WB210 R/3 For Auditors

WB210

R/3 for Auditors

 SAP AG 1999
 SAP AG
Copyright

Copyright 1998 SAP AG. All rights reserved.

Neither this training manual nor any part thereof may be
passed on to others, copied or reproduced in any form or by
any means, or translated into another language, for any
purpose without the express prior consent in writing of SAP
AG. The information contained in this document is subject to
change and supplementation without prior notice.
All rights reserved.

 SAP AG 1999
The R/3 Integration Model

FI - Financial Accounting
• General Ledger
• Accounts Receivable
SD FI • Accounts Payable
Sales & Financial • Cash Management
Distribution Accounting • Financial Controlling
MM CO • Financial Assets Management
Materials Controlling • Consolidation
Mgmt.
PP AM • Foreign Currencies & Taxation
Production

R/3
Fixed Assets
Planning Mgmt.

QM Client / Server PS
Project
Quality
Mgmt.
PM
ABAP/4 WF
System

Plant Workflow
Maint.
HR IS
Human Industry
Resources Solutions

 SAP AG 1999
Course Goal

To understand principles of audit control and security as they

relate to SAP R/3

 SAP AG 1999
Course Objectives

By the end of this course, students will be able to:

 Explain various controls and reconciliation processes
available in SAP R/3
 Describe and demonstrate integration between Materials
Management (MM), Sales & Distribution (SD) and Financial
Accounting (FI)
 Use various R/3 tools, including the Audit Information
System (AIS), report variants and exports
 Explain the use of authorization functionality in R/3 and
execute related security reports
 Execute reports relevant to the audit of R/3
 Identify common risks in the SAP R/3 applications

 SAP AG 1999
Course Prerequisites

 Experience in an auditing environment

 SAP AG 1999
Table of Contents

Preface

Unit 1 Introduction Unit 5 Integrated SD

Unit 2 SAP R/3 Application Unit 6 Authorizations Details

Security Concept
Unit 7 SAP Tools
Unit 3 Integrated FI Acct.

Unit 4 Integrated MM

 SAP AG 1999
Target Group

 Audience:
 Internal Auditors performing financials, operational and/or
application security audits in SAP R/3
 Duration: 4 days

 SAP AG 1999
Introduction

Unit Objectives
SAP R/3 Environment

Navigation
Help & Documentation
? Exercises
Solutions

 SAP AG 1999
Unit Objectives: Introduction

At the conclusion of this unit, you will be able

to:
 Navigate within R/3
 Explain the SAP R/3 Architecture
 Identify and locate commonly used tools, such as
Help and Release Notes
 Discuss control issues and the Online Support
System (OSS)

 SAP AG 1999
SAP R/3 Overview

 Core Applications
 Industries
 System Configuration

 SAP AG 1999
SAP R/3 Core Applications

SD FI
Logistics Sales &Distr.
Financ.
Account.
Accounting
MM CO
Materials
Mgmt Controlling
PP TR
Production

R/3
Treasury
Planning

QM
Quality
Client/Server PS
Project
Mgmt
PM ABAP WF
System

Plant Workflow
Mainten.
HR IS
Human Industry
Resources. Solutions

Human Resources Cross-Application

Functions

 SAP AG 1999
SAP R/3 Industries

SAP High Tech & SAP Retail SAP Insurance

Electronics

SAP Consumer SAP Automotive SAP Banking

Products

SAP Utilities SAP Public Sector

SAP Chemicals

SAP Healthcare
SAP Pharmaceuticals

SAP Telecommunication
SAP Oil & Gas
SAP Aerospace & Defense
SAP Engineering &
Construction

 SAP AG 1999
Basis System

SD FI
Sales & Financial
Distribution Accounting
CO
MM Controlling
Materials
PP Mgmt AM
Production
Planning R/3 Asset Mgmt

QM
Quality
Client/Server PS
Project
Mgmt System
PM WF
Plant Main-
tenance
ABAP Workflow
HR IS
Human Industry
Resources Solutions

Applications

Basis

 SAP AG 1999
R/3 System Example

 SAP Presentation

Terminal Server

Browser Clients

Web
Server X Terminals
Workstations, PCs,
Laptops

Application
Server
 SAP dialog and
background processing

 Updates

 Database accesses Database

Server

 SAP AG 1999
Client/Server Basic Principles

Software-Oriented View Hardware-Oriented View

Client
Client
Process 1

Require Providing
a service a service LAN/WAN

Server
Process 1
Server

 SAP AG 1999
Client/Server Overview

Software-Oriented View Hardware-Oriented View

Presentation
Service

R/3 Application Dispatcher

Service
Dictionary ... Scalability ...
Work Work
process process

Database
Service
DB

 SAP AG 1999
Business Transactions

Transaction accessed by
user online with system R/3
1 Application

Result of transaction screen ABAP Dictionary

5
Presentation

2
SQL
query
Transfer and 4
formatting of
resulting quantity
Database

Processing of query and

calculation of target quantity
Relational 3
Database

 SAP AG 1999
System Platforms for the R/3 System

Hardware UNIX Systems Bull/Zenith Digital NCR

Bull IBM Compaq HP (Intel) Sequent IBM IBM
Digital SNI Data General IBM (Intel) SNI AS/400 S/390
HP SUN ...

Operating AIX Reliant

systems Digital UNIX UNIX (SINIX) Windows NT OS/400 OS/390
HP-UX SOLARIS

Databases DB2 Common Server DB2 Common Server

INFORMIX-OnLine DB2 for DB2 for
INFORMIX-OnLine AS/400 OS/390
ORACLE ORACLE
MS SQL Server

Dialog Windows 3.1, Windows 95, Windows NT,

SAPGUI OSF/Motif *, OS/2 Presentation Manager (PM),
(PM),
Macintosh *, Java

Languages
ABAP, C, C++, HTML, Java

* not supported in combination with AS/400

 SAP AG 1999
Navigation in SAP R/3

 Log on to R/3
 Navigate within R/3
 Multiple Sessions

 SAP AG 1999
Logging on in the R/3 System

Client

User

Password

Language

 SAP AG 1999
R/3 Window
Window
SAP R/3
Menu
Office Logistic Accounting Human resources Information systems Tools System Help

?
Dynamic menu

Customizing
Enter Title Bar
Display
Icon Options

Function Menu Bar

Buttons Application
Toolbar Function
Icons
Command
Field

System
Session Number
Status Bar Number

CIP (1) (001) hs 2135 OVR 04:27 PM

 SAP AG 1999
The R/3 Menu

Accounting
Financial acctg. ...
... Accts. rec. 2 Master data
... Create
...
...
... ...
1 ...
...

Customer
Company code

General data
3
Address

Control

Payment transactions

 SAP AG 1999
Working in Several Sessions

Session 2

Session 1 Session 3

Cost center
Cost acctg. Session 6
Valid from

Descriptions

Name Exec.Board

Description Executive Board cost center Session 4

Long text X

Session 5

 SAP AG 1999
The Icon Bar in the R/3 System

Enter Execute

Save Find

Sort
Back
Print
Exit
Change  Display

Cancel ? Page

Help

 SAP AG 1999
User Profiles

 Own data: allows you to

Information systems Tools System
change your address,
? 
   Create
 
session
defaults, and parameters    

End session
 Address: enables you to set Hold data User profile
Set data Services
your communication
Delete data Utilities
information Application values List
 Defaults: allows you to Own data Object services
Own spool requests
specify your preferred printer
Favorite maint. Own jobs
and date and number formats Short message
 Parameters: allows you to set Status...
Log off
default values in frequently
used fields

 SAP AG 1999
Tools

 Extended help
 R/3 Library
 Glossary
 Release notes
 Data Dictionary
 Online Support System

 SAP AG 1999
Getting Help with the R/3 System

SAP R/3

Office Logistic Accounting Human resources Information systems Tools System Help
Extended help
?
R/3 library
Dynamic menu
Find...
Glossary
Release notes
Getting Started
Settings...
Help on help

 SAP AG 1999
SAP HTML Help Files

SAP Help - R/3 Library

Hide Back Forward Home Print Options

Contents Index Search
R/3 Library
BC - Basis
R/3 Library
CA - Cross Application
FI - Financial Accounting
HR - Human Resources
LO - Logistics
Information

 SAP AG 1999
Help on the Screen Fields

F1
Company code F4

Field: Company code ?

?
Definition: The company code represents
an independent accounting Comp. code Company name
unit e.g. a company within a 0001 SAP AG Walldorf
corporate group.
0002 SAP Italia
0003 SAP Schweiz

Choose
Extended help Technical info

 SAP AG 1999
Release Notes

Customizing

Text: _____ _____

____ ______ _______
Proceed

 Help
Text:  Release Notes
Attribute Search
frm 30A to 30Z

 SAP AG 1999
Data Dictionary Info System

 Logical database
 Domains
 Data elements
 Tables/structures
 Fields
 Foreign keys
 Indexes
 Views/matchcodes/lock objects

 SAP AG 1999
Data Dictionary

ABAP/4 Dictionary Screen

Workbench Maintenance Painter

Data
Dictionary

ABAP/4 Dialog Interface Screen

Interpreter Control Programs Interpreter

 SAP AG 1999
Program Documentation

ABAP/4 development

Program RFBILA00
General ledger
 Month end reports
 Source code  Create bal.sht
Short text:
 Variants Extended help
 Attributes Description: Description:
 Documentation
 Text elements

 SAP AG 1999
R/3 Implementation Guide (IMG)

2a Customizing
projects
1 2b
SAP
Refer-
3
Create Enterprise Create
ence custo- Create Views
Enterprise
IMG IMG Project views for
IMG mizing for
projects IMG project
IMG
project
IMG

Customizing Project Project

transactions documentation management

 SAP AG 1999
Online Support Services (OSS)

R/3 note no. 8583 15.09.1997 Page 1

Number 0008583
Version 0009 from 27.02.1997
Status Released for customer
Set by SERVICEADM on 27.02.1997

Language E
Short text Transferring SD billing doc. no. as external doc. n

Administrator Thomas Odenwald

Application area SD-BIL-CA Account Assignment

Long text
Symptom
Key word: FI transfer
Transfer of the cilling document number as the external document number.
Goal: Billing document number = accounting document number.
Additional key words
Cause and preconditions
Modification
Solution
Realized as of Release 2.2A
A of Release 2.2A, please observe points 4 and 5 only !!!

