Ever feel like you don’t get that much attention on your Process Controls for SAP?
Every SAP Auditor wants more attention to Compliance.
After all, that’s the goal of the SAP Auditor, right?
The problem is, it can be difficult to configure process control monitoring unless you know exactly what to do.
The trick sounds simple: You should Automate monitoring your Process Controls in SAP to alert you when there is a violation.
In reality, there’s more to it than that, but that’s the basic idea — Monitoring your Process Controls.
The way you Monitor your Business Process in SAP is not super obvious by any means. So, don’t beat yourself up for not “doing it right.”
I’m going to show you what are the different Process Controls around master data in SAP.
Just an easy process that gets results.
Let’s jump right in.
Controls over the vendor list should do with ensuring that all vendors are valid and approved. A company should establish a Vendor Management Policy that should cover approval of vendors, approval authority matrix, contract approval review controls and any other policy controls over procurement in general.
Only one person should be allowed to create a new vendor. Vendors should be evaluated for related party relationships and marriages between your firm and theirs. Many times sales people are married to their best client’s senior managers or directors and profit by the level of commissions their spouses earn on the sales. This happens in consulting firms but can happen in other companies as well.
The vendor list is easy to review. If you are looking for employee fraud you might try comparing payroll direct deposit accounts to the vendor ACH accounts. Sometimes they are the same due to employee fraud.
One major company I know of inactivates all vendors at the end of the year and reactivates them only as payments are made, each is reviewed for validity.
Vendors with similar names are suspect. Vendors that do not answer their phones are suspect…the list goes on.
- Detect duplicate payments made to the vendor
To monitor and control vendor payments to avoid financial losses and fraud.
Making payments two times for same purchase may result in excess cash outflow, irrecoverable debts and fraudulent transactions.
- Detect large outgoing payments made to vendors in last 60 days
Monitor and control unusual or exceptional payments, which helps in avoiding financial losses and fraud.
Payment of large amounts made to parties inappropriately may make an organization vulnerable to fraud and financial losses. Inappropriate payments of large amounts may result in excess cash outflow, financial losses and fraudulent transactions.
- Detect payments made without invoice reference
Ensure appropriate financial and internal controls for monitoring payments and their processing.
Payments made without invoice reference may expose the organization to potential fraud. Lack of an audit trail on the payments made to vendors may lead to fraudulent payments.
- Detect vendors who are also our customers and the ‘Clearing with Customers’ setting is not activated
Receivables should be offset against the payables from vendor and only the net amount should be paid.
Where customer and vendor are same entities and vendor payments are netted off against customer receivables, it may result in a lost opportunity of employing the cash resources and maximizing returns on cash. Further, outstanding customer receivables always carries risk of bad-debts cost.
- Detect changes made to any of the material master record baseline attributes
To ensure that the changes made to the material master records are reviewed to prevent adverse impact on procurement of materials to support production and order fulfillment.
The material master record is a company’s main source of material specific data. The information stored in material master record is used for purchasing, inventory management, material planning and invoice verification. Any unauthorized or improper changes made to material master record may affect material planning or material procurement to support production and order fulfillment.
- Detect changes made to any of the number range interval baseline attributes
To ensure that the changes made to the number range interval are reviewed to avoid data integrity issues and transaction processing issues.
Number range intervals are assigned for every master data as well as document types for transaction processing. The number range can be external or internal number assignment. Any unauthorized or improper changes made to the number range interval may result in incorrect number assignments which may create problems for transaction processing and data integrity issues.
- Detect changes made to any of the vendor master record baseline attributes
To ensure that the changes made to the vendor master records are reviewed to prevent adverse impact on material procurement and payment transactions.
In accounting, the vendor is regarded as company’s business partner. The vendor master record is therefore maintained by accounting & purchasing. The vendor master record contains information like address, bank details, payment terms etc. Any unauthorized or improper changes made to vendor master record may affect material procurement & payment transactions.
- Detect changes made to any of the vendor payment term baseline attributes
To ensure that the changes made to the vendor payment terms are reviewed so as enforce control on vendor payment transactions.
Vendor payment term is composition of cash discount percentage & payment period. Based on payment terms payments are made to the vendor. Any unauthorized or improper changes made to vendor payment term may increase the risk of fraudulent transactions and financial loss.
- Detect duplicate vendor invoices
To ensure that Invoice is recorded only once to avoid duplicate payments or inflated purchases.
Duplicate invoices may result in inflated purchases or excess payment to vendor. Such invoices may lead to financial losses and excess cash outflow.
