Scribd Logo
Upload

Welcome to Scribd!

  • Matriz Sod Sap

    Uploaded by

    Eduardo Ed
    2K views10 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    2K views10 pages

    Matriz Sod Sap

    Uploaded by

    Eduardo Ed

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 10

    SEGREGATION OF DUTIES MATRIX

    Vendor Mast. Maint. CEN Customer Master Maint.

    Vendor Mast. Maint. MM Service Master Maint. Material Master Maint. Sales Invoice Release

    Customer Master (Credit)

    AR Clear Customer Acct.

    Vendor Mast. Maint. FI Sales Order Entry Purchase Order Entry

    Sales Pricing Maint.

    Goods/Service Receipt

    Process Outbound Deliveries

    Purchasing Agreements

    AP Clear Vendor Acct.

    Sales Rebates

    Sales Order Release

    Maintain Security

    Physical Inventory

    Process Requisition

    Release Requisition

    AP Voucher Entry Sales Invoicing Requisitioning AP Payments Goods Issue a X b X c X d X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X e X X f X X g h i j k l m n o X X X X X X p X X q X X r X s t u v w x X X X X X X

    Sales Agrmts/Contracts

    Maintain Sal. Deals/Promotions

    Task Group Description AR Cash Application y X X X X X X Bank Reconciliation

    aa

    ab

    ac

    ad

    X X

    ae X X X X X X X X X X X X X

    X X X

    X X

    X X

    X X

    Task Group Description AP Voucher Entry AP Payments AP Clear Vendor Acct. Vendor Mast. Maint. FI Vendor Mast. Maint. MM Vendor Mast. Maint. CEN Bank Reconciliation AR Cash Application AR Clear Customer Acct. Material Master Maint. Service Master Maint. Requisitioning Release Requisition Process Requisition Purchase Order Entry Purchasing Agreements Goods/Service Receipt Goods Issue Physical Inventory Sales Agrmts/Contracts Customer Master Maint. Customer Master (Credit) Sales Invoicing Sales Invoice Release Sales Order Entry Sales Order Release Sales Pricing Maint. Sales Rebates Process Outbound Deliveries Maintain Sal. Deals/Promotions Maintain Security Grp a b c d e f g h i j k l m n o p q r s t u v w x y z aa ab ac ad ae X X X X X X X X X X X X X X X X X X X X

    X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X

    Conflicting Functions

    SoD - RISKS DESCRIPTIONS

    Vendor Mast. Maint. CEN Customer Master Maint.

    Vendor Mast. Maint. MM Service Master Maint. Material Master Maint. Sales Invoice Release

    Customer Master (Credit)

    AR Clear Customer Acct.

    Vendor Mast. Maint. FI Sales Order Entry Purchase Order Entry

    Sales Pricing Maint.

    Goods/Service Receipt

    Process Outbound Deliveries

    Purchasing Agreements

    AP Clear Vendor Acct.

    Sales Rebates

    Sales Order Release

    Maintain Security

    Physical Inventory

    Process Requisition

    Release Requisition

    AP Voucher Entry Sales Invoicing Requisitioning AP Payments Goods Issue a 6 b 3 c 3 d 4 5 7 7 6 6 11 11 11 12 8 8 2 8 9 9 9 9 9 9 11 11 11 11 13 13 13 13 10 10 15 14 28 27 27 25 31 16 24 18 17 12 21 28 33 33 25 31 11 12 11 11 13 13 11 11 13 13 10 10 15 14 27 27 24 12 14 14 28 28 33 33 25 25 9 9 9 3 3 4 4 4 5 5 5 6 e 4 5 f 4 5 g h i j k l m n o 8 8 8 9 9 9 p 8 8 q 1 2 r 1 s t u v w x 8 8 1 1 32 30 34 34 34 34 34 34 34 34 32 30 34 34 34 34 34 34 34 34 34 34 29 34 34 34 23 26 22 23 34 34