Advance correction possible starting with Release 2.1C

1. Report LV60TOP:

Data: Begin of XKOM_KEY,

 SAP AG 1999
Unit Summary: Introduction

In this unit, you have learned:

 How to navigate in SAP R/3
 Client/Server principles and their
importance in the R/3
environment
 How to use various types of help,
including HTML files, OSS, and
the data dictionary

 SAP AG 1999
SAP R/3 Application Security Concept

 Authorization Concepts
 Authorizations
 Transaction and Program Checks
 User Master Records

 SAP AG 1999
Unit Objectives: SAP R/3 Applic. Security Concept

At the conclusion of this unit, you will be able to:

 Describe fundamental authorization concepts used
within the SAP R/3 Applications
 Define the components necessary to check access to
applications
 Define the components necessary to grant user
access to applications

 SAP AG 1999
Authorizations in SAP R/3

 Authorizations
 Objects
 Fields
 Value Sets

 SAP AG 1999
Overview: Authorizations in the Workplace

Create a vendor for Example:

company code
1000. User wants to create a
vendor for a company code

Application Program User Buffer

Check authorizations
to create a vendor for List of valid
company code 1000. authorizations
for User
Analyze Result

 SAP AG 1999
Authorizations in the Workplace

 How are transactions and programs secured?

 How can the checks be flexible enough to check against
various user activities?
 How does a user get authorizations?
 What are some basic concepts?

 SAP AG 1999
Authorization Concepts in SAP R/3

 Authorizations are client specific

 Security in R/3 is object based
 A single business transaction does not always equal an
SAP transaction
 Users require user master records that contain
authorizations and profiles
 Profiles can be grouped into composite profiles

 SAP AG 1999
SAP Security Features

USER MASTER
COMPOSITE
PROFILES

COMPOSITE
PROFILES COMPOSITE
PROFILES

PROFILES

AUTHORIZATION
NAME

AUTHORIZATION
VALUE FIELD OBJECTS
 SAP AG 1999
Objects

 Objects represent the lowest level of security in SAP.

 The object refers to one or more SAP system elements to
be protected.
 For example, two objects exist for the creation of a sales
order:
 an object restricting the creation of a sales order by sales
document type and
 an object restricting by sales organization.

 SAP AG 1999
Object Fields
. . . Acctng document . . .

Document types
Field: Company code Values:
Company codes
Field: Activity Values:
Posting periods
Account types
...
Example: CoCode 0001 - 0002
Activity 02 - 03

CoCode
0001 0002 0003
Activity
Create 01
Change 02
Display 03
 SAP AG 1999
Value Sets

 A value set is a series of values associated with an

authorization object which determines how that field or
parameter may be used.

 SAP AG 1999
Value Sets For Activity Field

 DISPLAY (03)
 CREATE (01-04)
 SUPERVISOR (03,05,06,08)
 ALL (*)

Different values over

the same object allow
segregation of duties

 SAP AG 1999
Objects -- An Example

Object: Vendor Authorization for Company Code (F_LFA1_BUK)

Authorization 1

Field Value

Company Code (BUKRS) 0001-0002

Activity (ACTVT) 01-03, 06 (Create, Change, Display, Delete)

The ‘AND’ Logic on fields indicates that the restriction for this object
must pass both the company code (0001 and 0002) and the required
activity values (create, change, display and delete).

 SAP AG 1999
Object Grouping - Classes

Basis

. . . Acctng document . . .
O b j e ct c l a s s e s

Document types
Asset management
Company codes
Posting periods
Financial accounting Object list Account types
...
...

 SAP AG 1999
Authorizations

Authorization object: Authorizations:

Name Field Field

CoCd Activ.
. . . Acctng document . . .

F_ALL * *
F_ANZ * 03
Company code
F_HH 0001 *
F_HHANZ 0001 03
F_BEISP 0001-0002 02-03
...

 SAP AG 1999
Authorization Naming Conventions

 An authorization name includes the object and a set of

permissible values for fields within the object.
 The authorization name can be used to identify the user’s
task.
 Custom authorization names should include Y or Z as the
first character.
 When a user is given more than one authorization for an
object, the system uses ‘OR’ logic to test the access.
 As soon as the system finds an authorization that meets
the requirements of the test, the user is allowed access.

 SAP AG 1999
Authorization Objects: Example

Object Class: FI

Financial Accounting
Referenced
Authorization Object By Applications
F_LFA1_APP
<Check Authorizations>
ACTVT Activity
APPKZ Application

Authorization Object Consistent Checks

F_LFA1_BUK
ACTVT Activity Activity Groups
BUKRS Company Code
<Grant Authorizations>

… Other Authorization Objects

related to FI

 SAP AG 1999
Profiles

 A set of authorization objects and associated value sets

(authorizations).
 Can have an unlimited number of authorizations
 Can have unlimited powers -- the SAP_ALL profile gives
access to all objects
 Can have restricted powers -- limit a user to a single
display function in a single business area.

 SAP AG 1999
Profiles

 A good profile is a number of authorizations which fit

together to achieve a coherent purpose

 SAP AG 1999
Profiles -- a Risk

 A simple profile gives a user the sum of all the individual

authorizations which make it up
 There is a risk of giving unintentionally wide access to the
system with simple profiles

Test them carefully!

 SAP AG 1999
Other System Considerations

 Transaction Codes
 Assignment of Objects

 SAP AG 1999
Transaction Codes

Dialog Transaction
Transaction code <Tcode> Transaction Code
Description  Initiates a dialog
Program <ABAP Program> transaction
Screen number <Scrn>  Most often called from
Authorization Object <Object Name> a menu selection
Values  Is Client in-dependent

 SAP AG 1999
Transaction Codes: Authority Check

Dialog Transaction
Transaction code FK01
Description Create Vendor Field Value
Program SAPMF001
ACTVT 01
Screen number 0100
APPKZ F
Authorization Object F_LFA1_APP

Values

 SAP AG 1999
Program Check: Example

ABAP User Buffer

AUTHORITY-CHECK Authorization Object:

OBJECT ’F_LFA1_BUK' Check F_LFAI_BUK
ID ’BUKRS' FIELD ’1000'
ID 'ACTVT' FIELD '01'. ACTVT

IF SY-SUBRC NE 0. Result 03
...
ENDIF. 02

01 x

0001 0002 1000

BUKRS

 SAP AG 1999
Security Checks during Transaction Start

Transaction Start

<system_program>
Transaction Code Valid? No

Transaction Code not Locked? No

STOP
User Authorized for S_TCODE? No
User Authorized for authorization object No
referenced in transaction code?
Yes

ABAP-Program
Embedded program authorization checks
 SAP AG 1999
New Authorization Concept

 No Check in Some Cases

 Benefit for customer:
 Customer defines relevance of authorization checks
according to:
 modules used
 functionality used
 Customer-specific authorization objects may be included
 Benefit for security:
 The profile for a user only consists of the necessary
authorizations

 SAP AG 1999
Build Configuration Tables from Delivered Tables

Tables: USOBX / USOBT Tables: USOBX_C /

USOBT_C
Transaction Code 1
Auth. Object 1 Customer
Auth. Object 2 Transferred
Maintenance of
Auth. Object 3 via Authorization Inputs Profile
Into
Transaction Objects and Generator
Transaction Code 2 SU25 Transaction
… Assignments

Custom Objects
Full Install and Transactions
or
Upgrades

 SAP AG 1999
Maintain Assignment of Authorization Objects to
Transactions

 Possibility to configure authorization checks globally or

per transaction
 Define authorization object field value proposals for
authorizations in the profile generator per transaction
 Tables maintained:
 USOBX_C: Type of checks for authorization objects
 USOBT_C: Proposed values for authorization objects

 SAP AG 1999
Maintain Assignment for Single Transaction

SAP R/3 x
Authorization objs Edit Utilities Extras Goto System Help
x ?
Field Values Field Values Auth.Obj. Auth.Obj. Auth.Obj. SAP defaults

U N C CM Object Object Name

Check/Maintain PLOG PD: Personnel planning and devl.
Check/Maintain P_TCODE PD: Transaction code
Check/Maintain S_USER_PRO User Master Maintenance: Profiles
Check S_USER_AUT User Master Maintenance: Authoriz.
Check/Maintain S_USER_GRP User Master Maintenance: User Groups
Check S_TABU_DIS Table Maintenance via std. Tools
Check S_PROGRAM ABAP: Program run checks
Check S_DEVELOP ABAP Workbench
Check S_SPO_DEV Spool: Device authorizations
Check S_TCODE Transaction Code
Check S_TRANSPRT Transport and Control
... ... ... Authorization objects
checked for a single
Check marks for transaction
authorization checks
 SAP AG 1999
Maintain Field Assignment for Single Transaction

SAP R/3 x
Field Values Edit Utilities Extras Goto System Help

x ?
SAP defaults Object Descr. Auth.Obj.

Object Field Value (Interval)

PLOG INFOTYPE 1000, 1001, 10016
ISTAT *
OTYPE A,C,O,P,S,T,US
$PLVAR Organizational
PLVAR
* Level value
PPFCODE
SUBTYPE *

P_TCODE TCD SU01

S_USER_PRO ACTVT 03, 08, 22

PROFILE

S_USER_GRP ACTVT 01 - 03, 05, 06, 08, 24

CLASS
...

