| ACTIVITY |
& |
ACTIVITY |
RISK |
RISK LEVEL |
| Maintain credit master data |
& |
Process sales orders |
User can increase a customer credit limit and then process sales orders for that customer leading to irrecoverable debt. |
M |
| Maintain contract/scheduling agreement |
& |
Process sales orders |
User can create a fictitious contract and then create sales orders against that contract. |
M |
| Customer master data maintenance |
& |
Process sales orders |
User can create a fictitious customer and create orders for delivery to them thereby misappropriating goods. |
M |
| Process sales orders |
& |
Process outbound deliveries |
User can create/change sales orders and deliveries to hid the misappropriation of goods. |
H |
| Process sales orders |
& |
Maintain sales deal |
User can create sales orders and maintain pricing, therefore over-charging customers or giving then unauthorised discounts. |
M |
| Process sales orders |
& |
Maintain sales promotion |
User can create sales orders and maintain pricing, therefore over-charging customers or giving then unauthorised discounts. |
M |
| Process sales orders |
& |
Maintain pricing condition records |
User can create sales orders and maintain pricing, therefore over-charging customers or giving then unauthorised discounts. |
M |
| Process sales orders |
& |
Process customer credit note (FI) |
User can create/change a credit memo request and then process the credit note. |
H |
| Process sales orders |
& |
Process customer invoices (FI) |
User can create/change a sales order and create/change an invoice for the order. |
M |
| Process sales orders |
& |
Process customer invoices (SD) |
User can create/change a sales order and create/change an invoice for the order. |
M |
| Process sales orders |
& |
Post parked customer invoice/credit note |
User can create/change a sales order and create/change an invoice for the order. |
M |
| Process outbound deliveries |
& |
Process customer credit note (FI) |
User can create/change a delivery and create/change a credit note to hide the deception, thereby misappropriating goods. |
H |
| Process outbound deliveries |
& |
Process customer invoices (FI) |
User can create/change a delivery and create/change an invoice. |
H |
| Process outbound deliveries |
& |
Process customer invoices (SD) |
User can create/change a delivery and create/change an invoice. |
H |
| Process outbound deliveries |
& |
Post parked customer invoice/credit note |
User can create/change a delivery and create/change an invoice. |
H |
| Process customer invoices (SD) |
& |
Maintain sales deal |
User can create invoices and maintain pricing, therefore over-charging customers or giving then unauthorised discounts. |
M |
| Process customer invoices (SD) |
& |
Maintain sales promotion |
User can create invoices and maintain pricing, therefore over-charging customers or giving then unauthorised discounts. |
M |
| Process customer invoices (SD) |
& |
Maintain pricing condition records |
User can create invoices and maintain pricing, therefore over-charging customers or giving then unauthorised discounts. |
M |
| Park customer invoice/credit note |
& |
Post parked customer invoice/credit note |
User can park and post customer invoices. |
M |
| Customer master data maintenance |
& |
Process customer credit note (FI) |
User can create a fictitious customer and then issue a credit note to the customer. |
M |
| Customer master data maintenance |
& |
Process customer invoices (FI) |
User can create a fictitious customer and then issue a credit note to the customer. |
M |
| Customer master data maintenance |
& |
Process customer invoices (SD) |
User can create a fictitious customer and then issue a credit note to the customer. |
M |
| Customer master data maintenance |
& |
Post parked customer invoice/credit note |
User can create a fictitious customer and then issue a credit note to the customer. |
M |
| Incoming payments |
& |
Process customer credit note (FI) |
User can clear invoices inappropriately through maintaining customer receipts and customer credit notes. |
M |
| Incoming payments |
& |
Process customer invoices (FI) |
User can create/change an invoice and enter/change payments against the invoice. |
M |
| Incoming payments |
& |
Process customer invoices (SD) |
User can create/change an invoice and enter/change payments against the invoice. |
M |
| Incoming payments |
& |
Post parked customer invoice/credit note |
User can create/change an invoice and enter/change payments against the invoice. |
M |
| Customer master data maintenance |
& |
Incoming payments |
User can create a customer and then post payments against the customer. |
H |
| Customer master data maintenance |
& |
Process outbound deliveries |
User can create a customer and delivery goods to that customer, thereby misappropriating goods. |
H |
| Create down-payment request |
& |
Post customer down-payment |
User can create a down-payment request and post a down-payment. |
M |
| Post customer down-payment |
& |
Process customer credit note (FI) |
User can post down-payment and process credit notes. |
M |
| Post customer down-payment |
& |
Process customer invoices (FI) |
User can post down-payment and create/change an invoice, thereby reducing customer balances. |
M |
| Post customer down-payment |
& |
Process customer invoices (SD) |
User can post down-payment and create/change an invoice, thereby reducing customer balances. |
