order to cash process controls governance , risk and compliance v1.53 (cn) sap best practices
Post on 23-Dec-2015
256 Views
Preview:
TRANSCRIPT
Order to Cash Process Controls
Governance , Risk and Compliance V1.53 (CN)
SAP Best Practices
© SAP 2008 / SAP Best Practices Page 2
Scenario Overview – 1
Compliance structure in C-sox regulation has been set up for Order to Cash processes. (Organization, Process, Sub-process, Control)
Scoping has been done to identify the significant accounts. Compliance assessment should be implemented for the signified sub-processes and controls in Order to Cash.
Prerequisite
Business Relevance
Significant control points should be monitored this year in Sales and Receipts management:
Control with Manual Test Plan (Accounts Receivable and Balance Management)
Control with Semi-Automatic Test (Managing One-time Customer)
Control with Semi-Automatic Test (Product Pricing)
Control with Automatic Test (Customer Credit Control)
© SAP 2008 / SAP Best Practices Page 3
Purpose Process Controls in Order to Cash are used to describe the lifecycle of
compliance assessments in Order to Cash business processes. Compliance testing can be implemented manually, or via automatic control or
semi-automatic control. You can test effectiveness of control, or to detect business violation by
monitoring underlying transactions in ERP systems.
Benefits Highlight key points in compliance testing in business process Order to Cash. The procedures can be reused in continuous monitoring and control in Sales
and Receipts Management.
Purpose and Benefits
Scenario Overview -2
© SAP 2008 / SAP Best Practices Page 4
Scenario Overview -3
Create planner for manual test control and semi-auto control
Create Scheduler for Automatic Control
Process the manual test plan
Validate the result of semi-automatic control
Issue validation and issue remediation plan proposal
Execute remediation plan
Remediation plan review and issue close
Key Process Flows Covered
© SAP 2008 / SAP Best Practices Page 5
Control Highlights
Scenario Overview -5
Controls Test Method
Purpose Benefits
Accounts Receivable and Balance Management Manual
Test whether Balance confirmations of accounts are periodically performed and documented correctly.
Ensure that balance of customer accounts reflects the reality on regular basis.
Managing One-time Customer
Semi-auto Test whether the usage of one-time customer is proper
Ensure one-time customer is managed in an appropriate way.
Monitoring Changes on Product Pricing
Semi-autoTest whether product pricing information is updated accurately and timely
Ensure the consistency of customer pricing strategy.
Monitoring Changes on Customer Credit Control
AutoTest whether customer credit control information is updated accurately and timely
Ensure the consistency of customer credit management.
© SAP 2008 / SAP Best Practices Page 6
SAP Applications Required SAP GRC PC3.0 SAP ECC 6.0
Scenario Overview -6
Company Roles Involved in Process Flows(Manual and Semi-auto Control)
System Roles
Planner
Process Tester
Issue Owner
Remediation Plan Owner
Company Roles
Internal Control Manager 审计审计部内控经理 Internal Control Specialist 审计部内控专员 (OTC)
Subsidiary#2 Sales Manager 子公司 2销售部经理Subsidiary#2 Sales Specialist 子公司 2销售部专员
Automatic Control
System Roles
Planner
Issue Owner
Remediation Plan Owner
Company Roles
Internal Control Specialist 审计部内控专员 (OTC)
Subsidiary#2 Sales Specialist 子公司 2销售部专员Subsidiary#2 Sales Specialist 子公司 2销售部专员Subsidiary#2 Sales Specialist 子公司 2销售部专员
© SAP 2008 / SAP Best Practices Page 7
Process Flow Diagram 1/4Order to Cash Process Controls with Manual Test Plan(Accounts Receivable and Balance Management 应收账款对账管理 )
Set up and schedule manual test plan with activity “Test Control Effectiveness”
Follow the steps in manual test plan, to perform manual Test of effectiveness
Ev
en
tP
lan
ner
Pro
cess
Tes
ter
for
OT
C
Compliance Manual Test Plan
Get task in Work inbox
check the issue
Issu
e O
wn
er
Report Issue?
Yes
No
Propose the remediation plan
delegate a plan owner
The test has
passed
Get task in Work inbox
Need remediation Plan?
Close issue with comment
but without remediation
plan
No
Yes
Enter details for remediation plan
Submit remediation plan for review and completeness
Receive email in the Work inbox
Validate remediation plan?
Yes
Close remediation plan
and issue
Compliance Manual Test Plan
Rem
edia
tio
n
Pla
n O
wn
er
No
Yes
© SAP 2008 / SAP Best Practices Page 8
Process Flow Diagram 2/4 Order to Cash Process Controls with Semi automatic Control(Managing One-time Customer 一次性客户销售管理和监控 )
Ev
en
tP
lan
ner
P
roce
ss T
este
r F
or
OT
C
Create Planner for the Semi-automatic Control
Review the issue created by system automatically
Compliance Semi-automatic test Plan
Get task in the work inbox
Any Issue? No
Submit , and the test has
been passed
© SAP 2008 / SAP Best Practices Page 9
Process Flow Diagram 3/4Order to Cash Process Controls with Semi automatic Control
(Monitoring Changes on Product Pricing 监控产品销售价格信息变动 )
Ev
en
tP
lan
ner
P
roce
ss T
este
r F
or
OT
CIs
sue
Ow
ner
R
emed
iati
on
P
lan
Ow
ner
Set up and schedule manual test plan with activity “Test Control Effectiveness”
Review the issue created by system automatically
Compliance Semi-automatic test Plan
Get task in process tester’s work inbox
check the issue
Valid Issue?
