Select Page

SAP Segregation of Duties (SOD) Matrix with Risk

SAP Segregation of Duties (SOD) Matrix with Risk
Segregation of duties (SOD) [aka Separation of duties] is the concept of having more than one person required to complete a task. In business, the separation by sharing of more than one individual in one single task is an internal control intended to prevent fraud and error. ~ Wikipedia Since SAP is a vast ERP which encompasses many business functions, understanding risks arising out of not segregating duties is important which conducting System Audit as well as Statutory or Internal Audit. Below table lists down all SODs in SAP which I have come across in my career. I have tried my best to provide risk/explanation for every SOD in SAP Matrix.
I have removed the sidebar in this article so that table has enough space to show all columns. If you are reading this article on a mobile device, it’s recommended you view it on a PC. There is a search box on right corner which searches within table.
ProcessRole / Function 1Role / Function 2Risk
FinanceExcise Master MaintenanceProcess Excise InvoicesMaster data maintenenace should be segregated from transaction processing. There is a risk that user may maintain inappropriate excise masters and process excise invoices using the same leading to incorrect excise value and regulatory issues.
FinanceExcise Master MaintenanceCancel Excise InvoicesMaster data maintenance should be segregated from transaction processing
FinanceExcise Master MaintenanceMaintain Excise RegistersMaster data maintenenace should be segregated from transaction processing. There is a risk that user with excise register update access may maintain inappropriate excise masters resulting into inappropriate excise calculations in excise registers and regulatory issues.
FinanceProcess Excise InvoicesCancel Excise InvoicesThere is a risk that user may create inappropriate excise invoices and further cancels the same resulting into redundant excise transactions and bypass of internal controls. Access to cancel excise invoices should be provided only to limited and authorized users.
FinanceProcess Excise InvoicesExcise AdjustmentThe users can process the excise invoices and further perform excise adjustments leading to unauthorized changes to the excise calculation and regulatory issues.
FinanceExcise Master MaintenanceExcise AdjustmentMaster data maintenenace should be segregated from transaction processing. There is a risk that user may maintain inappropriate excise masters and perform excise adjustments using the same leading to incorrect excise value and regulatory issues.
FinanceMaintain Excise RegistersExcise AdjustmentExcise adjustment access should be segregated from excise registers maintenenace. There is a risk that user with excise register update access may inappropriately perform excise adjustments resulting into inappropriate excise calculations in excise registers and regulatory issues.
FinancePost Journal EntryMaintain GL Master DataMaintain fictitious GL account & hide activity via postings.The financial statements may be inaccurate due to inappropriate journal entries posted. An individual could potentially create a fictitious GL account to hide fraudulent activity via posting entries.
FinanceMaintain Cost CentersCost Transfer ProcessingAlter a cost center and process unauthorized cost transfers.Allowing a user to create maintain cost centers (Master Data) and process CO transactions may result in unauthorized or inaccurate CO postings, materially inaccurate management reports.Risk in MIS reporting / Inaccurate actual costs figures
FinanceMaintain Cost CentersRevenue RepostingAlter a cost center and process unauthorized revenue entries.Allowing a user to create maintain cost centers (Master Data) and process CO transactions may result in unauthorized or inaccurate CO postings, materially inaccurate management reports, improper allocation of costs and profits and invalid journal entries.Risk in MIS reporting / Inaccurate actual costs figures
FinanceMaintain CC or CE GroupsPost Journal EntryManipulate CC reports to hide inappropriate journal entries.Risk in MIS reporting, Inaccurate figures in various reports where CC & CE groups are used to extract reports. Journal entry figures may not be reported at all.
FinanceAP PaymentsMaintain Bank Master DataMaintain bank account and post a payment from it.User can create a fictitious bank account and make payments from it.user is in position to misappropriate the funds or in position to perform the transactions in the system which may result into potential opportunity of financial fraud.
FinanceProcess Vendor InvoicesMaintain Asset DocumentUnauthorized payment to a vendor and subsequent adjustment through asset documentation.A user can pay an invoice and hide it as an asset that will be depreciated over time.
FinanceMaintain Asset DocumentGoods Receipts to POUn-authorized maintenance and modification of the asset master and receipt of goods against the same
FinanceCash ApplicationBank ReconciliationHide cash deposited and cash collections differences.A user can allows differences between cash deposited and cash collections posted to be covered up.
FinanceMaintain Cost Center DistributionsPost Journal EntryManipulate CC reports to hide inappropriate journal entries.Possible to pass inappropriate journal entries to a cost center and exclude the same from distribution cycle thereby not allocating the costs of the journal entry to other cost centers.
FinanceMaintain Cost Center DistributionsExecute Cost Center DistributionsAllocate costs to unauthorized cost centers.A user can allocate costs to unauthorized cost centers thereby distorting financial reporting.Cost allocation to inappropriate cost centers or cost allocation as per inappropriate ratios.
FinanceMaintain Internal CO OrderInternal Order SettlementSettle expenses from an unauthorized order.Allowing a user to create maintain internal orders (Master data) and settle orders may result in unauthorized or inaccurate settlements, materially inaccurate management reports, improper allocation of costs and profits and invalid journal entries.The settlement receivers / percentage of costs can be changed to settle an incorrect amount or to an incorrect receiver.