    Sales Agrmts/Contracts

    Maintain Sal. Deals/Promotions

    Task Group Description AR Cash Application y 31 31 16 18 17 21 12 20 26 19 20 34 Bank Reconciliation

    aa

    ab

    ac

    ad

    32 32

    ae 34 34 34 34 34 34 34 34 34 34 34 34 34

    29

    23 12 20

    26 26

    22 19

    23 20

    34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34

    Task Group Description AP Voucher Entry AP Payments AP Clear Vendor Acct. Vendor Mast. Maint. FI Vendor Mast. Maint. MM Vendor Mast. Maint. CEN Bank Reconciliation AR Cash Application AR Clear Customer Acct. Material Master Maint. Service Master Maint. Requisitioning Release Requisition Process Requisition Purchase Order Entry Purchasing Agreements Goods/Service Receipt Goods Issue Physical Inventory Sales Agrmts/Contracts Customer Master Maint. Customer Master (Credit) Sales Invoicing Sales Invoice Release Sales Order Entry Sales Order Release Sales Pricing Maint. Sales Rebates Process Outbound Deliveries Maintain Sal. Deals/Promotions Maintain Security Grp a b c d e f g h i j k l m n o p q r s t u v w x y z aa ab ac ad ae

    Matrix with Risks Descriptions

    SoD - RISKS DESCRIPTIONS


    REF. RISK DESCRIPTION Un usuario puede publicar o cambiar una recepcin de bienes/servicios incorrecta/ficticia y registrar documentos contables para su posterior pago. Tambin es posible la registracin de mercaderia en defecto y registrar una nota de crdito/descuento ficticios. Un usuario puede registrar o cambiar una recepcin de bienes/servicios en defecto y generar una orden de pago a fin de cancelar la factura correcta y ocultar el engao Un usuario puede registrar o cambiar una factura/nota de dbito ficticia y generar el pago/compensacin a fin de cancelar el documento. Un usuario puede registrar, publicar o cambiar proveedores no autorizados/ficticios/reales y registrar documentos contables para su posterior pago. Posterior al pago el usuario podria bloquear o borrar el mismo para ocultar el engao. Un usuario puede publicar o cambiar proveedores ficticios/reales y generar pagos. Posterior al pago el usuario podria bloquear o borrar el mismo para ocultar el engao. Un usuario puede registrar cobros/pagos ficticios y conciliar posteriormente contra los movimientos reales del banco ocultando el engao. Un usuario puede ingresar datos incorrectos por desconocimiento, lo cual impactara en las consecuentes transacciones que apliquen al mismo. Un usuario puede publicar o cambiar ordenes de compras/contratos generando relaciones ficticias/irregulares con proveedores, registrando posteriormente documentos contables para su posterior pago y/o directamente la registracin de cancelaciones sobre tales documentos. Un usuario puede registrar, publicar o cambiar proveedores no autorizados/ficticios/reales y registrar contratos y compras sobre los mismos. Posterior al pago el usuario podria bloquear o borrar el mismo para ocultar el engao. Un usuario puede registrar contratos/compras y recepciones ficticias sobre los mismos, generando obligaciones de pago irreales para la organizacin. Un usuario puede registrar solicitudes de pedido, contratos y/o compras sobre materiales ficticios/no autorizados. Se podra estar favoreciendo a un proveedor modificando los precios registrados en el maestro, o modificando los datos de planificacin (stock minimo, lote optimo de compra, etc.). Falta de autorizaciones acordes por no existir separacin entre la actividad realizada y la autorizacin sobre sta. Un usuario puede registrar contratos y/o compras sobre solicitudes de pedidos ficticias/no autorizados. Un usuario puede publicar o cambiar una recepcin/salida de mercancas ficticia/incorrecta y crear o modificar un documento de inventario o bien borrar el inventario de los bienes para ocultar el engao. Un usuario puede publicar o cambiar una recepcin de mercancas ficticia/incorrecta y, a continuacin, utilizar una salida de bienes para ocultar el engao. Un usuario podra crear un contrato de Ventas ficticio y crear Notas de Ventas sobre el mismo. Un usuario puede aumentar el lmite de crdito de un cliente y, a continuacin, procesar Notas de Ventas del mismo que conduzcan a deudas irrecuperables. El usuario puede crear un cliente ficticio y generar rdenes de entrega de ellos conduciendo a una malversacin de bienes. El usuario puede crear o modificar pedidos y entregas de ventas a los fines de ocultar la apropiacin indebida de bienes. Un usuario puede crear Notas de Ventas otorgando descuentos en exceso, no autorizados. Un usuario podra estar generando Notas de Ventas ficticias/errneas y procesando su correspondiente Factura, registrando la compaa ganancias irreales y pagando impuestos en exceso. Por otro lado podria estar generando una devolucin de ventas ficticias y su correspondiente Nota de Crdito invirtiendo la situacin.

