• Home

  • Documents

  • Process Control Optimization with SAP - Protiviti · PDF fileOne typical issue that can arise...

If you can't read please download the document

Process Control Optimization with SAP - Protiviti · PDF fileOne typical issue that can arise around the purchase order process ... the purchase order or do not flow through ... Process

Embed Size (px)

Citation preview

  • Process Control Optimization with SAP The procure-to-pay cycle, which includes all activities from the procurement of goods and services to receiving invoices and paying vendors, is a basic business process. It also presents significant risks if all aspects are not managed effectively and monitored continuously. Organizations that do not have optimal control over, and visibility into, their procure-to-pay business cycle can face late fees, missed discounts, wasted time and loss of assets as well as noncompliance issues due to inaccuracies or overlooked incidents of fraudulent activity.

    Following are the three major phases of the procure-to-pay business cycle and some common risks organizations face in each area due to a lack of effective controls and visibility:

    Supplier management (vendor master file) duplicate and unauthorized vendors, unauthorized access to the vendor master file, and incorrect 1099 reporting

    Purchasing unauthorized purchases, inaccurate purchase order processing, and unauthorized returns, adjustments and allowances

    Accounts payable incomplete or inaccurate payment information, duplicate payments, liabilities and disbursements not recorded completely, and invoices that do not represent goods and services actually received

    One key reason organizations have difficulty managing and monitoring their procure-to-pay process effectively is an overreliance on manual controls, which are prone to errors and can be easily changed or circumvented. To make better use of automated controls and optimize their overall control environment, more organizations are choosing to improve their knowledge of the functionality within their enterprise resource planning (ERP) solutions, such as the SAP ERP Central Component (ECC) 6.0. Companies are realizing significant cost and resource savings by optimizing their ECC configuration and deploying governance, risk and compliance (GRC) solutions like SAP BusinessObjects GRC.

    SAPs GRC solution performs critical monitoring of major business processes on a continuous basis. Configurable and customized controls can be easily implemented and maintained in the procure-to-pay cycle so that inaccuracies and inconsistencies, as well as potential incidents of fraud and noncompliance, can be identified and addressed quickly. However, despite the availability of tools like SAP BusinessObjects GRC, many organizations fail to take full advantage of the procure-to-pay control options available in their SAP environment, primarily because they are not aware of SAP ECC 6.0s standard control functionality.

  • Protiviti | 2

    By implementing and maintaining optimized controls within SAP and using the right mix of both automated and manual controls to ensure all gaps in the procure-to-pay process are closed organizations can reduce the risk of fraudulent activity (both through prevention and detection), ensure compliance with Sarbanes-Oxley, and generate significant cost savings.

    The ideal control environment for managing risks effectively in the procure-to-pay cycle should include the following six areas:

    Configurable controls these controls are designed to maintain the integrity of master data, such as information in the vendor master file

    Manual controls these controls include approvals by authorized individuals (SAP automated workflow also can be set up for approvals)

    General IT controls the computing controls and IT notifications process that reduce the risk of unauthorized changes to SAP systems

    Detective reports SAP, for example, has many standard detective reports that do not need to be customized to be used as control reports

    Security this includes clearly defining access rights and segregation of duties rules

    Policies and procedures the rules that dictate how the organization controls, within its purchase cycle, which vendors will be used, what their limits are, and which people in the organization have the authority to approve invoices and purchase orders

    There are many problems common to organizations that do not have optimized control of their procure-to-pay business cycle. The following are examples typically experienced in the supplier management, purchasing and accounts payable processes.

    Supplier Management For many businesses, especially large national or global companies working with a wide range of suppliers, the vendor master file can grow exponentially very quickly. This makes master data associated with the procure-to-pay process difficult to maintain efficiently, leaving the organization more susceptible to the risk of financial leakage and fraud.

    Here is one example of what can happen when the supplier management process is not optimally controlled: Protivitis GRC and SAP experts recently examined the vendor master file of a large organization and discovered it had listings for more than 28,000 active suppliers, but 63 percent (or more than 17,700) had not had invoice or payment activity in longer than three years. Additionally, more than 1,700 vendors appeared to be duplicates, and more than 1,500 had invalid or incomplete information recorded in the vendor master file.

    It is not unusual to find a number of suppliers in the vendor master file that have not been used recently, have not been marked for deletion, or have not been designated as blocked so that no further invoices related to those specific vendors can be processed. To ensure greater accuracy in this critical aspect of the procure-to-pay process, organizations should clean house in their vendor master file and apply more control over how their vendors are being set up in the system and how they are being utilized.

  • Protiviti | 3

    Purchasing The purchase order process is one area that many businesses are working hard to optimize with better controls. Often, companies already have established a solid purchase order process and implemented strong controls within SAP or another ERP system, and are successfully using the three-way match (invoice, receipt, purchase order) to approve invoices automatically for payment. However, it is common to find that even the most organized and proactive businesses are not taking full advantage of the control optimization settings available in their SAP environment.

    One typical issue that can arise around the purchase order process (even in well-controlled environments) is the invoice date appearing before the purchase order date in the system. This usually occurs when an invoice is received before the purchase order is set up, making the critical three-way match more of a formality than a control. Inadequate training and lack of compliance to the process are often root causes. There also could be a significant delay occurring between the time when the receipt is received and when it is processed against the purchase order in the system.

    Other problems in the procure-to-pay process commonly seen across organizations in relation to purchase order processing include the following: a significant delay occurring between the time when the receipt is received and when it is processed against the purchase order in the system; a lack of compliance regarding what purchases require a purchase order; and a lack of review of aged open purchase orders. These issues can occur when procedures to issue purchase orders in a timely manner are inconsistent, proper approvals and controls for assigning purchase orders do not exist, and management support is absent.