FinanceActivity AllocationMaintain Activity TypesUnauthorized Alteration of activity type used for cost allocation purposes.A user can alter an activity type used for cost allocation purposes with fictitious data, thereby distorting the cost allocation process.Use an inappropriate activity type for cost allocation and reporting the same under different secondary cost element than intended.
FinanceMaintain Asset DocumentMaintain Asset MasterMaintain asset and capitalize or add un-authorized costs to master record.User can create a fictitious asset master record and inappropriately make entries in it.A user can incorrectly capitalize the overheads or writes off the assets which can be further misappropriated.
FinanceMaintain Asset MasterGoods Receipts to POMaintain an asset and manipulate the receipt of the asset.A user can create an invoice through ERS goods receipt and hide it in an asset that would be depreciated over time.
FinanceCash ApplicationMaintain Bank Master DataMaintain bank account and divert incoming payments.User can create a fictitious bank account and make payments from it.A user is in position to misappropriate the funds or in position to perform the transactions in the system which may result into potential opportunity of financial fraud.
FinanceMaintain Posting PeriodsPost Journal EntryOpen closed periods and inappropriately post entries.The financial statements may be misstated due to inaccurate cut off dates. A user may potentially post entries to previous periods to meet expected internal financial targets.
FinanceAP PaymentsMaintain Posting PeriodsOpen closed periods and post payments after month end User can open previously closed accounting periods and inappropriately post payments after month end.A user can post a post dated or future dated entries in the system, or manipulate the past financial statements.
FinanceCash ApplicationMaintain Posting PeriodsOpen closed periods previously enter incoming payments.User can open accounting periods previously closed and enter incoming payments after month end reporting.user can post a post dated or future dated entries in the system, or manipulate the past financial statements.
FinanceMaintain Posting PeriodsGoods MovementsOpen closed period & receive or issue goods after month end.User can open previously closed accounting periods and inappropriately receive or issue goods after month end.user can post a post dated or future dated entries in the system, or manipulate the past financial statements.
FinanceMaintain GL Master DataPost Journal Entry (misc Tax/Currency)Maintain fictitious GL account & hide activity via currency or tax postings.An individual could potentially create a fictitious GL account to hide fraudulent activity via posting entries.
FinanceMaintain CC or CE GroupsPost Journal Entry (misc Tax/Currency)Manipulate cc reports to hide inappropriate tax or currency entries.A user can manipulate cost center reports to hide inappropriate miscellaneous journal entry postings.
FinanceMaintain Posting PeriodsPost Journal Entry (misc Tax/Currency)Open closed periods and inappropriately post currency or tax entries.A user can Open previously closed accounting periods and inappropriately post tax and currency journal entries after month end.
FinanceManual Check ProcessingMaintain Bank Master DataMaintain un-authorized bank accounts and create manual checks against it.A user can Create a non bona-fide bank account and create manual checks from it
FinanceManual Check ProcessingMaintain Posting PeriodsOpen closed periods and post manual checks after month end.A user can open previously closed accounting periods and inappropriately post manual payments
FinanceCreate / Change Treasury ItemConfirm a Treasury TradeUsers can create a fictitious trade and fraudulently confirm or exercise the trade
FinanceProcess Vendor InvoicesPost Journal EntryProcess vendor invoice and post journal entry.A user can adjust the subsidiary balance using the vendor invoice entry and then cover it up using journal entries.
FinanceAR PaymentsPost Journal EntryAdjust the subsidiary balance using the AR payment transaction. and then cover it up using journal entries
FinanceCash ApplicationPost Journal EntryAdjust the subsidiary balance using the AR payment transaction. and then cover it up using journal entries
FinanceMaintain Billing DocumentsPost Journal EntryAdjust the subsidiary balance using the AR payment transaction. and then cover it up using journal entries
FinanceAR PaymentsMaintain Bank Master DataMaintain bank account and post a payment from it.User can create a fictitious bank account and divert incoming payments to it.A user is in position to misappropriate the funds or in position to perform the transactions in the system which may result into potential opportunity of financial fraud.
FinancePark FI DocumentPost Journal EntrySame user have access to park and post a FI document.User can park and post invoices without necessary approval.
FinanceProcess Vendor InvoicesPark vendor invoiceSame user have access to park and post vendor invoice.User can park and post invoices without necessary approval.Check if the user can create undue liability or makes a fraudulent payment to vendor.
FinanceMaintain Customer Master DataProcess customer refundsMaintain account and process refunds from it.A user can create fictious customer and process refund against it.
FinanceMaintain Customer Master DataProcess credit memosMaintain account and process credit memos from it.User can create a fictitious customer account and inappropriately process a credit/debit memo against it.A user can incorrectly credit in customer account or manipulate the outstanding position of the customer.
FinanceMaintain CC or CE GroupsCost Transfer ProcessingMaintain fictitious cost elements / group for cost posting.Allowing a user to create maintain cost elements and process CO transactions may result in unauthorized or inaccurate CO postings, materially inaccurate management reports, improper allocation of costs and profits and invalid journal entries.Risk in MIS reporting, Inaccurate figures in various reports where CC & CE groups are used to extract reports. CO transfer posting figures may not be reported at all.
