Top 20 Grc Sod List For Sap System

Transcript

  For the complete list of high risk SOD conflicts in SAP: http://www.box.net/shared/am4bsvi8i5CR04 Process CRM Sales Order + SD02 Delivery Processing = A user could create a fictitious sales order tocover up an unauthorized shipment.CR04 Process CRM Sales Order + CR07 CRM Billing = Inappropriately create or change sales documents andgenerate the corresponding billing document in CRM.CR05 Service Order Processing + CR06 Service Confirmation = Enter fictitious service orders for personaluse and accept the services through service acceptance. The user could prompt fraudulent payments. Inaddition spare parts could be fraudulently issued from inventory as a result of the confirmation.SR01 EBP / SRM Vendor Master + SR03 EBP / SRM Invoicing = Maintain a fictitious vendor and enter aninvoice to be included in the automatic payment run.FI03 Bank Reconciliation + SR03 EBP / SRM Invoicing = A user can hide differences between bank paymentsand posted AP records.SR01 EBP / SRM Vendor Master + SR07 EBP / SRM PO Approval = Create a fictitious vendor or changeexisting vendor master data and approve purchases to this vendor.SR01 EBP / SRM Vendor Master + SR09 EBP / SRM Maintain Org Structure = Create or maintain fictitiousvendor and manipulate the organizational structure to bypass approvals or secondary checks.AR02 Cash Application + FI03 Bank Reconciliation = Allows differences between cash deposited and cashcollections posted to be covered up.MM04 Goods Movements + MM02 Enter Counts – IM + MM04 Clear Differences – IM = Accept goods viagoods receipts and perform an IM physical inventory adjustment afterwards.MM04 Goods Movements + MM03 Enter Counts & Clear Diff - IM = Accept goods via goods receipts andperform an IM physical inventory adjustment afterwards.PR01 Vendor Master Maintenance + AP02 Process Vendor Invoices = Maintain a fictitious vendor and enter aVendor invoice for automatic payment.PR01 Vendor Master Maintenance + PR02 Maintain Purchase Order = Create a fictitious vendor and initiatepurchases to that vendor.PR02 Maintain Purchase Order + MM03 Enter Counts & Clear Diff - IM = Inappropriately procure an item andmanipulating the IM physical inventory counts to hide.FI03 Bank Reconciliation + AP02 Process Vendor Invoices = Can hide differences between bank payments & posted AP records.PR04 PO Approval + MM02 Enter Counts - IM + MM04 Clear Differences – IM = Release a non bona-fidepurchase order and the action remain undetected by manipulating the IM physical inventory counts.PR01 Vendor Master Maintenance + PR05 Purchasing Agreements = Risk of entry of fictitious PurchasingAgreements and the entry of fictitious Vendor or modification of existing Vendor especially account data.AP01 AP Payments + FI03 Bank Reconciliation = Risk of entering unauthorized payments and reconcile withthe bank through the same person.PR02 Maintain Purchase Order + MM02 Enter Counts - IM = Inappropriately procure an item andmanipulating the IM physical inventory counts to hide.PR04 PO Approval + MM03 Enter Counts & Clear Diff - IM = Release a non bona-fide purchase order and theaction remain undetected by manipulating the IM physical inventory countsAP04 Manual Check Processing + FI03 Bank Reconciliation = Risk of entering unauthorized manualpayments and reconcile with the bank through the same person.SD01 Maintain Customer Master Data + AR01 AR Payments = Create a fictitious customer and initiatepayment to the unauthorized customer.SD01 Maintain Customer Master Data + AR05 Maintain Billing Documents = User can create a fictitiouscustomer and then issue invoices to the customer.