- Detect duplicate vendor tax number
To ensure that the vendor tax number is unique, to maintain data integrity and eliminate the need for extra maintenance of data.
Duplicate vendor tax number may cause data integrity issues.
- Detect vendors to whom dunning procedure is not defined
To ensure the automatic payment reminder are sent to the vendors for the amount outstanding for payment, dunning procedure should be defined to vendor.
As dunning procedure sends the automatic reminder for payments to the vendors for the outstanding amount due for payment, follow up activity is taken care off. If dunning procedure is not defined to vendors’ account manual follow up should be done for the amount due regularly.
Detect duplicate vendor master records Streamline master data records and eliminate the need for extra maintenance. Eliminate confusion and the potential possibility of incorrect invoice payments.
Duplicate Vendor Master Records for the same vendor may cause data integrity issues which can adversely affect orders and payments. The vendor relationship may be affected due to data integrity issues. The possibility of duplicate orders and invoices being entered may increase chances of fraud.
- Detect employees and vendors with same address
Avoid fraudulent and inappropriate payments being made to vendor-employee that could result in financial loss.
Employees who are also vendors may adversely affect financial transaction, employee integrity and internal controls. Business transactions with employees being vendors may result in weakening of internal controls. Undue influence may also result in inappropriate payments and thereby expose the organization to a greater risk of fraud.
- Detect missing data in vendor master records
Ensure proper processing of Vendor Master Record data and continuous updating of records.
Accurate and complete master records are key control for governing transactions such as payments and ordering, which use this data. Missing or incorrect data may lead to problems such as inaccurate orders and inaccurate payments, which may have a negative impact on financial statements. Incomplete information on vendors may cause problems in payments and vendor relationships, e.g. mailing information to the wrong address, sending payments to wrong bank account, and delayed payments etc.
- Detect one time vendor master records
One time vendor master records are reviewed on regular basis in order to ensure proper control and adherence to purchasing policies.
One time vendor account are those vendors with whom you only conduct business once or rarely are recorded. Transactions processed on one time vendor should be reviewed on regular basis in order to ensure proper control on the purchasing policies.
15.Detect vendor master records blocked for payment
Vendors blocked for payment should be reviewed to ensure application of propriety principle.
Inappropriate blocking of vendors may lead to delay in vendor payments and affect your vendor relationship. Not paying vendors on time would adversely affect vendor relationship and organization image. This could also result in missed early payment discounts.
16 Detect vendor master records marked for deletion but not blocked for posting
Prevent underperforming vendors from being used longer than needed or required.
Vendors marked for deletion and not blocked may represent a control risk since orders could continue to be placed against these vendors. This typically happens when the vendor has not completely delivered on your order. Vendors marked for deletion should not be used. Allowing orders to continue to be placed with such vendors may result in continued procurement problems.
17 Detect vendor master records with ‘Double invoice flag’ turned OFF
Ensure accuracy of payments to reduce problems with cash flow, thereby improving profitability and reducing the possibility of fraud.
SAP automatically checks for the entry of duplicate invoices based on a collection of fields. If this flag is not turned ON, then it is possible to enter duplicate invoices without any notification or warning. Duplicate invoices lead to over payments for goods and services. Over payments affects profitability, cash flow and the balance sheet.
18 Detect vendor master records with evaluated receipt settlement activated
Close monitoring of the goods receipts and system generated invoices for the vendors to whom Evaluated receipt settlement is essential to ensure proper control on vendors and prevent fraud.
Evaluated receipt settlement involves an agreement between the vendor and the buying company that the former does not issue invoices for purchasing transactions. Instead, the invoice document is posted automatically in the buying company’s system based on data from the PO and goods receipts. Goods receipt and system generated invoices should be monitored regularly to avoid making excess or wrong payments to the vendor.
19 Detect vendor master records with no payment methods defined
Ensure proper processing of procurement transactions, optimization of funds management and improved vendor relationships.
If a payment method is not assigned, it may lead to inaccurate payments, adverse cash flow management, delay in payments to vendors and run the risk of over or under payment. If a payment method for vendors is not defined, then it may cause problems in payments, financial statements and vend
There are several controls, but most critical are to limit those able to modify [add, change, delete, block for payment, etc.] the master file and establishing a process to “suspend” or park al such changes for acceptance/approval by a designated manager. Appropriate documentation standards for each type of change need to be established and reviewed by the approving manager. We require all new US or Canadian vendors to be “verified” as acknowledged by US and Canadian services that will acknowledge a name and identification combination as in agreement with their records…or not in agreement