SAP & Internal control
Organisations implement SAP to increase productivity, enhance transparency, reduce inventory and boost profitability. But the level of automation and integration achieved by deploying SAP often scares management and auditors. Since they can no longer fall back on paper-based signatures, they need to have faith in electronic data entry and authorisations. When they are confronted with statements like: “Jan Jansen has access to transaction FB60 and F110 on company 1203 and 2805,” they may well be less prepared to take responsibility for the numbers generated by their SAP system.
Indeed, experience has shown that poor control over an SAP implementation and poor quality of data on suppliers and customers can lead to:
- Revenue leakage when invoices do not match the shipped goods or when goods are shipped to customers with a bad payment track record
- Cash flow issues when the follow up of customer payments cannot be done adequately or timely
- Lower profits due to overpayments and lost discounts due to inconsistencies on payment terms
- Internal fraud due to a lack of segregation of duties in the access to supplier, customer or transactional data
- Incorrect accounts and tax reporting issues due to duplicate payments and unapplied credits
- Process inefficiencies when manual efforts for inquiry and reporting functions increase due to inaccurate and incomplete supplier and customer data
- Decreased leverage in negotiations and compliance monitoring when there is insufficient visibility to actual payment and sales information
- Lower customer service and satisfaction when duplicate and inconsistent customer master records result in duplicate mailings to customers, slow response time to problems, late deliveries, multiple telemarketing calls, etc.
When you consider these typical concerns, you will realise that they lead directly to fundamental questions about your system of internal control, the security of your SAP system and the segregation of duties on which it depends.
Why Deloitte?
In assessing your SAP environment, we combine a number of proven techniques to model the risks and controls implied by the current implementation, including process modelling, transactional analysis, master data analysis, configuration analysis and a thorough segregation of duties analysis. In order to help gain confidence in the data produced by your SAP implementation, we provide:
- A clear authorisation model for the processes supported by your SAP system, like purchase to pay, order to cash, payroll and fixed assets thereby building on the Deloitte IndustryPrints
- An optimised and harmonised set of controls, roles and authorisation scheme that can be maintained over the long term;
- Improved configuration settings, including document release strategies and copying rules, tolerances, field selections and procedures
Deloitte can count on vast experience to allow you to maximally benefit from SAP Management of Internal Controls and SAP/Virsa’s Compliance Calibrator. In addition, Deloitte is an accredited auditor for providing certificates of compliance against regulations on corporate governance, eg. Sarbanes-Oxley 302 and 404 Act, UK’s Combined Code, France’s Loi sur la Securité Financière, the Belgian Code Lippens, or the Dutch Code Tabaksblat.
Material on this website is © 2013 Deloitte Global Services Limited, or a member firm of Deloitte Touche Tohmatsu Limited, or one of their affiliates. See Legal for copyright and other legal information.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.