imported to the Organizations app and stored in the specified organization hierarchy. You
can see the source information of imported organizations.
● The ID of an organization used in SAP Audit Management is the same as in the source system.
5.5.3 Import Risks
Import risks from SAP Process Control or SAP Risk Management.
Prerequisites
See Prerequisites for Import [page 65].
SAP Audit Management for SAP S/4HANA
66 PUBLIC Master Data
Context
The following attributes of risks can be imported:
Object Attributes
Risks ● Name
● Description
● Risk Type
● Risk Category
● Validity
● Organization
● Likelihood Level
● Risk Level
● Impact Level
● Underlying risks
● Controls
Procedure
1. Go to the transaction GRCAUD_IMPORT_RISK or run the program GRCAUD_IMPORT_RISK.
2. Select a connector.
3. Choose Execute.
4. In Target Viewselect the view in Risk Register where the imported risks will be stored. The recommended
view is Risk Management.
Note
If you want to test the import function, you can try import a small number of risks, such as 10 risks. To
do so, enter the number in the Package Size field.
5. Optional: You can filter risks by risk level.
6. Optional: If you want to import any certain risks, enter their source ID in the field Source Risk ID.
7. Choose Execute.
Results
● Risks are imported to Risk Register and stored in the specified target view. You can see the source
information of imported risks.
● An ID is assigned to each risk when it is imported the first time, which is used to identify it in SAP Audit
Management.
● If a risk has been imported before, it will be updated with the latest information from the source system.
SAP Audit Management for SAP S/4HANA
Master Data PUBLIC 67
5.5.4 Import Controls
Prerequisites
See Prerequisites for Import [page 65].
Context
The following attributes of controls can be imported:
Object Attributes
Controls ● Name
● Description
● Validity
● Organization
● Category
● Significance
● Automation
● Nature
● Risks
● Test Steps
● Test History
○ Effectiveness
○ Test Date
○ Comments
Procedure
1. Go to the transaction GRCAUD_IMPORT_CTRL or run the program GRCAUD_IMPORT_CTRL.
2. Select a connector.
3. Choose Execute.
4. In Target View, select the view in Controls where the imported controls will be stored. The recommended
view is Risk Management.
Note
If you want to test the import function, you can try import a small number of controls, such as 10
controls. To do so, enter the number in the Package Size field.
SAP Audit Management for SAP S/4HANA
68 PUBLIC Master Data
5. You can filter controls by control category, nature, significance, or automation.
6. If you want to import any certain controls, enter their source ID in the field Source Control ID.
7. Choose Execute.
Results
● Risks are imported to Controls and stored in the specified target view. You can see the source information
of imported controls.
● An ID is assigned to each control when it is imported the first time, which is used to identify it in SAP Audit
Management.
● If a control has been imported before, it will be updated with the latest information from the source system.
5.5.5 Check Import Log
The log provides detailed information about the executed import jobs.
Procedure
1. Go to transaction SLG1.
2. Enter GRCAUD in the field Object.
3. Enter IMPORT in the field Subobject.
4. Choose Execute.
5.5.6 Schedule Regular Import Jobs
To keep the master data up-to-date with the source systems, you can schedule regular import jobs in
Customizing activity Schedule Jobs for Importing Tasks.
SAP Audit Management for SAP S/4HANA
Master Data PUBLIC 69
5.5.7 Master Data Delimitation
When the import job detects that the source object of an organization, risk, or control in the source system is
delimited, the organization, risk, or control will be removed from SAP Audit management.
Set Threshold
You can use thresholds to prevent unwanted removal of objects caused by technical errors.
When technical errors occur, such as connection errors, the import jobs may not be able to correctly identify
some objects in source systems and as a result, determine those objects as delimited. In this kind of situation,
the delimitation percentage detected by import jobs is usually high.
When there are thresholds in place, if the import jobs detect that the percentage of delimited objects is lower
than the threshold, the job will be executed and delimited objects will be removed. If the percentage exceeds
the threshold, the job will not be executed.
You can set thresholds in Customizing activity Master Data Delimitation.
5.5.8 Enable Import of Organizational Structure Changes
You can allow the organizational structure changes in a source system to be imported into SAP Audit
Management to keep the data in the two systems consistent.
Organizational structure changes include:
● There are deleted organizations.
● There are delimited organizations
● There are changes to the levels of organizations.
Note
New organizations are NOT considered as organizational structure change.
You can switch on and off the import of changes in Customizing activity Enable Organization Structure Update.
5.5.9 Manually Assign Organizations to Imported Risks and
Controls
You can enable the manual assignment of organizations to import risks and controls.
When risks and controls are imported, their organization assignment is also imported. By default, the
Organizations field in an imported risk or control is ready-only and so you cannot manually assign organizations
to imported risks and controls.
SAP Audit Management for SAP S/4HANA
70 PUBLIC Master Data
In case you don't want to use the imported organization assignment, you can enable manual assignment of
organizations in Customizing activity Enable Editing Organization of Imported Risk and Control and then the
Organizations field becomes editable.
5.5.10 Configure Navigation Path for Imported Organizations
If an organization is imported from SAP Process Control or SAP Risk Management, you can click on the Source
Object link to go to the source system from which it is imported.
Organizations are shared by SAP Process Control and SAP Risk Management. You can use Customizing activity
Configure Navigation Path for Org to choose the application to which the source object links redirect.
5.6 Create Views for Risks and Controls
You can create views for risks and controls in Customizing activity Maintain Views for Risks and Controls
However, you can only create and edit the risks and controls in the Interal Auditview.
For more information on the authorization to create and access the views, see the documentation for
authorization object AUD_VIEW.
SAP Audit Management for SAP S/4HANA
Master Data PUBLIC 71
6 Planning
Audit planning is the first phase of the audit process.
During this phase, you identify the focus areas of audit and arrange resources for the planned audits.
1. Maintain Audit Universe
Maintain an audit universe to identify auditable items and monitor coverage.
2. Develop Audit Plans
Select risks and auditable items for audit plans, identify the audits needed, and allocate resources.
3. Create Audits
You can create audits based on your plans, or create audits directly.
4. Assign People to Audits
Assign audit staff to audits and specify the stakeholders, such as the CAE and the Executive Responsible.
5. Initiate Audits
Initiate audits. After initiated, audits enter the preparation phase.
6.1 Audit Type, Category, and Group
Audit Type
Audit types can be used to classify audits by the services rendered.
SAP Audit Management provides the following audit types:
● Assurance
● Consulting
● Partner
In Customizing activity Define Audit Types, you can create audit types and configure settings for audit types.
See Audit Type Configuration Settings [page 73]
Audit Category
Audit categories classify audits by the areas to be audited.
SAP Audit Management provides the following audit categories:
● Corporate Audit
● Environment, Health, and Safety Audit
SAP Audit Management for SAP S/4HANA
72 PUBLIC Planning
● Financial Audit
● Operational Audit
● Strategic Audit
You can create audit categories in Customizing activity Define Audit Categories.
Audit Group
Audit groups can be used to control the access to auditable items and audits.
1. Create audit groups in Customizing activity Define Audit Groups.
2. Go to the transaction PFCG to assign authorizations to roles.
Assign the Display, Create, Change, and/or Delete authorization for organization groups to PFCG roles via
the authorization object ACS_ORG, and then the roles can display, create, change, and/or delete
organizations in the organization groups.
6.1.1 Audit Type Configuration Settings
Audit activities are dependent on the audit types.
In Customizing activity Define Audit Types, you can configure the following settings for an audit type:
Configuration Description
Status Schema Choose status schemas.
Procedure Type Choose the audit procedures that can be used.
Scope Schema Choose a scope schema for audit preparation work pro
grams.
Choose a scope schema for audit execution work programs.
Organization Type Choose the organization types that are relevant to the audit
type.
When selecting organizations for audits, you can only select
from the relevant organizations.
Role Choose custom application roles.
Require Auditable Item Make auditable items required for audits.
Add Risks from Risk Register Make it possible to manually select risks for audits.
Assign Dimensions to Audit Directly Make it possible to manually select dimensions for audits.
Disable Automatic Risk Assignment By default, when an auditable item is assigned to an audit,
the risks in the auditable item will also be automatically as
signed to the audit. You can disable the automatic assign
ment of risks and make it possible to assign risks manually.
SAP Audit Management for SAP S/4HANA
Planning PUBLIC 73
Configuration Description
Assign Organizations to Audits Directly By default, the organizations you can assigned to an audit
are restricted to those assigned to the auditable items in the
audit. You can remove the restriction.
Force Same Group for Auditable Items You can set the restriction that to assign auditable items to
an audit, the auditable items must be in the same audit
group with the audit.
6.2 Audit Universe
Audit Universe is the collection of the auditable items in your organization.
Auditable items are also known as auditable entities, units, or areas. An auditable item can be a process,
activity, project, product line, or any entity that can be audited.
Before working with auditable items, get yourself familiar with the auditable item life cycle. See Auditable Item
Lifecycle [page 74].
Key Features
In the Audit Universe app, you can
● Create auditable items individually
● Upload auditable items using a spreadsheet template
● Specify the risks identified in an auditable item
● Associate auditable items with dimensions
● See the audit history of auditable items
6.2.1 Auditable Item Lifecycle
Learn about the lifecycle of auditable items.
Auditable Item Lifecycle
After an auditable item is created, it needs to be released in order to be assigned to audits. If you update an
auditable item after releasing it, you need to release again to make the changes come into effect.
1. Create an auditable item
The auditable item lifecycle status is New Master, which indicates it has never been released.
SAP Audit Management for SAP S/4HANA
74 PUBLIC Planning
2. Review the auditable item
3. Release the auditable item
The auditable item lifecycle status changes to Released Master, which indicates it is released and no
updates exist.
4. Update the auditable item
The auditable item lifecycle status changes to Released & Updated Master, which indicates it has an update
since its last release but the update is not released yet.
5. Review the auditable item
6. Release the auditable item
The auditable item lifecycle status changes to Released Master again.
Note
The review step can be skipped so that the auditable items can be released directly. To do so, see Release
Auditable Items Directly below.
Release Timestamp
The Release Timestamp of an auditable item shows the person who last released it and the date and time when
it was last released. Release Timestamp is not displayed if the auditable item has never been released.
How to Tell the Auditable Item Version?
If an auditable item is assigned to an audit or an audit plan, you can tell if the currently assigned version is the
latest one by its life cycle status.
Status Description
Active This auditable item is the latest released version.
Outdated This auditable item has a released update. You need to re
fresh it to get its latest version.
Release Auditable Items Directly
To do so,
1. Go to transaction PFCG.
2. Choose the role SAP_GRCAUD_AUDIT_MANAGER.
3. Find the authorization object AUD_ITEMS and deselect the option I1: Submit.
SAP Audit Management for SAP S/4HANA
Planning PUBLIC 75
6.2.2 Create Auditable Items
Create an auditable item.
Procedure
1. Go to the app Audit Universe.
2. Choose Create.
3. In the General Information section, enter the following information:
Field Description
Title The name of the auditable item.
Group Assign the auditable item to an audit group.
Description A description of the auditable item.
Responsible Person The person responsible for the auditable item.
Tags Use tags to classify the auditable item and make it easier
to find. Already existing tags are suggested based on the
characters you type in. You can also type new tags.
4. In the Source section, provide the background information of the auditable item.
Field Description
Requested by The person who requested that the auditable item be added to the au
dit universe.
Requested on The date of request.
Source More background information, such as the reason for requesting this
auditable item.
5. In the Risk section, rate the overall risk of the auditable item.
○ Risk Level
○ Impact Level
○ Likelihood Level
○ Risk Score
The overall risk rating of auditable items can help you determine the priority when scoping audits.
6. Estimate the effort needed for auditing this auditable item:
SAP Audit Management for SAP S/4HANA
76 PUBLIC Planning
Field Description
Estimated Effort for Business An estimation of the required person days from line of
businesses.
Estimated Effort for IT An estimation of the required person days from IT.
7. Save.
8. Specify the organizations related to the auditable item.
a. Go to the Organizations section.
b. Choose Assign.
c. Select organizations.
9. Specify the risks in the auditable item.
a. Go to the Risks section.
b. Choose Assign.
c. Select risks.
10. Assign dimensions to the auditable item.
a. Go to the Dimensions section.
b. Choose Assign.
c. Select dimensions.
Next Steps
Submit or directly release the auditable item.
6.2.3 Upload Auditable Items
Upload new auditable items in bulk to Audit Universe using a spreadsheet template.
Procedure
1. In Audit Universe, choose Mass Upload Download Template .
2. Enter auditable items in the downloaded spreadsheet template.
The template contains the following sheets:
SAP Audit Management for SAP S/4HANA
Planning PUBLIC 77
Sheet Description
Auditable Items In this sheet, you can enter the following information of
auditable items:
○ Title
○ Description
○ Organizations
You can check the Organizations List sheet for the
available organizations.