    Accounts Payable In the past two years, many companies have been working to optimize their working capital. Some of these efforts have been motivated by recent economic conditions, while other businesses simply want to make a more concerted effort toward managing their working capital more efficiently. One way an SAP ERP system and effective GRC tools can support this type of initiative is by ensuring the terms of contracts that have been negotiated are captured in the procure-to-pay system, and that these terms cannot be overridden by unauthorized parties.

    Close examination of the accounts payable process often reveals that contract terms negotiated with a vendor do not appear on the purchase order or do not flow through to the invoice. This can happen when information from a vendor contract or other relevant communication has not been entered into the vendor master file. And if appropriate controls are not set up around the ability to override at the invoice and purchase order level, the terms negotiated with a vendor can easily be changed which means potential abuse may go undetected. Organizations should reinforce payment terms through ongoing training and compliance activities, as well as increased collaboration between procurement and accounts payable teams.

    The above are just some examples of common issues that can occur in an environment where controls have not been optimized and there is an overreliance on manual processes. Following are examples of how control optimization with GRC tools, such as SAP BusinessObjects GRC, can help organizations mitigate risks throughout the procure-to-pay process.

  • Protiviti | 4

    Risk Area: Vendor Maintenance Duplicate vendor listings are not just an annoyance; they also present serious risk. If the same vendor appears in the system twice, there is the potential for duplicate payments. Additionally, if purchases are not associated with the correct vendor, the organization may miss national volume discounts that have been arranged with that supplier.

    To eliminate the risk of duplicate vendors, businesses should establish strong controls around vendor request and approval processes. This includes ensuring that only an authorized person (or persons) who does not process purchase orders or invoice payments can update the vendor


Protiviti Style Guide

Protiviti Style Guide

Documents
Bulk purchase process with insurance

Bulk purchase process with insurance

Economy & Finance
ANALYTICS IN HEALTHCARE - Protiviti

ANALYTICS IN HEALTHCARE - Protiviti

Documents
Purchase & production process

Purchase & production process

Self Improvement
Spot purchase process

Spot purchase process

Business
Protiviti Government Services, Inc

Protiviti Government Services, Inc

Documents
The Purchase Process For Services

The Purchase Process For Services

Documents
Protiviti Capital Projects & Contracts Solution Introduction

Protiviti Capital Projects & Contracts Solution Introduction

Documents
Crossing the Purchase Process Chasm

Crossing the Purchase Process Chasm

Software
2016 Protiviti Predictive Analytics Survey · PROTIVITI • 2016 Protiviti Predictive Analytics Survey 5 Predictive Analytics Is More in Use in the Back Office Despite a drive to

2016 Protiviti Predictive Analytics Survey · PROTIVITI • 2016 Protiviti Predictive Analytics Survey 5 Predictive Analytics Is More in Use in the Back Office Despite a drive to

Documents
Purchase Process in Fmcg Company

Purchase Process in Fmcg Company

Documents
Protiviti Governance Portal Client Insights

Protiviti Governance Portal Client Insights

Documents
Customer onboarding process post purchase

Customer onboarding process post purchase

Business
Process Purchase - T-OSH

Process Purchase - T-OSH

Documents
OPERATIONAL RESILIENCE - Protiviti

OPERATIONAL RESILIENCE - Protiviti

Documents
APQC Protiviti Working Capital Management Study

APQC Protiviti Working Capital Management Study

Documents
Robotic Process Automation (RPA) - Protiviti ·  · 2018-02-20Robotic Process Automation (RPA) ... or implementing, RPA. Protiviti has seen multiple companies make costly mistakes

Robotic Process Automation (RPA) - Protiviti ·  · 2018-02-20Robotic Process Automation (RPA) ... or implementing, RPA. Protiviti has seen multiple companies make costly mistakes

Documents
Oracle Security in the Cloud - Protiviti

Oracle Security in the Cloud - Protiviti

Documents
Protiviti ERM FAQs

Protiviti ERM FAQs

Documents
SAP Purchase Order Process

SAP Purchase Order Process

Documents
Protiviti CAE Roundtable Series - KnowledgeLeader · Protiviti CAE Roundtable Series High Value Internal Audits October 10, 2008

Protiviti CAE Roundtable Series - KnowledgeLeader · Protiviti CAE Roundtable Series High Value Internal Audits October 10, 2008

Documents
Process Control Optimization - Protiviti · Process Control Optimization with SAP The procure-to-pay cycle, which includes all activities from the procurement of goods and services

Process Control Optimization - Protiviti · Process Control Optimization with SAP The procure-to-pay cycle, which includes all activities from the procurement of goods and services

Documents
19 land purchase process

19 land purchase process

Real Estate
STRUCTURING MATERIALS PURCHASE PROCESS LOOKING · PDF fileOne way to reduce the problems with the traditional material purchase process ... process (purchase requisition ... difference

STRUCTURING MATERIALS PURCHASE PROCESS LOOKING · PDF fileOne way to reduce the problems with the traditional material purchase process ... process (purchase requisition ... difference

Documents
Procurement to PAY Audit by Protiviti

Procurement to PAY Audit by Protiviti

Documents
Australian Government protiviti· · Australian Government ~~~~~-· Department of Health . protiviti· Fa

Australian Government protiviti· · Australian Government ~~~~~-· Department of Health . protiviti· Fa

Documents
Protiviti Proposal Template

Protiviti Proposal Template

Documents
Land Purchase Process Map

Land Purchase Process Map

Documents
Sf purchase process with insurance

Sf purchase process with insurance

Economy & Finance
Risk culture - IRM PROTIVITI

Risk culture - IRM PROTIVITI

Business