 SAP AG 1999
User Master Records

 Groups
 Address
 Logon
 Defaults
 Profiles
 Parameters

 SAP AG 1999
User Groups

User Group: Basis

User Group: Super

User Group: Sales

 SAP AG 1999
User Master Record: Components

Personal Data, Communication Data,

Address Company Address

User Group, User Type, Validity Date,

Logon
Account number
User Master Record

Default printer, Time Zone, Language

Defaults
preferences

Task Profile Activity Group Assignments

Profiles Assigned Profiles

Parameters Default Values for Memory ID’s

Secure Network Communication

SNC related information, if applicable

 SAP AG 1999
User Master Record: Address

 Person
 Assign personal information
 Communication
 Assign means to communicate
with the user
 Company Address
 Assigns company address of user

 SAP AG 1999
User Master Record: Logon

 Initial Password
 Sets the initial password for the
user
 User Group
 Assigns User Group
 Validity Period
 Set validity period of user account
 Account Number
 Assigns an account number or
name to the user
 User Type
 Assign the type of user to be
created

 SAP AG 1999
User Master Record: Defaults

 Start Menu
 Assigns the initial area menu
 Logon Language
 Assigns default language to be
used if not entered in the login
screen by the user
 Output Controller
 Assigns the default printer
 Time Zone
 Decimal Notation
 Date Format

 SAP AG 1999
User Master Record: Profiles

 Profile Assignment
 manually adjust authorization
profiles of the user
 Manually adjusting profiles
should not be performed if using
the Profile Generator
 Profiles are normally
P1 P2 P3 P...
automatically assigned via:
 Assignment to Activity Group
 Assignment to Responsibility
... ... ...
A ... A A A
 Assignment to Position

Manually Remove

 SAP AG 1999
User Master Record: Parameters

 Parameters ID‘s
 sets default values in memory
when a user logs into an SAP R/3
system
SAP-Memory
 values are retrieved by certain
ID Value screen fields to assist the user
.
.
KGK LIFA
BUK 1000
.
.
.
Dialog program 1 Dialog program 2

Company Code 1000 Company Code 1000

 SAP AG 1999
Unit Summary: SAP R/3 Applic. Security Concept

 Authorization objects are the central part of

the SAP R/3 authorization concept.
 The authorization object is used in
application programs to check authority,
and by authorizations to grant authority.
 Authorizations contain allowable value sets
for fields of an authorization object.
 Profiles contain authorizations.
 Users require user master records. These
records contain profiles, and
authorizations.

 SAP AG 1999
Financial Accounting

 FI Organizational Structures
 FI Master Data
 FI Document Processing
 Recurring Periodic Processing
 Foreign Exchange Transactions
 Accounts Payable Processing
 FI Reporting

 SAP AG 1999
Unit Objectives: Financial Accounting

At the end of this unit, you will be able to:

 Describe controls and risks associated with processing,
configuration and reporting functions in the FI modules.
 Describe the various types of master data in SAP.
 Explain the document principle and be able to describe the
key fields on a document.
 Describe the effect of the field status group on document
entry.
 Describe the various methods available in SAP to facilitate
repetitive postings.
 Explain the different periodic functions that effect documents
and reporting.

 SAP AG 1999
FI Organizational Structures

 Each SAP module defines its own organizational structures

 The FI structure independently (from other modules)
defines both external (legal) and internal financial reporting
relationships
 The FI structure is achieved primarily through the SAP
concepts of company, company code and business area
 Balance sheet and P&L can be generated for each of these
structures

 SAP AG 1999
FI Organization Structure

Client

in Chart of Accounts

Chart of Acct Chart of Acct c

USA CANADA e
n
t
C r
a
in Company Code l
l
Company Code Company Code Company Code Company Code y
0001 0002 0003 0004

Business Business Business

Area #1 Area #2 Area #3

 SAP AG 1999
FI Organizational Structure Credit Control Area

Credit Control
Area
North America

Company code Company code

'3000' '4000'
USA Canada

Customer Customer Customer Customer

'4711' '4712' '4711' '4712'

 SAP AG 1999
Control Issues - FI Organizational Structures

 Access to configuration - No production users should have

authority to maintain organizational parameters in the IMG,
including:
 Header Data
 Company code, Country Key, Currency & Language
 Accounting Organization
 Chart of Accounts, Credit control area and Fiscal year
variant (defines the fiscal period)
 Processing Parameters
 Field status variant, posting period variant, maximum
exchange rate deviation, company code to controlling area
assignment etc.

 SAP AG 1999
Key Objects for Maintaining Organizational Data

Maintaining by tables Maintaining through the IMG

Authorization to Authorization for

maintain tables the IMG

Object: S_TABU_DIS OR Object: S_IMG_GENE

(Authorization to generate
enterprise IMG)
Value = Authorization
Object: S_IMG_ACTV
Group (Authorization to perform
functions in the IMG)
Object: S_PRO_AUTH
(Authorization for projects)

 SAP AG 1999
FI Master Data

 Account Groups
 General Ledger Accounts
 Controls

 SAP AG 1999
Accounting Data

Master Records
 G/L Accounts Account Type "S"

 Customers Account Type "D"

 Vendors Account Type "K"

 Assets Account Type "A"

 Materials Account Type “M”

Transaction Data

 Documents

 SAP AG 1999
Accounting Master Data

Account groups

Control
CASH Curr.as/li.acts Currency required
Recon.acct suppress

Bank details
House bank optional
Account ID optional

 SAP AG 1999
FI - The Obvious Controls

 Real-time integration with sub-ledger accounting and

application modules
 Documents without a zero balance cannot be posted
 On-line currency conversion of foreign dollar transactions,
open items and account balances
 SAP Document Principle

 SAP AG 1999
General Ledger Master Records

Client
001

Chart of acct Chart of acct

AAAA BBBB

Company code Company code Company code

0001 0002 0003

 SAP AG 1999
G/L Master Data - Key Control Data

 Chart of accounts level

 Balance sheet or Income Statement
 Account Group
 Company code
 Account currency
 Reconciliation account or not?
 Open item or line item display
 Field status group (doc. entry control)
 Account Group Field Status & Field Status Group
 Determines which fields are required (or optional or
suppressed) for master data creation and those that must be
completed at document entry

 SAP AG 1999
Master Data Authorization Objects

 Adequate authorization controls are in place to restrict

access to G/L master data maintenance through objects

 SAP AG 1999
G/L Master Data Audit Trail

Standard SAP reports:

 RFSKVZ00 - G/L Account List
 RFSABL00 - G/L Account Changes to Master Data
 RFBKABL0 - Display of Bank Changes

 SAP AG 1999
FI Document Processing

 Sub-ledgers and the GL

 SAP Document Principle
 Document Structure
 Document Types & Number Ranges
 Creating & Changing a Document
 Parking Documents

 SAP AG 1999
Accounting Principle

Sub-ledgers

Customer Account Asset Account Vendor Account

11,000 20,000 22,000

General ledger

Accounts Receivable Asset Account Accounts Payable

11,000 20,000 22,000

Revenue Expense
10,000

Output Tax Input Tax

1,000 2,000

 SAP AG 1999
Document Principle

1Business 1 Document
Transaction
=
Company
Air Conditioners Inc. Document No. 100874

Invoice 1800000025 Office Supplies 1,000

Invoice Date 03/25/YYYY
= Vendor 1,000
Office Supplies 1,000
AIP 1,000

Vendor Doc # System Generated Doc #

 SAP AG 1999
Structure of a Document

Document Header
Document date Doc. type
Posting date Currency
Doc. number

Line item 1
Posting key 01
Account Customer (A/R)
Amount 1,100

Line item 2
Posting key 50
Account Sales Revenue
Amount 1,000

Line item 3
Posting key 50
Account tax
Amount 100

Balance = 0
 SAP AG 1999
Document Type

Number of postings

Outgoing Incoming Bank

invoice invoice

XXXXX XXXXXXXXX

DR KR SB

Customers
Account type D, S

Document no. 1800000025

 SAP AG 1999
Document Number Range

No. Year From number To number Current no. Extern.

01 1996 0000100001 0000199999 0000100047
02 1999 0000200000 0000399999 X

reserved for
X1
STOP! sample documents and
X2
recurring entry documents

 SAP AG 1999
Document Types Control Issues

 Document type numbering, particularly for customized

document types, should be reviewed to ensure:
 internal number assignment is used
 number range intervals are adequate for expected volume of
transactions

 SAP AG 1999
Posting Keys

Doc.Type DR Posting Keys

01 Outgoing Invoice

Account Type D
Company
Air Conditioners Inc.
Debit Entry
Invoice 1800000025
from 03/25/YYYY
Sales-related
Goods 1,000
Tax 100
50 G/L Entry
Total 1,100

Account Type S

Credit Entry

 SAP AG 1999
Posting Keys Control Issues

 Posting keys, in conjunction with field status group, can

provide a strong control over document entry ( required
fields on document entry )

 SAP AG 1999
Posting Periods

DR
Customer Air
Company Posting date Conditioners Inc.
03/25/YYYY - Master records -
Air Conditioners Inc. - Balances YYYY -
BCF
Invoice 1800000025 Period 01
from 03/25/YYYY 02
03 + 1,100
04
Amount 1,100
:
16

03 04 open posting per.

Fiscal year YYYY
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16

Closing periods
((
((
01 02 03 04 05 06 07 08 09 10 11 12 Calendar year = Fiscal Year
((

 SAP AG 1999
Document Posting Default Values

 Upon executing a document entry transaction, default

document type and posting key is suggested for the
header and first line item

 SAP AG 1999
Journal Entry Posting Authorization Groups

 Authorization groups, which are optional, can be used

with certain objects to restrict users from posting to
selected G/L accounts or to specified document types

 SAP AG 1999
Changing a Document

Document header 01 Invoice

Line item 001 1,100
Line item 002
Line item n ZB01 04/01/YYYY

Field description
(DDIC)
1800000025 ZB05 04/15/YYYY
Must field change
be documented ?

Change rules
Can field be
Documents changed? Changes

 SAP AG 1999
Changing & Reversing Documents Audit Trail

 Changes can be reviewed on-line or through standard SAP

reports.
 Procedures should be recommended for periodic
supervisory review of document changes.

 SAP AG 1999
Document Posting “Parking”

 Incomplete documents can be parked and then posted at a

later date, possibly after appropriate approval.

