Conflicting Roles

7/23/2019 Conflicting Roles

1/24

Task 1 Task 2

AP Payments

Cash Application Bank Reconciliation

Settle Projects

Settle Projects

Cash Application

Goods Movements Enter Counts - WM

Goods Movements Enter Counts - M

Goods Movements

Maintain BankMaster !ata

Maintain Asset

!ocument

Process "endor

nvoices

Maintain Asset!ocument

Goods Receipts toP#

Maintain AssetMaster

Goods Receipts toP#

Process #verheadPostin$s

Maintain Projectsand WBS Elements

Maintain Projectsand WBS Elements

Process #verheadPostin$s



Manual CheckProcessin$

Create % Chan$e&reasury tem

Con'irm a &reasury&rade

Enter Counts ( Clear!i'' - M


2/24

AP Payments

AP Payments

AP Payments

Bank Reconciliation

Service Acceptance AP Payments

P# Approval

P# Approval AP Payments

P# Approval

P# Approval Enter Counts - M

"endor MasterMaintenance

Process "endornvoices



Maintain Purchase#rder



Goods Receipts toP#


Goods Receipts toP#







Goods Receipts toP#



3/24

P# Approval

AP Payments

AP Payments

AP Payments Bank Reconciliation

Enter Counts - M

Enter Counts - WM

P# Approval

P# Approval Enter Counts - WM


Purchasin$A$reements




Goods Receipts toP#



Service MasterMaintenance











4/24

Service Acceptance

P# Approval

Bank Reconciliation

P# Approval

Credit Mana$ement

Sales Re)ates






Service MasterMaintenance



Sales #rderProcessin$


Clear CustomerBalance


Maintain CustomerMaster !ata


Process Customernvoices



Maintain Billin$!ocuments




5/24

Credit Mana$ement Sales Re)ates

Cash Application

AR Payments

AR Payments

Cash Application

!elivery Processin$

Credit Mana$ement Cash Application

Cash Application Sales Re)ates

Cash Application

Credit Mana$ement



Process CustomerCredit Memos

Sales !ocumentRelease



Sales Pricin$Condition










6/24

Cash Application

!elivery Processin$ Cash Application

Process Payroll

*R Bene'its Process Payroll

*R "endor !ata

Maintain &ime !ata Approve &ime

Maintain &ime !ata Process Payroll

Process Payroll







Process CustomerCredit Memos

Maintain Employee+PA, Master !ata -. - / +

0rd PartyRemittance

Maintain PayrollCon'i$uration




7/24

Modi'y P! Structure

Maintain &ime !ata Payroll Maintenance

Payroll Maintenance Process Payroll

Payroll Maintenance

Maintain &ime !ata

Maintain &ime !ata Modi'y P! Structure

Maintain &ime !ata

Payroll Maintenance

Payroll Schemas Maintain &ime !ata

Basis !evelopment Con'i$uration

Basis !evelopment



Maintain Payroll

Con'i$uration



&ransportAdministration


8/24

Basis 1tilities Con'i$uration

Basis 1tilities

Client Administration

Client Administration

Create &ransport Per'orm &ransport

AP# active version,

&ransport

Administration

Basis &a)leMaintenance

SystemAdministration

Basis &a)leMaintenance

Security

Administration

SecurityAdministration

&ransportAdministration

Maintain 2um)erRan$es

SystemAdministration

Maintain 1ser

Master

Maintain Pro'iles %

Roles

AP# MaintainModel

AP# Supply (!emand Plannin$

AP# Model ("ersionMana$ement



AP# !e'ineAdvanced Macros



9/24

!elivery Processin$

CRM Billin$

Service Con'irmation

CRM Billin$

CRM Billin$

CRM Billin$

Maintain Conditions

Maintain Conditions

Process Payroll

Maintain BusinessPartner

Process CRM Sales#rder





Service #rderProcessin$




ServiceCon'irmation

ServiceCon'irmation


Process CreditMemo

Process CreditMemo


Process Customer

nvoices


Maintain#pportunity


10/24

Process Payroll

Process Payroll

EBP % SRM nvoicin$

EBP % SRM nvoicin$

Bank Reconciliation EBP % SRM nvoicin$

Enter Counts - WM

Enter Counts - M

Service #rderProcessin$


EBP % SRM "endorMaster

EBP % SRMPurchasin$

EBP % SRMPurchasin$

EBP % SRM Goods

Receipt%ServiceAcceptance

EBP % SRMnvoicin$

EBP % SRM GoodsReceipt%Service

Acceptance


EBP % SRMPurchasin$


Acceptance


Acceptance


11/24

Service Acceptance

Maintain *ierarchies AP Payments

Maintain *ierarchies



Acceptance


EBP % SRMPurchasin$

Goods Receipts toP#

EBP % SRMPurchasin$

EBP % SRM P#Approval

Goods Receipts toP#

EBP % SRMPurchasin$




EBP % SRMPurchasin$

EBP % SRM Maintain#r$ Structure


EBP % SRM Maintain#r$ Structure

EBP % SRM MaintainShoppin$ Cart