○ Audit Group
○ Requested By
○ Requested On
○ Source
○ Risk Level
○ Impact Level
○ Likelihood Level
○ Risk Score
○ Estimated Effort for Business
○ Estimated Effort for IT
○ Responsible Person
Dimensions In this sheet, assign dimensions to auditable items. You
can check the Dimensions List sheet for the available di
mensions.
Risks In this sheet, assign risks to auditable items. You can
check the Risks List sheet for the available risks.
Dimension List This sheet lists all the dimensions for your reference. You
cannot add new dimensions in this sheet.
Risk List This sheet lists all the risks for your reference. You cannot
add new risks in this sheet.
Organization List This sheet lists all the organizations for your reference.
You cannot add new organizations in this sheet.
3. Go to Audit Universe, and choose Mass Upload Upload to upload the spreadsheet.
The auditable items entered in the spreadsheet are uploaded to Audit Universe.
Next Steps
Submit or directly release the auditable items.
SAP Audit Management for SAP S/4HANA
78 PUBLIC Planning
6.2.4 Delete an Auditable Item
You can delete an auditable item that has never been released.
Procedure
1. Go to the Audit Univers app.
2. Select the auditable item.
3. Choose the Delete button.
6.2.5 Mass Delete Auditable Items
You can delete auditable items that have never been released in bulk.
Procedure
1. Log on to the SAP Audit Managemen backend system. Choose a client other than the production client.
Note
You can display the role of a client – production or some other role – by choosing SAP Menu Tools
Administration Administration Client Administration Client Maintenance . The Client role field
in Details shows whether a client is a production client.
2. Choose SAP Audit Management Tools Delete Auditable Items , or enter transaction
GRCAUD_DEL_AUD_ITEM (Report for deletion of Auditable Items) in the command field.
3. Use the selection screen to choose the auditable items that you want to delete.
4. Select Execute to run the transaction.
The transaction reports how many auditable items have been selected for deletion.
5. Confirm the deletion.
When the deletion is done, a message reports how many of the selected auditable items have been
deleted. Any auditable items that could not be deleted remain unchanged in the database.
SAP Audit Management for SAP S/4HANA
Planning PUBLIC 79
6.2.6 Close Auditable Items
You can close an auditable item if it is no longer needed.
Procedure
1. Go to the Audit Universe app.
2. Select the auditable item.
3. Choose the Close button.
4. Choose the Release button.
Closing an auditable item is considered as a change to the auditable item. The change has to be released to
come into effect.
Results
Closed auditable items remain in the system. You can reopen a closed auditable item if it is needed for audits
again.
6.2.7 Reopen Closed Auditable Items
You can reopen a closed auditable item.
Procedure
1. Go to the Audit Universe app.
2. Select the Closed tab.
3. Select the auditable item.
4. Choose the Reopen button.
5. Choose the Release button.
Reopening an auditable item is considered as a change to the auditable item. The change has to be
released to come into effect.
SAP Audit Management for SAP S/4HANA
80 PUBLIC Planning
6.3 Audit Plans
An audit plan helps you plan a series of audits for selected risks and auditable items based on the available
resources.
Develop Audit Plans
The process of developing an audit plan is as follows:
1. Create an audit plan
○ Assign budget and resources
○ Select risks
○ Select auditable items
○ Choose the organizations and dimensions to be audited
2. Create audits based on the plan or add existing audits
3. Release the audit plan when it is ready
A released audit plan can no longer be edited. To make changes to a released audit plan, you can reopen it.
Copy Audit Plan
If you want to carry forward the unfinished work in an audit plan to the next audit cycle, you can copy the audit
plan.
● You can only copy a released audit plan, and there can be only one copy at a time. All the items in the plan
will be copied.
● The copy is a Draft. You can edit it.
● The copy uses the same name but has a different ID.
Archive Audit Plans
You can close a released audit plan by archiving it. An archived audit plan can no longer be reopened.
● If a released audit plan doesn't have a copy, you can archive it manually by clicking the Archive button.
● If a released audit plan has a copy, you can't manually archive it. It is automatically archived when the copy
is released.
SAP Audit Management for SAP S/4HANA
Planning PUBLIC 81
6.3.1 Create Audit Plans
Create an audit plan.
Procedure
1. Go to the app Manage Audit Plans.
2. Choose Add.
3. Enter the following information for the audit plan:
Field Description
Title The name of the audit plan.
Time Period The time period covered by the plan.
Description A description of the plan.
Planned Effort The effort needed for the plan, which is denominated in person work
days.
Financial Budget The budget for the plan.
4. Choose OK.
The newly created audit plan is a draft. You can see the following read-only fields:
Budget
Field Description
Total Estimated Cost from Audits The estimated cost of the audits included in the audit plan
combined.
Total Actual Cost from Audits The actual cost of the audits included in the audit plan
combined.
Effort
Field Description
Estimated Effort for Business An estimation of required person days for line of businesses, which is
aggregated from the auditable items assigned to the audit plan.
Estimated Effort for IT An estimation of required person days for IT personnel, which is ag
gregated from the auditable items assigned to the audit plan.
Total Estimated Effort from Audits The estimated effort of the audits included in the audit plan combined.
SAP Audit Management for SAP S/4HANA
82 PUBLIC Planning
Field Description
Total Actual Effort from Audits The actual effort of the audits included in the audit plan combined.
5. Add risks to the audit plan.
a. Go to the Risks section.
b. Choose Assign.
Only those risks documented in Risk Register Internal Audit view can be added.
6. Add auditable items. You have two ways to do so:
○ Add the auditable items associated with the risk
1. In the Risks section, select a risk.
2. Choose Add Auditable Items.
3. Select from the auditable items assigned to the risk.
○ Select any auditable items from Audit Universe
1. Go to the Auditable Items section.
2. Choose Assign.
3. Select from the available auditable items in Audit Universe.
Note
When you add an auditable item to a plan, the risks of the auditable item can also be automatically
added to the plan. To enable this function, go to the view GRCAUD_V_ATRKFAD and activate the
Customizing item AUD_AUTO_RISK_FADTBL.
7. Select the organizations to be audited.
a. Go to the Auditable Items section.
b. In the column Organizations, click on the number X/Y.
Y stands for the total number of the organizations assigned to the auditable item, and X for the
number of the selected organizations.
c. In the popup, choose Edit.
d. Select organizations.
e. Save.
8. Select the dimensions to be audited.
a. Go to the Auditable Items section.
b. In the column Dimensions, click on the number X/Y.
Y stands for the total number of the dimensions assigned to the auditable item, and X for the number
of the selected dimensions.
c. In the popup, choose Edit.
d. Select dimensions.
e. Save.
SAP Audit Management for SAP S/4HANA
Planning PUBLIC 83
6.3.2 Create Audits Based on Audit Plans
Create an audit in an audit plan.
Procedure
1. Go to the Auditable Items section in the plan.
2. Select the auditable items you want to group in an audit.
3. Choose Create Audit.
4. Enter the following information:
Field Description
Title The name of the audit.
Audit Type Select an audit type from the drop-down.
Audit Group Select an audit group from the drop-down.
Audit Category Select an audit category from the drop-down.
Planned Time Period The planned start and end date of the audit.
Audit Scope Describe the scope of the audit.
Country or Region The country or region of the organization to be audited.
Company Code Enter the company code of the organization to be audited.
Estimated Effort Estimate the effort need for the audit.
Estimated Cost Estimate the cost needed for the audit.
Tags You can add tags to the audit to make it easier to find.
The system suggests already existing tags based on the
characters that you have typed in. You can also add new
tags simply by typing them in. You can add multiple tags
for one audit. The maximum length for a single tag is 20
characters.
5. Save.
Next Steps
Assign People to Audits [page 88]
SAP Audit Management for SAP S/4HANA
84 PUBLIC Planning
6.3.3 Add Audits to Audit Plan
Add existing audits to an audit plan.
Procedure
1. Go to the Audits section in the audit plan.
2. Choose Assign.
3. Select audits.
Results
The auditable items in the audits are automatically added to the audit plan.
6.4 Create Audits Directly
Create an audit directly.
Procedure
1. Go to the app Initiate Audits.
2. Choose Create.
3. Enter following information:
Field Description
Title The name of the audit.
Audit Type Select an audit type from the drop-down.
Audit Group Select an audit group from the drop-down.
Audit Category Select an audit category from the drop-down.
Planned Time Period The planned start and end date of the audit.
Audit Scope Describe the scope of the audit.
SAP Audit Management for SAP S/4HANA
Planning PUBLIC 85
Field Description
Country or Region The country or region of the organization to be audited.
Company Code Enter the company code of the organization to be audited.
Estimated Effort Estimate the effort need for the audit.
Estimated Cost Estimate the cost needed for the audit.
Tags You can add tags to the audit to make it easier to find.
The system suggests already existing tags based on the
characters that you have typed in. You can also add new
tags simply by typing them in. You can add multiple tags
for one audit. The maximum length for a single tag is 20
characters.
4. Save.
5. Go to Auditable Items section to add auditable items to the audit.
6. Go to Risks section to add the risks that need to be audited.
7. Go to Organizations section to add the organizations that need to be audited.
8. Go to Dimensions section to add the dimensions that need to be audited.
Next Steps
Assign People to Audits [page 88]
6.5 Copy Audits
You can copy existing audits to save effort in creating audits.
Procedure
1. Go to the app Initiate Audits.
2. Choose Copy.
3. In the field Copy From, choose the audit you want to copy.
4. Choose the items you want to copy from the audit.
Options:
○ People
SAP Audit Management for SAP S/4HANA
86 PUBLIC Planning
○ Auditable Items
○ Organizations
○ Risks
○ Dimensions
○ Work Program
5. Choose Copy.
Results
The copy is named Copy of <Name of the Original Audit>. The Copied From field indicates the origin of the copy
as well as when and by whom the copy is created.
6.6 Create and Assign Audits in Resource Management
You can create and assign audits in the Resource Management app, where you can check the availability of your
auditors against the team calendar.
Procedure
1. Go to the Resource Management app.
2. Choose Unassigned Audits, and a list of unassigned audits is shown.
Note
Audits are unassigned when the required roles of Audit Team are not assigned.
3. To create a new audit, choose Create Audit.
4. Optional: In the Audit Plan field, choose the audit plan to which the audit you want to add.
5. Enter the following information for the audit:
Field Description
Title The name of the audit.
Audit Type Select an audit type from the drop-down.
Audit Group Select an audit group from the drop-down.
Audit Category Select an audit category from the drop-down.
SAP Audit Management for SAP S/4HANA
Planning PUBLIC 87
Field Description
Planned Time Period The planned start and end date of the audit.
Audit Scope Describe the scope of the audit.
Country or Region The country or region of the organization to be audited.
Company Code Enter the company code of the organization to be audited.
Estimated Effort Estimate the effort need for the audit.
Estimated Cost Estimate the cost needed for the audit.
Tags You can add tags to the audit to make it easier to find.
The system suggests already existing tags based on the
characters that you have typed in. You can also add new
tags simply by typing them in. You can add multiple tags
for one audit. The maximum length for a single tag is 20
characters.
6. Save.
The audit will be shown in the Unassigned Audits list.
7. Select the audit to continue to complete the information of the audit and assign people to the audit.
6.7 Assign People to Audits
Assign audit staff and specify the stakeholders for an audit.
Procedure
1. Go to the Initiate Audits app.
2. Select the audit.
3. Go to the People section.
4. Choose Edit and fill in the following fields:
Option Description
Audit Team ○ Audit Manager
Only the audit manager can initiate the audit.
○ Audit Lead
○ Auditor
SAP Audit Management for SAP S/4HANA
88 PUBLIC Planning
Option Description
Stakeholder ○ CAE
○ Executive Responsible
5. Save.
6.8 Initiate Audits
Initiate an audit.
Prerequisites
Only the assigned audit manager can initiate an audit.
Procedure
1. Go to the Initiate Audit app.
2. Select the audit.
3. Choose the Initiate button.
The status of the audit changes to Initiated. The audit enters the preparation phase and it moves to the
Prepare Audits app.
6.9 Delete Audits
You can delete a draft audit.
Prerequisites
The audit is not included in any released or reopened audit plan.
SAP Audit Management for SAP S/4HANA
Planning PUBLIC 89
Procedure
1. Go to the Initiate Audits app.
2. Select the audit.
3. Choose the Delete button.
6.10 Cancel Audits
You can cancel an audit if it is no longer needed.
Prerequisites
● Only the assigned audit manager can cancel the audit.
● The audit is in one of the following statuses:
○ It is in Draft status and is included in a released or reopened audit plan.
○ It has been initiated and the final audit report has not been approved.
Procedure
1. Go to the Track Ongoing Audits app.
2. Select the audit.
3. Choose Cancel.
Results
The status of the audit changes to Canceled. It moves to the Display Historical Audits app and is read-only.
SAP Audit Management for SAP S/4HANA
90 PUBLIC Planning
7 Preparation
After an audit is initiated, it enters the preparation phase.
The audit preparation may include the following tasks, but not all of them are mandatory.
1. Audit Announcement (Optional)
Inform auditee of the audit objectives, scopes, and other information through an announcement letter.