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

    Matrix with Risks Descriptions

    SoD - RISKS DESCRIPTIONS


    22 23 24 25 26 27 28 29 30 31 32 33 34
    Un usuario podra estar generando entregas ficticias/errneas y procesando su correspondiente Factura, registrando la compaa ganancias irreales y pagando impuestos en exceso. Po otro lado podra crear o modificar una orden de entrega y crear / modificar una nota de crdito para ocultar el engao, malversando los bienes de la compaa Un usuario puede crear Facturas otorgando descuentos en exceso, no autorizados. Un usuario puede crear Facturas sobre clientes ficticios/no autorizados, registrando la compaa ganancias irreales y pagando impuestos en exceso. El usuario puede crear o modificar una Factura e ingresar / modificar cobranzas acordes para ocultar el importe real de la transaccin. Por otro lado, podra compensar partidas abiertas contra notas de crdito inapropiadas, disminuyendo sensiblemente el saldo de la compaa de cuentas por cobrar. Descuentos no autorizados podran trasladarse a Notas de Ventas / Facturas El usuario podra crear un cliente ficticio, asignandole un contrato de ventas Por otro lado, podria el usuario aumentar el lmite de crdito a un cliente existente y asignarsele un contrato, conduciendo tal situacin a potenciales deudas irrecuperables. El usuario podra crear un contrato ficticio, imputando cobranzas contra el mismo. El usuario podra crear un contrato ficticio, generando salidas de mercaderias contra el mismo, malversando los bienes de la compaa. El usuario podra crear salidas de mercaderias ficticias, imputando cobranzas contra el mismo. El usuario puede crear o modificar una Nota de Venta y procesar los pagos de manera inexacta o fraudulenta, lo que potencialmente resultar en prdidas a la compaa. El usuario puede crear o modificar condiciones de descuento y procesar los pagos de manera inexacta o fraudulenta, lo que potencialmente resultar en prdidas a la compaa. La capacidad de introducir o modificar el pago de anticipos de los clientes y la capacidad de crear o modificar la informacin de la cuenta del cliente deben estar separadas. Si la misma persona puede procesar ambos temas, cambios no autorizados se podrn efectuar y, posiblemente, no se detecten. Esto podra resultar en la reduccin disponibilidades, sobrevaluacin de saldos de cuentas por cobrar del libro mayor general, fraude, etc Cambios no autorizados en perfiles implican un bypass sobre las segregaciones arriba detalladas potenciando todos los riesgos expresados en el presente documento.

    Matrix with Risks Descriptions

    Task Group Description

    Grp Trans. & Code Transaction Name SAP Groups Transactions Details

    AP Voucher Entry

    F-41 F-42 F-43 FB02 FB08 FB09 FB10 FBD2 FBV0 FBV2 MR08 MRHG MRHR

    Enter Vendor Credit Memo Enter Transfer Posting Enter Vendor Invoice Change Document Reverse Document Change Line Items Invoice/Credit Fast Entry Change Recurring Entry Post Parked Document Change Parked Document Cancel Invoice Document Enter Credit Memo Enter Invoice

    AP Payments

    F110 F-46 F-48 F-51 F-52 F-53 F-54 F-59 FBZ2 FCH3 FCH4 FCH5 FCH6 FCH7 FCH8 FCH9 FCHD FCHE FCHF FCHG FCHR FCHT FCHX

    Parameters for Automatic Payment Reverse Refinancing Acceptance Post Vendor Down Payment Post with Clearing Post Incoming Payments Post Outgoing Payments Clear Vendor Down Payment Payment Request Post Outgoing Payments Void Checks Renumber Checks Create Checks Information Change Check Information/Cash Check Reprint Check Reverse Check Payment Void Issued Check Delete Payment Run Check Info. Delete Voided Checks Delete Manual Checks Delete cashing/extract data Online Cashed Checks Change check/payment allocation Check Extract - Creation

    AP Clear Vendor Acct.