FinanceMaintain Profit Center Assessment & Distribution CyclesProfit Center Assessment and Distribution ProcessingUser can erroneously maintain and process the profit center assessment and distribution leading to wrong CO reporting.Allowing a user to maintain profit centers assessment or distribution cycles and postexecute profit center assessments & distributions may result in materially inaccurate management reports, improper allocation of profits and invalid journal entries.
FinanceMaintain Profit CentersProfit Center PostingsUser can alter a profit center without authorization and process unauthorized profit center postings which can distort CO reporting.Allowing a user to create maintain cost centers (Master Data) and process CO transactions may result in unauthorized or inaccurate CO postings, materially inaccurate management reports, improper allocation of costs and profits and invalid journal entries.
FinanceExchange Rate ConfigurationAP PaymentsA user can maintain a higher exchange rate and make wrong payments
FinanceExchange Rate ConfigurationProcess Vendor InvoicesA user can process vendor invoices after changing the exchange rate to a higher value
FinanceProcess Overhead PostingsSettlement of ProjectsPost overhead expenses to the project and settle the project without going through the settlement approval process.
FinanceMaintain Projects and WBS ElementSettlement of ProjectsUse a fictitious project to allocate overages of an actual project, and settle the project without going through the settlement approval process.
FinanceMaintain Projects and WBS ElementProcess Overhead PostingsManipulate the work breakdown structure elements (profit centers, business areas, cost centers, plants) and post overhead expenses to the project.
FinanceCreate/Modify BudgetRelease / Approve BudgetUser can create the budget for a project and release the same without any necessary approvals which may lead to excess budget allocation for the projects.
FinanceCreate/Modify BudgetProcess Overhead PostingsCreate/Modify Budget and post overhead expenses to the project
FinanceRelease / Approve BudgetProcess Overhead PostingsA user can manipulate the overhead expenses and approve the project.
FinanceCreate/Modify BudgetMaintain Purchase OrderMaintain Purchase Order and Create/Modify Budget - A user can create an order and assign it to the Project.
FinanceCreate/Modify BudgetInvestment ManagementA user can modify the project budget and can manipulate the Investment Program budget
FinanceConsolidation RunPost Journal EntryUser responsible to perform consolidation run should not have the ability to modify ledgers. The financial statements may be inaccurate due to inappropriate journal entries posted. An individual could potentially hide fraudulent activity via posting entries and initiating consolidation run.
FinanceManage User RightsUpload exchange ratesChanges to sensitive financial data may be performed by a fictitious user created using this access
FinanceManage User RightsTrial Balance UploadChanges to sensitive financial data may be performed by a fictitious user created using this access
FinanceManage User RightsEnter Inter Company (ICN) FormsChanges to sensitive financial data may be performed by a fictitious user created using this access
FinanceManage User RightsEnter Input FormsChanges to sensitive financial data may be performed by a fictitious user created using this access
FinanceManage User RightsConsolidation RunConsolidation run may be performed by a ficitious user created using this access
FinanceTrial Balance UploadTrial Balance AdjustmentsIf the user has access to upload Trial Balance and make adjustments to Trial Balance, it may result in unauthorized changes to accounting entries and records
FinanceInput FormsTrial Balance AdjustmentsIf the user has access to filling input forms and make adjustments to Trial Balance, it may result in unauthorized changes to accounting records
FinanceManage User Rights TM1 FinanceTrial Balance UploadUser having access to upload trial balance should not have access to manage user rights. It may result in a fictitious user gaining unauthorized access to upload trial balance.
FinanceManage User Rights TM1 FinanceTrial Balance AdjustmentsUnauthorized adjustment entries may be passed by a fictitious user created using this access, which may affect the true and fair view of the financial statements.
FinanceManage User Rights TM1 FinanceInput FormsUnauthorized entry of data may be made and input forms and access to senstive financial data may be made by a fictitious user created using this access.
FinanceManage User Rights TM1 SalesSales budget inputUnauthorized access to input sales budget
FinanceManage User Rights TM1 SalesMonthly sales planningUnauthorized access to monthly sales plans
FinanceManage User Rights TM1 FinanceFinancial plan and budget uploadUnauthorized access to financial plan and budgets
FinanceManage User Rights TM1 FinanceAnalysis and ReportingFictitious user created using this access may get access to sensitive financial information
FinanceClaim InwardClaim processingUser having access to inward claims should not have access to process the claims as it may lead to unauthorized processing and release of claim
FinanceClaim processingAP PaymentsUser having access to approve claims and initiate payments can run fictitious reimbursements
CollectionClear Customer BalanceSales Order ProcessingUser may maintain inappropriate SOs to and immediately clear customer's obligation
CollectionClear Customer BalanceMaintain Billing DocumentsUser may clear customer balance and cancel/ release billing doc for the same customer.
CollectionCash ApplicationSales Order ProcessingUser may maintain inappropriate/redundant sales documents and post customer collections against the same.
CollectionCash ApplicationMaintain Billing DocumentsUser may create redundant billing documents and inappropriately post collections against the same.
CollectionAR PaymentsMaintain Customer Master DataUser may maintain a redundant customer and initiate a collections for the same.
