“TOP 25 SAP AUDIT CONTROLS”

ITGC
SAP Change Management – SAP production
client is locked from direct configuration updates
via transaction code SCC4. "SAP Lock Production
Environment.doc"

SAP Change Management – A multi-tiered

separate environments (i.e. development and
production) are maintained for all significant "SAP Multi-Tiered
Environments.doc"
applications on a regular basis.
SAP Change Management – The ability to
perform transports is restricted.
"SAP Perform
Transports Access.doc"

SAP Access to User Administration– The ability

to perform user id and security profile maintenance
is restricted. "SAP Perform User
Admin Access.doc"

SAP Super User Profiles– The ability to perform

user id and security profile maintenance is restricted
"SAP Super User
Profiles.doc"

SAP Super User Id Passwords– Super user ids’

passwords have been changed from default settings.
"SAP Super User
Profiles.doc"

SAP Passwords– Passwords are configured to meet

corporate password requirements.
"SAP Super User ID
Passwords.doc"

G/L Posting – Automated Postings/Account Determination

Finance Subledger Postings to SAP G/L – Data
from SAP sub ledgers is integrated to SAP General
Ledger "SAP Subledger
Integration to SAP FI.doc"

Cash (Lockbox) Postings to SAP G/L – Cash

Postings from the Lockbox are is posted to SAP
General Ledger "SAP Cash-Lockbox
to SAP FI.doc"

Revenue (SD Module) Postings to SAP G/L –

SAP recognizes product revenue upon posting
invoice batches. Invoices are issued after product is "Revenue (SD) to
SAP FI.doc"
shipped, if shipment is required.
Cost of Goods Sold (SD Module) Postings to SAP
G/L – SAP recognizes product revenue upon
posting invoice batches. Invoices are issued after "COGS (SD) to SAP
FI.doc"
product is shipped, if shipment is required.
Purchase Price Variance (MM Module) Postings
to SAP G/L – Material cost and price differences on
purchase orders and invoices, also known as "PPV (MM) to SAP
FI.doc"
Purchase Price Variance (PPV), are appropriately
configured to map and post to the payables
cost/price difference account in SAP.
Goods Receipt/Invoice Receipt (MM Module)
Postings to SAP G/L – Un-invoiced goods receipts
postings, also known as Good Receipt/Invoice "GRIR (MM) to SAP
FI.doc"
Receipt (GR/IR), are appropriately configured to
map and post to the payables accrual account.
REVENUE (SD Module, AR Module)
Relevance for Billing – Sales orders cannot be
invoiced until a delivery record is confirmed and
entered into the SAP system. "Delivery Required
for Invoicing (SD) .doc"

Credit Checking – Orders that exceed the

customers credit limit are automatically blocked in
SAP. "Credit Checking
(AR) .doc"

Access to SAP Customer Master Data –

Maintenance access to SAP Customer Master Data
is restricted. "Customer Master
Data Access.doc"

Access to SAP Customer Credit Master Data –

Maintenance access to SAP Customer Credit Master
Data is restricted. "Customer Credit
Master Data Access.doc"

Sales Order Copy Control to Invoice –

Maintenance access to SAP Customer Credit Master
Data is restricted. "SD Copy Control
Invoices.doc"

PURCHASING (Purchase to Pay, AP Module)

Access to SAP Vendor Master Data –
Maintenance access to SAP Vendor Master Data is
restricted. "Vendor Master Data
Access.doc"

Duplicate Invoice Checking – SAP system does

not allow duplicate invoice numbers to be entered
for a vendor. "Duplicate AP
Invoices.doc"

Three-Way Matching – The SAP system performs

a three-way match on physical goods ensuring
payment of goods are complete and accurate. "Three-way
matching.doc"

Goods Receipts Error Checking – SAP does not

accept receiving quantities greater than listed on PO.
"GR Quantity Error
Checking.doc"

Fixed Assets
Depreciation Calculation – Assets, created in SAP
PD2, are assigned the appropriate useful life and
depreciation methods to ensure that depreciation "Fixed Asset
Depreciation.doc"
expense is calculated accurately.