Você está na página 1de 43

CLICK TO EDIT MASTER TITLE STYLE

Click to edit Master text styles


Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.

Second level
Third level
Fourth level
Fifth level

AUDITING AND THE SAP ENVIRONMENT


Presented by:
Phil Lim, Product Manager, ACL
Steve Biskie, Managing Director, High Water Advisors

CLICK the
About
TO Speakers
EDIT MASTER TITLE STYLE

Phil Lim has over seven years of experience working with compliance and audit groups

Click to edit Master text


styles
of Fortune
500 companies, helping them build technology enabled assurance programs
assess, test, and monitor risk.
Click to edit Master texttostyles.
Lots of paragraph
As aand
Product
Manager for ACL Services Ltd., he is currently responsible for the
copy goes here, and here
here.

integrated content portfolio.

Second level
Third level Phil has significant international experience; he was a key ACL consultant in Siemens
extensive continuous controls monitoring project -- combining and analyzing purchase
Fourth level
to payment data from over 1000 globally decentralized corporate entities daily, aimed at
detecting potential FCPA violations.
Fifth
level
Steve Biskie, co-founder and Managing Director of High Water Advisors, has over two
decades of experience optimizing GRC and audit performance through the use of
technology.
In addition to being a leader in the data analysis space, he is also an expert in audit and
compliance issues related to the SAP ERP system. He has authored dozens of articles,
was an expert reviewer for the book Security, Audit, and Control Features: SAP ERP
(3rd Edition), and in 2011 authored his own book through SAP Press titled Surviving an
SAP Audit.
He is a CPA, CITP, CISA, CGMA, and a two-time IIA All-Star Speaker.

CLICK TO EDIT MASTER TITLE STYLE


Agenda

Click to edit Master text styles


Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.

Second level
Third level
Fourth level
Approaches to
Dealing with

Fifth
level
Data Access
SAP IT (Basis)
Discussion of tools
and methodologies
pros and cons

Concerns
Security,
Performance, and
Data Volumes

Common Risk
Areas

Finding Your
Data

Example Tests

Best practices on
executing testing

CLICK TO EDIT MASTER TITLE STYLE

Click to edit Master text styles


Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.

Second level
Third level
Fourth level
Fifth level
Discussion of tools and methodologies pros and cons

Approaches to Data Access

Approaches
to Data
Access

Dealing with
SAP IT (Basis)
Concerns

Discussion of tools
and methodologies
pros and cons

Security,
Performance, and
Data Volumes

Common Risk
Areas

Finding Your
Data

Example Tests

Best practices on
executing testing

CLICK
Data
Access
TO EDIT
Approaches
MASTER TITLE
for SAP
STYLE

Click to edit Master text styles


Click to edit Master text styles. Lots of paragraph
Standard
copy goes
here,SAP
and hereSAP
and Data
here.Browser
Reports
(SE16/SE16N)
Second level
Third level
Fourth level
SAP Query Fifth level
(SQ01/SQVI) or
SAP BI
Custom ABAP

SAP GRC (Access


Control/Process
Control/Fraud
Management)

Self-serve

IT Supported

ACL Direct Link

CLICK TOSAP
Standard
EDITReports
MASTER TITLE STYLE

What is it?

Click to edit Master text styles


Click to edit
Master
textreports
styles. Lots
of paragraph
Using
system
that business
uses
copy goes here, and here and here.

Second level
Third level
Fourth level
Independence
from IT (self-serve)
Fifth
levelto set up
No additional
effort

Pros

Most are fairly easy to understand


Cons

Not designed for auditors (difficulty to find suspicious items only)


Downloads (even to Excel) require significant re-formatting to use
Many are client-specific (limited view across enterprise)
Not all relevant data might be housed in SAP

CLICK
SAP
Data
TO Browser
EDIT MASTER TITLE STYLE

What is it?

Click to edit Master text styles


Using
built-intext
SAP
transaction
to query records at the table level
Click to edit
Master
styles.
Lots ofcodes
paragraph
Examples:
SE16N
copy goes
here, andSE17,
here SE16,
and here.

