Part I of the series: "Automated Audit of the Configuration and Authorizations in SAP MM"

Today's blog post presents you with three audit procedures related to SAP MM organizational structures.

 

1. Is everything well organized? Auditing organizational structures in SAP MM
2. Proper protection of vendor master data
3. The procedure for checking the approval process for purchase requisitions
4. Are your purchase orders ordered in the best way?
5. Everything under control for critical goods movements
6. How to protect your invoice verification
7. Clear interrelationships when recording the physical inventory
8. Customizing in SAP MM set at the test bench
9. Segregation of duties in "purchase to pay"
10. Good practices in relation to the segregation of duties between "purchase to pay" and "financial accounting"

 

Productive indicators for the company codes

In the SAP® system, company codes are defined as legally independent financial accounting units with their own balance sheets and accounts. The company code provides the data basis for creating the balance sheet and profit and loss accounts. Company-specific data is created at company code level and cross-company data is created at client level. For productive use, company codes must be flagged as “productive”; otherwise, data within the company code may be deleted.

 

SAP Authorizations for storage locations

A storage location is the location where the stock is physically stored in a plant. There can be one or more storage locations in a plant. By default, goods movements are authorized only at plant level. However, authorization at storage location level is also frequently required, e.g. for critical movement types such as increases in stock or scrapping. This additional authorization check can be activated in customizing.

 

Authorizations for maintaining organizational structures in SAP MM

Changes to the organizational structures are highly sensitive. In the development system, these authorizations are to be granted only to selected developers/customizers. In the production system, the authorization must not be granted to anyone.

 

You can download the details about all SAP settings here:

 

Download pdf