CollectionAR PaymentsProcess Customer Credit MemosUser may initiate an outgoing payment to the customer by creating inappropriate credit memos.
CollectionCash ApplicationSales Document ReleaseUser may change the AR records and cover customer credit statement difference.
CollectionCash ApplicationCredit ManagementApprove credit and modify the amount of cash received.
CollectionCash ApplicationSales RebatesEnter fictitious sales rebate and render fictitious payment.
CollectionCash ApplicationMaintain Customer Master DataUser may change/ maintain the customer master file and update the cash received against the same.
CollectionClear Customer BalanceMaintain Customer Master DataUser may change/ maintain customer master records and clear the customer balance for the same.
CollectionCash ApplicationProcess Customer InvoicesUser may maintain customer invoices and enter or change collections against it.
CollectionCash ApplicationDelivery ProcessingUser may maintain deliveries and enter collections against them.
CollectionClear Customer BalanceProcess Customer Credit MemosUser may create a credit memo then clear the customer balances to prompt an outgoing payment to the customer.
CollectionCash ApplicationBank ReconciliationHide cash deposited and cash collections differences. A user can allow differences between cash deposited and cash collections posted to be covered up.
CollectionCash ApplicationMaintain Bank Master DataMaintain bank account and divert incoming payments. User can create a fictitious bank account and make payments from it. A user is in position to misappropriate the funds or in position to perform the transactions in the system which may result into potential opportunity of financial fraud.
CollectionCash ApplicationMaintain Posting PeriodsOpen closed periods previously enter incoming payments. User can open accounting periods previously closed and enter incoming payments after month end reporting. User can post a post dated or future dated entries in the system, or manipulate the past financial statements.
CollectionCash ApplicationPost Journal EntryAdjust the subsidiary balance using the AR payment transaction and then cover it up using journal entries
PaymentProcess Vendor InvoicesGoods Receipts to POAbility to create goods receipt and process vendor invoice may result in user deliberately
PaymentAP PaymentsMaintain Purchase OrderA user can purchase unauthorized items and enact payment for them
PaymentRelease Blocked InvoicesService AcceptanceA user can potentially receive services and release blocked invoice to offset receipt, even though an invoice cannot be created directly for a service accepted.
PaymentRelease Blocked InvoicesMaintain Purchase OrderA user can maintain PO and release a previously blocked Invoice for a vendor
PaymentProcess Vendor InvoicesBank ReconciliationA user can process a vendor invoice, make payment and hide the entry in posted AP records
PaymentRelease Blocked InvoicesGoods Receipts to POA user can release blocked invoices for quantity larger than the actual goods receipt quantity and also create good receipt for additional quantity to hide the variance resulting in fraudulent transactions.
PaymentAP PaymentsService AcceptanceA user can receive or accept service and enter covering payments for it which has the potential for fraud
PaymentAP PaymentsPO ApprovalThere is a risk that user may approve purchase of unauthorized items and enact payment for the same resulting potential fraudulent activity.
PaymentProcess Vendor InvoicesPO ApprovalRelease an order and initiate payment even without any goods receipt resulting in potential fraudulent activity.
PaymentRelease Blocked InvoicesPurchasing AgreementsModify quantity of the purchasing agreements and release a previously blocked Invoice resulting in fraudent activity.
PaymentAP PaymentsPurchasing AgreementsEnter unauthorized purchasing Agreements and rendering of payment for the same resulting in fraudulent activity.
PaymentProcess Vendor InvoicesPurchasing AgreementsMaintain Purchasing agreement and create Invoices resulting in unauthorized invoice processing.
PaymentAP PaymentsService Master MaintenanceModify purchasing relevant service master data and process payment resulting in unauthorized payment processing.
PaymentAP PaymentsBank ReconciliationEnter unauthorized payment and perform bank reconciliation resulting in fraudulent adjustment of payments.
PaymentProcess Vendor InvoicesService AcceptancePerform service acceptance for unauthorized services and also process invoices for the same resulting in unauthorized invoicing.
PaymentRelease Blocked InvoicesPO ApprovalApprove PO and release a previously blocked Invoice resulting in unauthorized processing of invoices.
PaymentManual Check ProcessingVendor Master MaintenanceMaintain a fictitious vendor and process payments via issuing manual checks for vendors.
PaymentProcess Vendor InvoicesManual Check ProcessingCreate vendor invoice and process payments via issuing manual checks for vendors.
PaymentManual Check ProcessingMaintain Purchase OrderCreate purchasing order and process payments via issuing manual checks for vendors.
PaymentManual Check ProcessingService AcceptancePerform acceptance of services and process payments via issuing manual checks for vendors.
PaymentManual Check ProcessingPO ApprovalApprove purchase of unauthorized items and process payments via issuing manual checks for vendors.
PaymentManual Check ProcessingPurchasing AgreementsCreate purchasing agreements and process payments via issuing manual checks for vendors.
PaymentManual Check ProcessingService Master MaintenanceModify purchasing relevant service master data and process payments via issuing manual checks for vendors.
PaymentManual Check ProcessingBank Reconciliationprocess payments via issuing manual checks for vendors. and perform bank reconciliation resulting in unauthorized payment processing.