Second level
Pros
Third level
Fourth level
Independence from IT (self-serve)
Fifth
Access nearly
anylevel
data in the system

Cons

Only able to perform single-table analysis with basic filters


No ability to join (large detail tables cannot be reduced by header data)
Limited ability to query large data sets (may time out)
Inherent limitations on extracting data from certain important tables
Not all relevant data might be housed in SAP
Difficult to repeat analysis, schedule extracts, and create audit trail

CLICK
SAP
Query
TO EDIT
/ Custom
MASTER
ABAP
TITLE STYLE

What is it?

Click to edit Master text styles


Using
built intext
SAP
transaction
to query records at the table level
Click to edit
Master
styles.
Lots ofcodes
paragraph
Alternatively,
SAPhere.
AIS
copy goes
here, and using
here and
Examples
Second
level: SQ1, SE16, SECR
Third level
Pros Fourth level
Fifth level

Independence from IT (self-serve)


Access nearly any data in the system
Cons

Only performs basic analysis


Limited ability to query large data sets or join multiple tables
Not all relevant data might be housed in SAP
Difficult to repeat analysis and schedule extracts
Lacks audit trail

CLICK
SAP
Query
TO EDIT
/ Custom
MASTER
ABAP
TITLE STYLE
What is it?
Click to edit Master text styles
UseMaster
of built-in
Query
(SQ01, SQVI)
Click to edit
textSAP
styles.
Lotstools
of paragraph
SAP
IT teams
(both
infrastructure
and functional teams), help
copy goes
here,
and here
and
here.
implement custom ABAP queries for audit purposes

Second level
Third level
Pros Fourth level
Fifth level

Access the data you want the way you want it


Ability to join tables and perform more complex analysis
Cons

IT reluctant to grant query transactions due to performance concerns


Cost ABAP developers are not cheap
Turnaround time for query development
Difficult to maintain over time as the business changes (processes
and controls change, so do tolerances & thresholds)
9

CLICK
SAP
BITO EDIT MASTER TITLE STYLE
What is it?
Click to edit Master text styles
Using
SAP BIs
toolset Lots
(e.g. of
SAP
BusinessObjects) to query
Click to edit
Master
text styles.
paragraph
copy goes here, and here and here.
Pros
Second level
Third level

Integrated solution
Fourth level
Intended for end-user access
Fifth level
Ability to access non-SAP data (if in BI warehouse)

Cons
Not designed for Audit
BI/BW data often cleansed as part of ETL process
Typically Aggregated / summarized data audit and compliance
processes often require analysis of detailed transactions
Reconciliation to source system can be challenging
10

CLICK
SAP
GRC
TO (Access
EDIT MASTER
Control/Process
TITLE STYLE
Control) - consider FM
What is it?

Click to edit Master text styles


Using SAP Access Control for security analysis
Click to edit
Master text styles. Lots of paragraph
Using SAP Process Control for continuous monitoring
copy goes
here,
and
hereManagement
and here. for fraud analytics
Using
SAP
Fraud

Second level
Third level
Pros
Fourth level
Integrated solution
Fifth level

May be already owned in-house


Ability to drill from findings/issues into live SAP data
Analysis speed (for customers on the SAP HANA platform)
Cons
Intended for business management, not audit
Designed for productionized testing, not ad-hoc analysis
Subject to internal IT change control processes (which take time)
HANA platform out of reach for many audit/compliance departments
11

CLICK
ACL
Direct
TO EDIT
Link MASTER
for SAP TITLE STYLE
What is it?

Click to edit Master text styles


SAPMaster
Certified
Add-on
forLots
ACLof
Analytics
technologies to provide direct
Click to edit
text
styles.
paragraph
access to SAP data
copy goes here, and here and here.