2. Risk Assessment (Optional)
SAP Audit Management enables you to plan audits based on the Risk Register and Audit Universe. In
addition to that, you can perform further risk assessment in the preparation phase.
For example, if you are auditing your external partners such as suppliers, you can perform risk assessment
to obtain more understanding of the partners and their environment as the basis of your audit.
3. Prepare Audit Execution Work Program
An audit execution work program defines the audit procedures to be performed during fieldwork.
You can enable a review process for audit execution work programs. Once the audit execution work
program is approved, an audit enters the execution phase.
7.1 Audit Announcement
Inform auditee of the audit objectives, scopes, and other information through an announcement letter.
Key Features
● Create audit announcement letters
You can upload announcement letters or generate announcement letters using templates.
● Review announcement letters
In the review process, an audit announcement letter is submitted for review and the reviewer chooses to
approve or reject the announcement letter.
● Distribute announcement letters
You can distribute announcement letters to stakeholders.
SAP Audit Management for SAP S/4HANA
Preparation PUBLIC 91
7.1.1 Create Announcement Letters
Create an announcement letter for your audit.
Procedure
1. Go to the Prepare Audits app and select an audit.
2. Go to the Working Papers section and choose the Preparation folder.
3. Upload an announcement letter or generate one using a template.
Note
Use the Customizing activity Maintain Templates for Generating Announcement Letters to predefine
templates. The default PDF template is delivered in English. If you want to generate the announcement
letter in other languages, you need to first create a translated version of text object
GRCAUD_ANN_LETTER_NEXT_STEPS in that language in transaction SO10.
4. Submit the announcement letter.
Results
The audit moves to the Approve Audit Preparation app.
7.1.2 Announcement Letter Review
7.1.2.1 Enable Announcement Letter Review Process
To enable the review process, configure the status schema for object AUDIT. You can refer to the predefined
status schema DFLT_ANN.
The following actions and statuses are relevant for the review process:
Actions Statuses
● SUBMIT_AUDIT_ANNOUNCEMENT ● Announcement Submitted
● APPROVE_AUDIT_ANNOUNCEMENT ● Announcement Approved
● REJECT_AUDIT_ANNOUNCEMENT ● Announcement Rejected
SAP Audit Management for SAP S/4HANA
92 PUBLIC Preparation
7.1.2.2 Review Announcement Letters
Review the submitted announcement letter.
Procedure
1. Go to the Approve Audit Preparation app.
2. Select an audit.
3. Choose Approve or Reject.
Option Description
Approve The audit status changes to Announcement Approved.
Reject The audit status changes to Announcement Rejected and
the audit will be sent back to the Prepare Audits app for re
work.
7.1.3 Announcement Letter Distribution
7.1.3.1 Enable Announcement Letters Distribution
To enable the distribution of audit announcement Letters,
● Configure the status schema for object AUDIT. You can refer to the predefined status schema DFLT_ANN.
The following action and status are relevant:
Action Status
○ SUBMIT_AUDIT_ANNOUNCEMENT ○ Announcement Submitted
○ DISTRIBUTE_AUDIT_ANNOUNCEMENT ○ Announcement Distributed
● Configure the announcement letter recipients in Customizing activity Maintain Notifications for Audit
Activities.
Action DISTRIBUTE_AUDIT_ANNOUNCEMENT
Status Schema The status schema defined in the previous step.
Role The recipients of the announcement letter. For example, if
you set Executive Responsible, then the executive respon
sible assigned to an audit will receive the announcement
letter of the audit.
SAP Audit Management for SAP S/4HANA
Preparation PUBLIC 93
7.1.3.2 Distribute Announcement Letter
Distribute the announcement letter for an audit.
Procedure
1. Go to the Approve Audit Preparation app.
2. Select an audit.
3. Choose the Distribute button.
7.2 Risk Assessment in Audit Preparation
SAP Audit Management enables you to perform risk assessment in the audit preparation phase.
Prerequisites
Note
Risk assessment is by default enabled for the audit type Partner.
To enable risk assessment for an audit type, the following prerequisites must be fulfilled.
● The action START_RISK_ASSESSMENT must be included in the status schema for object AUDIT. The
predefined status schema DFLT_RA (AUDIT) is an example that includes the action.
● The status change from New to In Process must be included in the status schema for object SCOPE. The
predefined status schema DFLT_RA (SCOPE) is an example that includes the action.
● Configure a scope schema for risk assessment work programs.
Risk Assessment Process
1. Create Risk Assessment Work Program
Create a work program for risk asssessment (Work Program Category B).
2. Start Risk Assessment
When the work program is ready, click on the Start Risk Assessment button.
The audit status changes to Performing Risk Assessment and the work packages are set to In Process.
Note
New work packages can be added after risk assessment is started and manually set to In Process .
SAP Audit Management for SAP S/4HANA
94 PUBLIC Preparation
3. Perform Risk Assessment
The responsible persons can check out the work packages assigned to them in the app My Work Packages
and then perform the required risk assessment procedures.
4. Review Work Packages
After completing the tasks in the work packages, the responsible persons submit work packages for
review. The audit lead can then review the submitted work packages in the app Review Work Packages.
Note
Review is optional. To enable or disable the review process, see Work Package Review [page 114].
7.3 Design and Review Audit Execution Work Program
Design and review audit execution work programs.
1. Create work program
Create an audit execution work program in the Prepare Audits app.
See Work Program [page 95].
2. Submit Work Program
When the work program is ready, click the Submit Work Program button to submit it for review.
The audit moves to the Approve Audit Preparation app and its status changes to Work Program Submitted.
3. Review Work Program
Review the audit work program in the Approve Audit Preparation app.
○ Approve
Once approved, the audit status changes to In Execution. The assigned auditors can see the audit in My
Ongoing Audits.
○ Reject
If rejected, the audit status changes to Work Program Rejected and the audit will be sent back to
Prepare Audits for rework.
7.4 Work Program
A work program sets out the tasks that need to be completed.
Work Program Category
SAP Audit Management defines two work program categories:
● Audit preparation work program (Category B)
● Audit execution work program (Category C)
SAP Audit Management for SAP S/4HANA
Preparation PUBLIC 95
Work Program Structure
You can create a work program as a hierarchy to break down your audit work into smaller tasks.
The number of levels in a work program is configurable. See Configure Work Program Structure using Scope
Schema [page 96].
Work Package
The lowest level in a work program is referred to as Work Package for the purpose of this help document,
regardless of how many levels the work program actually contains.
A work package includes:
● Risks to be audited
● Controls to be audited
● Audit procedures to be performed
7.4.1 Configure Work Program Structure using Scope Schema
Work program structure is determined by the scope schema.
A work program scope schema defines:
● The number of levels in work programs
● Work package responsible person
You can configure scope schemas in Customizing activity Define Scope Schema for Work Programs and then
apply scope schemas to audit types in Customizing activity Define Audit Types.
SAP delivers the following predefined scope schemas:
Scope Schema Level Structure
DFLT_LV1 This schema defines an one-level structure.
DFLT_LV2 This schema defines a two-level structure.
DEFAULT This schema defines a three-level structure.
DFLT_PA This schema defines a two-level structure and is by default
used for the audit preparation work program for the audit
type Partner.
SAP Audit Management for SAP S/4HANA
96 PUBLIC Preparation
7.4.2 Create Work Programs
Create a work program for an audit.
Procedure
1. Go to the Prepare Audits app.
2. Select the audit.
3. Go to the Work Program section.
4. Choose Edit.
5. Choose Add, or choose Add Multiple to add multiple items at a same level.
6. Select a category.
Note
This step is skipped when risk assessment is not enabled.
Category Code Category
B Audit preparation work program
C Audit execution work program
7. Name the items at each level in the work program.
8. Assign responsible persons to work packages by selecting users in the Person Responsible drop-down.
9. Select a work package.
10. In the Risks section, add risks to this work package.
Only those risks assigned to the audit can be selected.
11. In the Controls section, add controls to this work package.
Only those controls assigned to the risks added in the previous step can be selected.
12. Create audit procedures.
Note
The allowed procedures depend on the audit type configuration.
○ Create Test Procedures [page 100]
○ Create Question Procedures [page 103]
○ Create Detection Procedures [page 106]
○ Create Business Rule Procedure [page 107]
SAP Audit Management for SAP S/4HANA
Preparation PUBLIC 97
7.4.3 Upload Work Program
Upload a work program to an audit using a spreadsheet template.
Procedure
1. Go to the Prepare Audits app.
2. Select the audit.
3. Go to the Work Program section.
4. Choose Download.
5. Choose one of the following options:
Option Description
Preparation Work Program Template A blank template for audit preparation work program. To
create an audit preparation work program from scratch,
choose this option.
Execution Work Program Template A blank template for audit execution work program. To
create an audit execution work program from scratch,
choose this option.
Current Preparation Work Program To update an existing audit preparation work program,
choose this option.
Current Execution Work Program To update an existing audit execution work program,
choose this option.
6. Open the downloaded spreadsheet.
7. In the first sheet, enter the names for each level of the work program and the responsible persons.
8. Enter the procedures.
○ Upload Test Procedures [page 101]
○ Upload Question Procedures [page 104]
○ Upload Business Rule Procedures [page 108]
Note
You can't upload detection procedures using the template.
9. Upload the work program.
Next Steps
You can't assign risks and controls to work packages and audit procedures in the spreadsheets. You have to go
to the Prepare Audits app to do so.
SAP Audit Management for SAP S/4HANA
98 PUBLIC Preparation
7.4.4 Copy Work Program from Other Audits
You can copy work programs from other audits.
Prerequisites
You can only copy from an audit with the same scope schema and allowed procedure types.
Procedure
1. In the Work Program section, choose Copy From an Audit .
2. Choose an audit.
You can select an audit to see its work program.
3. Choose one of the following options:
Option Description
Extend Add the copied work program to the original work pro
gram.
Replace Replace the original work program with the copied work
program
Results
The preparation and execution work programs are both copied, if any.
7.4.5 Audit Procedures
Audit procedures are part of a work program.
SAP Audit Management enables you to develop the following audit procedures:
● Test Procedures
Specify a sequence of steps to perform, such as the inspection and observation steps.
● Question Procedures
Design the inquiry questions and evaluate the auditee based on the responses obtained.
● Business Rule Procedures
Execute the business rules defined in SAP Process Control.
● Detection Procedures
Use the detection strategies defined in SAP Business Integrity Screening.
SAP Audit Management for SAP S/4HANA
Preparation PUBLIC 99
7.4.5.1 Test Procedure
A test procedure lists a sequence of steps to be performed.
7.4.5.1.1 Enable Links for Test Steps
You can attach links to the steps in a test procedure.
For example, for a step of inspecting sales documents, you can attach the link to the sales system where the
sales orders can be found.
To enable the linking function, go to Customizing activity Use Links in Test Procedures, where you can define
link categories, link addresses and link texts. Only the links defined here can be attached to the steps in test
procedures.
7.4.5.1.2 Create Test Procedures
Create a test procedure in a work package.
Procedure
1. Go to the Procedures section in the work package.
2. Choose Add Test .
3. Enter the following information for the test procedure:
Field Description
Title The name of the test procedure.
Description A description of the test procedure.
Planned Time Period The intended start and due date for performing the test
procedure.
Person Responsible The person responsible for performing the test procedure.
4. Choose Save.
5. Go to the Steps section to specify the steps in the test procedure.
a. Choose Add.
b. Enter the name and description of the step.
c. Attach a link, if needed.
SAP Audit Management for SAP S/4HANA
100 PUBLIC Preparation
7.4.5.1.3 Upload Test Procedures
Use the work program spreadsheet template to upload test procedures.
Procedure
1. Select the Test Procedures sheet in the work program spreadsheet template .
2. Choose a work package.
3. Enter the following information of test procedures. A row presents a test procedure.
○ Title
○ Description
○ Planned Start Date
○ Planned End Date
4. Open the Test Steps sheet.
5. Choose a test procedure to enter the steps in the procedure.
A row represents a step. Enter the steps in their sequence.
6. Open the Links sheet, and choose a test procedure and a step to attach links to the step.
7.4.5.1.4 Assign Controls to Test Procedures
You can link a test procedure to the controls it is intended to test.
Procedure
1. Go to the test procedure.
2. Go to the Controls section in the test procedure.
3. Choose Assign.
4. Select controls.
Only those controls covered by the work package can be selected.
SAP Audit Management for SAP S/4HANA
Preparation PUBLIC 101
7.4.5.1.5 Copy Steps from Controls
You can copy the test steps from the assigned controls to a test procedure if the controls are imported from
SAP Process Control and have a test plan.
Procedure
1. Go to the test procedure.
2. Go to the Steps section.
3. Choose Copy.
4. Select the controls that you want to copy test steps from.
You can only select from the controls that are assigned to the test procedure.
7.4.5.2 Question Procedure
Question procedures can be used to perform inquiries and interviews.
In the preparation phase, you use question procedures to design the questions to ask of the auditee. After
inquiry, you can document and evaluate the auditees' responses to the questions.
