際際滷

際際滷Share a Scribd company logo

Sample Deliverable Deliverables

agc infotech
agc infotech

The document describes controls over duplicate invoice processing in SAP. It notes the risk of duplicate payments leading to misstated financials. The control is that SAP only allows payment on an invoice once. Testing found the control is not appropriately designed. The 'Check for Duplicate Invoices' setting had not been enabled for company codes. Message controls to check for duplicates were also not configured. The conclusion was that the control design was non-compliant.

1 of 3
Downloaded 24 times
SAP Audit Work Program Control Ref. #:1 Client Name: ABC Limited Application: SAP ECC 6.0 Process: Procure to Pay Sub Process: Invoice processing Activity: Duplicate invoice Risk: Duplicate invoices may lead to over payment for goods and services thereby misstating the financial statements Control: System allows payment on a vendor invoice only once Control Owner: In SAP, incoming invoices are verified for vendor name, amount, date and invoice reference number. Invoices can be verified with reference to the purchase order. When the invoice is posted, the invoice data is saved in the system. The system updates the data saved in the invoice documents during the material and financial document postings. Control Overview: SAP provides an indicator Double invoice validation during the vendor master record creation that checks for duplicates invoices against a vendor. In addition, the Set Check for Duplicate Invoices setting can also be enabled. This setting can be configured to check for duplicate invoice reference numbers with respect to a specific company code and invoice date. Test Result Compliant Non-Compliant Not Applicable Test of Design Transaction Code(s) to be used: Test Approach: Using the following test steps, check the design of the control by validating whether SAP has been appropriately configured to OBD3 (Vendor account group restrict duplicate invoice payments. configuration) Test Steps: SE16N (SAP Table Data Display) OBA5 (Message controls for invoice Step 1: Verify if the field Double invoice validation in the screen layout of the vendor account group has been configured as a required entry verification configuration) Execute transaction code OBD3 > select the applicable vendor account groups (Artifact # 1) > company code data > payment transactions > Report(s) / Program(s) to be used: o Check if the screen layout of the field Double invoice validation has been configured as Req. Entry (Artifact NA # 2) Grupo Pe単afiel Page 1 of 3 Sample Deliverable
Control Ref. # 1 SAP Control Testing Document Process: Procure to Pay Step 2: Verify if the Set Check for Duplicate Invoices has been activated for the applicable company codes Execute transaction code SE16N > Table name T169P > Select the following values in the field selection: o Company code (BUKRS) with value from the list of applicable company codes (Artifact # 3) o Check company code (XBUKRS) o Check invoice date (XBLDAT) o Check reference (XXBLNR) Export the table information using the menu: o Press the export button provided above the table data to export the information > Local File > Spreadsheet > File name as Artifact # 4: o Review Artifact # 4 and verify if the fields Check company code (XBUKRS), Check invoice date (XBLDAT), Check reference (XXBLNR) are enabled for the applicable company codes Step 3: Verify if appropriate message controls at the time of invoice verification are configured to restrict duplicate invoice entry: Execute transaction code OBA5 > select application area M8 > check if the following messages have been configured as error message in all the message types: o 108 - Check if invoice already entered under accounting doc. no. & & (Artifact # 5) Observation During our review, we had the following observations: 'Check for Duplicate Invoices' indicator has not been enabled for the applicable Company codes (1001, 3001, 4001, 4002, 4003, 5001 and 5002). This is required to check for duplicate invoice reference numbers with respect to a specific company code and invoice date. Message controls to check for duplicate invoices are not configured. Message number '108 - Check if invoice already entered under accounting doc. no. & &' is not configured. Conclusion From the above test performed, we conclude that the control is not appropriately designed. Testing Artifacts S. No. Description Document Reference ABC Ltd. Page 2 of 3 Sample Deliverable
Control Ref. # 1 SAP Control Testing Document Process: Procure to Pay 1. List of applicable Vendor account groups Artifact # 1.xls 2. Screenshot of transaction code OBD3 showing screen layout of the vendor account group Artifact # 2.doc 3. List of applicable Company codes Artifact # 3.xls 4. Extract of SAP table T169P (duplicate invoice check configuration for company codes) Artifact # 4.doc 5. Screenshot of transaction code OBA5 showing the message controls for duplicate invoices Artifact # 5.doc ABC Ltd. Page 3 of 3 Sample Deliverable