Second level
Third level
Fourth level
Independence
from IT (self-serve)
Audit trail Fifth level

Pros

Repeatable; can schedule extract and analysis


Performs complex analysis off of the SAP system, limiting impact to
performance
Handles large, transactional data volumes
Cons
Some SAP IT teams resistant to idea (perceived impact on
performance/security)
Not a magic bullet; you still need to do your auditor due diligence
12

CLICK TO EDIT MASTER TITLE STYLE

Click to edit Master text styles


Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.

Second level
Third level
Fourth level
Fifth level

Dealing with SAP IT (BASIS) Concerns


security, performance, data volumes

Approaches
to Data
Access

Dealing with
SAP IT (Basis)
Concerns

Discussion of tools
and methodologies
pros and cons

Security,
Performance, and
Data Volumes

Common Risk
Areas

Finding Your
Data

Example Tests

Best practices on
executing testing

CLICK
SAP
IT TO
Teams
EDIT MASTER TITLE STYLE

Click to edit Master text styles


Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.

Second level
Third level
Fourth level
Fifth level

SAP IT Team

Infrastructure

Functional

Commonly referred to as BASIS

Commonly referred to as
Business Analysts / ABAP
developers

Responsible for security,


hardware, installations, code
promotions, etc.

Create new SAP queries, new


SAP functionality, integration

14

CLICK TO EDITConcerns
Infrastructure
MASTER TITLE STYLE
Whatever tool/methodology you use to access your SAP Data
Click to edit Master text styles
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.

Second level
Third level
Fourth level
Fifth level
Security
Who will have access, and
how?
How will we prevent
unauthorized access?
What user permissions do
you need?
How do you protect data that
has been extracted?

Production
Impact
How will we prevent
untested queries from
running in Production?
What is the impact on
our system?

Data
Volumes
How much
space is going
to be used?
Network?
CPU?

15

CLICK TO EDIT
Addressing
Security
MASTER
Concerns
TITLE STYLE

Click to edit Master text styles


Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.

Second level
Third level
Fourth level
Fifth level
Security
Who will have access, and
how?
How will we prevent
unauthorized access?
What user permissions do
you need?
How do you protect data that
has been extracted?

ACL Direct Link follows user permissions to tables


and is Read Only
Server environment can be used to secure both
sensitive data and control scripts run on
production

Data
Volumes
ACL Direct Link is SAP Certified

How much
Existing IT policies regarding use
of extract
space
is going
to be
used?
tools can also be applied to ACL
Direct
Link
Network?
CPU?

16

CLICK TO EDIT
Addressing
Production
MASTERImpact
TITLEConcerns
STYLE
Can set up your query development
process to prevent untested code from
torunning
edit inMaster
Productiontext styles

Click
Click to ACL
editDirect
Master
text styles. Lots of paragraph
Link translates to native
ABAPhere,
code (mostly
table here.
copy goes
and straight
here and

dumps, seldom complex joins)

Second
level to equivalent SAP
Comparable
tools (e.g.
Third
levelSE16)
Fourth mode
level
Runs in background
Fifth level
Can test performance in a QA
environment prior to deploying
to production

Production
Impact
How will we prevent
untested queries from
running in Production?
What is the impact on
our system?

Differing passwords can be used


to ensure that only authorized
individuals can query from
production
17

CLICK TO EDIT
Addressing
DataMASTER
Volume Concerns
TITLE STYLE

Click to edit Master text styles


Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.
Massive queries are possible (there is no longer a 4GB

limit)
Second level
Third level
An auditor can schedule Direct Link queries to run in
Fourth level
background and at off-peak times to minimize production
Fifth level
impact
ACL Direct Link is used by large US Federal Government
entities with billions of records
You will need space to store queries

Data
Volumes
How much
space is going
to be used?
Network?
CPU?

18

CLICK TO EDIT MASTER TITLE STYLE

Click to edit Master text styles


Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.