7.4.5.2.1 Design Rating Scales for Evaluating Auditee's
Responses to Questions
You can use a rating scale to evaluate auditee's responses to the inquiries.
A rating includes a text description and a numeric value. The numerical values will be used for calculating
question scores.
Example Rating Scale
Rating Numeric Value
Compliant 10
Moderate Risk 5
High Risk 2
You can use Customizing activity Define Question Ratings to design audit type-based rating scales. When you
create a question procedure, a rating scale is automatically assigned to the question procedure according to
the type of the audit.
SAP Audit Management for SAP S/4HANA
102 PUBLIC Preparation
7.4.5.2.2 Question Weighting
You can assign a weighting between 0 and 100 to a question procedure.
The score of a question procedure is calculated by multiplying the rating and the weighting.
The score of an audit is calculated by summing up the scores of all the question procedures in the audit. For
more information, see Audit Scoring [page 112].
7.4.5.2.3 Create Question Procedures
Create a question procedure in a work package.
Procedure
1. Go to the Proceduressection in the work package.
2. Choose Add Question .
3. Enter the following information for the question procedure:
Field Description
Name Name of the question procedure.
Description Enter the question(s) in the field.
If you want to rate each question individually, enter one
question in a question procedure. If you want to rate a ser
ies of questions collectively, you can document these
questions in one question procedure.
Weight Assign a weighting between 0 and 100 to the question
procedure.
Note
The rating scale is not shown when you create a question procedure. It is only shown in the audit
execution phase.
SAP Audit Management for SAP S/4HANA
Preparation PUBLIC 103
7.4.5.2.4 Upload Question Procedures
Use the work program spreadsheet template to upload question procedures.
Procedure
1. Open the Questions sheet in the work program spreadsheet template.
2. Choose a work package.
3. Enter question procedures. A row presents a question procedure.
○ Title
○ Description
○ Weight
7.4.5.3 Detection Procedure
With a detection procedure, you can use the detection and investigation capabilities provided by SAP Business
Integrity Screening to find irregularities in business data.
If a detection strategy finds irregularities and generates alert items, then these items populate a working paper
that is added to the work package. From the working paper, you can use the investigative and management
tools of SAP Business Integrity Screening to analyze each irregularity.
Special Detection Strategies and Alerts for SAP Audit Management
Detection strategies for use in detection procedures have these special features:
● Only detection strategies that have been specially marked for use in SAP Audit Management may be used
in detection procedures. These strategies may not be used by SAP Business Integrity Screening for
detection.
This feature ensures that an audit detection strategy produces alert items only in the context of an audit.
● You maintain audit detection strategies using the normal editing tools of SAP Business Integrity Screening.
You designate a detection strategy for use in auditing by setting the special Audit strategies (technical key
AUDIT in Customizing) investigation reason when you define the strategy.
● An audit detection strategy may be assigned to only a single detection procedure at a time. If a detection
strategy is assigned to a task, then it is removed automatically from the list of strategies in the input help.
● Audit detection strategies are allowed to produce duplicate alerts and alert items. This feature makes it
possible for the same alert item to be used in separate audits that may be examining different aspects of a
compliance problem.
Normal detection strategies produce only a single alert per investigation object. Each irregularity that is
found is added to this alert as an alert item. For example, each irregularity found in a purchase order item is
added as an alert item to a single alert for the purchase order.
SAP Audit Management for SAP S/4HANA
104 PUBLIC Preparation
An audit alert is instead associated 1-1 with its work package. Each irregularity that is found is added as an
alert item to a working paper in the work package. Audit detection strategies produce no duplicate alert
items within a work package. But other detection procedures in other audits may produce the same alert
items in the context of their own work packages and audits.
Changing the status of an audit alert item in one working paper has no effect on any other instances of the
alert item in other working papers in the same work package. You can change the status of an audit alert
item without worrying that you are changing the status of the item in other audits.
Audit Detection Strategy Control and Execution
Detection procedures are integrated into the lifecycle of an audit. This feature ensures that audit detection
strategies can be assigned and executed only at the appropriate phases in the life of an audit.
Detection procedures are integrated into the audit lifecycle as follows:
● You can create or edit a detection procedure only in the audit phases Initiated and Work Program Rejected.
In the Initiated phase, you can choose the audit detection strategy to use. In the Work Program Rejected
phase, you can respond to objections by adding a detection procedure or editing a task to choose a
different audit detection strategy.
● An audit detection strategy can be run only in the audit phases In Execution, Final Report Submitted, and
Final Report Rejected.
You create and edit strategies for audits in SAP Business Integrity Screening, just as with normal strategies. In
SAP Audit Management, you only choose and run detection strategies. These audit detection strategies must
have been prepared previously in SAP Business Integrity Screening.
In SAP Audit Management, you are responsible for ensuring that the detection strategy matches your audit.
That is, the investigation object type and detection object type match the data that is the subject of the audit.
The parameters for selecting data to examine are correct with regard to the audit, and so on. You can display an
audit detection strategy from a detection procedure and verify this information. But SAP Audit Management
cannot check that the strategy is optimal for the purpose.
Working with detection procedures and Associated Working Papers
Detection procedures let you integrate SAP Business Integrity Screening into your audits in SAP Audit
Management. This section describes the process for working with SAP Business Integrity Screening in the
context of an audit.
You have started an audit and want to use SAP Business Integrity Screening to examine relevant business data
for irregularities. How do you proceed?
1. Start by defining a detection strategy in SAP Business Integrity Screening for use in SAP Audit
Management.
You must define and activate such a strategy for each detection procedure that you create.
To define such a detection strategy, you use the standard tools of SAP Business Integrity Screening. You
set the Investigation Reason to specify that the strategy is for use in SAP Audit Management.
For more information, see Creating Detection Strategies.
2. In SAP Audit Management, create a detection procedure and use it to run the detection strategy. For more
information, see Create Detection Procedures [page 106] and Perform Detection Procedures [page 110].
SAP Audit Management for SAP S/4HANA
Preparation PUBLIC 105
3. Open the working paper that contains the alert items generated by an audit detection strategy.
What is an alert item? It is a special message issued by SAP Business Integrity Screening. It reports that a
detection strategy has found the signature of potential fraud or business irregularity with respect to a
particular business record or event.
If a detection procedure generates alerts of possible fraud when it is run, then these alert items are placed
in a working paper. The working paper is created the first time that alert items are generated. The working
paper is part of the same work package as the detection procedure.
4. Use the investigative tools of SAP Business Integrity Screening to analyze each alert item in the working
paper.
From an alert item in the working paper, you can navigate to SAP Business Integrity Screening, to the alert
details. There, you can determine whether the alert item is confirmed, a false alarm, or closed without
investigation. The status, set in SAP Business Integrity Screening, is shown in the working paper in SAP
Audit Management.
For more information, see Investigation.
5. When all of the alert items have been classified, you can decide whether the working paper supports
making a finding in the audit on which you are working.
Detection Information
● In a detection procedure, click its detection strategy and you will be directed to the detection strategy in
SAP Business Integrity Screening, where you can check or adjust selection and method parameters,
calibrate and optimize the strategy, activate the strategy, or make other changes.
● From the link in the Working Paper section, you can navigate to the working paper that contains the alerts
found by the detection task.
● In the Automatic Runs section, you can see how many times a mass detection has been run, using the SAP
Business Integrity Screening detection strategy specified in the task. Alerts can be created and inserted
into a working paper only if the detection strategy has been run.
If the Status column shows that there was an execution error during mass detection, then you can use the
log feature of SAP Business Integrity Screening to display the error messages. For more information, see
Analyze Mass Detection Log.
7.4.5.3.1 Create Detection Procedures
Create a detection procedure in a work package.
Procedure
1. Go to the Proceduressection in the work package.
2. Choose Add Detection .
3. Enter the title and description of the detection procedure.
4. Select a detection strategy.
SAP Audit Management for SAP S/4HANA
106 PUBLIC Preparation
You can select only from the detection strategies for SAP Audit Management. Detection strategies that are
already in use in another detection procedure are not available for selection.
5. Save.
7.4.5.4 Business Rule Procedure
SAP Audit Management allows you to use the business rules defined in SAP Process Control to retrieve and
analyze business data from a business system through an ad hoc query.
A business rule procedure is not restricted to one business rule. With a business rule procedure, you can use
any available business rules.
Prerequisites
To use the business rule procedure function, the following prerequisites need to be fulfilled.
● Your SAP Audit Management is integrated with SAP Process Control.
● You have configured the connectors with Customizing activity Set Up Connectors.
● You have implemented the following SAP notes:
○ 2932509
○ 3089606
7.4.5.4.1 Create Business Rule Procedure
Create a business rule procedure in a work package.
Procedure
1. Go to the Procedures section in the work package.
2. Choose Add Business Rule .
3. Enter the following information:
Field Description
Title The name of the business rule procedure.
Description A description of the business rule procedure.
4. Choose Save.
5. In the Controls section, specify the controls you want to test with the business rule procedure, if any.
Only those controls that are covered by the work package can be selected.
SAP Audit Management for SAP S/4HANA
Preparation PUBLIC 107
6. Optional: You can continue to execute business rule ad-hoc queries to test if the business rule procedure
works correctly, for example, if the connection to SAP Process Control works. For more information, see
Perform Business Rule Ad Hoc Query [page 109].
7.4.5.4.2 Upload Business Rule Procedures
Use the work program spreadsheet template to upload business rule procedures.
Procedure
1. Open the Business Rule sheet in the work program spreadsheet template.
2. Choose a work package.
3. Enter business rule procedures. A row presents a business rule procedure.
○ Title
○ Description
SAP Audit Management for SAP S/4HANA
108 PUBLIC Preparation
8 Execution
Auditors perform the tasks outlined in the work programs and and document the results.
8.1 Perform Audit Procedures
Perform the audit procedures in the work programs.
● Test procedures
To perform a test procedure, follow the steps in the procedure.
● Question procedures
Ask the auditee the prepared questions.
● Business rule procedures
See Perform Business Rule Ad Hoc Query [page 109].
● Detection procedures
See Perform Detection Procedures [page 110].
8.1.1 Perform Business Rule Ad Hoc Query
Perform business rules ad-hoc queries to do analytics.
Context
You can execute any business rules with a business rule procedure. Every time you execute an ad hoc query
and get the query results, you can refresh the page and then choose another business rule to execute.
Procedure
1. Go to the Ad Hoc Query section.
2. Choose Select Business Rule.
3. Select a connector, namely the SAP Process Control system where the business rules are defined.
4. Select a business rule.
In the Select Business Rule window, you can click on Show Filters to use the filters.
5. Select a target connector, namely the target business system in which the query will be performed.
SAP Audit Management for SAP S/4HANA
Execution PUBLIC 109
6. Specify parameters for the query.
○ Field Analysis
○ Filter Criteria
○ Deficiency Criteria
○ Ad Hoc Query Result
7. Choose Execute Query to execute the ad-hoc query.
Query results will be returned and shown in a table.
8. Save the query results as working paper by clicking on Generate Working Paper.
9. Refresh the page to continue to execute another query, if needed.
8.1.2 Perform Detection Procedures
Running a detection procedure helps you find out whether any irregularities exist in the business data that you
are auditing.
When irregularities are identified through running a detection procedure based on the detection strategy, these
irregularities are recorded as alert items in a working paper of the detection procedure.
Note that you can run a detection procedure only when the audit is in one of the following statuses:
● In Execution
● Final Report Submitted
● Final Report Rejected.
Run detection procedure
1. Find the detection procedure you want to run in the Procedures section and click it.
The details page of the detection procedure shows information about the procedure including its status,
the detection strategy employed, related working papers, if any, and whether the procedure has been run
before. You can click the detection strategy to see its details and verify that the selection and detection
method parameters are correct.
2. Click Run to run the detection procedure. SAP Business Integrity Screening uses the detection strategy
assigned to the task to perform mass detection.
Each run is recorded as an entry in the Automatic Runs tab. You can click on the top-right of the tab to
get the current status of the runs you have launched.
Following the completion of the first run of a detection procedure, a working paper is automatically
generated, which can be found in the Working Papers section. Any irregularities found during each run are
recorded as alert items in the working paper. No duplicate alert items will be created. Alerts are
automatically assigned to the user who is responsible for the work package.
Note
If an error occurs during a run and is reported, you can use the SAP Business Integrity Screening log
transactions to display the error log produced. For more information, see Analyze Mass Detection Log.
You can also use the debugging facilities offered by SAP Business Integrity Screening. For more
information, see Testing and Debugging Detection Strategies in Simulated Mass Detection Runs.
SAP Audit Management for SAP S/4HANA
110 PUBLIC Execution
8.1.2.1 Analyze Alert Items
Issues or irregularities found by performing a detection procedure are recorded as alert items in the working
paper of this procedure.
This section explains how to analyze and classify these alerts.
Process
1. The working paper lists the alert items generated by each run of the detection procedure. The columns of
the tables have the following meanings:
○ The first column identifies the business entity with respect to which an irregularity was discovered.
This business entity may be, for example, a vendor, a purchase order, or an insurance claim. All alert
items in a working paper pertain to the same type of business entity.