12/24

Maintain *ierarchies Cash Application





Maintain *ierarchies Revenue Repostin$

Maintain *ierarchies Post 3ournal Entry






Maintain CostCenters

Maintain Asset!ocument

Maintain AssetMaster

Maintain G4 Master!ata

Post 3ournal Entry+misc &a5%Currency,




13/24

Description of Risk

Create a non )ona-'ide )ank account and create a check 'rom it6

Pay an invoice and hide it in an asset that 7ould )e depreciated over time6

Allo7s di''erences )et7een cash deposited and cash collections posted to )e covered up

Create the asset and manipulate the receipt o' the associated asset6

Maintain a non )ona-'ide )ank account and divert incomin$ payments to it6

Create a non )ona-'ide )ank account and create manual checks 'rom it

1sers can create a 'ictitious trade and 'raudulently con'irm or e5ercise the trade

Accept $oods via $oods receipts and per'orm a WM physical inventory adjustment a'ter7ards6

Accept $oods via $oods receipts and per'orm an M physical inventory adjustment a'ter7ards6

Accept $oods via $oods receipts and per'orm an M physical inventory adjustment a'ter7ards6

Create an invoice throu$h ERS $oods receipt and hide it in an asset that 7ould )e depreciatedover time6

Post overhead e5penses to the project and settle the project 7ithout $oin$ throu$h thesettlement approval process6

1se a 'ictitious project to allocate overa$es o' an actual project8 and settle the project 7ithout$oin$ throu$h the settlement approval process6

Manipulate the 7ork )reakdo7n structure elements +pro'it centers8 )usiness areas8 cost centers8plants, and post overhead e5penses to the project


14/24

Maintain a 'ictitious vendor and enter a "endor invoice 'or automatic payment

Maintain a 'ictitious vendor and create a payment to that vendor

Enter 'ictitious vendor invoices and then render payment to the vendor

Purchase unauthori9ed items and initiate payment )y invoicin$

Enter 'ictitious purchase orders 'or personal use and accept the $oods throu$h $oods receipt

Enter 'ictitious vendor invoices and accept the $oods via $oods receipt

Enter a 'ictitious purchase order and enter the coverin$ payment

Create a 'ictitious vendor and initiate purchases to that vendor

nappropriately procure an item and manipulatin$ the M physical inventory counts to hide6

Can hide di''erences )et7een )ank payments ( posted AP records

Receive or accept services and enter the coverin$ payments

Release a non )ona-'ide purchase order and initiate payment 'or the order )y enterin$ invoices

Approve the purchase o' unauthori9ed $oods and hide the misuse o' inventory )y not 'ullyreceivin$ the order

Commit the company to 'raudulent purchase contracts and initiate payment 'or unauthori9ed$oods and services6

Release a non )ona-'ide purchase order and the action remain undetected )y manipulatin$ theM physical inventory counts


15/24

Enter 'ictitious purchasin$ a$reements and then render payment

Modi'y purchasin$ a$reements and then receive $oods 'or 'raudulent purposes6

Risk o' enterin$ unauthori9ed payments and reconcile 7ith the )ank throu$h the same person6

nappropriately procure an item and manipulatin$ the M physical inventory counts to hide6

nappropriately procure an item and manipulatin$ the WM physical inventory counts to hide6

Maintain a 'ictitious vendor and create a payment to that vendor

Enter 'ictitious vendor invoices and then render payment to the vendor

Enter a 'ictitious purchase order and enter the coverin$ payment

Create a 'ictitious vendor or chan$e e5istin$ vendor master data and approve purchases to thisvendor

Risk o' entry o' 'ictitious Purchasin$ A$reements and the entry o' 'ictitious "endor ormodi'ication o' e5istin$ "endor especially account data6

Enter unauthori9ed items to a purchasin$ a$reement and create an invoice to o)tain those items'or personal use

Risk o' modi'yin$ service master data +to add a service that is normally not ordered )y thecompany, and the entry o' coverin$ payments

Release a non )ona-'ide purchase order and the action remain undetected )y manipulatin$ theM physical inventory counts

Release a non )ona-'ide purchase order and the action remain undetected )y manipulatin$ theWM physical inventory counts