    F-44 F.13 FBRA MR11

    Clear Vendor ABAP/4 Report: Automatic Clearing Reset Cleared Items Maintain GR/IR Clearing Account

    Vendor Master Maint. FI

    FK01 FK02 FK05 FK06

    Create Vendor (Accounting) Change Vendor (Accounting) Block Vendor (Accounting) Mark Vendor for Deletion (Accounting)

    Groups & Trans

    Task Group Description

    Grp Trans. & Code Transaction Name SAP Groups Transactions Details

    Vendor Master Maint. MM

    MK01 MK02 MK05 MK06 MK12

    Create Vendor (Purchasing) Change Vendor (Purchasing) Block Vendor (Purchasing) Mark Vendor for Deletion (Purchasing) Change Vendor (Purchasing), planned

    Vendor Master Maint. CEN

    XK01 XK02 XK05 XK06 XK07 MKVZE

    Create Vendor (Centrally) Change vendor (centrally) Block vendor (centrally) Mark vendor for deletion (centrally) Change vendor account group Currency Change: Vendor Master Rec.

    Bank Reconciliation

    FB05 F-04

    Post with Clearing Post with Clearing

    AR Cash Application

    F-26 F-28 F-29 F-34 F-36

    Incoming Payment Fast Entry Post Incoming Payments Post Customer Down Payment Post Collection Bill Of Exchange Payment

    AR Clear Customer Acct.

    F-32

    Clear Customer

    Material Master Maint.

    MM01 MM02 MMAM MMZ1

    Create Material - General Change Material Change Material Type Create Material - General

    Service Master Maint.

    AC01 AC02

    Create Service Change Service

    Requisitioning

    ME51 ME51N ME52 ME5N

    Create Purchase Requisition Create Purchase Requisition Change Purchase Requisition Change Purchase Requisition

    Release Requisition

    ME54 ME55

    Release Purchase Requisition Collective Release of Purchase Reqs.

    Groups & Trans

    Task Group Description

    Grp Trans. & Code Transaction Name SAP Groups Transactions Details

    Process Requisitions

    ME56 ME57 ME58

    Assign Source to Purch. Requisition Assign and Process Requisition Ordering: Assign Requisitions

    Purchase Order Entry

    ME21 ME21N ME22 ME22N ME24 ME24N ME25 ME27 ME59

    Create Purchase Order Create Purchase Order Change Purchase Order Change Purchase Order Maintain Purchase Order Supplement Maintain Purchase Order Supplement Create PO with Source Determination Create Stock Transfer Order Automatic Generation of Pos

    Purchasing Agreements

    ME31K ME31L ME32K ME32L ME34K ME34L ME37 ME38

    Create Contract Create Scheduling Agreement Change Contract Change Scheduling Agreement Maintain Contract Supplement Maintain Sched. Agreement Supplement Stock Transport Scheduling Agmt. Maintain Sched. Agreement Schedule

    Goods/Service Receipt

    COGI MB01 MB01 MB02 MB0A MB0A MB1C MB31 MIGO MIGO_GI MIGO_GO MIGO_GR MIGO_TR ML81

    Process Goods Movement w. Errors Post Goods Receipt for PO Post Goods Receipt for PO Change Material Document Post Goods Receipt for PO Post GR for PO Other Goods Receipt Goods Receipt for Production Order Goods Movement Goods Movement Goods Movement Goods Movement Transfer Posting Maintain Service Entry Sheet

    Goods Issue

    MB1A

    Goods Withdrawal

    Physical Inventory

    LI01 LI02 LI11 LI12 LI20 Groups & Trans

    Create System Inventory Record Change System Inventory Record Enter Inventory Count Change Inventory Count Clear Inventory Differences

    Task Group Description

    Grp Trans. & Code Transaction Name SAP Groups Transactions Details LI21 MI01 MI02 MI04 MI05 MI07 MI09 MI20 MI08 Clear Inventory Differences - MM-IM Create Physical Inventory Document Change Physical Inventory Document Enter Inventory Count with Document Change Inventory Count Process List of Difference Enter Inventory Count w/o Document Print List of Differences Create List of Differences with Doc.

    Sales Agrmts/Contracts

    VA31 VA32 VA41 VA42

    Create Scheduling Agreement Change Scheduling Agreement Create Contract Change Contract

    Customer Master Maint.

