sap r 3 accounts payable matrix

04/10/23Accounts Payable Risk Matrices

Contributed August 29, 2001 by [email protected]

City Auditor DepartmentSAP – Accounts Payable

Control Matrix

The attached control matrix is the result of updating the post-implementation control matrix. The matrix outlines risks and controls. Controls will be validated and tested in the 2000-01 file for SAP Application Controls for Accounts Payable (File number 1010043)

The FI-AP module process all invoices related to regular invoices, and invoices related to DPO’s and COR’s. Invoices related to PO’s are entered in the MM module, and controls are tested there.

This matrix will be helpful in identifying the risks and controls over Accounts Payable processing. The 2000-01 fiscal year audit work can be relied upon for a review of internal controls over SAP & Central Accounts Payable processing. However, it will still be necessary to evaluate individual department’s business processes and sample transaction when conducting audits of individual departmental expenditures.

The control matrix contains 4 categories:1) Vendor Master2) Invoice Processing3) Invoice Verification4) Disbursements

1

mailto:[email protected]


No

Risks Possible Negative Results

Risk(High / Med / Low)

Controls P / D

AuditStep

Teammate Ref

SOC

Vendor Master1 Users may have

unauthorized access to update vendor master files.

Financial Loss due to payments made to incorrect vendor. (fraud)

H 1. Appropriate transaction codes and other object authorizations should be assigned to authorized users. The following transactions need to be restricted: Create, change and display

master records

Block and unblock master records

Mark record for deletion

2. Incompatible segregation of duty transactions such as the following are restricted: Create/change vendor

master data and accounts payable activities

Create/change vendor master data and process warrants/distribute warrants.

3. Controller signs off on security forms and check for these incompatibilities.

P

P

P

1a. Review user profile for reasonableness of access.

1b. Review the Vendor Master File for changes that have been made and verify that all of the users who made the changes have the appropriate Vendor Master Change profile.

2. Review user profile for conflicting access .

3. Review user profiles added for A/P Vendor Master, for Controller approvals.

2 Creation or deletion of vendor master files may not be authorized or detected.

Financial Loss due to payments made to unapproved vendor. (fraud)

H 1. Creation or deletion of a vendor master file requires a vendor coding form authorization by the appropriate users.

2. The vendor coding form will be attached with source documents and the A/P supervisor approves it. Then the Accounts Admin Section verifies AP Supervisor approval.

P

P

1,2. Select a sample of vendor master records created. Trace information to vendor coding form, and verify proper authorization.

3. Verify Accounts Admin reviews list of modified/created

2


No



Controls P / D

AuditStep

Teammate Ref

SOC

3. The Accounts Admin Section reviews the SAP report (RFKABL00) listing modified vendors monthly. A sample of new/changed vendors is agreed to the vendor coding form.

Dvendors.

3 Inaccurate or incomplete vendor data may be entered.

Unpaid vendors.

Legal liability for non-compliance with government regulations

H 1. Mandatory fields in the vendor master file are defined and required. These fields include payee name (other required information depends on the Account Group).

2. 1099 information is requested prior to setting up vendor master record. For tax-reportable vendors, the vendor is blocked until the 1099 information is provided

3. Vendors with incomplete info will be manually blocked from payment by AP staff.

4. Inappropriate override for mandatory fields are prevented by SAP.


6. The system displays an error / warning message whenever there is erroneous or omitted vendor data during data entry.

P

P

P

P

1. Observe a user creating a Vendor Master Record, and document mandatory fields are required for entry.

2. Observe a user creating a Vendor Master Record, and verify the 1099 is present, or vendor is blocked for payment.

3. Select a sample of unblocked vendor files and verify they have the required information.

4. Evaluate override authorizations (if any)

5. Select a sample of vendor master records created. Trace information to vendor coding form.

6. Observe that an error/warning message appears when erroneous

3


No



Controls P / D

AuditStep

Teammate Ref

SOC

information is entered, or required information is omitted.

