Objectives of Audit Trail
•Deductive fraud auditing –vendor fraud
•Introduction to audit trail analysis
•Role-based access control in SAP R/3
•Audit trails in SAP R/3
•Fraud detection methodology
Deductive Fraud Auditing
–Understanding the business or operations.
–Performing a risk analysis to identify the types of frauds that can occur.
–Deducing the symptoms that the most likely frauds would generate.
–Using computer software to search for these symptoms.
–Investigating suspect transactions.
Audit Trail Analysis
•Audit trails are daily records of significant events.
•These may be retained on-line for a period, before being archived.
•They incur significant overheads.
•Some reporting facilities may be provided.
•Audit trail analysis is ex-post analysis of user activity.
Purposes of audit trail analysis:
–Review of patterns of access.
Examine history of access by individual users or groups of users, showing actions performed or attempted. Audit trails also can report which users have performed specific functions, such as changes to vendor master records or the entry of vendor invoices. Analysis of audit trails may also reveal limitations in the organization’s security model and its implementation.
–Review of changes in security.
Changes made to the security of the system can be reviewed periodically by an independent person for authorisation and integrity.
–Review of attempts to by-pass security.
Audit trails may be reviewed for attempts and repeated attempts by users and intruders to perform unauthorised functions.
–Deterrent against attempts to bypass security.
Users should be aware of the existence of audit trail analysis and its use to detect attempts to bypass security.
Audit trails can be used to detect potential fraud by searching for red flags. The actions of users who are potential suspects can be reported and analysed to facilitate investigation for actual fraud.
Audit records have these fields:
• The T-Code for Audit Trail is AUT10
•Audit trails provide a rich source of data for proactive fraud detection.
•Must deduce likely symptoms in target system, and proactively search for them.
•Feasible to extend methodology to anomaly detection, highlighting changes in user behaviour which may also signal potential fraud.