    FD01 FD02 FD06 V-03 V-04 V-05 V-06 V-07 V-08 V-09 V-11 V-12 VD01 VD02 VD05 VD06 VDH1 XD01 XD02 XD07

    Create Customer (Accounting) Change Customer (Accounting) Mark Customer for Deletion (Acctg) Create Ordering Party (Sales) Create Invoice Recipient (Sales) Create Payer (Sales) Create Consignee (Sales) Create one-time customer (Sales) Create Payer (Centrally) Create ordering party (Centrally) Create carrier Create Customer Hierarchy Nodes Create Customer (Sales) Change Customer (SD) Block Customer (Sales) Mark Customer For Deletion (sales) Customer Hierarchy Maintenance (SD) Create Customer (Centrally) Change Customer (Centrally) Change Customer Account Group

    Customer Master (Credit)

    F.28 F.34 FD24 FD32 FD37 S_ALR_87009999 S_ALR_87012220

    Customers: Reset credit limit Credit management mass change Credit limit changes Change customer credit management Credit management mass change Credit Limit Data mass change Reset Credit Limit for Customers

    Sales Invoicing

    F-22 F-27 FB70 FB75 FBV0 Groups & Trans

    Enter customer invoice Enter customer credit memo Enter outgoing invoice Enter outgoing credit memo Post parked document

    Task Group Description

    Grp Trans. & Code Transaction Name SAP Groups Transactions Details FBVB VF01 VF02 VF04 VF06 VF11 VF21 VF22 VFX3 Post parked document Create billing document Change billing document Process billing due list Batch billing Cancel billing document Create invoice list Change invoice list List blocked billing documents

    Sales Invoice Release

    V.23

    Release Orders for Billing

    Sales Order Entry

    V-01 VA01 VA02

    Create Sales Order Create Sales Order Change Sales Order

    Sales Order Release

    VKM1 VKM2

    Blocked SD Documents Released SD Documents

    Sales Pricing Maint.

    aa

    V/03 V/04 V/I5 V_I7 V-41 V-43 V-47 V-51 VK03 VK04 VK11 VK12 VK14 VK15 VK16 VK17 VK19 VK31 VK32 VK34

    Create condition table (SD price) Change condition table (sales pr) Condit: Pricing SD - Index in Backgr Condit: Pricing SD - Index in Backgr Create material price Change material price Change price list Change Cust. Price Create condition table Change condition table Create condition Change condition Creation condition with reference Create condition Creation condition with reference Change condition Change condition without menu Condition maintenance: Create Condition maintenance: Change Condition maint: create with refer

    Sales Rebates

    ab

    OV20 OV21 VB(6 VB(7 VB(D VBO1 VBO2 Groups & Trans

    Condition table: create rebate Condition table: change rebate Rebate Group Maintenance Rebate Agreement Settlement Rebate Agreement Settlement Create Rebate Agreement Change Rebate Agreement

    Task Group Description

    Grp Trans. & Code Transaction Name SAP Groups Transactions Details

    Process Outbound Deliveries

    ac

    VL01 VL01N VL01NO VL02 VL02N VL06G VL10 VL10A VL10BATCH VL10C VL10E VL10G VL10H VL10I VL11 VL12 VL21 VL23 VL23N VL04

    Create delivery Create outbound delivery with order ref Create outbound delivery w/o order ref Change outbound delivery Change outbound delivery List of outbound deliveries for Goods Issue Edit user-specific delivery due list Sales orders due for delivery VL10 Background planning Order items due for delivery Order schedule lines due for delivery Documents due for delivery Items due for delivery Schedule lines due for delivery Create decentralised delivery Delivery creation in background Post goods issue in background Goods issue (background processing) Goods issue (background processing) Sales Orders/Purchase Orders Worklist : Selection

    Maintain Sales Deals Promotions

    ad

    VB21 VB22 VB31 VB32 WAK1 WAK12 WAK2

    Create sales deal Change sales deal Create promotion Change promotion Create promotion Maintain promotion items Change promotion

    Maintain Security

    ae

    SU01 SU02 SU03 SU10 SU12 SM01 PFCG SM59 SM19 SM20

    Maintain Users Maintain Authorization Profiles Maintain Authorizations Mass Changes to User Master Mass Changes to User Master Records Lock Transactions Activity Group Maintenance RFC Destinations (Display/Maintain) Basis Audit Configuration System Audit Log

    Groups & Trans

    You might also like