4 Sensitive fields, such as Alternative Payees, may be inappropriately completed and not reviewed.

Financial loss.

H 1. Alternative payees cannot be set up in the vendor master record without proper authorization. Alternate payees are used for collectors, levies, IRS or AZ Department of Revenue levies only. The creation or modification of alternative payee is subject to the same requirements as setting up or changing a vendor master record.


3. The Accounts Admin Section reviews the SAP report (RFKABL00) listing modified vendors monthly. A sample of new/changed vendors is agreed to the vendor coding form.

P

P

D

1. List all master vendor records with an alternative payee.

2. Select a sample from the list and review supporting documentation for accuracy and proper approval.

3. Verify Accounts Admin reviews list of modified/created vendors.

5 Duplicate vendor records may be created.

Incomplete vendor reporting due to more than one vendor number.

Confusion when selecting vendor when invoicing.

M 1. A/P clerk checks for same name address, etc. when submitting or approving vendor master input form.

2. A/P supervisor signs off on vendor master input forms.

3. Standard naming conventions are used to reduce the possibility of duplicate vendor names

P

P

P

1. Observe user creating a vendor master record, and verify the user checks for same name.

2. Select a sample of newly created vendor master records, and verify proper approval.

3. Observe creation of vendor names and verify

4


No



Controls P / D

AuditStep

Teammate Ref

SOC

naming conventions are used.

4. Test vendor master file for duplicate records.

6 Housing / Election vendors may not receive the same level of review/control as centralized A/P vendors.

Financial loss.

H 1. Housing vendors are subject to the same controls mentioned in Vendor Master points 1-5.

P/D

1. Perform same audit steps for Housing (and any other users with vendor master authorization

7 Unauthorized changes to vendor master data may go undetected.

Financial loss

H 1. The Accounts Admin Section reviews the SAP report (RFKABL00) listing modified vendors monthly. A sample of new/changed vendors is agreed to the vendor coding form.

D 1. Run the RFKABL00 report, and ask users to explain the items.

5


No

Risks Potential Negative Results


Controls P / D

Audit Steps Teammate Ref

SOC

FI Invoice Processing1 Unauthorized users

may gain access to post invoice transactions into SAP.

Financial loss.

H 1. Appropriate transaction codes and other object authorizations are assigned to authorized users. The following transactions are restricted: post, change, delete

parked and ‘normal’ documents

park and release parked documents

block and unblock documents.

2. Invoice posting capabilities are segregated from the following: vendor/bank master file

creation/change warrant distribution a/p approval/review

3. SAP security administrator will also monitor.

P 1. Review user profile for reasonableness of access.

2. Rely on BASIS audit to identify conflicting access.

3. Review user profiles added for A/P Invoice, for A/P supervisor and Controller approvals.

2 Terminated or employees on extended leave of absence may have access to the system.

Financial loss.

M 1. A/P supervisor completes a form to remove access when employees leave.

2. Finance SAP Team sends out lists to departments twice a year identifying potential terminated employees

P 1. Compare user profiles for Invoicing to active employee list

2. Verify SAP Team sends out lists.

3 Users may be able to post high dollar transactions without proper authorization.

Unauthorized large payments

M 1. Workflow process: Supervisory approval of invoice, and Finance A/P review & approval

2. Finance Dept Admin Supervisor reviews all payments greater than $100,000.

P 1. Select a sample of invoices and verify supervisory and central a/p staff review.

2. Select a sample of invoices greater than $100,000 and verify Finance Admin Supervisor review.

6


No



Controls P / D


SOC

D4 Invalid invoices may

be enteredFinancial loss.

1. Workflow process: Supervisory approval of invoice, and Finance A/P review & approval

2. Original invoices are required as source document. Supervisors must approve paying on a fax or copy.

P

P

1. Select a sample of invoices and verify supervisory and central a/p staff review.

2. Select a sample of invoices and trace information to supporting document.

5 Inaccurate or invalid data could be input when record first entered into SAP

Financial loss.

