In the last article, we highlighted the importance of correct master data. Correct data creates a strong foundation to allow us to manage our company risk, policies and audit control.

Is your company exposed to poor risk management, fraud or embezzlement? Can the staff change contact details, addresses, or bank account details? And if so, on what authority? Do they keep a record of the request from the customer? Is anyone checking what has been changed in SAP to ensure it matches with customer request? What policy or procedures do you have in place to guarantee strong risk management?

Companies strong on audit control run regular reports to identify any master data changes. Regularly reviewing all changes made to master data fields ensures that only approved changes, by authorised staff have been made.

There are several reports available in SAP which provide management excellent visibility of field/s that have been changed, by which user login and when. For example, did "Sally" change the address or phone number? Or more importantly the bank account details for your customer/vendor which would affect payments of supplier invoices, rebates or refunds etc.
Any changes made to the master data can be viewed by using transaction code: S_ALR_87012182 (Display Changes to Customers). If you are not currently reporting on changes to your master data which may lead to being exposed to risk, fraud, or embezzlement, this report should be added your EOM procedures as part of strong audit control. Auditors (external and internal) often require this type of report as part of their finance department review.

Whilst we often talk about "know your customer" for better risk management, we also need to be mindful that our own business is following company policy and adhering to strong audit control.

Use the power of networking with your peers, join the SAP User Group. Enhance your day-to-day work by benchmarking for best in class processes and procedures. #WhatYouDontKnowCouldCostYou

Beth Gray FICM CCE is Director of SAP Users Pty Ltd
Website: www.sapusers.com.au
Email: beth@sapusers.com.au
#WhatYouDontKnowCouldCostYou
By Beth Gray FICM CCE*

download complete article