 SAP AG 1999
Parked Documents Control Issues

 Parked documents present a risk to completeness and

timely recording as they may be forgotten!
 Procedures should exist for periodic review of parked
documents to ensure appropriate follow up is being
performed.

 SAP AG 1999
Interfaces to FI

 Transfer of data from feeder systems - SAP or non SAP

 SAP AG 1999
Recurring Periodic Processing

 SAP AG 1999
Recurring Entry Program

Entry of basic data

Run schedules

Run dates

30 Recurring documents

List Recurring Docs

Execute recurring entries

SAPF 120

Batch - Input

 SAP AG 1999
Accrual and Reversal of Journal Entries

03 04 Open posting periods

Fiscal year YYYY

01 02 03 04 05 06 07 08 09 10 11 12

RFSABG00 Reversal

The RFSABG00 report looks at The report also creates a log with document
the original accrual posting and number, account number, and amount for
creates a reversing entry. the selected posting documents.

 SAP AG 1999
Foreign Exchange Transactions

 SAP AG 1999
Currencies and Exchange Rates Overview

 Central Storage table of exchange rates for translation

 Table can be updated either internally or externally

 SAP AG 1999
Valuation Foreign Currency

Open Items Account Balances

Chart of Accounts AAAA Chart of Accounts AAAA

G/L Acct No. Receivables Ex. Rate Diff. Key from
Currency FC G/L Acct Master Record XXXX

Realized Bal. Sheet Adjustment

- EXPENSE - EXPENSE
- INCOME - INCOME
Evaluated
Valuation Area 1
- A/R ADJUSTMENT Valuation Method XXXX
- EXPENSE
- INCOME - Lowest Value Principle
- Strict Lowest Value Principle
Translation
- Periodic Valuation
- EXPENSE
- INCOME
- CLEAR EXPENSE - Ex. Rate if Deb.  B
- CLEAR INCOME - Ex. Rate if Cred.  S
Valuation Area 2 - Ex. Rate Type Acct Bal.
( like Valuation Area 1) or Invoice Reference
 SAP AG 1999
Foreign Currency Processing Cycle

Set up rates  One table for all companies -

TCURR

Posting  Default uses table but you can

override

 Clearing transactions and month

Valuation end

 SAP AG 1999
Foreign Currency Control Risks

 Proceed further along in the transaction?

 SAP AG 1999
Accounts Payable Processing

 Vendor Master Records

 Audit Trail
 One Time Vendors
 Automatic Payment Program

 SAP AG 1999
Accounts Payable - Overview

Sub-Ledgers Vendor Account

22,000

Accounts Payable
22,000

Expense

Input Tax

 SAP AG 1999
Accounts Payable Master Data

Vendor Master Record Structure

Vendor
Master Data

Accounting Data General Data Purchasing Data

Reconciliation Acc. Vendor Name Order Currency
Payment Terms Address Min. Order Value
Authorization Group Telephone Vendor Contact

 SAP AG 1999
Master Data Control Issues

Users

Segregation of Unauthorized Number Restriction to

Duties Changes Assignment Create/Change

Control Considerations

 SAP AG 1999
Master Data Audit Trail

 Various Reports exist to measure and support control of

changes to data

 SAP AG 1999
FI-AP Posting Control Issues

 Controls exist in Materials Management for the on-line

approval of purchase orders(P.O). Similar controls do not
exist for an expenditure booked directly into accounts
payable.
 Invoice verification checks the accuracy of invoice details
against the P.O. Similar checks are not found in FI-AP.
 Tolerance limits configured in Invoice Verification and
payment blocking are only effective for transactions
posted through MM. Direct postings to FI-AP are not
subject to these tolerance limits
 Most installations allow authorization to post to all vendor
accounts. No distinction is made between vendor
accounts.

 SAP AG 1999
FI-AP Posting Control Issues (cont.)

 Manual payment blocking of high dollar invoices for

supervisory review is possible in FI-AP at the time of
invoice entry.
 Procedures could be developed for payment blocking of
high dollar invoices and for supervisory review and release
of blocked items.
 Access to unblock documents should be restricted to
supervisory personnel through SAP authorizations.

 SAP AG 1999
One Time Vendor Accounts Overview

 Special vendor accounts for vendors

with whom business is once or rare.

 SAP AG 1999
One Time Vendor Accounts Key Controls

 A review of the payment proposal list,

report RFZALI00, should focus on
assessing the validity of vendor names
and addresses
 A review of the field status group of the
one time vendor account group should
be conducted to ensure authorization
group is a required field on master
record creation

 SAP AG 1999
Automatic Payment Program Overview

 The payment program processes payments for vendors

and customers.
 It automatically selects open items to be paid, lists
exceptions that cannot be paid and provides the reason
for current nonpayment.

 SAP AG 1999
Automatic Payment Program

Enter Parameters

Payment Proposal

List of payments & exceptions

Execute Payment Program

Payment Media

 SAP AG 1999
Payment Program Controls

 Basic parameters require configuration which should be

maintained by system IT support or a similar dedicated
group.
 Individual(s) who have authorization to perform the
payment run should not have access to the physical check
stock, vendor master records, invoice posting
responsibility and other similar incompatible
responsibilities.
 Staff with invoice posting responsibility should not have
profiles that allow payment program execution.

 SAP AG 1999
Duplicate Payments Control Points

 Report RFBNUM10, identifies potential duplicated vendor

invoices.
 Displays vendor invoices entered with the same dollar
value and reference number.

 SAP AG 1999
Cash Discounts Overview

 Payments can automatically be made in a manner that

ensures the highest possible cash discount is taken
 Payments can be made as late as possible, forgoing
available cash discounts.
 The payment program configuration should be reviewed to
assess compliance.

 SAP AG 1999
FI Reporting

 SAP AG 1999
Reporting in Financial Accounting

Execute Reports
Systems
->Services
Systems
-> Reporting
->Services
->Reporting or

Information Systems
-> Accounting
-> Financial Accounting
or
Periodic Processing
-> Info systems
-> Report Selection

 SAP AG 1999
Reports

 RFSKVZ00 G/L Accounts List (to check

creation & key master record
features)
 RFBUSU00 Posting Totals (to reconcile total
G/L postings to sub-ledger by document type -
identify unusual document types)
 RFSSLD00 G/L Account Balances
 RFSOPO00 General Ledger Line Items
 RFAUSZ00 Statements for
customers/vendors/general ledger accounts
 RFBILA00 Balance Sheet/Income Statement
(P&L)

 SAP AG 1999
Unit Summary: Financial Accounting

In this unit, we have discussed:

 Controls and risks associated with processing
and reporting functions in the FI modules.
 The various types of master data in SAP.
 The SAP document principle and the key fields
on a document, including the effect of the field
status group on document entry.
 The various methods available in SAP to
facilitate repetitive postings.
 The different periodic functions that effect
documents and reporting.

 SAP AG 1999
Integrated Materials Management

 SAP AG 1999
Unit Objectives: Integrated Materials Management

In this unit, you will learn:

 The integration points of the materials management
module with other SAP modules
 The financial transactions that are created when various
materials management activities occur
 How to execute and choose relevant MM reports
 The purpose of using the GR/IR clearing account to
monitor activities
 Key control and risk factors for configuration and business
processes that need to be considered when using the SAP
R/3 Material Management module

 SAP AG 1999
MM Organizational Structures & Overview

 SAP AG 1999
MM Overview

MRP

External procurement Internal procurement

Purchasing Production

Master data
Invoice
Goods Warehouse Material
verification
receipt Management Batches
Invoice receipt Vendor
Inventory G/L accounts
Management Customer
Storage bins
? A .
Goods Transfer B .
issue posting .

Internal & external financial accounting Sales

 SAP AG 1999
Payment Program
Procurement Environment

8 Requisition
1
Payment
Requirements determination

Vendor Purchase
invoice Order
?
7 2

Invoice Verification Source determination

Procurement
6 3
Goods receipt Vendor selection

Purchase
Order
10
20
5 4 30

Purchase order monitoring Order processing

 SAP AG 1999
Organizational Levels in Inventory Management

Client

Company code Company code

0001 0002

Plant 1000 Plant 1100 Plant 2000

Storage loc. Storage loc. Storage loc.

0001 0002 0003

 SAP AG 1999
Purchasing Organization / Group

 A purchasing organization is an organizational level that

negotiates conditions of purchase with vendors for one or
more plants or companies. It is legally responsible for
completing purchasing contracts.
 A purchasing group is the key for a buyer or group of
buyers responsible for certain purchasing activities.

Purchasing
Organization

 SAP AG 1999
MM Master Data

 Vendor Master
Record
 Material Master
Record
 Purchasing
Information Record

 SAP AG 1999
Master Data in the Procurement Process

Purchasing
documents

Material Master Vendor Master

Record Record

 SAP AG 1999
Vendor Master Record

Vendor Master
Record
General data

Purchasing
documents

Purchasing data Accounting data

 SAP AG 1999
Material Master Data

Purchasing
St
documents

Materials
Planning data
Purchasing data

Material Master
Record

Inventory
Accounting data Management data
 SAP AG 1999
Material Master: Organizational Levels

Material number, material description, material

group, base and alternative units of measure, ...

Purchasing data, materials planning data,

forecasting data, work scheduling data, ...

Storage bin description, picking area, ...

 SAP AG 1999
Material Master: Views

Basic data Purchasing

St

t
Mat. planning Sales

A
B
Stocks in
plant/storage loc.
Material Work
scheduling
master
Material Master
Accounting record
Record Quality
management

Storage Forecasting

Warehouse mgmt
Classification

 SAP AG 1999
Purchasing Info Record: Structure

General data

Purchasing organization Purchasing org.+ plant

 SAP AG 1999
Data in the Purchasing Info Record

General data Control data

Vendor data Delivery time
Origin data Minimum quantity
Order unit Tolerances
Prices and
conditions
Gross price
Discount
Freight
Customs duty etc.

