use of caats at daikin europe

Use of CAATT’s at Daikin Europe

Erik Claes

•About Daikin Europe N.V.•Why start data analytics in audit?•How we got started•The flow of data•Tools used•SAP data extraction ; Why keep a copy?•Issues with data•Creating a process for requesting data•Example of a script•Cases

} Daikin is the largest A/c manufacturer in the world with 15 billion USD in turnover.

} Japanese company based in Osaka, Japan} Over 50.000 employees worldwide} Daikin Europe N.V. is headquartered in

Brussels and covers EMEA region} In Europe: 5 production facilities, 17 affiliated

companies, five sales offices and a whole network of independent distributors.

} Sampling does not provide sufficient assurance

} Ask more specific questions about an exception

} Cannot cover everything with small audit dept} Stories about duplicate payments recovering

millions of Euros} More automation on sampling (where full

testing cannot be done)

} Used MS Access in 2004 to compare some tables

} Found Access not sufficient and moved to ACL} Used external company to get standard scripts

(e.g. duplicate payments)} Mixed feelings

◦ Recovered 70K over a period of 3 years◦ Internal controls are working well

} Took about 2 months to get results for duplicate payments

} Credit control scripts were created} Started with downloading data from SAP more

frequently for analysis} More usage…

(SAP) Database

Extractor

Local copy

Analysis Scripts

Reports• Audit use

} Connection to SAP (e.g. login / password, RFC)} Extraction: DAB Exporter} Analytics scripts (both development and

execution) - Arbutus Analyser} Data format: Flat CSV files. Naming convention

is based on the SAP table names.} Reports: Arbutus format and Excel} Audit Management: Vision

} Getting data from SAP tables} Number and size was a big issue

◦ Which ones to take◦ Which fields to choose◦ How many records to download and how frequently◦ Are records updated in SAP or not (e.g. difference

between CD tables and other tables)

} Extraction using a tool called DAB Exporter} Slice generation, Formatting, archiving is done

through scripting in Arbutus (similar to ACL)} Size of disk issue – nearly 2 TB now} Achieving automatic downloads was a goal in

itself.} Data slices are automatically downloaded

every month} Time period to stabilise this took over a year

} Reading tables takes a lot of I/O (input/output)

} I/O on the server will affect business users} Daikin IT intends to implement archiving of

data older than 3 years of age.

} Extraction time is large} Only incremental extracts (monthly deltas)} No capability to roll back; } Regular tables have to be downloaded for long

time ranges (Current FY and two previous FY)} Flat files have no indexes} Speed of data access is slow because of large

volume (nearly 2 TB)

} Many aspects to think of even before starting to pull data◦ Which tables◦ Which fields◦ What are the “other” possibilities within the business

process◦ What do I want to see as a result (which tables and fields)◦ How to test the result I get

} Naming conventions used◦ Filing data requests◦ Result file names◦ Script names

} Example of a Data Request template

Request Information Name of audit: Category/chapter Requestor name: A similar request exists (also in SAP interesting transactions)?

Yes/no

Title of the request Period for data Company code Other filters Objective Control / Workplan step to be attached to

Output fields/columns that are mandatory: [order of fields may also be mentioned]

Additional information Does this have to be repeated

yes/no

Type of result Exception list/ sample (Population) Rollout for self-assessment

yes/no

Target date (only add dates do not delete)

Result Information

Name of analyser John Process Source files/tables Script Result files Result Location How long it will take Time taken for the request

Change log

-

Sign Off Accepted / stopped / rejected: explain Name and Date: To be completed by requestor

Template update: 28.08.2014

} To find accounting postings that were done in a closed period

} The result files} The script

◦ The period definition file in Excel◦ The steps inside◦ Split the file◦ Clean up and close

} Find people who are not authorised to change credit data for customers

} Extract all the changes to credit data (CDPOS and CDHDR tables with Object Class as ‘KLIM’)

} Extract all the people who made these changes} Extract people who are authorised to make

credit data changes (AGR_USERS table filter using the term “CREDIT”)

} Join the people who made changes with the authorised people (unmatched)

} Split the file by country code and move to required folder

} Manual postings are those that are not done via an automatic batch run

} Only took P/L accounts} Asked IT to identify manual postings à look

for records with “RFBU”. } Later found manual postings without “RFBU”} Looked at time stamps (for a particular user

and company code) : 1 second rule for automatic postings

} Removal of postings to G/L accounts with automatic flag

} Number of records is around 1.5 million} Removal of “not relevant” transactions by

manual selection} A few thousands per company} Refinement still in progress!

• Questions?• You may mail me at claes.e@daikineurope.com