○ The Additional ID columns provide more information on the business entity, such as the name of a
vendor or the number of a purchase order item. The contents of these fields are tailored to the type of
business entity.
○ The Additional Date field shows the date of the business irregularity. The date may be the posting date
of a suspicious purchase order or the date on which a suspicious vendor master data change occurred.
○ The Status field shows the status of the alert item, as shown in the Finding. The status may be, for
example, Confirmed or Closed Without Investigation. You can set the status only in SAP Business
Integrity Screening, on the Decision tab in the alert item details.
2. Click an alert item to open the alert in SAP Business Integrity Screening. From the alert, you can navigate
to the alert item. You can use the investigative tools of SAP Business Integrity Screening to analyze the
alert item, document your work, and set the status in the Finding field. For more information, see
Investigation.
When you have set a finding for each alert item in the working paper, you can then determine whether a finding
in the audit is required.
8.2 Evaluate Auditee's Responses to Questions
After you have interviewed or inquired your auditee, you can evaluate the auditee's responses to the questions
you asked.
Procedure
1. Choose one of the following options depending on which app you work with.
SAP Audit Management for SAP S/4HANA
Execution PUBLIC 111
App Action
My Ongoing Audits Select your audit, go to the Work Program and then open
your work package.
My Work Package Select your work package.
2. Select a question procedure.
3. Go to the Question section.
4. Choose Edit.
5. Select a rating.
6. Leave your remarks if any.
7. Save.
8.2.1 Audit Scoring
Audit scoring provides a quantitative assessment approach, which comes in when there are question
procedures in your audits.
How audits are scored?
The score of a question procedure is calculated by multiplying the rating and the weight, and the score of an
audit is calculated by summing up the scores of all the question procedures in the audit.
Max Score
The max score is the highest score that can be achieved.
Example
This example audit contains two scopes and each scope contains three questions. The rating scale is:
● 2
● 5
● 10
SAP Audit Management for SAP S/4HANA
112 PUBLIC Execution
The scoring of this audit is as follows:
Question Pro Question Pro
Scope cedure Weight Rating cedure Score Scope Score Audit Score
Scope A Question A-1 1 2 2 Max Score: 40; Max Score: 100;
Actual Score: Actual Score:
Question A-2 1 5 5 27 52
Question A-3 2 10 20
Scope B Question B-1 2 2 4 Max Score: 60;
Actual Score:
Question B-2 2 5 10 24
Question B-3 2 5 10
8.3 Evaluate Control Effectiveness
After performing an audit procedure, you can evaluate the effectiveness of the controls tested by the
procedure.
Prerequisites
Design Control Effectiveness Rating Scale [page 61]
Procedure
1. Choose one of the following options depending on which app you work with.
App Action
My Ongoing Audits Select your audit, go to the Work Program and then open
your work package.
My Work Packages Select your work package.
2. Choose an audit procedure.
3. Go to the Controls section.
4. Choose Set Control Effectiveness.
5. In the Effectiveness field, select an effectiveness rating.
6. Optional: Leave comments.
7. Save.
SAP Audit Management for SAP S/4HANA
Execution PUBLIC 113
8.4 Work Done
You can document the audit work you have completed for each work package in the work program.
This information is saved as notes attached to the work packages.
To document your audit work:
1. Find this audit in My Ongoing Audits, and navigate to the Work Program section and open a work package .
2. Choose the Work Done/Work Done Notes button, and type your notes.
3. After you finish, choose OK to save the notes.
After saving the notes, you can choose the Work Done/Work Done Notes button again to review and edit the
text. The notes will be visible to all users who have access to this audit.
If you process your work package offline, you can also enter your work done notes in a PDF file and send it back
to the system. For more information, see Processing Work Packages Offline [page 126].
8.5 Work Package Review
You can enable a review process for work packages.
In the review process, work package responsible persons go to the My Work Package app to submit their work
packages. The reviewers then review the submitted work packages in the app Review Work Packages and set
the work packages to Reviewed.
To set up the review process,
● Configure the status schema for object SCOPE.
Action and Status
Action Status
○ SUBMIT ○ Submitted
○ MARK_REVIEWED ○ Reviewed
● Authorize the PFCG roles
SAP Audit Management for SAP S/4HANA
114 PUBLIC Execution
8.5.1 Submit Work Packages for Review
After the work in a work package is completed, you can submit the work package for review.
Procedure
1. Go to the app My Work Packages.
2. Select a work package.
3. Choose the Submit button.
8.5.2 Review Work Packages
Review the submitted work packages.
Procedure
1. Go to the app Review Work Packages.
2. Select a work package and review it.
3. Set the work package to reviewed by clicking on the Set to Reviewed button.
8.6 Document and Communicate Audit Findings
8.6.1 Finding Type, Category, and Ranking
Learn about the purpose of the attributes Finding Type, Finding Category, and Finding Ranking, as well as how
to configure them.
Finding Type
You can use finding types to classify findings by the risk areas.
To create finding types, use Customizing activity Define Finding Types.
SAP Audit Management provides the following finding types:
SAP Audit Management for SAP S/4HANA
Execution PUBLIC 115
● Compliance
● Economic, Political, Social, and Regulations
● Financial Risk
● Fraud
● Human Capital Risk
● Communication and Information Risk
● Market Risk
● Operational Risk
● Organization and Governance Risk
● Product and Technology Risk
● Project Risks and Opportunities
● Business Strategy Risk
Finding Category
You can use finding categories to indicate whether communication of a finding to the board is required and
what manner of communication should be taken.
To create finding categories, use Customizing activity Maintain Finding Categories.
SAP Audit Management provides the following finding categories:
● Board Relevant
● Non Board Relevant
Finding Ranking
You can use rankings to prioritize findings.
To create finding rankings, use Customizing activity Maintain Finding Rankings.
SAP Audit Management provides the following finding rankings:
● High
● Medium
● Low
8.6.1.1 Make Finding Type Dependent on Audit Type
You can build dependency between finding types and audit types.
When creating a finding, auditors can only choose from the finding types allowed for the audit type.
To build the dependency, use Customizing activity Configure Audit and Finding Type Dependency.
SAP Audit Management for SAP S/4HANA
116 PUBLIC Execution
8.6.1.2 Make Finding Ranking Dependent on Audit Type
You can build dependency between finding rankings and audit types.
When ranking a finding, auditors can only choose from the finding rankings allowed for the audit type.
To build the dependency, use Customizing activity Maintain Finding Rankings.
8.6.2 Finding ID
After a finding is successfully created, the system generates an ID for it. You can use this ID for reference
purpose. You can also change the pattern of how the ID is generated. For more information, see the Installation
Guide at http://help.sap.com/audit_s4. On the finding list, you can also change the ID of findings by adjusting
their sequence numbers in edit mode. The sequence number corresponds to the last digits of the finding ID.
You can change the ID of any finding in draft status. If there are actions under the finding, the part of the action
ID inherited from its parent also changes with the finding ID.
More Information
Action Plans [page 121]
Track Open Findings [page 130]
8.6.3 Create Findings
Create an audit finding.
Context
You can create a finding at the audit level or the audit procedure level.
Procedure
1. Choose one of the following options depending on which app you work with.
SAP Audit Management for SAP S/4HANA
Execution PUBLIC 117
App Action
My Ongoing Audits Select your audit,
○ To create an audit-level finding, go to the Findings
section.
○ To create a finding for an audit procedure level, select
a work package, then an audit procedure, and then go
to the Findings section.
My Work Packages Note
You can only create findings for specific audit proce
dures in this app.
Select a work package, then an audit procedure, and
then go to the Findings section.
2. Choose Create.
3. Enter the following information:
Field Description
Title The name of the finding.
Description A description of the finding here.
Type Select a finding type.
Category Select a finding category.
Ranking Select a ranking.
Executive Responsible The Executive Responsible is prefilled.
Reference Link the finding to a work package of the work program.
Tags Type tags.
Recommendation You can give recommendation such as suggested correc
tive measures to the auditee.
Criteria The standards, measures, expectations, policies, or proce
dures that should be complied with. The criteria explain
“what should be”.
Condition The factual evidence that the auditor found in the course
of the examination. The condition explains “what is or has
happened”.
SAP Audit Management for SAP S/4HANA
118 PUBLIC Execution
Field Description
Cause The reason the condition occurred. The cause is the differ
ence between what-is (condition) and what-should-be
(criteria).
Consequence The effect or what can happen as a result of the current
condition.
4. Save.
Results
The finding is in the status Draft.
Next Steps
You can link the finding to risks and controls, upload attachments, and add an existing working paper.
8.6.3.1 Link Findings to Audit Procedures
If a finding is created at the audit level, you can link it to an audit procedure.
Procedure
1. Select the audit procedure.
2. Go to the Findings section.
3. Choose Assign.
4. Select findings.
SAP Audit Management for SAP S/4HANA
Execution PUBLIC 119
8.6.4 Communicate Findings
Auditors communicate the findings with the auditee to seek acknowledgment that the findings are true and
accurate, and to allow the auditee to propose action plans for resolving the findings.
Process of Communicating Findings
1. Submit findings
The auditors submit Draft findings to the auditee for review.
Note
If e-mail notification is enabled for this purpose, the auditee will receive an email notification with a PDF
file attached that presents the finding details.
2. Review findings
The auditee, usually the Executive Responsible, reviews the findings in the app My Findings.
○ If the auditee rejects the findings, the findings are sent back for rework.
○ If the auditee accepts the findings, the status of the findings becomes Open.
SAP Audit Management for SAP S/4HANA
120 PUBLIC Execution
In the app Track Open Findings, you can monitor those findings in the Open status and set the findings
to closed or obsolete
See Track Open Findings [page 130].
8.7 Action Plans
After findings are documented, you can develop action plans to address the findings.
8.7.1 Action Plan Workflow
SAP Audit Management enables collaboration between auditors and auditee in developing action plans, and
action plans can be marked with different statuses such as In Process, Completed, and Obsolete. You can
configure the action plan workflow using status schema.
To configure action plan status schemas:
1. Create action plan status schemas in Customizing activity Define Audit Status Schema.
SAP Audit Management provides two status schemas for action plans: DEFAULT and DFLT_ADTE.
See Action Plan Status Schema: DEFAULT [page 122] for more information.
2. Apply status schemas to audit types in Customizing activity Define Audit Types.
SAP Audit Management for SAP S/4HANA
Execution PUBLIC 121
8.7.1.1 Action Plan Status Schema: DEFAULT
The following flowchart explains the Action Plan Status Schema DEFAULT.
1. Auditors create action plans
○ Auditors create action plans for findings in the My Ongoing Audits app or the Track Open Findings app.
2. Accept action plans
The Executive Responsible reviews the action plan in the My Findings app and then accepts the action plan.
Once an action plan is accepted, its status is set to Open. Auditors can track it with the app Track Open
Actions.
The Action Plan Responsible can then use the app My Action Plans to check the action plans assigned to
them.
The following actions can be done by auditors or the Action Plan Responsible.
3. Set action plans to In Process or Obsolete
○ In Process
By setting an action plan to In Process, you indicate that you start to work on the action plan.
SAP Audit Management for SAP S/4HANA
122 PUBLIC Execution
○ Obsolete
If an action plan is no longer needed, you can set it to Obsolete.
4. Finalize
○ Completed
When an action plan is completed, it can be set to Completed.
○ Reasonably Controlled
This status indicates that the issue addressed by the action plan has been reasonably controlled.
○ Follow-Up Required
This status indicates that after reviewing the execution of the action plan, it is decided that a follow-up
audit is necessary.
5. You can reopen an action plan in the status Completed, Reasonably Controlled, or Follow-Up Required.
8.7.2 Create Action Plans
8.7.2.1 Create Action Plans in My Ongoing Audits
Create an action plan for a finding.
Procedure
1. In the My Ongoing Audits app, find your audit.
2. Select a finding.
3. Go to the Action Plans section.
4. Choose Create.
5. Enter the following information:
Field Description
Title The name of the action plan.
Type Select a type:
○ Action
○ Milestone
Action Plan Responsible The person responsible for the action plan.
Details More description of the action plan.
Deadline The deadline for completing the action plan.
6. Save.
7. Select the newly created action plan to create sub-action plans and upload documents if needed.
SAP Audit Management for SAP S/4HANA
Execution PUBLIC 123
8.7.2.2 Propose Action Plans
The auditee can propose action plans for findings.
Procedure
1. Go to the app My Findings.
2. Select a finding.
3. Go to the Action Plans section.
4. Choose Create.
5. Enter the following information:
Field Description
Title The name of the action plan.
Type Select a type.
Action Plan Responsible The person responsible for the action plan.
Details More description of the action plan.
Deadline The deadline for completing the action plan.
6. Save.
8.7.3 Auditee: My Action Plans
With the app My Action Plans,you can access, deal with and track down the action plans to which you are
assigned as the Action Plan Responsible from the point in time when they are submitted.
You can upload attachments, enter comments, and change status of action plans.
Set action plans into process
By setting an Open action plan to In Process, you indicate that they are starting to execute the action plan.