Second level
Third level
Fourth level
Fifth level

Common Risk Areas


example tests in P2P, O2C, GL/R2R

Approaches
to Data
Access

Dealing with
SAP IT (Basis)
Concerns

Discussion of tools
and methodologies
pros and cons

Security,
Performance, and
Data Volumes

Common Risk
Areas

Finding Your
Data

Example Tests

Best practices on
executing testing

CLICK Areas
Target
TO EDIT
in SAP
MASTER
ERP TITLE STYLE

Click to edit Master text styles


Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.

Second level
Third level
Fourth level
Fifth level

P2P
Purchase to
Payment (MM
Module)

GL/R2R
General
Ledger, Record
to Report
(FI Module)

O2C
Order to Cash
(SD Module)

20

CLICK Areas
Target
TO EDIT
in SAP
MASTER
ERP TITLE
P2P STYLE

Click to edit Master text styles


Top styles.
Spend Lots of paragraph
Click toNew
edit Vendor
Master text
copy goes here, and here and here.

Second level
Risk
Third level
Fourth level
Vendors without previous relationships with the organization present
Fifth
level
a higher risk
for exposure
to compliance violations.

Test Description
Identify invoices to vendors created in the investigation period
greater than X cumulative spend.
Tables used: LFA1, BSAK
P2P
Purchase to
Payment (MM
Module)

GL/R2R
General
Ledger, Record
to Report
(FI Module)

O2C
Order to Cash
(SD Module)

21

CLICK Areas
Target
TO EDIT
in SAP
MASTER
ERP TITLE
P2P STYLE

Click to edit Master text styles


Orders
Click toRetroactive
edit MasterPurchase
text styles.
Lots of paragraph
copy goes here, and here and here.

Second level
Risk
Third level
Fourth level
Circumvention of purchasing controls can result in authorized
Fifth
levelfraud
transactions
and/or

Test Description
In the investigation period, identify invoices with an invoice document
date before the Purchase Order creation date.
Tables used: EKBE, EKPO
P2P
Purchase to
Payment (MM
Module)

GL/R2R
General
Ledger, Record
to Report
(FI Module)

O2C
Order to Cash
(SD Module)

22

CLICK Areas
Target
TO EDIT
in SAP
MASTER
ERP TITLE
P2P STYLE

Click to edit Master text styles


Click toOne
editTime
Master
text styles. Lots of paragraph
Vendors
copy goes here, and here and here.

Second level
Third level
Payments
to one-time-vendors
are typically subject to fewer purchasing controls.
Fourth
level
Fifth level
Risk

Test Description
In the investigation period, identify One Time Vendors with more than X spend or
more than Y transactions.
In the investigation period, identify a sample of one time vendor transactions for
review.
Tables used: BSEC, LFA1

P2P
Purchase to
Payment (MM
Module)

GL/R2R
General
Ledger, Record
to Report
(FI Module)

O2C
Order to Cash
(SD Module)

23

CLICK Areas
Target
TO EDIT
in SAP
MASTER
ERP TITLE
P2P STYLE

Click to edit Master text styles


Click toNon-PO
edit Master
text styles. Lots of paragraph
Invoices
copy goes here, and here and here.

Second level
Third level
Payments
made outside
Fourth
level of the purchasing workflow may have fewer controls.
Fifth level
Risk

Test Description
In the investigation period, identify vendors with a total non-PO spend greater than
a threshold X. Exclude vendors by type such as taxes.
In the investigation period, identify any non-PO invoices that were created by
unauthorized individuals.
In the investigation period, identify a sample of non-PO invoices for further review.
Tables used: EKBE, BSIK, BSAK

P2P
Purchase to
Payment (MM
Module)

GL/R2R
General
Ledger, Record
to Report
(FI Module)

O2C
Order to Cash
(SD Module)

24

CLICK Areas
Target
TO EDIT
in SAP
MASTER
ERP TITLE
P2P STYLE

Click to edit Master text styles


Click toReceiving
edit Master
styles.
Lots of paragraph
vs. text
Invoice
SOD
copy goes here, and here and here.

Second level
Risk
Third level
Fourth level
Segregation of duties is somehow not maintained between the receiver
Fifth level
of goods/services
and the person who created or modified the invoice.