Texts Statistics
PO text Price history
Int. info record memo PO statistics
Change history

 SAP AG 1999
Material Valuation Procedure

Material Master
Material valuation
Record (Acctg View)

Price control

"V”
"S” Standard price
Moving average price

 SAP AG 1999
Purchasing Documents

Purchase Requisition
RFQ
? Request for Quotation

Quotation Quotation

A ? B Quotation
Purchase Order

Purchase order

Contract

June July
Vendor scheduling agreement

 SAP AG 1999
Purchase Requisitions

 Purchase requisitions
 Automatic Account Determination
 Release Strategies

 SAP AG 1999
Purchase Requisitions - Field Attributes

 Purchase Requisitions fields can have the

characteristics of either:
 mandatory
 optional
 display
 Configured at the document type or
transaction level
 More restrictive setting takes precedent

 SAP AG 1999
Procurement for Consumption

Stock material Consumable material

with mat. without mat. with mat.

master record master record master record

with acct. Enter account

Account assignment
assgt. cat. assignment cat.

Acct assgt
Acct assgt
manual
automatic
Data from material Entries required from
master record the user

Consumption acct
Stock account Cost center
Asset...

 SAP AG 1999
Automatic Account Determination

Chart of accounts: INT

Valuation type: XXX

Company code: 1000 • Posting string
• Transaction key
Val. group. code: 1000
Valuation area: 1000  Acct group. cd: VBR

Automatic Posting
Material Master
Transaction: GBB offsetting entry ...
Valuation class
Chart of accts: INT
Val. group. cd: 1000 3030
...
Acct group. cd: VBR consumption
Valuation class: 3030 operating supplies

Debit account: 403000

Credit account: 403000
 SAP AG 1999
Controls in the SAP Procurement Cycle

Requisition  Front End Control

 Requires:
 Budgetary Control
Approval  Good Procurement Discipline

Purchase
Order
Purchase Order

Purchasing

Receiving

 Traditional controls:
Payment controller signing the
check
 SAP AG 1999
Release Procedure for Purchase Requisitions

SAP Rel. 3.X Purchase Order

Requisn. RFQ
Approval
Doc. type
o.k.  Item 10
Item 10
o.k.  20
20
o.k.  30
30

SAP Rel. 4.0

Purchase Order
Requisn.
Doc. type Approval
RFQ
Item 10
20 o.k. 
30

 SAP AG 1999
Release Procedure

Classification: Customizing:
Definition Definition
Create requisn.
Release criteria Release strategy
Strategy S1 Requisn.

Value from 10,000 Item 10

Value Plant
Plant 1000 Strategy S1
blocked
Release points Release status
1. Engineering Blocked
2. Purchasing Released for RFQ
3. Controlling Released for PO

Release code = Release point

Release indicator = Release status

 SAP AG 1999
User Authorizations and Release Procedures

Controlling Technical Services

Department Department

Preq

Release CO 
Release CO TK  Release TK
Meyer Smith

User authorizations User authorizations

Authorization object Authorization object

M_BANF_FRG M_BANF_FRG
Value: CO Value: TK

 SAP AG 1999
Requisition Change After Release Started

Purchasing Requisition

Strategies with Classification Strategies without Classification

 SAP AG 1999
Requisition Control Issues

 Requisitions are authorized per line item.

Account assignment is per line item.
 A vendor may or may not be identified at the
requisition stage.
 Authorizations for release may require significant
effort to develop.
 Organizations that focus control at this point
must have strong budgetary controls.
 Users are assigned to appropriate release points
and release codes. Changing a requisition after
its release can invalidate the release process.

 SAP AG 1999
RFQ’s/Quotations

 Processing
 Collective Number

 SAP AG 1999
 RFQ / Quotation

Purchase Order
Purchasing

Request for
quotation Vendor A
Purchase requisition Quotation
RFQ Quotation

? Vendor B

Vendor C
Source
of supply

Master data

 SAP AG 1999
RFQ’s and Quotations Control Issues

 The ability to segregate the use of RFQ’s can be

managed through authorizations (I.e.,
M_EINK_FRG - Release code & group is only
provided to those users authorized to approve the
release of RFQ’s)
 They can be controlled & compared using a
collective RFQ number
 RFQ’s can only use price as a decision criteria
 Numbering sequence, field attributes and release
strategy can be configured for RFQ’s (see
purchase requisition for details)

 SAP AG 1999
Purchase Orders

 Structure
 Set Tolerances
 Source Determination

 SAP AG 1999
Processing Purchase Orders

Purchase RFQ Reference Contract

requisition document
RFQ

Vendor
Info
record
One-time
Vendor

 SAP AG 1999
Purchase Order Structure

Header data
• Purchase order no. • Vendor
Purchase • Terms of payment • Currency
• Purchase order date •...
order
10
20
Item: 10
30
Item: 20
Item: 30
• Material number • Del. date
• Short text • PO price
• PO quantity •...

 SAP AG 1999
Set Tolerances for PO’s

 Price variance: PO price exceeds the material price by

more than the specified defined tolerance limit.
 Maximum cash discount deduction: specified cash
discount percentage exceeds the defined tolerance limit.
 If the system message is a warning, then the user can by-
pass the set tolerance. SAP does not have any reports
on PO’s exceeding their set tolerances.
 PO set tolerances might be configured as too restrictive
or permissive, impacting operational effectiveness.

 SAP AG 1999
How the Source is Determined

Quota
arrangement

1
60% Vendor 40%

Purchase
order Agreement item
2 Source list?
Fixed vendor

Purchase
Outline order Agreement item
3 agreement?

Purchase
Information
4 order Fixed vendor
record

 SAP AG 1999
Key Order Control Issues

 Individuals’ authorization profiles can be configured to

allow or prevent access to the purchase order transaction
and establish adequate segregation of duties.
 PO set tolerance limits.
 Release strategies (approvals).
 Purchase orders should be referenced to a requisition.

 SAP AG 1999
Procurement - Issues So Far

 SAP provides many procurement options.

 Authorization control is applied through
requisition release, however you can restrict who
generates and releases the Purchase Orders.
 Access to purchase orders and master date should
be restricted.
 Monitoring controls through the purchasing info
system are vital.
 Master records - proper maintenance of vendor,
material, source lists, quota arrangements and info
records are critical.

 SAP AG 1999
Goods Receipts

 Movement Types
 Material and Accounting
Documents
 Effects of Goods Receipts

 SAP AG 1999
Goods Receipt for Stock Material

Purchasing
documents

Goods receipt
Purchasing
documents

Warehouse
Goods
receipt
Vendor

 SAP AG 1999
Movement Type: Examples

101

Goods receipt to the warehouse

122

Return delivery to the vendor

 SAP AG 1999
Documents for Goods Movements

Warehouse
Goods movements

Receipts Issues

Accounting
Material document
document

 SAP AG 1999
Material and Accounting Documents

Material document Accounting document

Document header Document header

Material header 49000757 Accounting header 4900000642

Document items Document items

Date 04/06 Date 04/06

Quantity Material Plant Account Short text $

001 10 liter paint 3000 001 300000 Stock 75-

002 25 pcs mirror 3000 002 300000 Stock
003 400000 Consumption 400-
475-

The material and accounting documents

for a goods movement are created
simultaneously.

 SAP AG 1999
Effects of a Goods Receipt

Material delivery
PO history Material
and PO master
updated Stock and
value updated
Goods receipt

Accounting
Material
document
Notification of
goods receipt
(optional) Movement
documentation
GR slip

Hard copy Creation of an

(optional) QM inspection lot to
trigger a quality
inspection
Transfer request to WM Stock and
warehouse consumption
management (if active) accounts
updated

 SAP AG 1999
Key Goods Receipt Control Issues

 Separate set tolerances for goods receipts can be

configured for both error and warning messages
 Delivery dates tolerances
 Movement types have complex table settings
which automatically record accounting entries
corresponding to the goods movements
 Goods receipt/Invoice receipt (GR/IR) account to
manage purchasing problems
 PO can be monitored through PO History, which
lists the GR(s) details for the purchase order

 SAP AG 1999
Goods Receipt - Risks

 Quantity set tolerances can be

overridden at the PO item detail level
 GR set tolerances can be too
restrictive or too permissive,
impacting operational effectiveness
 Automatic account assignments
might be incorrectly configured
 GR/IR account is not being properly
maintained and managed
 Reason for movement is optional for
“Reversal” movement type and
required for “Return Delivery”

 SAP AG 1999
Stock Movements - Controls

 Accounting is automatic - based on account assignment

configuration and the movement type
 Movement types perform many control functions, such
as value and quantity updates, field selection
 Authorization objects can control access over specific
movement types
 Can review high risk stock movements
 Will always require supervision and review
 Reports of stock movements are available

 SAP AG 1999
Movement Types - Some Issues

 Can configure special movement types

to control stock. Auditor should assess
the control functions configured for
these new movement types (value
update, field selection)
 Authorizations might not have been
properly set up and assigned to users to
limit access to movement types
 Risk that automatic account
assignments are incorrectly set up

 SAP AG 1999
Invoice Verification

 Posting an Invoice
 Variances
 Payment Blocks and Reasons
 GR/IR Maintenance

 SAP AG 1999
Invoice Verification

invoice

Vendor
Vendor invoice

Invoice
verification
? Goods
Invoice verification = receipt

Open vendor items

 SAP AG 1999
Posting an Invoice

invoice

for
purchase
order GR/IR Account
Posting Vendor Account
A B
XX XX

Doc. no. 51000123 Material master Purchase order history

Vendor 100 - Moving Avg Pr goods receipts

GR/IR 100 + value down-payments
invoices

 SAP AG 1999
Invoice with Variance

Purchase order

Purchase
Invoice order

Goods receipt

Tolerances

10% 10%

Variance!
Post

Document
no. 5100012345
added:
blocked for payment
 SAP AG 1999
Automatic Payment Block and Release

50 pieces
Order

100 pieces IR > GR

Invoice
Invoice
80 pieces blocked for
payment!

