SAP GRC - Audit Universe

Audit Universe contains audit entities which can be classified as business units, lines of business or departments. Audit entities define the audit planning strategy and these can be linked to Process Control and Risk Management to find risks, controls, etc.

Create an Auditable Entity

Let us now understand how to create an auditable enity.

Step 1 − Go to /nwbc option at the top to open Work Centers

Option at Top

Step 2 − In SAP NetWeaver Business Client, go to IAM Work Center.

Audit Management Tab

Step 3 − Navigate to Internal Audit Management → Audit Universe

Step 4 − Click on Create button and go to General tab.

Step 5 − Enter the following details for auditable entity −

  • Name
  • Description
  • Type
  • Status
  • Notes to add any additional information

Step 6 − Go to Audit Plan tab to view audit proposals and audit plan proposals with the transfer date.

Step 7 − Select the attachments and links tab to add any type of files or links.

Step 8 − When you enter the required details, you can select from the following options −

  • Select Save to save the entity.
  • Select Close to exit without saving.

SAP Process Control — Audit Risk Rating

Audit Risk rating is used to define the criteria for an organization to find risk rating and establish ranking for risk rating. Each auditable entity is rated as per management feedback in ARR. You can use ARR to perform the following functions −

  • You can find the set of auditable entities and risk factors.

  • Define and evaluate risk scores for risk factor in each auditable entity.

  • As per risk score, you can rate the auditable entity.

  • You can also generate an audit plan from ARR by comparing risk scores for different auditable entities. In addition to this, you can select the high risk score auditable entities and generate audit proposal and audit plan proposal.

Create an Audit Risk Rating

Let us now understand the steps to create an Audit Risk Rating

Step 1 − In SAP NetWeaver Business Client, go to IAM Work Center.

Audit Management Tab

Step 2 − Navigate to Internal Audit Management → Audit Risk Rating → Create

Step 3 − In General tab, enter the following details −

  • Name
  • Description
  • Valid from
  • Valid to
  • Responsible person
  • Status

Step 4 − Go to Auditable Entities and click Add button to choose from auditable entities.

Step 5 − Go to Risk Factor tab, and select ARR risk factor. Select Add to add a risk factor → OK.

Step 6 − Go to Risk Scores tab, select entity and input risk scores on risk factor table. Click Calculate button to view average score. Go to Risk level and risk priority column to enter the details.

Go to Audit Plan Proposal tab, to ensure that you are creating an audit plan proposal. Select export to create an excel spreadsheet to view information in table form for your ARR.

Select Save button to save audit risk rating for auditable entity.