Download - Webinar Auditing SAP
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
AUDITING AND THE SAP® ENVIRONMENT
Presented by: Phil Lim, Product Manager, ACL
Steve Biskie, Managing Director, High Water Advisors
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
About the Speakers
2
Steve Biskie, co-founder and Managing Director of High Water Advisors, has over two
decades of experience optimizing GRC and audit performance through the use of
technology.
In addition to being a leader in the data analysis space, he is also an expert in audit and
compliance issues related to the SAP ERP system. He has authored dozens of articles,
was an expert reviewer for the book Security, Audit, and Control Features: SAP ERP
(3rd Edition), and in 2011 authored his own book through SAP Press titled Surviving an
SAP Audit.
He is a CPA, CITP, CISA, CGMA, and a two-time IIA All-Star Speaker.
Phil Lim has over seven years of experience working with compliance and audit groups
of Fortune 500 companies, helping them build technology enabled assurance programs
to assess, test, and monitor risk.
As a Product Manager for ACL Services Ltd., he is currently responsible for the
integrated content portfolio.
Phil has significant international experience; he was a key ACL consultant in Siemens’
extensive continuous controls monitoring project -- combining and analyzing purchase
to payment data from over 1000 globally decentralized corporate entities daily, aimed at
detecting potential FCPA violations.
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
Agenda
3
Approaches to Data Access
•Discussion of tools and methodologies pros and cons
Dealing with SAP IT (Basis) Concerns
•Security, Performance, and Data Volumes
Common Risk Areas
•Example Tests
Finding Your Data
•Best practices on executing testing
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level Approaches to Data Access Discussion of tools and methodologies pros and cons
Approaches to Data Access
• Discussion of tools and methodologies pros and cons
Dealing with SAP IT (Basis) Concerns
• Security, Performance, and Data Volumes
Common Risk Areas
• Example Tests
Finding Your Data
• Best practices on executing testing
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
Self-serve
IT Supported
Data Access Approaches for SAP
5
Standard SAP Reports
SAP Data Browser (SE16/SE16N)
SAP Query (SQ01/SQVI) or Custom ABAP
SAP BI
SAP GRC (Access Control/Process Control/Fraud Management)
ACL Direct Link
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
Standard SAP Reports
6
• Using system reports that business uses
What is it?
• Independence from IT (self-serve)
• No additional effort to set up
• Most are fairly easy to understand
Pros
• Not designed for auditors (difficulty to find suspicious items only)
• Downloads (even to Excel) require significant re-formatting to use
• Many are client-specific (limited view across enterprise)
• Not all relevant data might be housed in SAP
Cons
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
SAP Data Browser
7
• Using built-in SAP transaction codes to query records at the table level
• Examples: SE17, SE16, SE16N
What is it?
• Independence from IT (self-serve)
• Access nearly any data in the system
Pros
• Only able to perform single-table analysis with basic filters
• No ability to join (large detail tables cannot be reduced by header data)
• Limited ability to query large data sets (may time out)
• Inherent limitations on extracting data from certain important tables
• Not all relevant data might be housed in SAP
• Difficult to repeat analysis, schedule extracts, and create audit trail
Cons
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
SAP Query / Custom ABAP
8
• Using built in SAP transaction codes to query records at the table level
• Alternatively, using SAP AIS
• Examples : SQ1, SE16, SECR
What is it?
• Independence from IT (self-serve)
• Access nearly any data in the system
Pros
• Only performs basic analysis
• Limited ability to query large data sets or join multiple tables
• Not all relevant data might be housed in SAP
• Difficult to repeat analysis and schedule extracts
• Lacks audit trail
Cons
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
SAP Query / Custom ABAP
9
• Use of built-in SAP Query tools (SQ01, SQVI)
• SAP IT teams (both infrastructure and functional teams), help implement custom ABAP queries for audit purposes
What is it?
• Access the data you want the way you want it
• Ability to join tables and perform more complex analysis
Pros
• IT reluctant to grant query transactions due to performance concerns
• Cost – ABAP developers are not cheap
• Turnaround time for query development
• Difficult to maintain over time as the business changes (processes and controls change, so do tolerances & thresholds)
Cons
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
SAP BI
10
• Using SAP BI’s toolset (e.g. SAP BusinessObjects) to query
What is it?
• Integrated solution
• Intended for end-user access
• Ability to access non-SAP data (if in BI warehouse)
Pros
• Not designed for Audit
• BI/BW data often cleansed as part of ETL process
• Typically Aggregated / summarized data – audit and compliance processes often require analysis of detailed transactions
• Reconciliation to source system can be challenging
Cons
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
SAP GRC (Access Control/Process Control) - consider FM
11
• Using SAP Access Control for security analysis
• Using SAP Process Control for continuous monitoring
• Using SAP Fraud Management for fraud analytics
What is it?
• Integrated solution
• May be already owned in-house
• Ability to drill from findings/issues into live SAP data
• Analysis speed (for customers on the SAP HANA platform)
Pros
• Intended for business management, not audit
• Designed for “productionized” testing, not ad-hoc analysis
• Subject to internal IT change control processes (which take time)
• HANA platform out of reach for many audit/compliance departments
Cons
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
ACL Direct Link for SAP
12
• SAP Certified Add-on for ACL Analytics technologies to provide direct access to SAP data
What is it?
• Independence from IT (self-serve)
• Audit trail
• Repeatable; can schedule extract and analysis
• Performs complex analysis off of the SAP system, limiting impact to performance
• Handles large, transactional data volumes
Pros
• Some SAP IT teams resistant to idea (perceived impact on performance/security)
• Not a magic bullet; you still need to do your auditor due diligence
Cons
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level Dealing with SAP IT (BASIS) Concerns security, performance, data volumes
Approaches to Data Access
• Discussion of tools and methodologies pros and cons
Dealing with SAP IT (Basis) Concerns
• Security, Performance, and Data Volumes
Common Risk Areas
• Example Tests
Finding Your Data
• Best practices on executing testing
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
Infrastructure
Commonly referred to as BASIS
Responsible for security, hardware, installations, code
promotions, etc.
Functional
Commonly referred to as Business Analysts / ABAP
developers
Create new SAP queries, new SAP functionality, integration
SAP IT Team
SAP IT Teams
14
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
Infrastructure Concerns
15
Whatever tool/methodology you use to access your SAP Data…
Security
• Who will have access, and how?
• How will we prevent unauthorized access?
• What user permissions do you need?
• How do you protect data that has been extracted?
Production Impact
• How will we prevent untested queries from running in Production?
• What is the impact on our system?
Data Volumes
• How much space is going to be used? Network? CPU?
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
Addressing Security Concerns
16
Security
• Who will have access, and how?
• How will we prevent unauthorized access?
• What user permissions do you need?
• How do you protect data that has been extracted?
Data Volumes
• How much space is going to be used? Network? CPU?
ACL Direct Link follows user permissions to tables
and is Read Only
Server environment can be used to secure both
sensitive data and control scripts run on
production
ACL Direct Link is SAP Certified
Existing IT policies regarding use of extract
tools can also be applied to ACL Direct Link
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
Addressing Production Impact Concerns
17
Production Impact
• How will we prevent untested queries from running in Production?
• What is the impact on our system?
Differing passwords can be used
to ensure that only authorized
individuals can query from
production
Can set up your query development
process to prevent untested code from
running in Production
ACL Direct Link translates to native
ABAP code (mostly straight table
dumps, seldom complex joins)
Comparable to equivalent SAP
tools (e.g. SE16)
Runs in background mode
Can test performance in a QA
environment prior to deploying
to production
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
Addressing Data Volume Concerns
18
Data Volumes
• How much space is going to be used? Network? CPU?
Massive queries are possible (there is no longer a 4GB
limit)
An auditor can schedule Direct Link queries to run in
background and at off-peak times to minimize production
impact
ACL Direct Link is used by large US Federal Government
entities with billions of records
You will need space to store queries
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level Common Risk Areas example tests in P2P, O2C, GL/R2R
Approaches to Data Access
• Discussion of tools and methodologies pros and cons
Dealing with SAP IT (Basis) Concerns
• Security, Performance, and Data Volumes
Common Risk Areas
• Example Tests
Finding Your Data
• Best practices on executing testing
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
Target Areas in SAP ERP
20
GL/R2R
General Ledger, Record
to Report
(FI Module)
P2P
Purchase to Payment (MM
Module)
O2C
Order to Cash
(SD Module)
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
Target Areas in SAP ERP – P2P
21
New Vendor Top Spend
• Vendors without previous relationships with the organization present a higher risk for exposure to compliance violations.
Risk
• Identify invoices to vendors created in the investigation period greater than X cumulative spend.
• Tables used: LFA1, BSAK
Test Description
GL/R2R
General Ledger, Record
to Report
(FI Module)
P2P
Purchase to Payment (MM
Module)
O2C
Order to Cash
(SD Module)
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
Target Areas in SAP ERP – P2P
22
Retroactive Purchase Orders
• Circumvention of purchasing controls can result in authorized transactions and/or fraud
Risk
• In the investigation period, identify invoices with an invoice document date before the Purchase Order creation date.
• Tables used: EKBE, EKPO
Test Description
GL/R2R
General Ledger, Record
to Report
(FI Module)
P2P
Purchase to Payment (MM
Module)
O2C
Order to Cash
(SD Module)
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
Target Areas in SAP ERP – P2P
23
One Time Vendors
• Payments to one-time-vendors are typically subject to fewer purchasing controls.
Risk
• In the investigation period, identify One Time Vendors with more than X spend or more than Y transactions.
• In the investigation period, identify a sample of one time vendor transactions for review.
• Tables used: BSEC, LFA1
Test Description
GL/R2R
General Ledger, Record
to Report
(FI Module)
P2P
Purchase to Payment (MM
Module)
O2C
Order to Cash
(SD Module)
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
Target Areas in SAP ERP – P2P
24
Non-PO Invoices
• Payments made outside of the purchasing workflow may have fewer controls.
Risk
• In the investigation period, identify vendors with a total non-PO spend greater than a threshold X. Exclude vendors by type such as taxes.
• In the investigation period, identify any non-PO invoices that were created by unauthorized individuals.
• In the investigation period, identify a sample of non-PO invoices for further review.
• Tables used: EKBE, BSIK, BSAK
Test Description
GL/R2R
General Ledger, Record
to Report
(FI Module)
P2P
Purchase to Payment (MM
Module)
O2C
Order to Cash
(SD Module)
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
Target Areas in SAP ERP – P2P
25
Receiving vs. Invoice SOD
• Segregation of duties is somehow not maintained between the receiver of goods/services and the person who created or modified the invoice.
Risk
• In the investigation period, identify transactions where the receiver was the same person that created or modified the invoice.
• Tables used: EKBE, BSIK, BSAK
Test Description
GL/R2R
General Ledger, Record
to Report
(FI Module)
P2P
Purchase to Payment (MM
Module)
O2C
Order to Cash
(SD Module)
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
Target Areas in SAP ERP – P2P
26
Invoice vs. Vendor Master SOD
• Segregation of duties is somehow not maintained between the creator/modifier of vendor information and the person who invoices the vendor
Risk
• In the investigation period, identify invoices created or modified by the same individual as the vendor creator/modifier.
• Tables used: EKBE, BSIK, BSAK, LFA1
Test Description
GL/R2R
General Ledger, Record
to Report
(FI Module)
P2P
Purchase to Payment (MM
Module)
O2C
Order to Cash
(SD Module)
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
Target Areas in SAP ERP – P2P
27
Duplicate Invoices
• A miskeying of the invoice number may result in the duplicate payment of an invoice
• A miskeying of which vendor to associate to an invoice may result in a duplicate payment of an invoice
• Duplicate vendors could result in invoices being paid multiple times
Risk
• In the investigation period, identify invoices to the same vendor but with different invoice reference document number patterns.
• In the investigation period, identify invoices with the same amount to different vendors with the same tax identification number.
• Tables used: BSIK, BSAK, LFA1
Test Description
GL/R2R
General Ledger, Record
to Report
(FI Module)
P2P
Purchase to Payment (MM
Module)
O2C
Order to Cash
(SD Module)
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
Target Areas in SAP ERP – P2P
28
Early Payments
• Payments made that do not follow standard payment terms may represent a significant opportunity cost of capital
Risk
• In the investigation period, identify invoices with an opportunity cost of early payment greater than X, based off of a cost of capital and standard payment terms days
• Tables used: BSIK, BSAK, REGUH, PAYR
Test Description
GL/R2R
General Ledger, Record
to Report
(FI Module)
P2P
Purchase to Payment (MM
Module)
O2C
Order to Cash
(SD Module)
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
GL/R2R
General Ledger, Record
to Report
(FI Module)
P2P
Purchase to Payment (MM
Module)
O2C
Order to Cash
(SD Module)
Target Areas in SAP ERP – GL/R2R
29
Activity in Static Accounts
• Unusual manual postings to accounts may be an indication of fraud or financial misstatement
Risk
• In the investigation period, identify manual journal entries posted to accounts with infrequent activity. Accounts with infrequent activity are defined by an externally provided list.
• Tables used: BSIS, BSAS, SKA1, SKAT
Test Description
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
GL/R2R
General Ledger, Record
to Report
(FI Module)
P2P
Purchase to Payment (MM
Module)
O2C
Order to Cash
(SD Module)
Target Areas in SAP ERP – GL/R2R
30
Manual Journal Entry Descriptions
• Inadequate documentation of manual journal entries may represent a compliance risk
Risk
• In the investigation period, identify manual journal entries with descriptions shorter than X characters.
• Tables used: BSIS, BSAS, SKA1, SKAT
Test Description
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
GL/R2R
General Ledger, Record
to Report
(FI Module)
P2P
Purchase to Payment (MM
Module)
O2C
Order to Cash
(SD Module)
Target Areas in SAP ERP – GL/R2R
31
Invalid or Infrequent Transaction Code
• Infrequently used transaction codes may represent a circumvention of controls
Risk
• In the investigation period, identify journal entries with an SAP transaction code that is infrequently used.
• Tables used: BSIS, BSAS, SKA1, SKAT
Test Description
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
GL/R2R
General Ledger, Record
to Report
(FI Module)
P2P
Purchase to Payment (MM
Module)
O2C
Order to Cash
(SD Module)
Target Areas in SAP ERP – GL/R2R
32
Keyword Search
• Transactions containing suspicious keywords may represent a compliance related risk (e.g. FCPA, Sunshine Act, Dodd Frank Conflict Minerals, etc.)
Risk
• In the investigation period, identify journal entry or account descriptions containing a suspicious keyword.
• Tables used: BSIS, BSAS, SKA1, SKAT
Test Description
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
GL/R2R
General Ledger, Record
to Report
(FI Module)
P2P
Purchase to Payment (MM
Module)
O2C
Order to Cash
(SD Module)
Target Areas in SAP ERP – O2C
33
Adjustments, Credit Notes, and Write-offs
• Adjustments, credit notes, and write-offs can be abused or used to cover up fraudulent activity.
Risk
• In the investigation period, identify customers where there are adjustments, credit notes, and write-offs greater than X in total and Y% of their total activity.
• In the investigation period, identify sales adjustments created or modified by an unauthorized individual.
• Tables used: BSAD, KNA1
Test Description
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
GL/R2R
General Ledger, Record
to Report
(FI Module)
P2P
Purchase to Payment (MM
Module)
O2C
Order to Cash
(SD Module)
Target Areas in SAP ERP – O2C
34
Sales Order Line vs. Product Price
• Data entry errors could result in sales prices below desired prices
• Excessive discounts could be a sign of bribery, and require investigation for anti-bribery/FCPA purposes
Risk
• In the investigation period, identify sales order line items where the price varies more than X% or Y amount from the product price.
• Tables used: VBAK, VBAP, KONV, KONP, KNA1
Test Description
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
GL/R2R
General Ledger, Record
to Report
(FI Module)
P2P
Purchase to Payment (MM
Module)
O2C
Order to Cash
(SD Module)
Target Areas in SAP ERP – O2C
35
Customer Credit Limits
• Inadequate review of customer credit limits can expose an organization to collection risk
Risk
• In the investigation period, identify customers with credit limits that have not been reviewed in the past X days and/or with unusually high credit limit.
• Tables used: VBAK, VBAP, KNA1, KNKK
Test Description
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
Approaches to Data Access
• Discussion of tools and methodologies pros and cons
Dealing with SAP IT (Basis) Concerns
• Security, Performance, and Data Volumes
Common Risk Areas
• Example Tests
Finding Your Data
• Best practices on executing testing
Finding your Data Best practices on executing testing
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
TIPS for Finding your Data
STEP #1: QUICK WINS Choose a specific, narrow risk where there are likely findings. Identify likely data elements required
(e.g. clearly vendor number and invoice number would be required for a duplicate invoice test)
STEP #2: Use Entity Relational Diagrams Entity ERDs help you visualize which tables you might need as well as other, related tables that might also
be helpful
STEP #3: Determine actual fields required Use ABAP Dictionary (SAP SE11 Transaction) can be very helpful
37
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
SAP P2P Entity Relational Diagram
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
SAP P2P Entity Relational Diagram
MM FI
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
SAP P2P Entity Relational Diagram
Purchase
Requisitions
Purchase Orders
Goods/Services Receipts/
Invoice Receipts
Vendor Master
Invoice Postings/Payments One Time Vendors
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
Asking For Help (and other Resources)
ACL Consulting Services & Highwater Advisors
ACL Audit and Financial Control Solution Address up to 30 fraud, waste, abuse, and financial misstatement risks with pre-defined data analytics
Webinar on Navigating the SAP Data Dictionary (and ER Diagram)
: http://tinyurl.com/lk97byt
SAP Functional (Business Analyst) Teams Assistance with identifying tables you might need, understanding related tables that might also be helpful,
and providing insight into non-standard customizations that might impact analysis
41
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
Approaches to Data Access
• Discussion of tools and methodologies pros and cons
Dealing with SAP IT (Basis) Concerns
• Security, Performance, and Data Volumes
Common Risk Areas
• Example Tests
Finding Your Data
• Best practices on executing testing
Q & A
CLICK TO EDIT MASTER TITLE STYLE
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
▪ Second level
• Third level
– Fourth level
» Fifth level
For more information please contact us:
Phil Lim
Steve Biskie steve.biskie@
highwateradvisors.com