50 pieces

X Release automatically

Payment program can pay the invoice

 SAP AG 1999
Invoice Verification - Control Issues

 Invoice verification set tolerances might be too restrictive

or permissive, impacting operational effectiveness.
 Parked documents and blocked invoices might not be
independently reviewed and released on a timely basis.
 Lack of segregation of duties between posting invoices
and releasing blocked invoices.
 Inadequate access control over the IMG could increase
the risk of unauthorized changes to IV set tolerances.
 IV set tolerances only applies to MM and not FI-AP.

 SAP AG 1999
Maintenance of the GR/IR Clearing Account

Initial situation
Goods GR / IR Clearing Vendor
100 100
200 200
400 400*
* assumes FOB shipping point
Adjustment postings
not yet delivered GR/IR adjustment not yet invoiced
300 300
400 400

Balance sheet display

Balance sheet

700 700

 SAP AG 1999
GR/IR Clearing Account - Control Issues

 The number of transactions recorded to the GR/IR account

can grows rapidly, leading to difficulties in timely
management.
 Lack of accountability and responsibility in monitoring and
managing the GR/IR account. Should this account be
managed centrally or decentrally?
 Insufficient GR/IR transaction information to properly manage
the account, such as the creator of the purchase order

 SAP AG 1999
Physical Inventory

 Movement Types
 Physical Inventory Process

 SAP AG 1999
Physical Inventory Types

Periodic One time physical

Continuous Cycle counts, A.B.C. counts

Sampling Item/Location specific counts

 SAP AG 1999
Physical Inventory Procedure

Create phys. 1
inventory doc.

2
Blocking indicator
Initiate 5b
3 recount
Print phys.
5a
inventory doc. Change
count

4
Phys.inventory count

5
Difference
list

Adjust 6
differences

 SAP AG 1999
Physical Inventory - Controls

 Adequate segregation of duties in the physical inventory

count process can be established
 Physical inventory tolerance groups can be configured
and assigned to users
 Inventory reports available to review appropriateness of
posting inventory differences:
 RM07IDIF: List of Inventory Differences
 RM07MGRU: Statistics on Goods Movement
 RM07MMAT: Stock levels & movements

 SAP AG 1999
Physical Inventory - Risks

 Inadequate segregation of duties between the the

creation and posting of physical inventories, and their
differences.
 Posting differences as stock adjustments (can be used
to conceal problems)
 Still need discipline in the counting process
 Users assigned to inappropriate physical inventory
tolerance groups
 Users not assigned to a tolerance group, but who have
the authority to execute posting of inventory
differences, are not limited to any inventory
differences at either the inventory document or item
level

 SAP AG 1999
Materials Management Reporting

 SAP AG 1999
Reporting

 SAP delivers a wide range of standard reports

 Over 700 standard delivered MM reports (RM*)
 Additional reporting requires ABAP reports, or
external audit software

 SAP AG 1999
Key Reports in MM

 RFKKVZ00 LIST OF NEW VENDORS

 RFKABL00 VENDOR MASTER RECORDS
 RM06BA00 LIST OF PURCHASE REQUISITIONS
 RM06BK00 PURCH. REQ w/o ACCOUNT ASSIGNMENT
 RM06BAV1 PURCHASE REQUISITION CHANGES
 RM06EL00 PURCHASE ORDER WAREHOUSE REPORT
 RM06EHBE DISPLAY PURCHASE ORDER HISTORY
 RM07MSAL GR/IR BALANCES

 SAP AG 1999
Key Reports in MM (cont.)

 RM06K023 CONDITIONS BY VENDOR

 RM06K050 PRICE CHANGES FOR VENDOR’S
INFO.RECORDS
 RM06K051 PRICE CHANGES - VENDOR’S CONTRACTS
 RM06K052 PRICE CHANGES- VENDOR’S SCHED. AGRMTS.
 RM06LBEU RANKING LIST OF VENDORS
 RM06W001 SOURCE LIST FOR MATERIALS

 SAP AG 1999
More Reports for MM

 RM06WCD1 CHANGES TO SOURCE LIST

 RMMRO200 RELEASE OF INVOICES FOR PAYMENT
 RM06ES00 RFQ’S PER COLLECTIVE AGREEMENT
 RM06EL00 P.O.’S PER COLLECTIVE AGREEMENT
 RM06EN00 PURCHASE DOCUMENT PER DOC. NUMBER
 RM06EM00 PURCHASE DOCUMENT PER MATERIAL
 RFFMS200 PAYMENT ACCRUAL
 RFKOPR00 VENDOR PAYMENT HISTORY

 SAP AG 1999
Unit Summary: Integrated Materials Management

In this unit, you have learned:

 The integration points of the materials
management module with other SAP modules
 The financial transactions that are created when
various materials management activities occur
 Types of invoice verification that can occur on
goods and invoices received
 The purpose of using the GR/IR clearing
account to monitor activities
 Key control and risk factors in processing
transactions in the MM module

 SAP AG 1999
Integrated Sales and Distribution

 SAP AG 1999
Unit Objectives: Integrated Sales and Distribution

At the completion of this unit, students will be able to:

 Discuss key integration points between SD and other
SAP modules through the entry of a billing document
 Discuss the SAP sales cycle
 Use the credit control area as a tool to control credit
extended to customers
 Explain key risks and controls in the SD sales cycle
 Execute key reports that can be run for the sales and
distribution module

 SAP AG 1999
SD Overview & Organizational Structures

 SAP AG 1999
Integrated SD Processing

Sales activity
(Inquiry)
(Materials Management)
Quotation
Purchasing
Material reqs
Sales order
planning
Production
Conditions for
Goods receipt
pricing
Sales
Info Material stock
System
Delivery Picking
Warehouse
manag. system
Packing
Loading
Goods issue

Transport Accounting
Billing doc.
Profitab. analysis
 SAP AG 1999
Sales Area

WEST
Company Code
EAST
West East

Sales organization

Distribution channel
Wholesale Retail Wholesale
Trade Trade Trade

Division Cycles Helmets Cycles Helmets

 SAP AG 1999
Distribution Chains - Plants

Company Code

Sales Organization
Sells From
Plant
#2

Distribution channel

 SAP AG 1999
Organizational Data

Product Division

Sales Org

Domestic Export

Product #1 Product #2 Product #1 Product #2

 SAP AG 1999
SD Master Records

 Material Master Record

 Customer Master Record
 Audit Trail
 Pricing Conditions

 SAP AG 1999
Material Master Record

Possible views:

Basic data

Purchasing Sales/Distr. Mat. Planning Storage Accounting

Material master

Examples

Views: Purchasing Sales/Distribution Accounting

Purchasing group Delivering plant Standard price

Data: Order unit Material Shipping data Valuation class Price
status Foreign trade data control

 SAP AG 1999
Customer Master

Customer : C1
Company code : 1000
Sales organization : 1000
Distribution channel : 12
Division : 00

Create: General data

Screen views: Address

Control data Valid for Financial
Marketing Accounting (FI) and Sales
Unloading points and Distribution (SD)
Contact persons
Create: Sales area data
Screen views: Valid for SD:
Sales - Sales organization
Shipping - Distribution channel
Billing - Division
Partner functions

Create Centrally: Company code data

Screen views: Account management Valid for FI:
Payment transactions
Correspondence - Company code
Insurance
 SAP AG 1999
Partner Determination

Sold-to party

places the order

Ship-to party

receives the goods

Employee Partner functions Payer

pays for the goods

Forwarding agent Bill-to party

receives invoice for goods

Mandatory
functions in Contact person
sales order
 SAP AG 1999
Customer Data Audit Trail

 RFDKVZ00 - customer list

 RFDKAG00 - detail comparison
 RFDABL00 - customer changes

 SAP AG 1999
Managing Customer Data

Issues:
 A central record at client level
 Review of responsibility for
maintaining local information
 How is this coordinated and
managed ?

 SAP AG 1999
Pricing Conditions

Pricing an order item

Sales Order
Pricing Proc. ABCDEF 1

1. Price PR00 Sales Doc. Type OR (Document Pricing Proc.)

2. Discnt 1 RB01
3. Discnt 2 RB02 Customer 100000 (Customer Pricing Proc.)

2 Item 01 Quantity = 17
Condition Type: PR00
PR00 Price $0.80
Access Seq.: PR00
5
3
Refer to
Condition Records 0-5 $1.00
Access Seq. : PR00 order Valid Record 5-20 $0.80
detail
1. Customer/Material 20+ $0.75
2. Price List Type/Currency/ Search using
Material Condition Tables
3. Material
 SAP AG 1999 4
Calculating Prices

Sales order Conditions

Prices Discounts/surcharges

 Price list  Customer

 Material price  Material
 Customer-specific  Pricing group
 Others  Material group
 Customer/material group
 Customer/material
 Others

 SAP AG 1999
Sales Cycle

 Sales Process
 Document Flow

 SAP AG 1999
Sales Cycle

Inquiry
Quotations

Contracts
Sales
Sales Orders
Master Records
- Material Return
- Customer
- Condition

Shipping
Delivery Return Delivery

Invoice CR Memo
Billing

 SAP AG 1999
Assigning Sales Document Types to
Organizational Levels

Sales Organization Sales Document Types

Distribution Channel Standard Order

Returns
Division Credit Memo
Delivery Free of Charge

Allowed?