16/24

Receive or accept services and manually enter the coverin$ check payments

Enter 'ictitious purchasin$ a$reements and then render manual checks 'or payment

Enter or modi'y sales documents and approve customer credit limits

Create sales documents and immediately clear customer:s o)li$ation

Create a 'ictitious customer and initiate 'raudulent sales document

Commit the company to 'raudulent purchases and initiate manual check payments 'orunauthori9ed $oods and services6

Risk o' modi'yin$ service master data +to add a service that is normally not ordered )y thecompany, and the entry o' coverin$ payments

Risk o' enterin$ unauthori9ed manual payments and reconcile 7ith the )ank throu$h the sameperson6

Where release strate$ies are utili9ed8 the same user should not maintain the purchase order andrelease or approve it6

Make an unauthori9ed chan$e to the master record +payment terms8 tolerance level, in 'avor o'the customer and enter an inappropriate invoice6

nappropriately create or chan$e re)ate a$reements and mana$e a customer:s master record inthe 'avor o' the customer6 Could also chan$e a customer:s master record to direct payment toan inappropriate location6

Potentially clear a customer:s )alance )e'ore and create or make the same chan$e to the )illin$document 'or the same customer8 clearin$ them o' their o)li$ation6

nappropriately create or chan$e a sales documents and $enerate a correspondin$ )illin$document 'or it6


17/24

Create a 'ictitious customer and initiate payment to the unauthori9ed customer6

nitiate an unauthori9ed payment to the customer )y enterin$ 'ictitious credit memos6

Chan$e the accounts receiva)le records to cover di''erences 7ith customer statements6

Cover up unauthori9ed shipment )y creatin$ a 'ictitious sales documents

Sales price modi'ications 'or sales invoicin$6

Enter sales documents and lo7er prices 'or 'raudulent $ain

Per'orm credit approval 'unction and modi'y cash received 'or 'raudulent purposes6

Enter a 'ictitious sales re)ates and then render 'ictitious payments6

Risk o' modi'yin$ and enterin$ Sales nvoices and approvin$ Credit 4imits )y the same person6

Risk o' Sales Price modi'ications 'or Sales invoicin$6

Maintain a customer master record and post a 'raudulent payment a$ainst it

Manipulate the user:s credit limit and assi$n $enerous re)ates to e5ecute a mar$inal customer:sorder6

Create a )illin$ document 'or a customer and inappropriately post a payment 'rom the samecustomer to conceal non-payment6

Risk o' the same person enterin$ chan$es to the Customer Master 'ile and modi'yin$ the CashReceived 'or the customer6


18/24

1ser can create a 'ictitious customer and then issue invoices to the customer6

1ser can create%chan$e an invoice and enter%chan$e payments a$ainst the invoice6

Create a credit memo then clear the customer to prompt a payment6

Modi'y payroll master data and then process payroll6 Potential 'or 'raudulent activity6

Chan$e to master data and creatin$ the remittance could result in 'raudulent payments6

Chan$e payroll master data and enter time data applied to incorrect settin$s6

Modi'y time data and process payroll resultin$ in 'raudulent payments

Chan$e con'i$uration o' payroll then process payroll resultin$ in 'raudulent payments

Chan$e con'i$uration o' payroll then modi'y payroll master data resultin$ in 'raudulent payments

1ser can create 'ictitious%incorrect delivery and enter payments a$ainst these8 potentiallymisappropriatin$ $oods6

1ser a)le to create a 'raudulent sales contract to include additional $oods and enter an incorrectcustomer invoice to hide the deception6

Chan$e employee *R Bene'its then process payroll 7ithout authori9ation6 Potential 'or'raudulent activity6


19/24

Chan$e payroll master data and modi'y P! Structure

Enter 'alse time data and per'orm payroll maintenance6

Chan$e payroll and process payroll 7ithout proper authori9ation6

Chan$e payroll con'i$uration and per'orm maintenance on payroll settin$s6

Modi'y payroll con'i$uration and enter 'alse time data6

Enter 'alse time data and maintain P! structure

1sers may enter 'alse time data and process payroll resultin$ in 'raudulent payments6

1sers may maintain employee master data includin$ pay rates and delete the payroll result

1sers may enter 'alse time data and per'orm 7ork schedule evaluations

A developer could modi'y an e5istin$ pro$ram in production8 per'orm traces to the pro$ram and

con'i$ure the production environment to limit monitorin$ o' the pro$ram run )y increasin$ alarmthresholds and eliminatin$ audit trails throu$h e5ternal #S comma

A developer could create or modi'y a pro$ram in production and 'orce the transport o' thesechan$es a'ter the 'act to conceal irre$ular development practices6 &his also ena)les therevertin$ )ack to the pro$ram:s ori$inal version 7ithout any trace o' the chan$es made inproduction6