Test Description
In the investigation period, identify transactions where the receiver was
the same person that created or modified the invoice.
Tables used: EKBE, BSIK, BSAK
P2P
Purchase to
Payment (MM
Module)

GL/R2R
General
Ledger, Record
to Report
(FI Module)

O2C
Order to Cash
(SD Module)

25

CLICK Areas
Target
TO EDIT
in SAP
MASTER
ERP TITLE
P2P STYLE

Click to edit Master text styles


vs. Vendor
MasterLots
SODof paragraph
Click toInvoice
edit Master
text styles.
copy goes here, and here and here.

Second level
Risk
Third level
Fourthoflevel
Segregation
duties is somehow not maintained between the
creator/modifier
vendor information and the person who invoices the
Fifthoflevel

vendor

Test Description
In the investigation period, identify invoices created or modified by the
same individual as the vendor creator/modifier.

Tables used: EKBE, BSIK, BSAK, LFA1


P2P
Purchase to
Payment (MM
Module)

GL/R2R
General
Ledger, Record
to Report
(FI Module)

O2C
Order to Cash
(SD Module)

26

CLICK Areas
Target
TO EDIT
in SAP
MASTER
ERP TITLE
P2P STYLE

Click to edit Master text styles


Invoicestext styles. Lots of paragraph
Click toDuplicate
edit Master
copy goes here, and here and here.
Risk
Second level
Third level
Amiskeying
of the invoice number may result in the duplicate payment of an invoice
A miskeying
of which
vendor to associate to an invoice may result in a duplicate payment of an
Fourth
level
invoice
Fifth
Duplicate vendors
couldlevel
result in invoices being paid multiple times
Test Description
In the investigation period, identify invoices to the same vendor but with different invoice
reference document number patterns.
In the investigation period, identify invoices with the same amount to different vendors with the
same tax identification number.
Tables used: BSIK, BSAK, LFA1

P2P
Purchase to
Payment (MM
Module)

GL/R2R
General
Ledger, Record
to Report
(FI Module)

O2C
Order to Cash
(SD Module)

27

CLICK Areas
Target
TO EDIT
in SAP
MASTER
ERP TITLE
P2P STYLE

Click to edit Master text styles


Payments
Click toEarly
edit Master
text styles. Lots of paragraph
copy goes here, and here and here.

Second level
Third level
Fourth
level
Payments
made
that do not follow standard payment terms may
represent a significant
Fifth level opportunity cost of capital

Risk

Test Description
In the investigation period, identify invoices with an opportunity cost of
early payment greater than X, based off of a cost of capital and standard
payment terms days
Tables used: BSIK, BSAK, REGUH, PAYR
P2P
Purchase to
Payment (MM
Module)

GL/R2R
General
Ledger, Record
to Report
(FI Module)

O2C
Order to Cash
(SD Module)

28

CLICK Areas
Target
TO EDIT
in SAP
MASTER
ERP TITLE
GL/R2R
STYLE

Click to edit Master text styles


in Static
Click toActivity
edit Master
textAccounts
styles. Lots of paragraph
copy goes here, and here and here.

Second level
Third level
Fourth
level
Unusual
manual
postings to accounts may be an indication of fraud or
financial misstatement
Fifth level

Risk

Test Description
In the investigation period, identify manual journal entries posted to
accounts with infrequent activity. Accounts with infrequent activity are
defined by an externally provided list.
Tables used: BSIS, BSAS, SKA1, SKAT
P2P
Purchase to
Payment (MM
Module)

GL/R2R
General
Ledger, Record
to Report
(FI Module)

O2C
Order to Cash
(SD Module)

29

CLICK Areas
Target
TO EDIT
in SAP
MASTER
ERP TITLE
GL/R2R
STYLE

Click to edit Master text styles


Journal
Descriptions
Click toManual
edit Master
textEntry
styles.
Lots of paragraph
copy goes here, and here and here.

