Reduce Costs in Compliance Management with a Top-Down, Risk-Based Scoping Approach

  • by Frank Rambo, PhD, Director, Customer Solution Adoption (CSA), EMEA
  • April 11, 2010
With the requirement of identifying and assessing the design and operating effectiveness of internal controls many companies have ended up producing too much documentation and performing more testing, resulting in increased costs of compliance. Regulatory agencies such as the US Securities and Exchange Commission and the Public Company Accounting Oversight Board (PCAOB) encourage companies to focus on areas where there is the greatest risk that internal controls over financial reporting would fail to prevent or detect a material misstatement in the financial statements. SAP BusinessObjects Process Control 3.0 supports a top-down, risk-based scoping based on Audit Standard 5 by PCAOB. Learn how these scoping instruments work and provide a powerful scoping method when applied in combination.
Key Concept
SAP BusinessObjects Process Control 3.0 optimizes business operations and ensures compliance by centrally monitoring key controls for business processes and cross-enterprise IT systems. It effectively manages business control risks with an integrated solution for control design, documentation, and real-time monitoring to transform manual compliance activities into automated and facilitated control management processes. With its reporting framework and dashboards it increases confidence in control effectiveness by visualizing complex control environments, analyzing trends and patterns in control activity, and identifying gaps to optimize performance.

New general auditing standards such as Audit Standard 5 by the Public Company Accounting Oversight Board (PCAOB) help companies narrow down the number of controls in scope for testing. They can focus on areas with the highest compliance risk and save on costs for compliance testing. These controls include:

  • A top-down approach to planning the audit
  • Emphasis on the importance of auditing higher risk areas
  • A range of alternatives for auditors that addresses lower risk areas and a transparent methodology for calibrating the nature, timing, and extent of testing based on risk

SAP BusinessObjects Process Control 3.0 comes with instruments to efficiently scope your evaluations for the next audit cycle. Applied in combination they provide a powerful scoping method following a top-down risk based approach. In a nutshell, SAP BusinessObjects Process Control delivers the following scoping instruments (Figure 1):

  • Materiality analysis
  • Risk assessment
  • Control risk assessment
  • Testing strategy

Frank Rambo, PhD

Frank Rambo, PhD, is managing a team within SAP’s Customer Solution Adoption (CSA) organization working with customers in the SAP analytics area with the objective to drive adoption of new, innovative solutions. Prior to this position, he worked eight years for SAP Germany as a senior consultant focusing on SAP security and identity management. Before he joined SAP in 1999, Frank worked as a physicist in an international research team. He lives in Hamburg, Germany.

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.