PaymentProcess Vendor InvoicesRelease Blocked InvoicesInvoices which are usually blocked due to price or quantity differences may be released and payment processing thereon may get carried out resulting in unauthorized payment processing.
PaymentAP PaymentsMaintain Vendor Pricing ConditionsAbility to modify vendor pricing conditiions may result in unauthorized changes to PO price and process payments thereon may result in fraudulent transactions.
PaymentProcess Vendor InvoicesMaintain Vendor Pricing ConditionsAbility to modify vendor pricing conditiions may result in unauthorized changes to PO price and process vendor invoice thereon may result in fraudulent transactions.
PaymentRelease Blocked InvoicesMaintain Vendor Pricing ConditionsAbility to modify vendor pricing conditiions may result in unauthorized changes to PO price and release blocked vendor invoice thereon may result in fraudulent transactions.
PaymentManual Check ProcessingMaintain Vendor Pricing ConditionsAbility to modify vendor pricing conditiions may result in unauthorized changes to PO price and process manual checks resulting in fraudulent transactions.
P2PProcess Vendor InvoicesVendor Master MaintenanceA user could potentially conduct fraudulent payment activity by creating fictitious vendors and initiating payment to those vendors via invoice creation directly in the Financial module. Payment for invoices from the Financial module will not require matching with purchase order and good receipt documents.
P2PProcess Vendor InvoicesMaintain Purchase OrderA user could potenitally purchase unauthorized items and initiate payment by invoicing
P2PGoods Receipts to POMaintain Purchase OrderA user can purchase unauthorized items and perform goods receipt of the same resulting unauthorized purchasing as well as inventory in company stock.
P2PVendor Master MaintenanceMaintain Purchase OrderA user can potentially maintain a fictitious vendor and initiate purchase to vendor
P2PRelease Blocked InvoicesService AcceptanceA user can potentially receive services and release blocked invoice to offset receipt, even though an invoice cannot be created directly for a service accepted.
P2PRelease Blocked InvoicesMaintain Purchase OrderA user can maintain PO and release a previously blocked Invoice for a vendor
P2PEnter Counts & Clear Diff - IMMaintain Purchase OrderA user can perform fraudulent inventory adjustment transactions and simultaneously procure material resulting in incorrect stock accounting.
P2PService Master MaintenanceRequisitioningA user can maintain Service Master data and create a request for the service
P2PMaintain Material Master DataMaintain Purchase OrderA user can create new material master data and also create purchase order against it resulting in fraudulent purchasing activity.
P2PAP PaymentsService AcceptanceA user can receive or accept service and enter covering payments for it which has the potential for fraud
P2PMaintain Purchase OrderService AcceptanceA user can maintain service purchase order also accept the delivered services resulting in potential unauthorized purchasing activity.
P2PMaintain Material Master DataPurchasing AgreementsAn user can enter incorrect purchasing relevant data into material master information and add it to purchasing agreements resulting in incorrect purchasing parameters in the system.
P2PGoods Receipts to POPO ApprovalA user could potentially fraudulently approve an unauthorized PO and make process goods invoice against it resulting in potential fraudulent activity.
P2PAP PaymentsPO ApprovalThere is a risk that user may approve purchase of unauthorized items and enact payment for the same resulting potential fraudulent activity.
P2PProcess Vendor InvoicesPO ApprovalRelease an order and initiate payment even without any goods receipt resulting in potential fraudulent activity.
P2PInventory ManagementEnter Counts - IMAdjust the inventory balance and approve unauthorized PO resulting in potential fraudulent activity.
P2PVendor Master MaintenancePO ApprovalA user can maintain fictitious vendor and approve purchases to vendor
P2PMaintain Material Master DataPO ApprovalMaintain/change purchasing relevant material master data and also approve purchase order resulting in unauthorized purchasing activity.
P2PAP PaymentsPurchasing AgreementsEnter unauthorized purchasing Agreements and rendering of payment for the same resulting in fraudulent activity.
P2PVendor Master MaintenancePurchasing AgreementsCreate/modify fictitious Vendor and create purchasing agreement for the same resulting in unauthorized purchasing.
P2PGoods Receipts to POPurchasing AgreementsModify Purchasing agreements and process goods receipt resulting unauthorized purchasing activity.
P2PProcess Vendor InvoicesPurchasing AgreementsMaintain Purchasing agreement and create Invoices resulting in unauthorized invoice processing.
P2PAP PaymentsService Master MaintenanceModify purchasing relevant service master data and process payment resulting in unauthorized payment processing.
P2PService Master MaintenanceRelease RequisitionsModify purchasing relevant service master data and process requisition for service which may result in unauthorized purchasing indirectly.
P2PPurchasing AgreementsRelease RequisitionsRelease a unapproved requisition and maintain a service purchasing agreement for the same resulting in unauthorized purchasing activity.
P2PMaintain Purchase OrderRequisitioningA user can create requisition for an item and create purchase order without approval
P2PMaintain Purchase OrderService Master MaintenanceModify purchasing relevant service master data and process purchase order for the same resulting in unauthorized purchasing activity.
P2PEnter Counts & Clear Diff - IMPurchasing AgreementsAdjust the inventory and further carry out purchasing for balance quantity fraudulently.
