Professional Documents
Culture Documents
Audit Trail Analysis in SAP R3 System
Audit Trail Analysis in SAP R3 System
Objectives Deductive fraud auditing vendor fraud Introduction to audit trail analysis Role-based access control in SAP R/3 Audit trails in SAP R/3 Fraud detection methodology
-3 SAP AG 2006
-4 SAP AG 2006
-5 SAP AG 2006
-6 SAP AG 2006
Deductive Fraud Auditing Overview: Understanding the business or operations. Performing a risk analysis to identify the types of frauds that can occur. Deducing the symptoms that the most likely frauds would generate. Using computer software to search for these symptoms. Investigating suspect transactions.
SAP AG 2006
Audit trails are daily records of significant events. These may be retained on-line for a period, before being archived. They incur significant overheads. Some reporting facilities may be provided. Audit trail analysis is ex-post analysis of user activity.
SAP AG 2006
SAP AG 2006
SAP AG 2006
SAP R/3: Security Audit Log Audit records have these fields:
Date Time Client. User-id. Transaction code. Terminal name. Message ID. Message text.
SAP AG 2006
SAP AG 2006
Extracting data using the Data Dictionary: Use transaction code SE16. Enter the table name and click Display. Utilities > Table Contents > Display. Restrict the extracted fields using Settings > List Format > Choose Fields. Deselect all fields and tick the required fields. Enter selection values e.g. BUKRS and GJAHR. Check Number of Entries Default limit is 500.Set the Max. No. Hits. Execute. Save your output as a spreadsheet or text file.
SAP AG 2006
SAP AG 2006
Fraud Detection Methodology If the user HACKERW would be identified as a potential suspect. Identification of which vendors were involved and analysis of the financial impact of these transactions requires data extraction from appropriate audit trails. 2. Automated extraction and analysis of data from audit trails to provide documentation of user actions. Requires: Routine extraction of master record changes and accounting audit trails, as a foundation for further analyses of suspect behaviour for the set of chosen fraud schemes.
SAP AG 2006
SAP AG 2006
Summary
Audit trails provide a rich source of data for proactive fraud detection. Must deduce likely symptoms in target system, and proactively search for them. Feasible to extend methodology to anomaly detection, highlighting changes in user behaviour which may also signal potential fraud.
SAP AG 2006