Part IX of the series: "Automated Audit of the Configuration and Authorizations in SAP MM"
Today's blog post presents you with SAP authorizations for segregation of duties in purchase to pay.
1. Is everything well organized? Auditing organizational structures in SAP MM
2. Proper protection of vendor master data
3. The procedure for checking the approval process for purchase requisitions
4. Are your purchase orders ordered in the best way?
5. Everything under control for critical goods movements
6. How to protect your invoice verification
7. Clear interrelationships when recording the physical inventory
8. Customizing in SAP MM set at the test bench
9. Segregation of duties in "purchase to pay"
10. Good practices in relation to the segregation of duties between "purchase to pay" and "financial accounting"
Maintaining purchase requisitions and creating purchase orders
This combination of SAP authorizations enables you both to create and release purchase requisitions and create purchase orders. As a result, it is possible to trigger a purchase order without a four-eyes principle. If a mitigating control based on the four-eyes principle (approval procedure, documentation, downstream check) is not used, this may lead to a negative influence on the procurement process.
Maintaining purchase orders and posting goods movements
This combination of SAP authorizations enables you to maintain purchase orders and post goods receipts. As a result, goods flows may be triggered without approval. If a mitigating control based on the four-eyes principle is not used, this may have a negative influence on the procurement process and the goods and value flows.
Posting goods movements and creating invoices
This combination of authorizations enables you to post goods receipts and add invoices for invoice verification. These processes must be separated by a four-eyes principle. Using them incorrectly may lead to goods and value losses.
You can download the details about all SAP settings here: