on 2010 Jun 09 5:08 PM
In the use of our version of SOD Rule P003, we are encountering SOD violations caused by access to F-44 from the AP01-AP Payment Processing functional group and various AP02-Process Vendor Invoice functional group transactions (such as F-42, FB60, FBVO and MR8M).
Can someone explain the risk of having F-44 as well as Process Vendor Invoice transactions?
We also need to mitigate this risk. Is there a standard SAP report which lists vendor invoices/items entered and cleared by the same person? Or can someone suggest an alternate monitoring report?
Thanks.
Hi,
This is conflict , as per the standard rule-set, as F-44 allows to clear the vendor line items which is conflict with function AP02 that allows to process vendor invoices. Having access to these 2 functions, same user can clear the blocked vendor invoices and initiate payment.
You can have Mitigation as per your organization policy...
- Review report like FBL1N for cleared vendor lines and sign-off
- Sometime business might have manual control in place that can be used as mitigation as - Management reviews supporting documentation before approving payments per the Cash Management policy.
Thanks
Laks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Laks,
Thank you for the reply.
Regarding F-44 specifically, I understand that it only allows you to clear items already existing in a single vendor's account that are equal in amount and would offset each other. The net impact to the vendor balance and to the financial statements appears to be $0.00. I believe the risk comes from having the ability to create a credit memo or something like it to offset a vendor invoivce and F-44 would allow you to clear the credit memo against an invoice. I am not sure what the real risk is because the amount is still owed to the vendor who will still expect to be paid.
Regarding the FBL1N report for cleared vendor items, is there a way to limit the report to the users who need to be mitigated aby a control due to a F-44 SOD violation? When we run the report for our company which is global, the report is very lenghty and does not show the name of the user executing F-44 to clear the vendor balances?
Thanks again for your help.
John
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.