More Related Content

Sample Deliverable Deliverables

  • 1. SAP Audit Work Program Control Ref. #:1 Client Name: ABC Limited Application: SAP ECC 6.0 Process: Procure to Pay Sub Process: Invoice processing Activity: Duplicate invoice Risk: Duplicate invoices may lead to over payment for goods and services thereby misstating the financial statements Control: System allows payment on a vendor invoice only once Control Owner: In SAP, incoming invoices are verified for vendor name, amount, date and invoice reference number. Invoices can be verified with reference to the purchase order. When the invoice is posted, the invoice data is saved in the system. The system updates the data saved in the invoice documents during the material and financial document postings. Control Overview: SAP provides an indicator Double invoice validation during the vendor master record creation that checks for duplicates invoices against a vendor. In addition, the Set Check for Duplicate Invoices setting can also be enabled. This setting can be configured to check for duplicate invoice reference numbers with respect to a specific company code and invoice date. Test Result Compliant Non-Compliant Not Applicable Test of Design Transaction Code(s) to be used: Test Approach: Using the following test steps, check the design of the control by validating whether SAP has been appropriately configured to OBD3 (Vendor account group restrict duplicate invoice payments. configuration) Test Steps: SE16N (SAP Table Data Display) OBA5 (Message controls for invoice Step 1: Verify if the field Double invoice validation in the screen layout of the vendor account group has been configured as a required entry verification configuration) Execute transaction code OBD3 > select the applicable vendor account groups (Artifact # 1) > company code data > payment transactions > Report(s) / Program(s) to be used: o Check if the screen layout of the field Double invoice validation has been configured as Req. Entry (Artifact NA # 2) Grupo Pe単afiel Page 1 of 3 Sample Deliverable
  • 2. Control Ref. # 1 SAP Control Testing Document Process: Procure to Pay Step 2: Verify if the Set Check for Duplicate Invoices has been activated for the applicable company codes Execute transaction code SE16N > Table name T169P > Select the following values in the field selection: o Company code (BUKRS) with value from the list of applicable company codes (Artifact # 3) o Check company code (XBUKRS) o Check invoice date (XBLDAT) o Check reference (XXBLNR) Export the table information using the menu: o Press the export button provided above the table data to export the information > Local File > Spreadsheet > File name as Artifact # 4: o Review Artifact # 4 and verify if the fields Check company code (XBUKRS), Check invoice date (XBLDAT), Check reference (XXBLNR) are enabled for the applicable company codes Step 3: Verify if appropriate message controls at the time of invoice verification are configured to restrict duplicate invoice entry: Execute transaction code OBA5 > select application area M8 > check if the following messages have been configured as error message in all the message types: o 108 - Check if invoice already entered under accounting doc. no. & & (Artifact # 5) Observation During our review, we had the following observations: 'Check for Duplicate Invoices' indicator has not been enabled for the applicable Company codes (1001, 3001, 4001, 4002, 4003, 5001 and 5002). This is required to check for duplicate invoice reference numbers with respect to a specific company code and invoice date. Message controls to check for duplicate invoices are not configured. Message number '108 - Check if invoice already entered under accounting doc. no. & &' is not configured. Conclusion From the above test performed, we conclude that the control is not appropriately designed. Testing Artifacts S. No. Description Document Reference ABC Ltd. Page 2 of 3 Sample Deliverable
  • 3. Control Ref. # 1 SAP Control Testing Document Process: Procure to Pay 1. List of applicable Vendor account groups Artifact # 1.xls 2. Screenshot of transaction code OBD3 showing screen layout of the vendor account group Artifact # 2.doc 3. List of applicable Company codes Artifact # 3.xls 4. Extract of SAP table T169P (duplicate invoice check configuration for company codes) Artifact # 4.doc 5. Screenshot of transaction code OBA5 showing the message controls for duplicate invoices Artifact # 5.doc ABC Ltd. Page 3 of 3 Sample Deliverable