If email notification is enabled for this process, the Action Plan Responsible receives an email notification with
an attached PDF file that presents the action plan. In the PDF file, the Action Plan Responsible can set the
action plan to In Process or provide response. This will be sent back to the system via e-mail by choosing the
button Submit.
Note
You must use the same email account to receive and reply to this e-mail notification.
SAP Audit Management for SAP S/4HANA
124 PUBLIC Execution
Finalize action plans
You set an In Process action plan to Completed, Reasonably Controlled, or Follow-up Needed as the case might
be.
Escalate
When you as the Action Plan Responsible decide that one of the action plans under your responsibility
requires attention from the higher level or you need help in order to complete the action plan, you can escalate
it. All action plans that are open or in process can be escalated.
Respond
This function allows the Action Plan Responsible to keep the audit team up-to-date with their progress in
terms of the action plan execution. The Action Plan Responsible clicks the Respond button and provides
information. The audit team will be informed via email notifications.
The operations that are allowed for the Action Plan Responsible with the app can change depending on your
status schema configuration in the Customizing activity Define Audit Status Schema.
8.7.4 Change Action Plan ID
You can also change the ID of actions by adjusting their sequence numbers in edit mode. The sequence
number corresponds to the last digits of the action ID. You can change the ID of any action in draft status. If
there are child actions, the part of the action ID inherited from its parent also changes with the parent action ID.
8.8 Propose Risks to SAP Risk Management
If audit findings disclose a new risk, you can propose it to SAP Risk Management.
Prerequisites
● Minimum release of SAP Risk Management is 12.0.
● Implement the SAP note 2952423
Procedure
1. In My Ongoing Audits, find your audit.
2. Go to the Findings section.
3. Select the findings that disclose the risk you want to propose.
SAP Audit Management for SAP S/4HANA
Execution PUBLIC 125
You can select multiple findings if they disclose the same risk. If you select two or more findings, the
findings must be either assigned to a same organization that is imported or not assigned to any
organization at all.
4. Choose Propose Risk.
5. Go to the Risk Proposal section to enter a name for the risk and select a category, and assign the risk to an
organzation.
If the finding(s) are already assigned to an organzation, the risk is also assigned to this organization.
6. Go to the Analysis section to assess the likelihood level and impact of the risk.
7. Submit the risk.
If the findings carry action plans, the action plans are also proposed as treatments/responses to the risk.
Results
In the Risks Risk Proposal section of the finding(s), you can see the proposed risk.
By clicking on it, you will be redirected to the SAP Risk Management Proposed Risks .
Note
Redirect is not possible from the My Findings app.
8.9 Process Work Packages Offline
You can process audit work packages assigned to you using SAP Interactive Forms by Adobe.
This offline processing feature enables you to perform your audit work without having to log on to the SAP
Audit Management system. With SAP Interactive Forms by Adobe, you can enter work done notes, attach
working papers to a PDF document, and send them back to the system via e-mail.
Prerequisites
● A virtual host to the SMTP server has been created in your client with SAP Audit Management power user
information maintained on the logon data tab. Contact your system administrator to create the virtual
host. For more information, see the Online Manual under transaction SICF.
● You have installed and configured the Adobe Document Service (ADS). For more information, see the
Installation Guide for SAP Assurance and Compliance Software for SAP S/4HANA at http://help.sap.com/
audit_s4.
● You have installed a PDF software that supports XFA (XML Forms Architecture) content.
SAP Audit Management for SAP S/4HANA
126 PUBLIC Execution
● You have completed the relevant Customizing settings in the following activities:
○ Maintain Templates for File Generation
○ Maintain E-mail Notifications for Audit Activities
For more information, see the documentation for the respective Customizing activities.
Procedure
1. Go to an initiated audit, prepare the work program, assign responsible persons to work packages, and
submit the work program.
After the audit manager approves the work program, individual work packages are sent to their responsible
persons as PDF attachments to the notification e-mails.
2. As a responsible person for the work package, you open the PDF file in your e-mail and perform your audit
as described in the work package.
3. If JavaScript is disabled in the PDF document, enable it.
4. To add working papers to the work package, click on the Attachments tab on the side panel, choose Add,
select the files, and choose Open.
5. You can also enter your work done notes in the Notes field.
6. After you finish processing the work package, send the PDF document back to the system using one of the
following methods:
○ If you are using an e-mail client, choose the Submit button in the PDF document. A reply e-mail window
opens with the updated PDF document attached. Send the e-mail back to the system.
○ If you are using a web browser, save the PDF document from the e-mail, attach it in the reply to the
notification you have received, and send it back to the system.
Note
Do not use the default recipient address when you send the reply. The correct recipient address
can be found in the configuration of the exit rule for inbound processing under transaction SO50.
Use the recipient address corresponding to exit name CL_GRCAUD_EMAIL_INBOUND.
If the e-mail is received successfully, the attachments and notes appear under the work package in SAP Audit
Management.
For more information about the offline processing feature, see Extending the Offline Processing Featurein the
SAP Audit Management Extensibility Guide.
8.10 Reopen Work Program
You are able to reopen the work program of an audit in status In Execution to revise the work program.
To do this, click the Reopen Work Program button. The audit then changes to status Work Program Reopened
and can be accessed in Prepare Audits.
As an audit lead, you can modify the work program and submit it again for review and approval.
SAP Audit Management for SAP S/4HANA
Execution PUBLIC 127
Note
You can only add new work packages to the work program. Editing of existing work packages is not allowed,
nor is uploading work program using spreadsheets.
SAP Audit Management for SAP S/4HANA
128 PUBLIC Execution
9 Follow-Up
In the follow-up phase, auditors evaluate the adequacy, effectiveness, and the timelines of actions taken by
management on reported findings and recommendations.
In reviewing the evaluation result, the auditor determines whether management has implemented the
recommendations or accepted the risk of not implementing them.
Exporting Findings and Action Plans
Track Open Findings, Display Historical Findings,Track Open Action Plans and Display Historical Action Plans
come with the export function that allows you to export and download the complete list of open or historical
findings and actions. This facilitates the tracking of findings and action plans offline, for example, using a
spreadsheet tool.
To export findings and action plans, click the Export icon on top of the action list and choose the desired export
format.
To enable this function, you need to first maintain the file templates in scenario LST_ACTION in Customizing
activity under GRCAUD SAP Audit Management Basic Settings File Generation Maintain Templates for
File Generation . This scenario is offered in the default setting.
Note
The exported document contains the complete list of findings or actions and all relevant information,
regardless of the personalization and filters applied to the list.
9.1 Track Ongoing Audits
The Track Ongoing Audits tile is available for the audit manager to track the current status of audits.
The Track Ongoing Audits screen lists the audits assigned to you as the audit manager. You can monitor the
overall progress of each audit, check the tasks performed, view the working papers, findings and reports that
have been created, and close the audit.
To perform other tasks as the audit manager, go to the Approve Audit Preparation or Approve Audit Report tiles.
SAP Audit Management for SAP S/4HANA
Follow-Up PUBLIC 129
9.2 Historical Audits
Historical audits include canceled audits and audits that are closed after the final report is approved.
Use
Historical audits are read-only and can be accessed from the Display Historical Audits tile. You can view the
audits only under the audit group that your user is authorized to access.
Reopening Audits
Closed audits can be reopened to allow auditors to rework the audit, for example, to add new findings and
action plans.
You can reopen an audit in the Display Historical Audits tile. Once reopened, the audit are changed into the In
Execution status and can be found in the Track Ongoing Audits and My Ongoing Audits tiles. As an auditor, you
can add new working papers, create new findings and action plans, and submit new audit reports for review.
You can further reopen the work program of the reopened audit. For more information, see Reopen Work
Program [page 127].
9.3 Track Open Findings
You can monitor and track allOpen findings with the app Track Open Findings.
After evaluating how management has responded to the action plans and recommendations proposed in the
finding, you can close the finding or set it to obsolete as the case might be.
Edit findings
Here you can add attachments to a finding and change the Executive Responsible person.
Close findings
You can close a finding when all action plans under the finding are completed. A closed finding is removed from
the appTrack Open Findings. You can find it in the app Display Historical Findings and under the relevant audit in
Display Historical Audits .
SAP Audit Management for SAP S/4HANA
130 PUBLIC Follow-Up
Obsolete findings
Under certain circumstances, a finding may no longer be relevant to the audit. In this case, you have the option
to obsolete it. When you obsolete a finding, action plans under this finding with status In Process are set to
Obsolete. However, this does not change the status of completed action plans.
Raise issues
With a predefined connector, you can raise a finding as an ad hoc issue to SAP Process Control.
To do this, click the Raise Issue button, select a connector, and choose OK. Note that you can only raise one
issue per finding. Ad hoc issues can be accessed in the Ad Hoc Tasks section of My Home work center in SAP
Process Control.
Create new action plans
If required, you can also create new action plans for an open finding with this app. Action plans created in Track
Open Findings need to be manually accepted by auditors. Open the draft action plan and choose Accept to set
the status to Open.
Note
You have to enable this functionality in Customizing activity Create Action Plans in Follow-Up Phase.
Complete action plans
Action plans must be completed before a finding can be closed.
To complete an action plan, go to the Track Open Actions tile, select an action plan, and choose Complete. For
more information, see Tracking Open Actions [page 132].
SAP Audit Management for SAP S/4HANA
Follow-Up PUBLIC 131
9.4 Historical Findings and Reopen Findings
With the app Display Historical Findings, you can display an overview list as well as detailed information of all
Closed and Obsolete findings which you have access to, and export the list to a spreadsheet.
Reopen findings
You can also reopen a historical finding, if needed. This allows the audit team and the auditee to continue
working on unfinished issues by adding more action plans. You can find reopened findings in Track Open
Findings.
9.5 Track Open Action Plans
With the app the Track Open Action Plans screen, you can track action plans in status Open and In Process.
Set action plans to In Process
The audit team can set Open action plans to In Process, indicating that Action Plan Responsible person needs
to start the execution of the action plans.
Finalize action plans
Based on the execution of an action plan, the audit team decide to set the action plan to Reasonably Controlled,
Follow-Up Required, or Completed accordingly.
Extend the deadline and change responsible persons
When the responsibility of an action plan is shifted or the auditee requests more time to execute, the audit
team may need to modify the persons that take responsibility and extend the deadline of the action plan.
SAP Audit Management for SAP S/4HANA
132 PUBLIC Follow-Up
Escalate action plans
When an action plan is long overdue or requires attention from the management, you can escalate it. All action
plans that are Open and In Process can be escalated.
Escalation of action plans does not change their status.
You can escalate an action plan to multiple levels. The escalation levels are maintained in the Customizing
activity Follow-Up Maintain Escalation Levels for Action Plans .
9.6 Historical Action Plans and Reopen Action Plans
Historical action plans are action plans with the status Completed,Reasonably Controlled, Follow-Up Required,
or Obsolete.
You can access all historical action plans from the Display Historical Action Plans.
Historical action plans provide information about the management response to the action plans communicated
in the audit result. Internal auditors can use this information to decide whether follow-up audits are required.
Reopen action plans
You can reopen an action plan in status Completed, Reasonably Controlled, or Follow-Up Required, if additional
effort from the auditee is required.
Reopened actions are set back to the status Open and can be found in Track Open Action Plans.
SAP Audit Management for SAP S/4HANA
Follow-Up PUBLIC 133
10 Reporting
Reporting is the final phase of the audit.
During the reporting phase, auditors prepare draft and final audit reports and send them to the audit manager
for review. Final reports can only be submitted for review after the draft report has been approved by the audit
manager. Approved final reports can be issued to stakeholders to communicate the audit objectives, audit
scope, conclusions, recommendations, and action plans.
In this section, the following topics are covered:
● Prepare Audit Reports [page 134]
● Review Audit Reports [page 135]
● Issue Audit Reports [page 136]
● Close Audits [page 136]
10.1 Prepare Audit Reports
As an audit lead, you create audit reports and submit them to the audit manager for review in My Ongoing
Audits.
You can create audit reports for audits with one of the following statuses:
● In Execution
● Draft Report Approved
● Rework Draft Report
● Rework Final Report
Create audit reports
You can create an audit report by uploading a local file or by generating it online using report templates.
Upload audit reports
To upload a local file, go to the Report section and click . Drag-and-drop uploading is also supported.
Generate audit reports online
You can generate an audit report online using audit report templates. To do this, click Generate, choose a
category and a rating, enter the executive summary and select a report template.
Note
Before you start, complete the configuration settings in the Customizing activity Maintain Templates for
Generating Audit Reports.
SAP Audit Management for SAP S/4HANA
134 PUBLIC Reporting
Edit and delete audit reports
You can edit the name of an audit report and delete a report before it is submitted for review.
Submit audit reports
If you are the audit lead, you can send the audit report to the audit manager for review by choosing the Submit
Draft Report or Submit Final Report button as the case may be.
You can only submit the final report after the draft report is approved.
More Information
Review Audit Reports [page 135]
10.2 Review Audit Reports
As an audit manager, you review audit reports submitted to you in Approve Audit Reports and choose to
approve or reject them.