P2PMaintain Material Master DataRequisitioningModify purchasing relevant material master data and create/change a material requisition
P2PRelease RequisitionsRequisitioningRequisition an item and then release a requisition which may indirectly result in unauthorized purchasing activity.
P2PMaintain Purchase OrderRelease RequisitionsRelease a requisition and generate the accompanying PO
P2PService Master MaintenancePurchasing AgreementsModify service master and create fraudulent purchasing agreements with provider
P2PService Master MaintenancePO ApprovalModify purchasing relevant service master data and approve purchase agreement for the same resulting in unauthorized purchasing activity.
P2PRelease Blocked InvoicesPO ApprovalApprove PO and release a previously blocked Invoice resulting in unauthorized processing of invoices.
P2PPO ApprovalService AcceptanceApprove unauthorized PO and accept the services through service acceptance resulting in fraudulent transactions
P2PInventory ManagementEnter Counts - IMA user can perform fraudulent inventory adjustment transactions and simultaneously procure material resulting in incorrect stock accounting
P2PEnter Counts - WMClear Differences - WMAdjust physical inventory and clear the differences and also carry out further purchasing resulting in fraudulent procurement and inventory transactions.
P2PEnter Counts & Clear Diff - IMPO ApprovalAdjust physical inventory and clear the differences and also carry out further purchasing approvals resulting in fraudulent procurement and inventory transactions.
P2PEnter Counts - WMClear Differences - WMApprove PO for an item and adjust via inventory count
P2PInventory ManagementEnter Counts - IMAdjust physical inventory and clear the differences and also carry out further purchasing resulting in fraudulent procurement and inventory transactions.
P2PEnter Counts - WMClear Differences - WMEnter Purchasing Agreement and adjust the inventory
P2PManual Check ProcessingVendor Master MaintenanceMaintain a fictitious vendor and process payments via issuing manual checks for vendors.
P2PManual Check ProcessingMaintain Purchase OrderCreate purchasing order and process payments via issuing manual checks for vendors.
P2PManual Check ProcessingService AcceptancePerform acceptance of services and process payments via issuing manual checks for vendors.
P2PManual Check ProcessingPO ApprovalApprove purchase of unauthorized items and process payments via issuing manual checks for vendors.
P2PManual Check ProcessingPurchasing AgreementsCreate purchasing agreements and process payments via issuing manual checks for vendors.
P2PManual Check ProcessingService Master MaintenanceModify purchasing relevant service master data and process payments via issuing manual checks for vendors.
P2PMaintain Purchase OrderPO ApprovalMaintain purchase orders and release or approve
P2PPO ApprovalMaintain Vendor Pricing ConditionsAbility to modify vendor pricing conditions will provide access to unauthorized changes to PO price and release PO thereon resulting in fraudulent transactions
P2PRelease RequisitionsMaintain Vendor Pricing ConditionsAbility to release PR and ability to modify vendor pricing conditiions may result in user create unauthorized PO and inaccurate pricing.
P2PRequisitioningMaintain Vendor Pricing ConditionsAbility to release PR and ability to modify vendor pricing conditiions may result in user create unauthorized PO and incorrect pricing for PO,.
P2PMaintain Purchasing Info RecordMaintain Purchase OrderUser may modify pricing conditions in purchasing info records and also create purchase order resulting in unauthorized purchasing transactions.
P2PMaintain Purchasing Info RecordPurchasing AgreementsUser may modify pricing conditions in purchasing info records and also create purchasing agreements resulting in unauthorized purchasing activity.
P2PMaintain Source listMaintain Purchase OrderUser may create/change source list information resulting in unauthorized vendors getting defaulted in the purchasing order
P2PProduct CostingProduction Order ProcessingIncrease production to reduce cost variances
P2PConfirm Production OrderProduction Order ProcessingThe users processing the production orders should not have access to confirm production orders as the users may inappropriately confirm the production to manipulate the production information.
P2PProduct CostingConfirm Production OrderInc production to reduce cost var due to productivity loss
P2PQuality Results ReportingDelivery ProcessingMove stock to GR to meet delivery schedule
P2PEnter Counts - WMClear Differences - WMRemove material by adjusting out via WM physical inv
P2PGoods MovementsEnter Counts - WMUser may carry out inventory adjustments and post unauthorized goods movements in SAP which may result in fraudulent inventory adjustments
P2PConfirm Production OrderQuality Results ReportingRelease produced matls to GR stock to meet prod quota
P2PPost Journal EntryEnter Counts - WMUser may perform inventory adjusments in MM and post adjustment GL entries in FI resulting in inaccurate inventory cost in SAP.
P2PClear Differences - Inventory ManagementEnter Counts - IMRemove material by adjusting out via IM physical inv
P2PEnter Counts & Clear Diff - IMQuality Results ReportingRemove material by adjusting out via powerful IM physical inv
P2PClear Differences - Inventory ManagementEnter Counts - IMReceive/issue incorrect amount and adjust via IM stock count
P2PEnter Counts & Clear Diff - IMGoods MovementsReceive/issue incorrect amount and adjust via powerful IM stock count
P2PPost Journal EntryEnter Counts & Clear Diff - IMHide powerful IM inventory adjustments via ledger entries
P2PPost Journal EntryClear Differences - Inventory ManagementHide IM inventory adjustments via ledger entries
P2PGate Entry RegisterGoods ReceiptGetting initial weight while performing gate entry and goods receipt resulting in fraudulent weighment of material received
P2PGoods ReceiptTanker material transferTaking goods receipt and entering quantity of material transferred from the tanker, resulting in falsification of quantity of material transferred
P2PFG Blind Count DetailsFG Blind Count Officer SummaryEntering blind count and approving blind count resulting in inappropriate approval of blind count.