H 1. Intelligent and mandatory fields have been set up.

2. SAP automatically required supervisor approval of invoices.

3. AP also traces information entered to the source document.

P

D

D

1. Observe the entry of invoices, and the SAP controls for mandatory and intelligent fields.

2,3. Select a sample of invoice documents and verify supervisor and AP staff approval, and agree to source document.

6 Invoices may not be properly approved.

Financial loss.

H 1. Workflow process: Supervisory approval of invoice, and Finance A/P review & approval.

P 1. Select a sample of invoices, and review for proper approval.

7 Invoice is posted into SAP more than once.

Financial loss from duplicate invoices.

Misstated financial statements.

M 1. System does not allow duplicate invoices upon invoice entry if the invoice number, vendor number and invoice date are the same.

2. Finance staff reviews the duplicate invoice report (zdup) daily. The report identifies all invoices with the same invoice number and the same amount.

3. Original invoices are required as source document.

P

D

1. Enter an invoice twice, and verify that the system does not allow duplicate invoice numbers.

2. Review copies of the duplicate invoice report to verify that Finance is reviewing the report and taking

7


No



Controls P / D


SOC

Supervisors must approve paying on a fax or copy.

4. AP staff physically stamp “paid” on invoices after approval.

Pappropriate action.

3,4. Select a sample of invoices and trace information to supporting document, and verify invoice is stamped “paid”.

5. Use ACL to test for duplicate invoices in a variety of ways.

8 Invoice may be changed after it is posted

Financial loss.

H 1. Payee or amount can not be changed once supervisor has released PCD.

P 1. Observe Finance AP staff trying to change the payee or amount after the invoice is posted to verify SAP controls.

9 The original transaction is inappropriately reversed out from the system.


Unpaid vendors resulting in lost discounts, or late fees.

H 1. SAP will automatically verify the following, before a reversal entry is accepted: no cleared items original transaction was

within the original posting module

2. Only Finance AP supervisors have access to do reversal documents (FB08, MR08), and a reason code is required. Standard procedure is to also enter information in the text field.

P 1. Determine if SAP or Finance checks for reversal entries.

2. Verify that only Finance AP supervisors have access to reverse a document.

10 Invoice may contain mathematical errors.

Financial loss

H 1. The creator of the invoice or manual PCD is responsible for verifying the mathematical accuracy of the invoice.

There are no subsequent controls.

P 1. Select a sample of invoice documents and verify mathematical accuracy of the invoice.

11 Invoices may be incorrectly or inaccurately keyed in

Financial loss from duplicate

H 1. Workflow process: Supervisory approval of invoice, and Finance A/P

P 1. Select a sample of invoices and

8


No



Controls P / D


SOC

through the FI module and not through the MM module, which would bypass the ‘three way match’ (PO, invoice and goods receipt) control to detect any errors.

invoices.


review & approval

2. Finance AP check for PO reference on the invoice.

3. Finance AP identifies invoices for commodities, and investigates any commodities not being paid against a DPO, COR, or PO.

4. Finance AP reconciles all outstanding open items in g/l account 291000. This g/l account recieves all GR (goods receipts) and INV (invoices) posted. Thus Finance AP can identify: GR without INV INV without GR GR different from INV,

and vice versa

P

P

D

verify supervisory and central a/p staff review.

2&3. Observe Finance AP process and verify they check for PO reference on the invoice, and they check commodities not paid against a DPO, COR or PO.

4. Review of g/l account 291000.

12 Invoice is not applied towards the related RF

Misstated financial statements

H 1. Creator of the invoice enters the RF# in a user-defined field.

2. Workflow process: Supervisory approval of invoice, and Finance A/P review & approval.

3. Finance A/P staff approving the invoice look for the RF# on the invoice, and verify the number is on the SAP invoice.

4. After Finance AP staff approves the invoice, SAP verifies matching data (ie vendor number) and automatically updates the RF.