You can type your review notes for the reports.
After you approve a draft report, the audit lead can proceed to prepare the final report and submit it for review.
An approved final report can be issued publicly to the stakeholders. You then have the option to track open
findings and close the audit.
When you reject a draft or final report, it will be sent back to the audit lead for rework. The audit lead can
modify the report and submit it again for review.
If e-mail notification is enabled, you can also receive an e-mail with the audit report attached as a PDF or Word
document. In the case of draft report, a PDF approval form can also be attached. You can approve or reject the
report directly within the PDF form.
Interactive Audit Reports
When generating audit reports, you can choose a template of the IDOC - Interactive Audit Report type to
generate an interactive audit report. This type of Word report allows you to modify audit information directly in
the document and apply the changes in the system.
To review the content of an interactive audit report, download the document online or from your e-mail, modify
the fields where needed, save your document, and upload or send it back to the system via e-mail. You can
modify the following fields:
SAP Audit Management for SAP S/4HANA
Reporting PUBLIC 135
● Executive summary
● Findings, including title, criteria, condition, cause, consequence, and recommendation fields
● Action plans, including action name, action responsible, details, and deadline fields
Note
You cannot create new findings or actions, or modify the ID of existing findings and actions in the
document. Any changes must be entered in the highlighted grey area.
As an audit lead, you can apply the changes in the audit report to the system by synchronizing the data. To do
so, open the audit report in My Ongoing Audits and choose Sync. Note that the Sync button is only available for
interactive audit reports.
More Information
Prepare Audit Reports [page 134]
10.3 Issue Audit Reports
After a final report is approved, the audit manager communicates the audit objectives and scope as well as
conclusions, recommendations, and action plans to the relevant stakeholders by issuing the final report.
Use
After you approve a final audit report in the app Approve Audit Reports, you can proceed to issue the final
report.
After you issue the final audit report for an audit, the status of the audit becomes Final Report Issued and the
audit can be closed.
10.4 Close Audits
You can close an audit after the final report is issued.
A closed audit is read-only and no longer appears on in My Ongoing Audits or Track Ongoing Audits. You can
find all closed audits in Display Historical Audits.
To close an audit, find it in Track Ongoing Audits and choose Close.
SAP Audit Management for SAP S/4HANA
136 PUBLIC Reporting
Note
Only the user assigned as CAE or the audit manager can close the audit.
You can still track the findings and actions under a closed audit. For more information, see Track Open Findings
[page 130]and Tracking Open Actions [page 132].
SAP Audit Management for SAP S/4HANA
Reporting PUBLIC 137
11 Working Papers
SAP Audit Management enables you to maintain working papers for your audits.
Key Features
● Create and download working papers
● Review working papers with comments
● Online edit working papers
11.1 Working Paper Category
Working papers are categorized and stored in different folders in the Working Paper section of an audit. SAP
Audit Management delivers the following four folders with each corresponding to a phase of an audit. Working
papers created in a specific phase are put in the corresponding folder.
● A – Planning
● B – Preparation
● C – Execution
● D – Reporting
You can manage the categories or create your own categories in Customizing activity Maintain Working Papers
Categories.
You can configure which folders are accessible to audits with which statuses in Customizing activity Define
Audit Status Schema.
11.2 Create Working Papers
You can create working papers for an audit from the draft status until it is closed or canceled.
You have several ways to create working papers for an audit.
● Upload working papers
● Generate working papers
The following content can be saved as working papers:
○ Business rule ad hoc query results
○ Detection run results
SAP Audit Management for SAP S/4HANA
138 PUBLIC Working Papers
In addition, you can maintain a file generation scenario for a working paper category and use the templates
defined in that scenario to generate working papers online. For more information, see Customizing activity
Maintain Working Paper Categories.
● If you are processing your work package offline, you can add working papers to the work package by
attaching them in the PDF document and sending them back to the system. For more information, see
Processing Work Packages Offline [page 126].
11.3 Delete Working papers
Delete a working paper.
Procedure
1. Go to the Working Papers section.
2. Find the working paper.
3. Choose Edit.
4. Click on the Delete button.
5. Save.
Note
You cannot delete a working paper that is being referenced, for example, by a finding.
11.4 Working Papers Review
The review of working papers can be conducted in SAP Audit Management.
Reviewers can leave review notes for working papers to provide their feedback. Auditors and reviewers can
have conversation over a review note by posting replies. When a review note is resolved, auditors need to mark
it as Cleared.
Note
Review notes cannot be created for a detection working paper .
SAP Audit Management for SAP S/4HANA
Working Papers PUBLIC 139
11.4.1 Add Review Notes
Add a review note to a working paper.
Procedure
1. Open a working paper.
2. Go to the Review Notes section.
3. Click on the Create button.
4. Type a note.
5. Choose Ok.
11.4.2 Reply to Review Notes
Posting replies allows discussion over a review note.
Procedure
1. Go to the Review Notes section in your working paper.
2. Click on the reply thread Reply (X). X stands for the number of existing replies.
3. Type your reply.
4. Submit your reply.
11.4.3 Mark Review Notes as Cleared
You can mark a review note as Cleared to mean you have read and understand the review note and any issues in
the review note are resolved.
Procedure
1. Go to the Review Notes section in your working paper.
2. Click on the red flag icon in the review note entry.
3. Choose OK in the confirmation dialog box.
The flag icon changes to green.
SAP Audit Management for SAP S/4HANA
140 PUBLIC Working Papers
11.5 Online Viewing and Editing of Working Papers
You can view and edit a working paper without downloading it.
Prerequisites
● You have installed Microsoft Office applications on your desktop. The applications will be called up to open
working papers with.
For Mac OS, we recommend you use the latest version of Microsoft Office.
● Online editing of working papers is only available on the default client of your SAP Audit Management
system. It may not work if the frontend and the backend are deployed separately.
Supported File Formats
Online viewing and editing of the following file formats is supported:
● Spreadsheets (.xlsx, .xls)
● Word documents (.docx, .doc)
● Slides (.pptx, .ppt)
Viewing and Editing a Working Paper Online
1. Open the working paper.
2. Choose the Online Edit button. A Microsoft Office application is called up for you to view and edit the file.
3. Save your changes and close the file.
If any changes are made, a new version of the working paper is created. You can click on the Refresh button
in the Versions section to update the version history.
SAP Audit Management for SAP S/4HANA
Working Papers PUBLIC 141
11.6 Manage Working Paper Versions
By enabling the versioning functionality, you can create multiple versions of a working paper.
Prerequisites
To enable or disable the versioning, use the Customizing activity Working Paper Management Enable
Version Management .
Create New Versions
To create new versions of a document, simply upload a file with the same name. If the content of the new
document is the same as the existing one, the system does not create a new version.
If you disable the functionality after multiple versions are created for a document, these versions still exist in
the system and can be accessed.
Clean Up Redundant Versions
You can delete those redundant versions of your working papers in bulk to save memory of your database using
the Customizing activity Working Paper Management Clean Up Working Paper Versions .
11.7 Delete Working papers
You cannot delete a working paper that is being referenced, for example, by a finding.
11.8 Set Working Papers Size Limit
You can set a size limit for working papers using the Customizing activity Set Working Papers Size Limit.
SAP Audit Management for SAP S/4HANA
142 PUBLIC Working Papers
12 Audit Quality Assurance
12.1 Quality Checkpoints
SAP Audit Management provides checkpoints that you can apply to help ensure the quality of your internal
audit activities.
In Customizing activity Audit Quality Checkpoints, you can configure the application scenarios for a checkpoint.
An application scenario consists of the following elements:
● Action
The action decides when the checkpoint is triggered.
● Status Schema
The status schema decides to which audits the checkpoint is applied.
Checkpoints and their default application scenario
Default Application Scenario
Checkpoint ID Description Action Status Schema
ACTION_ATT Attachment is required for Set an action plan to Com DEFAULT
action plans pleted
AUD_CMPC All procedures must be com Submit draft report DEFAULT
pleted
AUD_REVNT All review notes must be Submit draft reports DEFAULT
completed
AUD_WDNT Work done notes must be Submit draft reports DEFAULT
provided
AUD_WPR Work Package Responsible ● Start risk assessment DFLT_RA
should be assigned
● Approve work programs
FIND_SUB Executive responsible must Submit findings DEFAULT
be assigned
PROC_EFF Control effectiveness should ● Set a test procedure to DEFAULT
be rated for all controls
Completed
● Set a business rule pro
cedure to Completed
WP_CP Work packages should be ● Submit a work package ● DEFAULT
completed for review ● DFLT_RA
● Set a work package to
Reviewed
SAP Audit Management for SAP S/4HANA
Audit Quality Assurance PUBLIC 143
13 Analytics
13.1 Audit Management Overview
The Audit Management Overview app provides an analytical dashboard with interactive charts that present a
consolidated view of the internal audit across your organization.
Available Charts
The following charts are available:
Charts
Audits By Audit Phase and Audit Group
Audits (Final Report Issued, Current Year) By Audit Group and Category
Audits (Final Report Issued, Current Year) By Quarter and Audit Group
Audits (Final Reports Issued, Current Year) By Audit Group and Rating
Audits (Final Report Issued, Previous Year) By Quarter and Audit Group
Findings (Open) By Audit Group and Type
Findings (Open) By Audit Group and Category
Action Plans By Audit Group and Status
Action Plans(Escalated) By Audit Group and Status
Action Plans (Escalated) By Audit Group and Escalated Level
Action Plans(In Process) By Days Overdue and Audit Group
Action Plans (Follow-up Required) By Audit Group
The chart Audits By Audit Phase and Audit Group only works when you have defined audit phase in Customizing
activity Define Audit Phases
Tooltips are displayed when you hover over the charts, such as over a bar of a bar chart, to help you understand
the data.
You can select the interactive charts to see the data in more detail. For example, the chart Action Plans by Audit
Group and Status shows the number of action plans in the form of a bar chart. If you select a bar, you'll be
navigated to a screen where the action plans represented by the bar are listed.
SAP Audit Management for SAP S/4HANA
144 PUBLIC Analytics
14 Data Protection
The following functions support you in handling personal data as well as archiving and deleting data.
● Display Personal Data
● Logging Changes to Personal Data
● Remove User Names (transaction ACS_DP_ANONYMIZATION)
Removes user names for data that is not going to be archived.
● Garbage Collector (transaction ACS_DP_GCO)
Deletes unwanted data.
● Display Data Protection Logs (transaction ACS_DP_LOG)
Displays the application log for data protection activities.
● Archive Administration (transaction SARA)
Archives data based on the Archive Development Kit (ADK).
● Data Destruction (transaction ILM_DESTRUCTION)
SAP Information Lifecycle Management (ILM) can be used to delete the archived data based on retention
rules on a defined point in time.
● Read Access Logging Manager (transaction SRALMANAGER)
Read Access Logging is used to monitor and log read access to sensitive data. This data may be
categorized as sensitive by law, by external company policy, or by internal company policy.
Note
For more information, see the Security Guide on the SAP Help Portal.
Related Information
Removing User Names [page 145]
Garbage Collector [page 146]
Displaying the Data Protection Logs [page 148]
Data Archiving in SAP Audit Management for SAP S/4HANA [page 147]
14.1 Removing User Names
You can use this function to remove the user names from the system once the residence period has been
reached.
To remove the user names from business objects, call transaction Remove User Names
(ACS_DP_ANONYMIZATION) in the back-end system.
You can also run this function in test mode.
SAP Audit Management for SAP S/4HANA
Data Protection PUBLIC 145
Prerequisites
You have defined the residence period for each business object in Customizing activity Define Residence
Period.
Example
Depending on the structure of the business object, you can use this function to remove the Created By user
names, Last Changed By user names, or Executed By user names.
Note
For more information, see the detailed documentation in the back-end system.
14.2 Garbage Collector
You can use this function to delete unwanted data.
To delete objects that are no longer referenced or no longer needed, call transaction Garbage Collector
(ACS_DP_GCO) in the back-end system
You can also run this function in test mode.
Prerequisites
You have defined the residence period for the simulated alert input data in Customizing activity Define
Residence Period.
Results
This function deletes the following data:
● Alert input data for mass detection
● Simulated alert input data
○ Mass detection simulation results
○ Results of the calibration
○ Intermediate results of the delta address screening
● Assignments to user groups
● Personal settings
SAP Audit Management for SAP S/4HANA
146 PUBLIC Data Protection
Note
For more information, see the detailed documentation in the back-end system.
Application Log
You can display the application log for the Garbage Collector using transaction Display Data Protection Logs
(ACS_DP_LOG).
Choose the log object ACS_DATAPROTECTION and the subobject DELETION.
Related Information
Displaying the Data Protection Logs [page 148]
14.3 Data Archiving in SAP Audit Management for
SAP S/4HANA
Data archiving is used to remove mass data from the database that is no longer required in the system but
must be kept in a format that can be analyzed.