M |
| Post customer down-payment |
& |
Post parked customer invoice/credit note |
User can post down-payment and create/change an invoice, thereby reducing customer balances. |
M |
| Clear customer down-payment |
& |
Process customer credit note (FI) |
User can clear down-payment and process credit notes. |
H |
| Clear customer down-payment |
& |
Process customer invoices (FI) |
User can post down-payment and create/change an invoice, thereby reducing customer balances. |
M |
| Clear customer down-payment |
& |
Process customer invoices (SD) |
User can post down-payment and create/change an invoice, thereby reducing customer balances. |
M |
| Clear customer down-payment |
& |
Post parked customer invoice/credit note |
User can post down-payment and create/change an invoice, thereby reducing customer balances. |
M |
| Clear customer down-payment |
& |
Incoming payments |
User can clear down-payment and process incoming payments. |
M |
| Create rebate agreement |
& |
Settle rebate agreement |
User can create/change and settle rebate agreements, thereby granting customers inappropriate credits. |
M |
| Settle rebate agreement |
& |
Process customer credit note (FI) |
User can create credit notes and settle rebates, therefore changing the authorised rebate amount. |
M |
| Settle rebate agreement |
& |
Process customer invoices (FI) |
User can create credit notes and settle rebates, therefore changing the authorised rebate amount. |
M |
| Settle rebate agreement |
& |
Process customer invoices (SD) |
User can create credit notes and settle rebates, therefore changing the authorised rebate amount. |
M |
| Settle rebate agreement |
& |
Post parked customer invoice/credit note |
User can create credit notes and settle rebates, therefore changing the authorised rebate amount. |
M |
| Maintain credit master data |
& |
Customer master data maintenance |
User can create a customer and potentially assign/increase a customer credit limit inappropriately thereby potentially increasing exposure to bad debts. |
M |
| Maintain credit master data |
& |
Maintain contract/scheduling agreement |
User can increase a customer credit limit and then process a contract for that customer leading to irrecoverable debt. |
M |
| Maintain contract/scheduling agreement |
& |
Customer master data maintenance |
User can create a fictitious customer and then create a contract against that customer. |
M |
| Maintain contract/scheduling agreement |
& |
Create rebate agreement |
User can create a fictitious contract and then create rebates against that contract, granting customers inappropriate credits. |
M |
| Maintain contract/scheduling agreement |
& |
Maintain sales deal |
User can create a contract and maintain pricing, therefore over-charging customers or giving then unauthorised discounts. |
M |
| Maintain contract/scheduling agreement |
& |
Maintain sales promotion |
User can create a contract and maintain pricing, therefore over-charging customers or giving then unauthorised discounts. |
M |
| Maintain contract/scheduling agreement |
& |
Maintain pricing condition records |
User can create a contract and maintain pricing, therefore over-charging customers or giving then unauthorised discounts. |
M |
| Maintain contract/scheduling agreement |
& |
Incoming payments |
User can create a contract for a customer and then post payments against that contract/customer. |
M |
| Process outbound deliveries |
& |
Maintain contract/scheduling agreement |
User can create a fictitious contract for a customer and process outbound deliveries against the contract. |
M |
| Process outbound deliveries |
& |
Incoming payments |
User can create fictitious/incorrect delivery and enter payments against these, potentially misappropriating goods. |
H |
| Process sales orders |
& |
Incoming payments |
User can create/change a sales order and process incoming payments inaccurately/fraudulently, potentially resulting in losses to the company. |
H |
| Process sales orders |
& |
Process Revenue Recognition |
Users with authorization to process sales orders as well as the authorization to process the revenue recognition list have the ability to create/change sales orders and edit the amount/timing of the related revenue recognition. |
H |
| Process sales orders |
& |
Create rebate agreement |
Users with authorization to maintain sales rebates as well as process sales orders have the ability to create sales orders to customers with unapproved sales rebates. |
M |
| Customer master data maintenance |
& |
Post customer down-payment |
The ability to enter or modify down payments for customers and the ability to create or modify customer account information should be segregated. If the same person can process both items, unauthorized changes could be made and possibly not detected. This could result in reduced cash collections, potentially inflated accounts receivable general ledger balances, fraud, etc. |
H |
| Customer master data maintenance |
& |
Clear customer down-payment |
The ability to enter or modify down payments for customers and the ability to create or modify customer account information should be segregated. If the same person can process both items, unauthorized changes could be made and possibly not detected. This could result in reduced cash collections, potentially inflated accounts receivable general ledger balances, fraud, etc. |
H |
