Part VIII of the series: “Digitization of auditing SAP Order-to-Cash Processes”
Today's blog post provides you with the possibilities to uncover process weaknesses in the area of segregation of duties in order-to-cash.
1. Digitization of auditing SAP order-to-cash processes
2. How to audit master data in order-to-cash processes
3. Auditing of order-to-cash processes: sales orders and deliveries
4. What's wrong with these sales invoices?
5. Who cares? Auditing incoming payments
6. On how to find exotic processes
7. SAP data structure in order-to-cash: Who cares?
8. Way to go: Auditing real SoD in order-to-cash
9. This is the end of digitization!
Before you proceed reading on the details of the indicators, I would recommend you read the concept of indicators in part 2 of the series first.
SAP segregation of duties in order-to-cash
Segregation of duties in SAP means that certain combinations of tasks should not be conducted by one and the same person, as those are critical task combinations. There are various tools on the market which allow for the evaluation of conflicts that arise during segregation of duties in SAP. Thereby licenses are usually evaluated in order to determine which user should perform which transactions. This determines whether a user could perform a critical combination of transactions.
Particularly interesting is whether a user has actually performed such a critical combination within the same process. In such a case, the segregation of duties have taken place during a business transaction with regard to the critical task combination. Most analysis tools do not offer this kind of analysis, because it requires identifying the end-to-end process first. The Financial Process Algorithm however fulfils this requirement, making it possible to conduct a true segregation of duties analysis.
TOP SoD conflicts in the order-to-cash process
The segregation of duties analysis is an indicator in the order-to-cash process. Altogether I have designed and implemented 40 indicators for the order-to-cash process. You can download the details about all order-to-cash indicators here.
The following segregation of duties conflicts can therefore be detected:
- Maintain a sales doc and generate a billing doc for it
- Initiate a payment by creating fictitious credit memos
- Maintain customer master records and post fraudulent payments
- Create billing and inappropriately post payment
- Maintain sales docs and process enter an incorrect invoice
- Maintain fictitious customer and initiate orders