Blocking Sales Document Types

Sales Document Types

Standard Order
Returns
Delivery Free of Charge
 SAP AG 1999
Document Flow for Sales Documents

Delivery
Purchase
invoice
Order
Accounting Payment
Doc

Document Flow of a Sales Order

Order 8999
Delivery 8000459

WMS transfer order 100000062

CD goods issue: delvy 49001828

Invoice 900333
Accounting Document 1000276

 SAP AG 1999
Availability Check

 SAP AG 1999
Availability Check

Inward
Purchase Purchase
orders requisitions Planned
Stock
order

Sales
Time
Reservations
requirements

Outward
 SAP AG 1999
Credit Management

 SAP AG 1999
Credit Check Overview

 Order, Delivery, Goods

Issue
 Warning, Error, Blocking
 Static
 Dynamic
 Maximum Document Value
 Can be defined by credit
control area and risk
categories of customers
 User defined checks

 SAP AG 1999
Credit Control Areas

Control Area Control Area Control Area Control Area

Region 1 Region 2 Region 1 Region 2

Company Company Company Company Company Company

Code Code Code Code Code Code
0001 0002 0003 0001 0002 0003

Customer Customer Customer Customer Customer

4711 4711 4711 4712 4712

 SAP AG 1999
Setting a Credit Limit

R1 R2
Total Limit Maximum
Region 1 Region 2 Single Limit

Customer 4711 50,000 30,000 1,000,000 100,000

Customer 4712 60,000 100,000 60,000

Customer 4713 20,000

Credit control Head office

area data data

 SAP AG 1999
Types of Credit Checks for Sales Document Types

 A blank indicates no credit limit check.

 A: Credit Limit Check and Warning Message.
 B: Credit Limit Check and Error Message.
 C: Credit Limit Check and Delivery Block -- allows the
creation of a sales order, but blocked for delivery. The
block for delivery indicator can be deleted
(Header/Business Data) and thus allow processing of the
delivery.
 D: Automatic Credit Control with Open Order Values -- will
not be allowed to deliver or change indicator within the
order. Only can be released through A/R.

 SAP AG 1999
Audit Trails - Credit Limits

 Report RFDKLI40 provides a credit overview for customers

and report RFDKLI10 lists customers without credit limits.
 Report RFDKLIAB provides information on credit
management changes.

 SAP AG 1999
Sales Documents

 Incomplete Documents
 Shipping
 Goods Issue
 Billing
 Pricing
 Credits
 Revenue Account Determination

 SAP AG 1999
Incomplete Sales Document

Sales document

Sold-to party: C1

Incomplete data?

Document cannot be Document can be saved

saved

The document must be The document can be

completely maintained blocked for subsequent
beforehand functions:
- copying - delivery

- billing

 SAP AG 1999
Shipping

Dispatch Overview

Sales Delivery
Order Note

Delivery Due List Picking List Picking

Packing Shipping papers Goods issue

Transfer
 SAP AG 1999
Post Goods Issue

Goods issue Billing

M1: 40 pc
Sales price: 25
Cost: 12

(- 40)
Finished products Cost of Goods
Sold
Material master: M1 480
480
Quantity: 50 pc
Cost: 12

 SAP AG 1999
 Effects of Billing / Invoice Creation

Billing doc
Customer
Receivables
credit
management Delivery
account x

Header
Position 2
Profitability Analysis Sales Information Item 1
120
System
100
80
Item 2
60
40
Delivery
20
0
Order
1 2 3 4 5 6

Billing
Billing doc
Billing due list
Invoice
Delivery
Delivery Invoice
Delivery Invoice

 SAP AG 1999
Billing - Revenue Account Determination

 Criteria? - How much to invoice?

 SAP AG 1999
Billing & Posting Block

 Posting blocks can be set by billing document types. The

corresponding accounting document is only created after the
block is cancelled.
 By displaying or changing a billing document and calling up
the Matchcode A list, a block for posting billing document list
will be generated.
 A billing block or posting block can be used for returns,
credit memos and debit memos, to provide additional
internal control over processes.

 SAP AG 1999
Returns & Credits

Sales Order Return request

Processing
Credit Memo request
Invoice Creation
Request

Delivery Key Concepts Billing

Receipt of return into Credit memo return

restricted area request
Credit memo for credit
memo request
Invoice correction
Payment

Accounting document with customer credit

 SAP AG 1999
Returns & Credits: How are returns processed?

invoice Return
Request
(authorization)
Returns
Delivery

Sales  Accepts returned  Create credit

goods memo after
Order removing the
 Place in
billing block
restricted stock

invoice

 SAP AG 1999
Reporting

 Sources of SD Information
 Standard Reports

 SAP AG 1999
Sources of SD Information

Info library

Standard Flexible SD lists

ABAP query
analyses analyses & reports

SIS
Info structure

Master and document data

 SAP AG 1999
Sales & Distribution Reporting

Description of Report Program

• Customers without Credit Limits RFDKLI10

• Credit Limit Overview RFDKLI30

• Customer Open Items RFDOPO00

• Overdue Items Balance RFDOPR10
• Customer Payment History RFDOPR00

• Customer Account List RFDKVZ00

 SAP AG 1999
Unit Summary: Integrated Sales and Distribution

In this unit, you have learned that the:

 Goods Issue and Billing Transactions in Sales and
Distribution produce financial accounting entries.
 Customer credit and performance history is
monitored through the use of Credit Control Areas.
 Posting for Doubtful Receivables can be facilitated
through the use of special GL transactions or GL
journal entries.
 Use of many standard SAP reports assist auditors in
their audit process, including Balance Confirmation,
Credit Overview, and Incomplete Billing Documents
 SAP sales cycle contains many elements. Within the
cycle, you can now explain key risks and control
features.

 SAP AG 1999
Authorizations Details

 Profile generator
 Technical security
 User passwords
 Security administration
infrastructure

 SAP AG 1999
Unit Objectives: Authorizations Details

At the conclusion of this unit, you will be able to:

 Discuss the benefits of using the profile generator
 List and discuss the steps for a successful and
secure authorization implementation
 Describe aspects of technical security in SAP R/3
 Describe the security administration infrastructure
suitable for an R/3 environment

 SAP AG 1999
SAP Profile Generator

Authority
Checks

 SAP AG 1999
Profile Generator Tool

 What is the profile generator?

 A tool to automatically generate
authorization profiles
 What are the benefits?
 Only necessary authorization objects will
be used
 Authorization profiles are automatically
generated
 Communication level between security
administrator and end-user is the
functionality
 It is easier to define authorization profiles

 SAP AG 1999
Profile Generator Overview

USER PROFILE
Version 3.1G

ACTIVITY GROUPS
Version 3.0

PROFILES

AUTHORISATIONS

Type of access
OBJECTS Which data VALUE SETS
 SAP AG 1999
Profile Generator (PG)

 The PG allows authorization administrators

to automatically generate and assign
authorization profiles.
 Accelerates R/3 implementations by
simplifying the tasks associated with
setting up the authorization environment.
 Released with R/3 V3.1G
 Still requires a good understanding of
authorization concepts

 SAP AG 1999
Profile Generator - Checklist (1)

 Schedule everything & plan ahead

 Organize a security team and
establish business liaisons
 Communicate your security
implementation concept
 Document access paths or access
rights for each role

 SAP AG 1999
Profile Generator - Checklist (2)

 Review
 Build activity groups and generate authorization profiles
 Assign activity groups to users or PD objects
 Test

 SAP AG 1999
Profile Generator

 In order to use the profile generator

the following system parameter must
be set:
 Auth/no_check_in_some_cases = Y

 SAP AG 1999
Profile Generator - Release Upgrades

 System administrator must decide which

users should receive the new authorizations
following a release upgrade.
 They need to add the new authorizations to
manually generated profiles
 After an upgrade, they need to regenerate all
authorization profiles which have been
generated using the profile generator.
 If the organization has skipped releases or
upgrades, all authorizations that have entered
the system need to be considered.

 SAP AG 1999
Profile Generator (cont.)

 To ensure that only valid profiles are contained in the user

master record, the administrator must carry out a daily
profile comparison.
 For the changes in the user master record to be effective,
the comparison must take place
before the user logs on.

 SAP AG 1999
Activity Groups: Concept

Activity Group

P1 P2 P3 P... Profiles

Authorization Object/
Authorization
... ... ... ...
A1 A... A... A...

 SAP AG 1999
Security Admin. with the Profile Generator (1)

 SAP advise three roles

 User administrator
 Defines and edits user master records
 Assigns users to activity groups
 Assigns profiles beginning with T to
users
 Displays authorizations and profiles
 Reports through the user information
system (SUIM)
 They should not be permitted to
create/change activity group data or
change/generate profiles

 SAP AG 1999
Security Admin. with the Profile Generator (2)

 Authorization administrator
 Creates/changes activity groups
 Changes the transaction selection and
authorization data in activity groups
 Reports through the user information
system (SUIM)
 They should not be permitted to change
users or generate profiles

 SAP AG 1999
Security Admin. with the Profile Generator (3)

 Activation administrator
 Display activity groups and their data
 Generate authorizations and profiles
based on existing activity groups
beginning with T.
 Execute transaction SUPC
 Use the user information system
(SUIM)
 They should not be permitted to
change users, change activity group
data or generate authorization
profiles containing authorization
objects beginning with S_USER

 SAP AG 1999
Security Administration

S_USER_GRP S_USER_PRO S_USER_AUT

Activity Area Activity Area Activity Area
User * Group 03,22 Functional 03 Functional
Admin Area, i.e. Area, i.e.
F* or all F* or all
Auth. 03 Group 01-03, Functional 01-03, Functional
Admin 06 Area, i.e. 06 Area, i.e.
F* or all F* or all
Activation 03 Group 07 Functional 07 Functional
Admin Area or all Area or all

Each country/region can be set up to have their own

user group and administrator.

 SAP AG 1999
Profile Generator Reporting

 Data can be displayed on profiles

created by the profile generator,
those created manually as well as a
combination of the two.
 One report is excluded from the
tree RSUSR003 - which checks
across all clients to see if the
master passwords for the standard
user ids have been changed.

 SAP AG 1999
Profile Generator Reporting (cont.)

