We did an article the other day, and if you go into LinkedIn group, you can see it. And the article is basically saying like, you know, why would an auditor even extract data? So just before we get into the actual tools, I’m just going to talk a little bit about why would you bother? Here we say that when we extract data, it requires SAP data accounting skills. So it requires extra effort to get that data and to actually analyse I often get arguments, people telling me why they would not do SAP data extraction, why the auditors don’t need to actually do these things.
And these are the main arguments that I get. Auditors tend to tell me like, OK, we don’t use data analytics because actually we are doing more of a sampling and cooperative enquiry approach, because we are validating internal controls. And so based on that, what I would say is, OK, that’s that’s good, right? You’re going to do you’re going to interview people, you’re going to do sampling and you get a good idea of the internal controls that are in place and whether or not they are operating effectively.
And this is the Sarbanes-Oxley approach, right? Everyone’s been doing that for the last 10 years. But these days, what we tend to see is actually the auditees, they know about that. They know that we’re going to do this kind of walkthrough and things like that.
And if there is an issue and the auditor is aware of it, so maybe they are head of purchasing or something, they’re aware they have an issue because they have a supplier that’s their best friend or their brother, like we say in the article, then they’re probably not going to let you see that information. OK, so but actually, that’s the second point. The first point is, if you’re only doing sampling and you’re only doing cooperative enquiry and talking to people, then you’re going to have to be really lucky to actually see what’s going on.
And the second thing is, it’s really hard to get a holistic viewpoint of what the risk is in the entire entity because you’re going into those really detailed transactions and you’re looking at those really in detail, but you don’t get a whole holistic viewpoint of everything that’s going on and all the totals of the different types of scenarios that are happening in the entity. So, for example, the pricing, what’s the range of prices for a particular material that’s critical for you? Can you see that if you’re only doing sampling? No, you can’t. So you don’t get a real holistic viewpoint of the risk in the entity.
And then the second idea that a lot of auditors come up with for me, and this time really recently, I was trying to convince an auditor to use our dashboards and they don’t want to use them. And basically, they were saying, no, no, no, because we have the Excel reports that are provided by the entity and those Excel reports provided by the entity are not looking exactly the same as the dashboard. So we prefer to use the Excel report provided by the entity.
And this is really a shame for us because we’re like, yeah, but maybe those Excel reports provided by the entity are not complete, right? How do we know if they’re complete? But the thing is, it goes back to the skills, but it also goes back to efficiency and the estimation of the time because it really does, to be honest, it takes longer if you’re using data. It’s not quicker, right? And people don’t tend to have a lot of time. So they pressure with the time and they have a doubt because the entity is saying, no, those are not the figures that we’ve got.
We’ve got these Excel reports. And so the auditor is like, oh, I don’t have time. I don’t understand all this stuff about SAP and I haven’t got time to get into it. So I’m just going to use the reports from the entity. And when that happens, there is just a risk that entity is not going to give you everything. And we went back and we had to prove that dashboards are correct, obviously, because we want to make sure that they’re going to believe us next time.
And we proved that they’re correct. But by that time, it’s gone. The audit is over and that’s it.
So if the entity has something to hide, they’re obviously not going to put that in the Excel report that they give you. And it might be they’re not specifically hiding something. It can also just be misunderstanding because maybe they classify things in different ways or maybe they think you’re only interested in certain parts of the business.
And if you don’t, as an auditor, have a really clear understanding of the business to challenge that, then it’s hard. So you get a small piece of the picture without actually realising that that’s only a small piece. So that’s the reason a lot of auditors say to me that they just want to use the Excel reports.
Then the other thing, a few months ago, we were talking to some finance directors and they were saying, yeah, but you know, we don’t need to get data out of SAP because we can just use SAP transaction codes. And pretty much everything you need to know is in the SAP transaction codes. So if you’ve got customised SAP transaction codes, there’s always a risk, obviously, that they might not be accurate because a customised transaction code is something that’s written by an ABAP team.
And they make that SAP transaction code for you specifically. And if you’re using a standard SAP transaction code, then you don’t always get all the information that you need in an efficient way. We did about the 11 SAP transaction codes, like the most important SAP transaction codes.
And in that one, we were talking about FBL3N. And FBL3N helps you to have like download of all the transactions per general account, for example. Or SE16 helps you to get the table. But if you’re in ECC, then it’s really hard to join tables together. And if you’re only using FBL3N, you only get the information about that one account and you don’t get the counterparty information. So you don’t actually see what that journal entry is really about. You only see, OK, there was an account, it got changed, it got debit or credit or something. But what was actually the counterparty for? It’s like when we say, oh, I can see the suppliers, the FBL1N. I can see the supplier accounts and everything that’s happened to the suppliers.
And I can see that it’s been debited or credited. And I can see document type and stuff like that. And if a supplier account is debited, normally it means that it’s a payment, but not always because it depends what the counterparty account was, depends what the journal entry was and stuff like that.
So you can use SAP transaction codes, but it’s actually going to be maybe not so flexible. It takes you a lot longer to get the information together that you want. So when we extract data, the main reason we’re going to extract data is because we want to have an independent objective check.
As an auditor, we’re supposed to, right? We go in there and we’re going to do an audit and we want to make sure it’s independent and objective. Like we need to be friendly and we need to be politically correct and everything. We should maybe step back sometimes and think, are we being a little bit too politically correct? And letting that get in the way of our independent objective viewpoint, right? Because if we just accept everything people tell us, then we may be not having a very efficient audit going on.
And depending where you’re doing your audit, how far away the entry is, they might be a company that you just bought, right? It could be a new subsidiary that’s being bought out by your group and stuff like that. So all of these things are quite important. Sometimes it can be even more important to make sure that we get an independent objective check.
When we get the SAP data, when we have access to get whatever data we want, then we can be more flexible. Like we don’t have to only rely on the Excel reports that auditee decides to give us. If we get the data ourselves out of SAP, then we can be more flexible and we can also make analysis as much as we want, including analysing journal entries, which is what we looked at last time.
© 2024 All rights reserved