5. Departments are responsible for their budgets, and may notice invoices not applied to RF’s.

P

P

P

P

D

1-3. Observe Finance AP process and verify the reviewer checks for RF#.

4. We did not test for invoices with RF references, that were not applied to the PO. We relied on the other controls.

5. No test necessary.

13 Invoices may not be input in a timely

Late payments

M 1. Vendor inquiries are investigated.

D 1. Review cycle time information

9


No



Controls P / D


SOC

manner. to vendors, resulting in lost discounts, or late fees.

for timeliness of invoice input.

2. Review report on number of invoices paid late.

14 Invoices that are ‘parked’ may not be posted and cleared on a timely basis.

Late payments to vendors, resulting in lost discounts, or late fees.

M 1. Finance A/P management monitors the number of items and age in workflow inboxes.

2. Finance AP management investigates all parked items over 2 weeks old.

P

D

1&2. Review the most recent report of invoices parked, and document the staff‘s comments.

15 The General Ledger account balances may not be updated when a transaction is posted into a Vendor Account e.g., the reconciliation process may not be correctly set-up.

Misstatement of financial statements.

H 1. The FI accounts payable and FI general ledger are fully integrated within SAP. A posting to the vendor account will automatically post to the appropriate reconciliation account in the general ledger on a real time basis. GL account number 222000 is the only reconciliation account.

P 1. Select a sample of invoices and verify that the posting to the vendor account agrees to the general ledger posting.

16 Transactions may be posted to the wrong account / project / business area.

Misstatement of financial statements.

M 1. The workflow process is comprised of supervisory approval of invoice, and Finance A/P review & approval.

2. SAP gives a warning message if posting information (ie Business Area /cost center) is not compatible.

3. Reconciliation account 222000 is used to ensure integrity between GL and AP sub-ledger. Direct posting to reconciliation account is blocked.

D

P

D

1. Select a sample of invoices and verify supervisory and central a/p staff review.

2. Observe SAP warning when Business Area and Cost Center are not compatible.

3. Review items in the 222000 g/l account and document the staff’s comments.

17 Invoices may not be stored for payment disputes, etc.

Lack of documentation for auditors.

L 1. All supporting documentation (ie invoice) is stamped “paid” and filed.

P 1. Select a sample of invoices and verify that documents were

10


No



Controls P / D


SOC

stored properly.18 Posting keys for A/P

transactions may not be restricted.

H 1. SAP automatically selects posting keys based on input information.

2. SAP requires the matching of debits and credits before an invoice is posted.

P

P

P

1-2. Observe that posting key controls are in place.

11


No



Controls P/D


SOC

Invoice Verification1 Incorrect or invalid

invoice data may be entered when the record is first entered via the MM module.

Financial loss

M 1. The system requires entry of the following information upon entry of the invoice: purchase order number document date invoice number total invoice amount

2. The system automatically displays all lines of the related purchase order and the value of the related goods receipt (GR) entered. Therefore AP staff can select the line items relevant to the specific invoice.

P

P

1. Observe the entry of invoices, and the SAP controls for mandatory and intelligent fields.

2. Observe data entry and verify SAP displays PO limitations.

1 – IV3

2 – IV3

1, 2 = S

2 The tolerance limits for invoice verification procedures may be set too high. The tolerance limit is used to match the FI invoice with the MM PO goods receipt.

Unauthorized large payments.

L 1. The tolerance limits used to check on the three way match process are set according to the City’s policies and standards. The standard is 10%, or $100 per line item.

2. If the tolerance is exceeded, the system will not display the PO line items. Then the AP clerk will not process the invoice, and will notify Purchasing of the discrepancy.

P 1. Run the tolerance limit report for AP and MM, by transaction key, and compare the limits to the City standards.