P2PFG Blind Count DetailsFG Edit Final WeightEntering blind count and editing final weight of truck before dispatch resulting in pilferage and fraudulent entry of truck weight.
P2PGoods ReceiptMaintain Purchase OrderA user can purchase unauthorized items and perform goods receipt of the same resulting unauthorized purchasing as well as inventory in company stock.
P2PGoods ReceiptPO ApprovalA user could potentially fraudulently approve an unauthorized PO and make process goods invoice against it resulting in potential fraudulent activity.
P2PGoods ReceiptPurchasing AgreementsModify Purchasing agreements and process goods receipt resulting unauthorized purchasing activity.
P2PQA ResultMaintain Inspection LotsMaster data maintenenace should be segregated from transaction processing. There is a risk that user responsible for quality results / defect recording may maintain inappropriate inspection lots to circumvent the quality control process.
P2PQA ResultMaintain Inspection Planning DataMaster data maintenenace should be segregated from transaction processing. There is a risk that user responsible for quality results / defect recording may maintain inappropriate inspection planning data to circumvent the quality control process.
P2PManage User RightsRead Purchase OrderUser having access to read purchase order and manage user rights may result in an unauthorized view to purchase orders
P2PManage User RightsAcknowledge Purchase OrderAcknowledge purchase order and managing user rights should not be given to the same user. It may result in wrongful acknowledgement of purchase orders
P2PManage User RightsCreate Shipping NotificationUser having access to create shipping notification and manage user rights, resulting in wrongful entry of dispatch details of goods by a fictitious user
P2PManage User RightsStatement QueriesFictitious user created using this access may get access to sensitive information
P2PMaintain Purchase Info RecordsApprove Purchase Info RecordsIf the user has access to create and approve Purchase Info Records, it may result in unauthorized changes to price master
P2PPurchase Info Records Master ApprovalMaintain Purchase Info RecordsIf the user has access to create and approve Purchase Info Records, it may result in unauthorized changes to price master
P2PPurchase Info Records Master ApprovalApprove Purchase Info RecordsThe access to different levels of purchase info records approval must be segregated among users. User having access to both the above activities can bypass the DOA.
P2PPIR Manage User RightsMaintain Purchase Info RecordsIf the user has access to manage user rights and maintain Purchase Info Record, it may result in unauthorized creation or modification in prices of goods by a fictitious user created using this access
P2PPIR Manage User RightsApprove Purchase Info RecordsPurchase Info Records may be approved by a fictitious user created using this access
P2PPIR Manage User RightsPurchase Info Records Master ApprovalIf the user has access to manage user rights and purchase info records master approval, it may result in unauthorized approval of prices of goods by a fictitious user created using this access.
P2PRelease Purchase OrderApprove Purchase Info RecordsIf the user has access to approve Purchase Order and approve Purchase Info Record, it may result in unauthorized approval of price master and release of Purchase Order for such fraudulent price change
P2PRelease Purchase OrderMaintain Purchase Info RecordsIf the user has access to release a Purchase Order and maintain Purchase Info Record, it may result in unauthorized creation or modification in prices of goods and releasing a purchase order for such goods
P2PRelease Purchase OrderInitiate Purchase OrderAccess to inititate and approve purchase orders should be segregated. User having access to these activities may bypass the DOA.
P2PManage User RightsInitiate Purchase OrderFraudulent business activities may be performed by a fictitious user created using this access
P2PManage User RightsRelease Purchase OrderIf the user has access to release Purchase Order and manage user rights, it may result in unauthorized release of Purchase Order by a fictitious user created using this access
P2PRelease Purchase OrderService AcceptanceApprove unauthorized PO and accept the services through service acceptance resulting in fraudulent transactions
P2PRelease Purchase OrderMaintain Vendor Pricing ConditionsAbility to modify vendor pricing conditions will provide access to unauthorized changes to PO price and release PO thereon resulting in fraudulent transactions
P2PRelease Purchase OrderGoods Receipts to POA user could potentially fraudulently approve an unauthorized PO and make process goods invoice against it resulting in potential fraudulent activity
P2PRelease Purchase OrderAP PaymentsThere is a risk that user may approve purchase of unauthorized items and enact payment for the same resulting potential fraudulent activity
P2PRelease Purchase OrderProcess Vendor InvoicesRelease an order and initiate payment even without any goods receipt resulting in potential fraudulent activity
P2PRelease Purchase OrderVendor Master MaintenanceA user can maintain fictitious vendor and approve purchases to vendor
P2PRelease Purchase OrderMaintain Material Master DataMaintain/change purchasing relevant material master data and also approve purchase order resulting in unauthorized purchasing activity
P2PRelease Purchase OrderService Master MaintenanceModify purchasing relevant service master data and approve purchase agreement for the same resulting in unauthorized purchasing activity
P2PRelease Purchase OrderRelease Blocked InvoicesApprove PO and release a previously blocked Invoice resulting in unauthorized processing of invoices
P2PRelease Purchase OrderEnter Counts & Clear Diff - IMAdjust physical inventory and clear the differences and also carry out further purchasing approvals resulting in fraudulent procurement and inventory transactions.
