Public companies using SAP rely on 50-100 application controls to complete the requirements for Sarbanes-Oxley. These are often tested manually using screenshots and other techniques. Consider using data analytics tools with an SAP connector to automate all or most of your SAP testing. The following are a few of the many control tests that can be easily automated:
Purchase-to-pay:
Goods receipt thresholds: Use table T405, Purchasing Value Key
Purchase order variances recorded to COGS: Use tables T030, Standard Accounts Table, and SKAT, GL Account Master Record
Purchase price variances: Use table T169G, Invoice verification tolerances
Order-to-cash:
Posting of sales and commissions: Use table T628I, contains conditions and access sequences
Sequential invoice numbering by billing type: Use table TVFK, contains types and sequences
Custom programs:
All custom code can be automatically checked for changes and flagged for follow-up. Code changes may require additional baseline testing.
Automated testing results can be rolled forward and compared from interim to final and from year to year to identify any changes to your configuration controls or your custom code. The testing of all SAP application controls can be consolidated within one automated script that is easily read and reviewed by internal and external auditors, and documented using standardized Excel SOX templates.
Comments