Internal auditors play a fundamental role in any business. They are responsible for examining a company’s internal processes, assessing the financial, strategic, and operational risks – including the risk of fraud – arising from business activities, and making recommendations for mitigating or avoiding these risks. To do this, they need to gather data and information on a wide range of topics from every single nook and cranny in the organization.
According to Thomas Bamberger, SAP’s chief audit executive, SAP Corporate Audit wants to play a decisive role in the industry by creating a state-of-the-art auditing service that provides advice on a proactive basis. To do this, SAP’s internal auditors are adopting various new approaches: For example, in April of this year, they began using the SAP Cloud for Sales solution as a basis for exchanging information within the team. Bamberger explains why: “We at Corporate Audit work in a very similar way to our colleagues in Sales, and we need an effective overview of our internal customer pipeline. So we started looking at how we could streamline our operations, particularly in terms of the tools we use.”
Cloud solution for sharing knowledge
The SAP Cloud for Sales solution enables the internal auditors to place the information they collect during their discussions with colleagues in different departments around the world in a single system that is accessible to the whole team. “Enabling effective knowledge-sharing was a major priority for us,” says Bamberger. “It is vital that everyone can see at a glance where discussions are taking place and what the current status is.”
Having this information available also means that auditors can prepare more effectively for upcoming discussions. For instance, after meeting with an IT manager in China, a member of the auditing team can use a notes to capture notes on audit-relevant topics. Another team member, who is busy preparing a meeting on the same topic in Walldorf, would see this update in their feed and could respond or invite others into the dialog to get all of the details they need. This social collaboration function of SAP Cloud for Sales increases the auditors’ awareness of what others are working on, and makes the team far more efficient.
A strategic role in the company
“When information is distributed in manually managed tables or notes, it is very difficult to find all the relevant data and analyze it,” says Bamberger. “Thanks to the cloud solution, our employees now have all the details they need to make the right decisions. And this is helping Corporate Audit assume a more strategic role in the company.”
Because data from various sources has been integrated in SAP Cloud for Sales, auditors are more effective, spending 30 % less time preparing for their discussions with internal customers. And because the solution synchronizes with Microsoft Outlook, calendar management is greatly simplified, reducing the administrative burden on the auditor.
Next page: Mobile app can be used on the move
A full-featured mobile app allows the team members to enter new information on their mobile devices right after the meetings, for example while on a train or waiting for a flight. They can use their travel time to answer questions from other auditors, and to read updates coming in via the feed function. By the time they are home, their reporting and administrative tasks are completed.
Implementing and configuring the solution
The process of implementing the new solution was very straightforward, too, says Bamberger. After a few brief induction workshops, the team had all the information it needed to configure the solution to fit their needs.
“With the mobile and social collaboration functions of SAP Cloud for Sales we can share information more easily”, says Bamberger. “And by reducing the time needed for administrative tasks, we can now better focus on our strategic function as a business advisor.”
We spoke to Thomas Bamberger, chief audit executive at SAP, about the strategic role of auditing:
You refer to creating a state-of-the-art auditing service. What exactly do you mean by that?
Thomas Bamberger: We see our role as that of a “business advisor.” This means that we need a clear understanding of how the company operates so that we can provide helpful advice to the different business areas. Ultimately, though, we want to ensure that our recommendations are implemented by the departments and that any issues we detect in the organization do not recur.
How can you achieve that?
To help us respond to the fast-moving SAP environment, we have adopted a dynamic audit plan. This means that we liaise closely with the risk management department, while also addressing process optimization topics and aligning with areas such as the process office.
Thanks to SAP Cloud for Sales, we have also established an “account management” approach. This means that each of us is obliged to conduct a certain number of discussions per quarter with the SAP departments that provide input for our audits and assessments. We then link up with global GRC risk management to weight the different topics. Based on these weightings, we add the new audits to the rolling audit plan and submit them to the executive board and the audit committee for approval. This enables us to respond quickly and flexibly to our rapidly changing environment.
Our regular work also involves conducting a large number of ad-hoc audits that are requested by employees through the audit request workflow. And we also receive ad-hoc requests from the executive board to examine particular topics.
Faced with this wide range of duties and responsibilities, we began thinking about what we could do to increase our efficiency without expanding our team. This involved taking a critical look at all of our tools and processes.
Next page: “SAP runs SAP”
How can IT support audits more effectively in the future?
From a product perspective, SAP Cloud for Sales has already given us a massive head start – simply by empowering us to work in a much more customer-centric and efficient way. In my view, it can be deployed in any scenario that involves managing information, such as compliance/governance, risk management, legal, auditing, security, and controlling. And you can link it up to the existing GRC solution very easily.
But what is equally important to me is our customer-centric approach of ‘SAP runs SAP’. By testing a homegrown solution and providing feedback to the developers, our team helps drive the continuous enhancement of our software for our customers.