Definition and Prototype Design of a Certification Audit Tool Framework using the Example of SAP AG

Definition and Prototype Design of a Certification Audit Tool Framework using the Example of SAP AG

The local markets are extremely competitive and focus on quality, information security and corporate continuity as key success factors. In order to guarantee these, many enterprises apply management systems. This general term refers to the collectivity of specific management systems that are connected (e.g. quality management systems, information security management systems, corporate continuity management systems). The focus of these systems is upon the implementation of the intra-corporate policies and goals.

By means of certifications which are asked for by several clients and business partners, enterprises can provide evidence for a certain standard of particular management systems. In this connection it is necessary to meet the demands of certain international standards such as ISO 9001 within audits that are conducted by external partners. At the same time internal audits are conducted within a shorter cycle in order to be able to determine potential deviations at an early stage. 

Due to company takeovers, several international enterprises have at their disposal management systems of similar type. The challenge is an increase of the complexity of management systems that occurs due to a critical number of systems. Herefrom inevitably results the redundancy of processes such as the internal audit process. The discipline of “process harmonization” offers methods and theories to standardize the different process variations. By means of a harmonized process map the complexity can be diminished and the efficiency can be increased. The object of investigation is the transformation of the methods of process harmonization into a holistic management system harmonization, using the example of SAP AG.

In the first instance, the theoretical analysis of the approach to process harmonization takes place. On this basis the implementation is focused. At this connection, especially the applicability and the technical implementation of the theoretical approaches are analyzed. The internal audit process and the consolidation of the subsequent “Corrective and Preventive Actions” (CAPA) are in the focus. The internal audit process is used as a reference process for process harmonization since it is a central component of different ISO standards. For this reason exist  different process variations in several management systems (see figure). 

The goal of this undertaking is the establishment of a requirement analysis for a consistent internal Audit Tool Framework as well as the construction of a prototype (“CAPA Consolidation Tool”) for the  consolidation of the CAPAs. In the course of the development of the Audit Tool Framework, the following key milestones have to be pursued:

  • Establishment of a model of a holistic internal audit process according to the audit standards ISO 19011
  • Creation of a catalogue of applications on the basis of the already defined internal audit process
  • Accomplishment of a requirement analysis for the Audit Tool Framework
  • Tool discussion and a tool selection for the Audit Tool Framework
  • Development of a prototype for the consolidation of the CAPA

Based on the concept of process harmonization, methods and findings for a management system harmonization are meant to be derived. Thus, a first step to the establishment of a holistic and harmonized solution is being constituted.