Yes
No
Propose the remediation plan
delegate a plan owner
The test has been passed
Get task in issue owner’s Work inbox
Need remediation Plan?
Close issue with
comment but without remediation
plan
No
Yes
Enter details for remediation plan
Submit remediation plan for review and completeness
Receive email in remediation plan owner’s Work inbox
Validate remediation plan?
Yes
Close remediation plan and
issue
Compliance semi-automatic Test Plan
No
Yes
Void the issueSubmit the
issue
© SAP 2008 / SAP Best Practices Page 10
Process Flow Diagram 4/4 Order to Cash Process Controls with Automatic Control
(Monitoring Changes on Customer Credit Control 监控客户信用额度信息变动 )
Set up and schedule automatic test
Ev
e n tP
lan
ner
Compliance Automatic Test Plan
Issu
e O
wn
er
Pass
Compliance Automatic Test Plan
Start date reached?
Monitor Job
Yes
Rem
edia
tio
n
Pla
n O
wn
er
PC
Au
to-
co ntr ol
check the issue
Yes
Propose the remediation plandelegate a plan owner
Get task in issue owner’s Work inbox
Need remediation Plan?
No
Yes
Enter details for remediation plan
Submit remediation plan for review and completeness
Receive email in remediation plan owner’s Work inbox
Validate remediation plan?
Yes
Close remediation plan and issue
No
Yes
No
No
The test has passed
Close issue with comment but without remediation plan
© SAP 2008 / SAP Best Practices Page 11
Legend
Symbol Description Usage Comments
Band: Identifies a user role, such as Accounts Payable Clerk or Sales Representative. This band can also identify an organization unit or group, rather than a specific role.
The other process flow symbols in this table go into these rows. You have as many rows as required to cover all of the roles in the scenario.
Role band contains tasks common to that role.
External Events: Contains events that start or end the scenario, or influence the course of events in the scenario.
Flow line (solid): Line indicates the normal sequence of steps and direction of flow in the scenario.Flow line (dashed): Line indicates flow to infrequently-used or conditional tasks in a scenario. Line can also lead to documents involved in the process flow.
Connects two tasks in a scenario process or a non-step event
Business Activity / Event: Identifies an action that either leads into or out of the scenario, or an outside Process that happens during the scenario
Does not correspond to a task step in the document
Unit Process: Identifies a task that is covered in a step-by-step manner in the scenario
Corresponds to a task step in the document
Process Reference: If the scenario references another scenario in total, put the scenario number and name here.
Corresponds to a task step in the document
Sub-Process Reference: If the scenario references another scenario in part, put the scenario number, name, and the step numbers from that scenario here
Corresponds to a task step in the document
Process Decision: Identifies a decision / branching point, signifying a choice to be made by the end user. Lines represent different choices emerging from different parts of the diamond.
Does not usually correspond to a task step in the document; Reflects a choice to be made after step execution
Symbol Description Usage Comments
To next / From last Diagram: Leads to the next / previous page of the Diagram
Flow chart continues on the next / previous page
Hardcopy / Document: Identifies a printed document, report, or form
Does not correspond to a task step in a document; instead, it is used to reflect a document generated by a task step; this shape does not have any outgoing flow lines
Financial Actuals: Indicates a financial posting document
Does not correspond to a task step in a document; instead, it is used to reflect a document generated by a task step; this shape does not have any outgoing flow lines
Budget Planning: Indicates a budget planning document
Does not correspond to a task step in a document; instead, it is used to reflect a document generated by a task step; this shape does not have any outgoing flow lines
Manual Process: Covers a task that is manually done
Does not generally correspond to a task step in a document; instead, it is used to reflect a task that is manually performed, such as unloading a truck in the warehouse, which affects the process flow.
Existing Version / Data: This block covers data that feeds in from an external process
Does not generally correspond to a task step in a document; instead, this shape reflects data coming from an external source; this step does not have any incoming flow lines
System Pass / Fail Decision: This block covers an automatic decision made by the software
Does not generally correspond to a task step in the document; instead it is used to reflect an automatic decision by the system that is made after a step has been executed.
<
Fun
ctio
n>
Ext
ern
al to
S
AP
Business Activity / Event
Unit Process
Process Reference
Sub-Process Reference
Process Decision
Diagram Connection
Hardcopy / Document
Financial Actuals
Budget Planning
Manual Process
Existing Version / Data
System Pass/Fail Decision
© SAP 2008 / SAP Best Practices Page 12
© 2010 SAP AG. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.
Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.
IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation.
Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.
Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries.
Oracle is a registered trademark of Oracle Corporation.
UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.
Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc.
HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology.
Java is a registered trademark of Sun Microsystems, Inc.
JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape.
SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, Clear Enterprise, SAP BusinessObjects Explorer, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries.
Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP France in the United States and in other countries.
All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.
The information in this document is proprietary to SAP. No part of this document may be reproduced, copied, or transmitted in any form or for any purpose without the express prior written permission of SAP AG.
This document is a preliminary version and not subject to your license agreement or any other agreement with SAP. This document contains only intended strategies, developments, and functionalities of the SAP® product and is not intended to be binding upon SAP to any particular course of business, product strategy, and/or development. Please note that this document is subject to change and may be changed by SAP at any time without notice.
SAP assumes no responsibility for errors or omissions in this document. SAP does not warrant the accuracy or completeness of the information, text, graphics, links, or other items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.
SAP shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials. This limitation shall not apply in cases of intent or gross negligence.
The statutory liability for personal injury and defective products is not affected. SAP has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third-party Web pages nor provide any warranty whatsoever relating to third-party Web pages.
top related