picture of Prof. Dr. Nick Gehrke

written by

Prof. Dr. Nick Gehrke

Part II of the series: “Digitization of auditing SAP Order-to-Cash Processes”

Today’s blog post introduces three interesting indicators for exposing process shortcomings in the area of master data maintenance in SAP order-to-cash.

1. Digitization of auditing SAP order-to-cash processes
2. How to audit master data in order-to-cash processes
3. Auditing of order-to-cash processes: sales orders and deliveries
4. What's wrong with these sales invoices?
5. Who cares? Auditing incoming payments
6. On how to find exotic processes
7. SAP data structure in order-to-cash: Who cares?
8. Way to go: Auditing real SoD in order-to-cash
9. This is the end of digitization!

 

The concept of indicators

Indicators always correspond to an audit-relevant audit question. Technically, they are database queries which pick out documents from the database that fulfil certain predefined criteria.

 

In the broadest sense indicators are simple data analytics.

 

Nevertheless, an indicator must be defined in a way that it always and exclusively aims at detecting a number of single documents. As a result all documents in a database undergo an examination on whether or not an indicator is relevant to a document or not (the indicator classifies all documents within a sort of “black-white-world”).

After the indicator has "run through", all relevant documents are being marked with the indicator. Affected documents then have a “mark” with regard to this indicator.

To better navigate between indicators, every indicator is allocated to different dimensions. Every indicator belongs to exactly one process, to a certain process area and has a certain audit objective, such as:

  • Process dimension: purchase to payables, order to cash, fixed asset and inventory, cross process
  • Process area dimension: master data, goods received, inventory, payment, ...
  • Audit objective dimension: compliance and correctness, restricted access, saving opportunities, process standardization

Furthermore, a risk is documented for every indicator which indicates what could “go wrong” or to what extend a certain kind of risk exists.

 

Three TOP indicators of master data maintenance in order-to-cash

As already mentioned, every indicator is associated with one process, one process area, one audit objective and one risk respectively. In the following, three indicators from the area of master data maintenance in SAP order-to-cash will be introduced.

Altogether I have designed and implemented 40 indicators for the order-to-cash process. You can download the details about all purchase indicators here.

 

Download pdf 

Adhoc address changes in customer master data

This indicator aims at identifying compliance and correctness.

There is the risk that customers with frequent address changes are fraudulent or they are not willing to pay.

The criteria for this indicator is: 

The document has been marked because it references a customer where the address (street is analyzed, Table KNA1) has been changed at least two times within a period of 180 days and the processing date of the document is within the change dates of the customer address changes. Changes are only taken into consideration if the new and old value of the street are different according to the SOUNDEX algorithm.

 

Missing VAT IDs in customer master data

This indicator aims at identifying compliance and correctness.

There is the risk of incorrect VAT posting.

The criteria for this indicator is: 

The document has been marked because the respective customer is located in a European country other than the own company and a VAT code has not been maintained. Natural persons being customers are out of scope.

 

Customers without credit limit

This indicator aims at identifying saving opportunities.

There is the risk that outgoing invoices are not being paid because credit limits are not used.

The criteria for this indicator is: 

The document has been marked because it is an outgoing invoice (debit item with customer reference (BSEG-KOART='D')) and for the customer a) there is no direct debiting authorization and b) a credit limit has not been defined and c) the customer has never paid something in the financial year considered or has been dunned or paid later than the twice the defined payment term.

 

 

 

Comments