P2PRelease Purchase OrderManual Check ProcessingApprove purchase of unauthorized items and process payments via issuing manual checks for vendors.
P2PRelease Purchase OrderMaintain Purchase OrderMaintain purchase orders and release or approve
P2PPerform Gate EntryReceipt of Raw Material Packing MaterialIf the user has access to perform gate delivery and receive RM/ PM, it may result in pilferage of goods and fraudulent entry of quantity received in the system
P2PManage User RightsPerform Gate EntryIf the user has access to manage user rights and perform gate entry, it may result in gate entry rights being assigned to a fictitious user
P2PManage User RightsReceipt of Raw Material Packing MaterialIf the user has access to manage user rights and receive Raw Material/ Packing Material, it may result in raw material and packing material being received by a fictitious user created using this access
P2PManage User RightsProduction updateIf the user has access to manage user rights and update production, it may result in Fraudulent business activities may be performed by a fictitious user created using this access
P2PManage User RightsFinished Goods Delivery CreationFraudulent business activities may be performed by a fictitious user created using this access
P2PManage User RightsCreate ShipmentFraudulent business activities may be performed by a fictitious user created using this access
P2PClear Differences - Inventory ManagementPO ApprovalAdjust the inventory balance and approve unauthorized PO resulting in potential fraudulent activity.
P2PClear Differences - Inventory ManagementMaintain Purchase OrderA user can perform fraudulent inventory adjustment transactions and simultaneously procure material resulting in incorrect stock accounting
P2PEnter Counts - WMMaintain Purchase OrderAdjust physical inventory and clear the differences and also carry out further purchasing resulting in fraudulent procurement and inventory transactions.
P2PEnter Counts - WMPO ApprovalApprove PO for an item and adjust via inventory count
P2PClear Differences - Inventory ManagementPurchasing AgreementsAdjust physical inventory and clear the differences and also carry out further purchasing resulting in fraudulent procurement and inventory transactions.
P2PEnter Counts - WMPurchasing AgreementsEnter Purchasing Agreement and adjust the inventory
P2PEnter Counts - WMQuality Results ReportingRemove material by adjusting out via WM physical inv
P2PGoods MovementsClear Differences - WMUser may carry out inventory adjustments and post unauthorized goods movements in SAP which may result in fraudulent inventory adjustments
P2PPost Journal EntryClear Differences - WMUser may perform inventory adjusments in MM and post adjustment GL entries in FI resulting in inaccurate inventory cost in SAP.
P2PClear Differences - Inventory ManagementQuality Results ReportingRemove material by adjusting out via IM physical inv
P2PClear Differences - Inventory ManagementGoods MovementsReceive/issue incorrect amount and adjust via IM stock count
P2PPost Journal EntryEnter Counts - IMHide IM inventory adjustments via ledger entries
P2PEnter Counts - IMPO ApprovalAdjust the inventory balance and approve unauthorized PO resulting in potential fraudulent activity.
P2PEnter Counts - IMMaintain Purchase OrderA user can perform fraudulent inventory adjustment transactions and simultaneously procure material resulting in incorrect stock accounting
P2PClear Differences - WMMaintain Purchase OrderAdjust physical inventory and clear the differences and also carry out further purchasing resulting in fraudulent procurement and inventory transactions.
P2PClear Differences - WMPO ApprovalApprove PO for an item and adjust via inventory count
P2PEnter Counts - IMPurchasing AgreementsAdjust physical inventory and clear the differences and also carry out further purchasing resulting in fraudulent procurement and inventory transactions.
P2PClear Differences - WMPurchasing AgreementsEnter Purchasing Agreement and adjust the inventory
P2PClear Differences - WMQuality Results ReportingRemove material by adjusting out via WM physical inv
P2PEnter Counts - WMClear Differences - WMUser may carry out inventory adjustments and post unauthorized goods movements in SAP which may result in fraudulent inventory adjustments
P2PEnter Counts - WMClear Differences - WMUser may perform inventory adjusments in MM and post adjustment GL entries in FI resulting in inaccurate inventory cost in SAP.
P2PEnter Counts - IMQuality Results ReportingRemove material by adjusting out via IM physical inv
P2PEnter Counts - IMGoods MovementsReceive/issue incorrect amount and adjust via IM stock count
P2PClear Differences - Inventory ManagementEnter Counts - IMHide IM inventory adjustments via ledger entries

About The Author

CA, ISA, CISA, BCAF. Friends call me Techno Savvy Chartered Accountant. I work at EY in System Audit

Leave a reply

Your email address will not be published. Required fields are marked *

Subscribe To my Newsletter

Subscribe To my Newsletter

Join the mailing list to receive the latest news and updates from the blog

You have Successfully Subscribed!

Pin It on Pinterest

Share This