Second level
Risk
Third level
Fourth level
Inadequate documentation of manual journal entries may represent a
Fifth
compliance
risk level

Test Description
In the investigation period, identify manual journal entries with
descriptions shorter than X characters.
Tables used: BSIS, BSAS, SKA1, SKAT
P2P
Purchase to
Payment (MM
Module)

GL/R2R
General
Ledger, Record
to Report
(FI Module)

O2C
Order to Cash
(SD Module)

30

CLICK Areas
Target
TO EDIT
in SAP
MASTER
ERP TITLE
GL/R2R
STYLE

Click to edit Master text styles


or Infrequent
Transaction
Code
Click toInvalid
edit Master
text styles.
Lots of paragraph
copy goes here, and here and here.

Second level
Risk
Third level
Fourth level
Infrequently used transaction codes may represent a circumvention
of controls Fifth level

Test Description
In the investigation period, identify journal entries with an SAP
transaction code that is infrequently used.
Tables used: BSIS, BSAS, SKA1, SKAT
P2P
Purchase to
Payment (MM
Module)

GL/R2R
General
Ledger, Record
to Report
(FI Module)

O2C
Order to Cash
(SD Module)

31

CLICK Areas
Target
TO EDIT
in SAP
MASTER
ERP TITLE
GL/R2R
STYLE

Click to edit Master text styles


Search
Click toKeyword
edit Master
text styles. Lots of paragraph
copy goes here, and here and here.

Second level
Risk
Third level
Fourthcontaining
level
Transactions
suspicious keywords may represent a
compliance
risk (e.g. FCPA, Sunshine Act, Dodd Frank Conflict
related
Fifth level

Minerals, etc.)

Test Description
In the investigation period, identify journal entry or account descriptions
containing a suspicious keyword.

Tables used: BSIS, BSAS, SKA1, SKAT


P2P
Purchase to
Payment (MM
Module)

GL/R2R
General
Ledger, Record
to Report
(FI Module)

O2C
Order to Cash
(SD Module)

32

CLICK Areas
Target
TO EDIT
in SAP
MASTER
ERP TITLE
O2C STYLE

Click to edit Master text styles


Write-offs
Click toAdjustments,
edit MasterCredit
text Notes,
styles.and
Lots
of paragraph
copy goes here, and here and here.
Risk
Second level
Third level
Adjustments, credit notes, and write-offs can be abused or used to cover up
Fourth
fraudulent
activity.level
Fifth level
Test Description
In the investigation period, identify customers where there are adjustments, credit
notes, and write-offs greater than X in total and Y% of their total activity.
In the investigation period, identify sales adjustments created or modified by an
unauthorized individual.
Tables used: BSAD, KNA1
P2P
Purchase to
Payment (MM
Module)

GL/R2R
General
Ledger, Record
to Report
(FI Module)

O2C
Order to Cash
(SD Module)

33

CLICK Areas
Target
TO EDIT
in SAP
MASTER
ERP TITLE
O2C STYLE

Click to edit Master text styles


Order Line
Product
Click toSales
edit Master
text vs.
styles.
LotsPrice
of paragraph
copy goes here, and here and here.

Second level
Third level
Fourth
level
Data entry
errors
could result in sales prices below desired prices
Excessivediscounts
Fifth levelcould be a sign of bribery, and require investigation

Risk

for anti-bribery/FCPA purposes


Test Description
In the investigation period, identify sales order line items where the price
varies more than X% or Y amount from the product price.
Tables used: VBAK, VBAP, KONV, KONP, KNA1
P2P
Purchase to
Payment (MM
Module)

GL/R2R
General
Ledger, Record
to Report
(FI Module)

O2C
Order to Cash
(SD Module)

34

CLICK Areas
Target
TO EDIT
in SAP
MASTER
ERP TITLE
O2C STYLE

Click to edit Master text styles


Credit
Click toCustomer
edit Master
textLimits
styles. Lots of paragraph
copy goes here, and here and here.

