

SAP SOD on P2P Process Document Flow
This worksheet shared by Claire Worledge was used in the virtual event “Segregation of Duties Audits in SAP”, where we did hands-on practical exercises to check for Separation Of Duties issues in the Purchase To Pay document flow in SAP systems. When we check for SOD issues in a document flow, we not only look at risks relating to who has access to what; but we look at who has actually done what during the period. But even more than that, when we look at a document flow, we can see risks relating to specific documents in terms of user access. For example, I create a purchase order, and then I create a goods receipt for that purchase order and then I create an invoice for that goods receipt, and even the payment for the invoice. When we identify such cases, we are identifying risks that are much more “real” than only looking at who has a separation of duties conflict based on their access.