20/24

Can reset the num)er ran$es +;, and delete your lo$%audit trail +


21/24

A user could create a 'ictitious sales order to cover up an unauthori9ed shipment6

1ser can create a 'ictitious )usiness partner and then process )illin$ in CRM 'or that partner6

1ser can create a 'ictitious )usiness partner and then process )illin$ in R0 'or that partner6

A user could enter a sales order in CRM and lo7er prices via conditions 'or 'raudulent $ain

A user could create a 'ictitious )usiness partner and initiate 'raudulent sales orders 'or thatpartner6 Master data such as )usiness partners should not )e maintained )y the same users7ho process transactions usin$ that master data6

nappropriately create or chan$e sales documents and $enerate the correspondin$ )illin$document in CRM6

nappropriately create or chan$e sales documents and $enerate the correspondin$ )illin$document in R06

Enter 'ictitious service orders 'or personal use and accept the services throu$h serviceacceptance6 &he user could prompt 'raudulent payments6 n addition spare parts could )e'raudulently issued 'rom inventory as a result o' the con'irmation6

nappropriately accept or con'irm a service order and $enerate a correspondin$ )illin$ documentin CRM 'or the order6

nappropriately accept or con'irm a service order and $enerate a correspondin$ )illin$ documentin R0 'or the order6

1ser could create a 'ictitious credit memo and run )illin$ due in CRM to prompt a payment to acustomer6 &he customer could provide a kick)ack to the internal user6

1ser could create a 'ictitious credit memo and run )illin$ due in R0 to prompt a payment to acustomer6 &he customer could provide a kick)ack to the internal user6

Pricin$ conditions could )e manipulated to provide inappropriate discounts or incentives to

customers 7hich 7ill )e reali9ed in an incorrect invoice6

Commission or ncentives may )e paid )ased on the num)er o' =uali'ied leads6 nappropriately=uali'ied leads could result in 'raudulent commission payments6


22/24

Maintain a 'ictitious vendor and enter an invoice to )e included in the automatic payment run

Purchase unauthori9ed items and prompt the payment )y invoicin$

Enter 'ictitious invoices and accept $oods or services via $oods receipt or service acceptance

Maintain a 'ictitious vendor and initiate purchases to that vendor6

A user can hide di''erences )et7een )ank payments and posted AP records6

Accept $oods via SRM $oods receipts and per'orm M physical inventory adjustment a'ter7ards6

Commission or ncentives may )e paid )ased on the num)er o' service orders6 ?raudulentorders could )e entered to achieve hi$her sales 'or commissions6

Commission or ncentives may )e paid )ased on the num)er o' sales orders6 ?raudulent orderscould )e entered to achieve hi$her sales reportin$ 'or commissions6

Enter 'ictitious orders 'or personal use and accept the $oods or services throu$h $oods receiptor service acceptance

Accept $oods via SRM $oods receipts and per'orm a WM physical inventory adjustmenta'ter7ards6


23/24

Enter 'ictitious orders 'or personal use and access the $oods or services throu$h $oods receipt

Accept $oods via SRM $oods receipts and per'orm M physical inventory adjustment a'ter7ardsusin$ po7er'ul M transactions

Enter 'ictitious orders 'or personal use and access the $oods or services throu$h serviceacceptance

Approve the purchase o' unauthori9ed $oods and hide the misuse o' inventory )y not 'ullyreceivin$ the order in R0

Where release strate$ies are utili9ed8 the same user should not maintain the purchase order andrelease or approve it6

Create a 'ictitious vendor or chan$e e5istin$ vendor master data and approve purchases to thisvendor

Enter 'ictitious orders 'or personal use and manipulate the or$ani9ational structure to )ypassapprovals

Create or maintain 'ictitious vendor and manipulate the or$ani9ational structure to )ypassapprovals or secondary checks

nitiate purchases to selectin$ $oods to )e included in a shoppin$ cart then approvin$ thepurchase

AP%AR%G4 master data creation and postin$ 'unctions in conjunction 7ith payment processin$8receipt o' money8 G4 account access@ and the a)ility to modi'y ECCS hierarchy and reportin$

output

AP%AR%G4 master data creation and postin$ 'unctions in conjunction 7ith payment processin$8receipt o' money8 G4 account access@ and the a)ility to modi'y ECCS hierarchy and reportin$output



24/24



AP%AR%G4 master data creation and postin$ 'unctions in conjunction 7ith payment processin$8

receipt o' money8 G4 account access@ and the a)ility to modi'y ECCS hierarchy and reportin$output









Documents

Conflicting Roles