 In 3.1G security reports have been

brought together under a security
report information tree which is
called up using the transaction
SUIM.
 These reports should allow most
security audit tasks to be performed,
with much simpler input criteria than
in previous versions.
 Tasks include: changes to users,
complex selection criteria for
incompatible combinations objects,
authorizations

 SAP AG 1999
User

User Passwords

 SAP AG 1999
Login Defaults

 Program RSPARAM has default settings for login:

 Login/min_password_lng (default 3)
 Login/password_expiration_time (default 0, I.E. No limit)
 Login/fails_to_session_end (default 3)
 Login/fails_to_user_lock (default 12 -- automatically unlocked
after midnight)

 SAP AG 1999
Password Rules

 Table USR40 list passwords not allowed -- can add to this

table (V3.X)
 SAP already builds in certain checks. For example, the first
3 characters cannot = user ID.
 Also, you cannot
 Change to accounts last five passwords
 Change passwords more than once per day (except admin
account)
 Use “PASS” or “SAP” as a password
 Use identical first three characters
 Use “?” or “!” as the first character.
 *The first three characters cannot match the user account
name

 SAP AG 1999
Unit Summary: Authorizations Details

In this unit, you have gained knowledge in the following areas:

 Benefits of using the profile generator
 Key steps for a successful and secure authorization
implementation
 Technical security aspects in SAP R/3
 Security administration infrastructure suitable for an R/3
environment

 SAP AG 1999
SAP Tools

 SAP AG 1999
Unit Objectives: SAP Tools

In this unit, you will learn:

 An overview of the Auditing Information System (AIS)
functionality.
 The benefits of using the (AIS) in an SAP R/3 audit
 How to execute and extract relevant reports for an audit
 How to configure TVARV with audit parameters
 The features of ABAP Query as a reporting tool
 How to create and use report variants

 SAP AG 1999
AIS

Au d i t
I nformation
S ystem
 Overview
 Documentation
 Functionality
 TVARV

 SAP AG 1999
Initial Authors

Arthur Andersen
Bansbach Schübel Brösztl & Partner
C&L Deutsche Revision AG
KPMG Deutsche Treuhand-Gesellschaft
Price Waterhouse
Schitag Ernst & Young
Internal auditors from various companies
 SAP AG 1999
Target Group - Auditors

External Internal System

Auditors Auditors, Auditors
Controlling
Ongoing Controlling - Interim audit - Year-end close - Year- end audit

 SAP AG 1999
Realtime Auditing

FI
SD Financial
Sales and Accounting
Distribution
MM CO
Materials Controlling
Management
PP AM
Production Asset
Planning Management

QM PS
Quality Project
Management System
PM WF
Plant Workflow
Maintenance
HR IS
Human Industry
Resources Solutions

 SAP AG 1999
Audit Information System

 Library of Transactions &

Reports
 Responds to the Audit
Objective
 Improvement of the audit
quality
 Individual selection and
preparation of data
 Download of flat files
 Standard transfer of
transaction figures and
 balance sheet data to:
 CaseWare
 -ACL
 -IDEA
SAP DB
 -Baetge . . .
 SAP AG 1999
Documentation in the Reporting Tree

R/3 Library
Link to the relevant chapter

R/3 Implementation Guide

Link to the relevant chapter

Audit Guideline
Link to the relevant chapter

Audit Plan
Notes to audit procedures

 SAP AG 1999
AIS System Functionality (1)

 Display Complete AIS and User-defined audit views using

Display icon or Status Analysis icon
 On-line Documentation indicated by an Icon
 Ability to list transactions and reports on AIS
 Ability to find the existence of transactions and reports on
AIS
 Creating/and Using User-defined Audit Views
 Creating and Printing Notes from Status Analysis mode -
i.e. Audit work papers
 Saved lists attached to the node and list all saved lists
 Download data to external systems, i.e. ACL, Excel

 SAP AG 1999
AIS System Functionality (2)

 Status Analysis:
 Via traffic lights, identify the status of the audit step
 Show percentage of completed audit steps for an audit
objective
 Ability to use a node for multiple views, and have separate
documentation for the node for each view
 Ability to identify the number of views a node is assigned to
 Track changes made to the notes created for the node

 SAP AG 1999
Audit Environment

Auditor’s environment SAP R/3 environment

•Audit planning
•Work program
BKPF

BSEG(..A)

System Audit • Auditor’s view GSEG

of the SAP Data
SKA1/SKAT
- Line Items

Export interface
- Summary Totals SKB1
Analysis software
( ACL / IDEA / … ) Line Items • Online / Batch SKC1A
query
KNA1
• Drilldown
KNB1
Reporting software
function
Totals
• Tools KNC1

- ABAP
...
Work - Query
...
paper Report - Data Recall
prep. Facility ...

 SAP AG 1999
Audit Information System

SAP DB

System Audit Business Audit

Audit Development IS Audit G/L IS
IS User IS IS Customer IS
Vendor IS
Assets IS

Security
Guide&Checklist
------------------------ Audit
SAP Guideline
----------
User group
 SAP AG 1999
Structure and Use - Table TVARV

Control data which occurs in

multiple variants is defined as a
variable
(Table TVARV, Arg. AUDI*).

This data is updated at the

beginning of an audit.

This ensures proper control for

all evaluations run during the
course of the audit process.

 SAP AG 1999
Evaluation Methods

ABAP SAP DB

QUERY
 Data Extraction Data Recall
Facility
 Data Analysis

 SAP AG 1999
ABAP Reporting / Control

Call report
G/L Account balances/RFSSLD00 Variants for RFSSLD00

VAR1 :
 with variant (1) Chart of accounts INT
G/L Account 1-999
Company code T-BUK
Fiscal year T-GJAHR
G/L Account balances
VAR2 :
Chart of Accts. INT Chart of accounts INT
G/L Account 1-999 Company code T-BUK
Company code 0001
Fiscal year 2999 VARn :


Table of variables

G/L Acct.balances T-BILANZ INT

RFSSLD00 T-BUK 0001
T-from/to 0100 - 0999

 SAP AG 1999
ABAP Query = Individual DB Inquiries

Individual inquiries for

information from the SAP database
are solved with
ABAP Query.

Audit relevant data fields are setup

in functional areas.

Query
processing
The auditor defines the record
structure, selection and sort
Definition of individual lists criteria, summaries, statistics,
Record ranking list, and the layout of an
Selections evaluation.
Download
The export of a flat-file enables
Starting lists
continued, problem-free
processing.
 SAP AG 1999
ABAP/4 Query for Auditors

 Query Administrative Functions

 Create Functional Areas
 Create Functional Groups
 Create User Group (Audit User Group = AU)
 Assign User to a User Group
 Create the Query
 Auditor will only need to be concerned with this part
 Administrative Function delivered with the system
(Funct. Areas & Groups)

 SAP AG 1999
ABAP Reporting / Query

Logical database Report List

e.g. SD F (ABAP/4)
Reporting

(Selection +
ABAP

SAP
SAP- DB
DB formatting)
Query

Report generator

Functional area

List definition
(Query)
Create a list with
 Report: Instructions of a programming language (ABAP/4)
 Query: Description of a desired result

 SAP AG 1999
Data Recall Facility (Drilldown Reporting)

Fin.Statmnt Vers.
from/to
• Assets Acct.No. GLT0
• Liabilities
• P&L

| Reporting Year | RY-1 | RY-2 | ... RY-n |

Column | 1/12 | 1/4 | 1/2 | 1/1 |

Row | Calculation column(s) |

x
| Balance sheet ratios|

|
| calculation row(s) |

| Balance display
| Balance sheet
analysis

Cell

 SAP AG 1999 y
Export of Data Relevant to the Audit

SAP DB

Download
Result

Stochastic auditing methods

(statistical sampling algorithms)

ACL IDEA ...

 SAP AG 1999
Data Export (ACL / IDEA /..)

 SAP AG 1999
External Analysis Tools (ACL / IDEA /.) (Data Recall Facil.)

 SAP AG 1999
Balance Sheet Ratios (Data Recall Facility)

 SAP AG 1999
Other AIS Information

 Authorizations
 OSS Notes
 Contacts

 SAP AG 1999
Required Authorizations

 Auditors need a user master

record in the SAP system in
order to use the Auditing
Information System.
 This user master record should
provide comprehensive display
authorization.
 Auditor Profile
Auditor

SAP DB
 SAP AG 1999
AVAILABILITY:

 CUSTOMERS: 3.0D, 3.0F, 3.1H, 3.1I, 4.0B,

 4.5B -Q/1/99
 OSS Note: 100609 Installation Note
 OSS Note: 77503 Overview Note
 OSS Note: 85344 Performance Questions

 SAP AG 1999
WHERE TO FIND INFORMATION

 WWW.ASUG.COM
 SCREEN CAMS, PRESENTATIONS BY SAP AND ASUG
MEMBERS
 WWW.SAP.COM/GERMANY/CONTACT/USER.HTM
 AUDIT GUIDES - FI & MM
 SAPNET.SAP-AG.DE/SECURITYGUIDE
 SECURITY GUIDE AND SECURITY CHECK LIST

 SAP AG 1999
SAP Note 77503

Availability
As of Release 3.1I and 4.6A, IAS is part of the SAP R/3 standard software.
The current version of AIS can be imported into previous correction releases. For more
information, read note 77503.
AIS Contacts
Kaufmännisches AUDIT System AUDIT
Peter Schiwek, SAP AG Frank Buchholz, SAP AG
FAX: ++49-6227-7-56924 FAX: ++49-6227-7-52224
E-Mail: peter.schiwek@sap-ag.de E-Mail: frank.buchholz@sap-ag.de

Region USA, Canada, South America Region UK

Maria Gregg, SAP America Mark Frear, SAP UK
FAX: ++00-1-610-595-4282 FAX: +44-870 608 917 6461
E-Mail: maria.gregg@sap-ag.de E-Mail: mark.frear@sap-ag.de

Region Japan Region France

Sawako Watanabe, SAP Japan Andre Streissel, SAP FRANCE S.A.
FAX: +81 3/5531-1548 FAX: ++49-6227-7-53848
E-Mail: sawako.watanabe@sap-ag.de E-Mail: andre.streissel@sap-ag.de

 SAP AG 1999
Unit Summary: SAP Tools

In this unit, we have discussed:

 An overview of the Auditing Information System (AIS)
functionality.
 The benefits of using the (AIS) in an SAP R/3 audit
 How to execute and extract relevant reports for an audit
 How to configure TVARV with audit parameters
 The features of ABAP Query as a reporting tool
 How to create and use report variants

 SAP AG 1999