Second level
Third level
Fourth
level of customer credit limits can expose an organization
Inadequate
review
to collection
risk level
Fifth

Risk

Test Description
In the investigation period, identify customers with credit limits that have
not been reviewed in the past X days and/or with unusually high credit
limit.
Tables used: VBAK, VBAP, KNA1, KNKK
P2P
Purchase to
Payment (MM
Module)

GL/R2R
General
Ledger, Record
to Report
(FI Module)

O2C
Order to Cash
(SD Module)

35

CLICK TO EDIT MASTER TITLE STYLE

Click to edit Master text styles


Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.

Second level
Third level
Fourth level
Fifth level

Finding your Data

Best practices on executing testing

Approaches
to Data
Access

Dealing with
SAP IT (Basis)
Concerns

Discussion of tools
and methodologies
pros and cons

Security,
Performance, and
Data Volumes

Common Risk
Areas

Finding Your
Data

Example Tests

Best practices on
executing testing

CLICKforTOFinding
TIPS
EDIT MASTER
your DataTITLE STYLE

Click to edit Master text styles


#1:
QUICK WINS
Click to edit Master text styles.STEP
Lots of
paragraph
specific, narrow risk where there are likely findings. Identify likely data elements required
copyChoose
goes ahere,
and here and here.

(e.g. clearly vendor number and invoice number would be required for a duplicate invoice test)

Second level
Third level
STEP
Fourth
level #2: Use Entity Relational Diagrams
Entity ERDs help you visualize which tables you might need as well as other, related tables that might also
Fifth level
be helpful

STEP #3: Determine actual fields required


Use ABAP Dictionary (SAP SE11 Transaction) can be very helpful

37

CLICK
SAP
P2P
TOEntity
EDIT MASTER
RelationalTITLE
Diagram
STYLE

Click to edit Master text styles


Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.

Second level
Third level
Fourth level
Fifth level

CLICK
SAP
P2P
TOEntity
EDIT MASTER
RelationalTITLE
Diagram
STYLE

Click to edit Master text styles


Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.

Second level
Third level
Fourth level
Fifth level

MM

FI

CLICK
SAP
P2P
TOEntity
EDIT MASTER
RelationalTITLE
Diagram
STYLE

Click to edit Master text styles


Vendors
Click to edit Master text styles. LotsOne
of Time
paragraph
copy goes here, and here and here.
Purchase
Purchase Orders
Second level
Requisitions
Goods/Services Receipts/
Third level
Invoice Receipts
Fourth level
Fifth level

Vendor Master

Invoice Postings/Payments

CLICK TO
Asking
ForEDIT
HelpMASTER
(and other
TITLE
Resources)
STYLE

Click to edit Master text styles


ACL Consulting Services & Highwater Advisors
Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.

Second level ACL Audit and Financial Control Solution


level waste, abuse, and financial misstatement risks with pre-defined data analytics
AddressupThird
to 30 fraud,
Fourth level
Navigating
Fifth level
Webinar on
the SAP Data Dictionary (and ER Diagram)

: http://tinyurl.com/lk97byt
SAP Functional (Business Analyst) Teams
Assistance with identifying tables you might need, understanding related tables that might also be helpful,
and providing insight into non-standard customizations that might impact analysis

41

CLICK TO EDIT MASTER TITLE STYLE

Click to edit Master text styles


Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.

Second level
Third level
Fourth level
Fifth level

Q&A

Approaches
to Data
Access

Dealing with
SAP IT (Basis)
Concerns

Discussion of tools
and methodologies
pros and cons

Security,
Performance, and
Data Volumes

Common Risk
Areas

Finding Your
Data

Example Tests

Best practices on
executing testing

CLICK TO EDIT MASTER TITLE STYLE

Click to edit Master text styles


Click to edit Master text styles. Lots of paragraph
copy goes here, and here and here.

Second level
Third level
Fourth level
Fifth level

For more information please contact us:

Phil Lim

Steve Biskie

phil_lim@acl.com

steve.biskie@
highwateradvisors.com