industry :  Multiple industries

mark, marker, hand

SAP SOD on P2P process document flow

This worksheet will be used in our Thursday 22nd July virtual event, where we will do a hands-on practical exercise to check for Separation Of Duties issues in the Purchase To Pay document flow in SAP systems. When we check for SOD issues in a document flow, we not only look at risks relating to who has access to what; but we look at who has actually done what during the period. But even more than that, when we look at a document flow, we can see risks relating to specific documents in terms of user access. For example, I create a purchase order, and then I create a goods receipt for that purchase order and then I create an invoice for that goods receipt, and even the payment for the invoice. When we identify such cases, we are identifying risks that are much more “real” than only looking at who has a separation of duties conflict based on their access.

startup, meeting, brainstorming

Excel model to compute who has violated user access (based on the general ledger)

This spreadsheet is the first practical exercise in our virtual event on Thursday July 22nd: “Segregation of Duties Audit in SAP”.

In this spreadsheet we see the methodology followed in order to check who has violated user access, based on the general ledger header table.

Normally, this process would be done in a data mining tool (ACL, IDEA, SQL, Alteryx, QLIK), however, here we show it in Excel, for the purpose of understanding the process and to help those of you that don’t have access to any of the above tools.

questions, board, blackboard

Internal Controls Questionnaire

The internal control questionnaire (ICQ) includes questions that auditors can use to evaluate a company’s internal controls. This document helps internal and external auditors determine whether a company complies with the internal control system requirements standards.

Create Free Account

Contact us