The following table shows the available archiving objects and their ILM objects:
Object Archiving Object ILM Object
Action AUD_ACTION AUD_ACTION
Audit AUD_AUDIT AUD_AUDIT
Detection Working Paper AUD_DETWPA AUD_DETWPA
Document Working Paper AUD_DOCWPA AUD_DOCWPA
Detection Task AUD_DTASK AUD_DTASK
Export Job AUD_EXJOB AUD_EXJOB
Import Job AUD_IMJOB AUD_IMJOB
Manual Task AUD_MTASK AUD_MTASK
Audit Plan AUD_PLAN AUD_PLAN
SAP Audit Management for SAP S/4HANA
Data Protection PUBLIC 147
Object Archiving Object ILM Object
Question Task AUD_QTASK AUD_QTASK
Zip Download Job AUD_ZPJOB AUD_ZPJOB
Dependencies
Before archiving, the system checks if the preconditions for archiving data are met. Then, the write program
writes the data in an archive file. The delete program deletes the archived data from the database. It is still
possible to display this data in the archive file.
The SAP data archiving concept is based on the Archive Development Kit (ADK) using the Archive
Administration function (transaction SARA).
For more information, see Data Archiving in the ABAP Application System.
For more information, see the SAP Information Lifecycle Management (ILM) documentation on the SAP Help
Portal at http://help.sap.com.
14.4 Displaying the Data Protection Logs
You can use this function to display the data protection logs.
To display the application log, call transaction Display Data Protection Logs (ACS_DP_LOG) in the back-end
system.
Selection Parameters
You can filter the logs, for example, by the following criteria:
● Object and subobject
The object ACS_DATAPROTECTION (Log for Data Protection) is already set as the default.
The subobjects could be the following:
○ ANONYMOUS for user names that have been removed from system administration data
○ ARCHIVING for archiving preparation
Note
To display the log for data archiving, choose the object ARCHIVING.
○ DELETION for data that has been deleted with the garbage collector
● External ID
SAP Audit Management for SAP S/4HANA
148 PUBLIC Data Protection
This ID was assigned by the application program. (It is a combination of the report name, time stamp, and
user name.)
● Program
Enter the name of the program that caused the logged event: ACS_DP_GARBAGE_COLLECTOR (Garbage
Collector), ACS_BO_ANONYMOUS(Remove User Names), BPCM_BO_ORG_END_BUS_REL (End of Business
Relation for Organization), BPCM_BO_PERSON_END_BUS_REL (End of Business Relation: Person)
● Time restriction, user, or log class
Results
Examples for log messages that have been created for the subobject DELETION are:
● Processing simulation results
<120> records deleted
● Processing invalid user assignments
<10> user assignments deleted from groups
SAP Audit Management for SAP S/4HANA
Data Protection PUBLIC 149
15 Deleting Personal Data
Use
Personal data such as skill rating and uploaded photos remains in the system even after a user leaves the audit
team. With transaction GRCAUD_DEL_PERS_DATA or area menu Delete Skill Data, you can delete your personal
data and the data of other users provided you have the proper authorization. You can also use this functionality
to reset the skill rating of a user.
For more information about the menu, see the documentation for the transaction.
SAP Audit Management for SAP S/4HANA
150 PUBLIC Deleting Personal Data
Important Disclaimers and Legal Information
Hyperlinks
Some links are classified by an icon and/or a mouseover text. These links provide additional information.
About the icons:
● Links with the icon : You are entering a Web site that is not hosted by SAP. By using such links, you agree (unless expressly stated otherwise in your
agreements with SAP) to this:
● The content of the linked-to site is not SAP documentation. You may not infer any product claims against SAP based on this information.
● SAP does not agree or disagree with the content on the linked-to site, nor does SAP warrant the availability and correctness. SAP shall not be liable for any
damages caused by the use of such content unless damages have been caused by SAP's gross negligence or willful misconduct.
● Links with the icon : You are leaving the documentation for that particular SAP product or service and are entering a SAP-hosted Web site. By using such
links, you agree that (unless expressly stated otherwise in your agreements with SAP) you may not infer any product claims against SAP based on this
information.
Videos Hosted on External Platforms
Some videos may point to third-party video hosting platforms. SAP cannot guarantee the future availability of videos stored on these platforms. Furthermore, any
advertisements or other content hosted on these platforms (for example, suggested videos or by navigating to other videos hosted on the same site), are not within
the control or responsibility of SAP.
Beta and Other Experimental Features
Experimental features are not part of the officially delivered scope that SAP guarantees for future releases. This means that experimental features may be changed by
SAP at any time for any reason without notice. Experimental features are not for productive use. You may not demonstrate, test, examine, evaluate or otherwise use
the experimental features in a live operating environment or with data that has not been sufficiently backed up.
The purpose of experimental features is to get feedback early on, allowing customers and partners to influence the future product accordingly. By providing your
feedback (e.g. in the SAP Community), you accept that intellectual property rights of the contributions or derivative works shall remain the exclusive property of SAP.
Example Code
Any software coding and/or code snippets are examples. They are not for productive use. The example code is only intended to better explain and visualize the syntax
and phrasing rules. SAP does not warrant the correctness and completeness of the example code. SAP shall not be liable for errors or damages caused by the use of
example code unless damages have been caused by SAP's gross negligence or willful misconduct.
Bias-Free Language
SAP supports a culture of diversity and inclusion. Whenever possible, we use unbiased language in our documentation to refer to people of all cultures, ethnicities,
genders, and abilities.
SAP Audit Management for SAP S/4HANA
Important Disclaimers and Legal Information PUBLIC 151
www.sap.com/contactsap
© 2022 SAP SE or an SAP affiliate company. All rights reserved.
No part of this publication may be reproduced or transmitted in any form
or for any purpose without the express permission of SAP SE or an SAP
affiliate company. The information contained herein may be changed
without prior notice.
Some software products marketed by SAP SE and its distributors
contain proprietary software components of other software vendors.
National product specifications may vary.
These materials are provided by SAP SE or an SAP affiliate company for
informational purposes only, without representation or warranty of any
kind, and SAP or its affiliated companies shall not be liable for errors or
omissions with respect to the materials. The only warranties for SAP or
SAP affiliate company products and services are those that are set forth
in the express warranty statements accompanying such products and
services, if any. Nothing herein should be construed as constituting an
additional warranty.
SAP and other SAP products and services mentioned herein as well as
their respective logos are trademarks or registered trademarks of SAP
SE (or an SAP affiliate company) in Germany and other countries. All
other product and service names mentioned are the trademarks of their
respective companies.
Please see https://www.sap.com/about/legal/trademark.html for
additional trademark information and notices.
THE BEST RUN
You might also like
- 11 Microsoft Dynamics 365 Business Central Cookbook Field Guide88% (8)11 Microsoft Dynamics 365 Business Central Cookbook Field Guide318 pages
- Implementing SuccessFactors Employee CentralNo ratings yetImplementing SuccessFactors Employee Central280 pages
- SAP HANA Developer Guide For SAP HANA Web Workbench enNo ratings yetSAP HANA Developer Guide For SAP HANA Web Workbench en540 pages
- FSD - Ce2502 - Sap S4hana Cloud Public Edition 2502No ratings yetFSD - Ce2502 - Sap S4hana Cloud Public Edition 2502318 pages
- SAP Application Interface Framework 40 ENNo ratings yetSAP Application Interface Framework 40 EN180 pages
- Implementing Employee Central Core: Implementation Guide - PUBLIC Document Version: 2H 2022 - 2023-03-17No ratings yetImplementing Employee Central Core: Implementation Guide - PUBLIC Document Version: 2H 2022 - 2023-03-17324 pages
- Incentive Management Admin Design Guide: User Guide - PUBLIC Document Version: PROD - 2024-02-23No ratings yetIncentive Management Admin Design Guide: User Guide - PUBLIC Document Version: PROD - 2024-02-23482 pages
- BPC101NW - S4HANA - en - Optimizado PDFNo ratings yetBPC101NW - S4HANA - en - Optimizado PDF378 pages
- SFHCM Config Guide Getting Started EC Core en XXNo ratings yetSFHCM Config Guide Getting Started EC Core en XX50 pages
- Administration Guide For SAP Process ControlNo ratings yetAdministration Guide For SAP Process Control526 pages
- Extensibility Guide For SAP Audit Management - 1.5 SP00No ratings yetExtensibility Guide For SAP Audit Management - 1.5 SP00126 pages
- Implementing Employee Central Core: Implementation Guide - PUBLIC Document Version: 1H 2021 - 2021-07-04100% (1)Implementing Employee Central Core: Implementation Guide - PUBLIC Document Version: 1H 2021 - 2021-07-04248 pages
- SAP Application Interface Framework 40 enNo ratings yetSAP Application Interface Framework 40 en184 pages
- TNPM 1.3.1 Administration Guide Wireless ComponentNo ratings yetTNPM 1.3.1 Administration Guide Wireless Component234 pages
- SAP Audit Management - Public User Guide - 1.4 SP00No ratings yetSAP Audit Management - Public User Guide - 1.4 SP00112 pages
- SAP S/4HANA Cloud 2302: Feature Scope DescriptionNo ratings yetSAP S/4HANA Cloud 2302: Feature Scope Description306 pages
- SAP Sales Cloud COnfig Document in DetailNo ratings yetSAP Sales Cloud COnfig Document in Detail154 pages
- SAP Application Interface Framework 30 enNo ratings yetSAP Application Interface Framework 30 en186 pages
- Sap Bydesign 1702 Product Info General ConceptsNo ratings yetSap Bydesign 1702 Product Info General Concepts112 pages
- Group Reporting (FIN-CS) : Public Document Version: SAP S/4HANA 2022 (October 2022) - 2022-10-03No ratings yetGroup Reporting (FIN-CS) : Public Document Version: SAP S/4HANA 2022 (October 2022) - 2022-10-03636 pages
- SAP Application Interface Framework 40 ENNo ratings yetSAP Application Interface Framework 40 EN190 pages
- SFHCM Config Guide Getting Started TimeOff and Leave of Absence EN XXNo ratings yetSFHCM Config Guide Getting Started TimeOff and Leave of Absence EN XX58 pages
- SAP HANA Modeling Guide For SAP HANA Web WorkbenchNo ratings yetSAP HANA Modeling Guide For SAP HANA Web Workbench128 pages
- THE SAP® Business One Software Development Kit: SAP Functions in DetailNo ratings yetTHE SAP® Business One Software Development Kit: SAP Functions in Detail24 pages
- SAP Cloud For Customer Extension Guide: Public Document Version: 2002 - 2020-05-02No ratings yetSAP Cloud For Customer Extension Guide: Public Document Version: 2002 - 2020-05-02160 pages
- User Guide: Informatica MDM - Customer 360 10.2 Hotfix 5No ratings yetUser Guide: Informatica MDM - Customer 360 10.2 Hotfix 578 pages
- Chief Affidavit of Petitioner M.v.O.P.225 of 2013No ratings yetChief Affidavit of Petitioner M.v.O.P.225 of 20134 pages
- 6.1 Working Principle of Equipment:: 6.2.1 Steady State Heat Transfer100% (1)6.1 Working Principle of Equipment:: 6.2.1 Steady State Heat Transfer35 pages
- TNPSC Group 2 Mains Preparation Book List For Latest Updated Syllabus - TNPSC Group 4, VAO, Group 2, Group 1, Notificati 1No ratings yetTNPSC Group 2 Mains Preparation Book List For Latest Updated Syllabus - TNPSC Group 4, VAO, Group 2, Group 1, Notificati 15 pages
- Csta Standards Mapped To CommoncorestandardsNo ratings yetCsta Standards Mapped To Commoncorestandards6 pages
- Rhotic Degemination in Sanskrit and The Etymology of Vedic Ūrú - Thigh', Hittite UZU (U) Walla - Id.'No ratings yetRhotic Degemination in Sanskrit and The Etymology of Vedic Ūrú - Thigh', Hittite UZU (U) Walla - Id.'32 pages
- Evaluating and Choosing An Iot PlatformNo ratings yetEvaluating and Choosing An Iot Platform26 pages
- Ey Step Up To Ind As For Banks and NBFCSMHNGGNo ratings yetEy Step Up To Ind As For Banks and NBFCSMHNGG44 pages
- Rishi Sunak's Five Promises What Progress Has He MadeNo ratings yetRishi Sunak's Five Promises What Progress Has He Made5 pages
- Evaluate Vygotsky's Theory of Cognitive Development (8 Marks)No ratings yetEvaluate Vygotsky's Theory of Cognitive Development (8 Marks)1 page
- Blog Smarter, Not Harder: SEO, Blogging, and AI Strategies to Skyrocket Your TrafficFrom EverandBlog Smarter, Not Harder: SEO, Blogging, and AI Strategies to Skyrocket Your TrafficNo ratings yet
- Cybersecurity for Executives: A Guide to Protecting Your BusinessFrom EverandCybersecurity for Executives: A Guide to Protecting Your BusinessNo ratings yet
- Securing ChatGPT: Best Practices for Protecting Sensitive Data in AI Language ModelsFrom EverandSecuring ChatGPT: Best Practices for Protecting Sensitive Data in AI Language ModelsNo ratings yet