2. Observe the entry of invoices and verify SAP warning message and AP clerk action.

1 – IV4

2 - IV3

1 = S

3 Payment blocks may not be placed on invoices during the invoice approval process.

Financial loss due to invoices being paid before final approval.

1. Payment blocks include: Invoice amount exceeds

PO amount by tolerance limits

The quantity on the invoice exceeds the quantity on the goods receipt (GR).

2. The system blocks the payments automatically if one of the above situations exists.

1,2. Observe the entry of invoices and verify SAP warning message and AP clerk action.

IV3 1 = O

2=O

4 Purchase made through PO is paid by PCD.


M 1. Finance AP check for PO reference on the invoice.

2. Finance AP identifies invoices for commodities, and

1,2. Observe Finance AP process and verify they check for PO

1,2 – IV3

3 – IV4

12


No



Controls P/D


SOC

investigates any commodities not being paid against a DPO, COR, or PO.

3. Finance AP reconciles all outstanding open items in g/l account 291000. This g/l account recieves all GR (goods receipts) and INV (invoices) posted. Thus Finance AP can identify: GR without INV INV without GR GR different from INV,

and vice versa

reference on the invoice, and they check commodities not paid against a DPO, COR or PO.


5 Large outstanding payable balances may build up and not be reviewed on a regular basis in the GR/IR general ledger account. An example is the account where tolerance differences are posted.

Late payments to vendors, resulting in lost discounts, or late fees.

H 1. If there is a quantity variance where the quantity invoiced is different than the quantity of goods received, and if there is no further goods receipt recorded by the system, the GR/IR account will not be cleared automatically.

2. A batch job is run to match GR and IR entries within the account on a daily basis.

3. Finance AP staff reviews the GR/IR clearing account monthly for long outstanding, open items, and makes the appropriate corrections.


IV4 NA

13


No



Controls P / D


SOC

Disbursements1 Unauthorized users

may be able to post invoice transactions into SAP.

Financial loss

H 1. See controls for Invoice Processing.

P 1. Rely on Invoice Processing tests.

IP all

2 Unauthorized access to the Payment Output file.(Note: Payment Output File is the result of a formatted payment batch. It contains all of the formatted payment information, in report format, to cut checks. Access to the directory should be restricted or extremely limited.)

Financial loss

H 1. SAP Security Profiles: Only 3 A/P supervisors have access.

P 1. List all users with this profile and review for reasonableness and proper authorization.

D3 1 = S

3 Cash disbursement details may be inaccurate and incomplete.

Financial loss.


H 1. Disbursement data is based on information provided during invoice entry (either via FI or MM module).

2. Prior to the payment run, SAP creates an exception report for invoices where mandatory fields are not populated, and for invoices blocked for payment. 3. The A/P supervisor reviews the Payment Proposal List (RFZALI00) and the Exception List (RFZALI10).

P

D

1. Rely on Invoice Processing controls.

2,3. Observe the documentation existing to verify supervisory review of payment proposal list and exception list.

1 – all IP

2,3 – D4

1 = S

2 = O

4 Inaccurate or incomplete vendor invoices may be paid.

H 1. Vendors with incomplete info will be manually blocked from payment by AP staff.

P 1. Select a sample of unblocked vendor files and verify they have the required information.

VM3 1= S

5 Check number may not be indicated in the payment document during payment

H 1. The system captures the check number in the document allocation fields, and automatically prints the

P 1. Select a sample of invoices and trace the check

1 – D1

2 – D2

1 = S

14


No



Controls P / D


SOC

processing. number on the check.

2. Check number is pre-printed on manual checks.

number back to the record.

2. Trace manual check numbers back to invoices to make sure the manual check number was entered.

6 Large or unusual payments may not be blocked for management review.

Unauthorized large payments.

L 1. The Accounts Admin staff approves all payments over $100,000, and all payments to 1-time vendors.

2. Procedures exist to review and approve invoices that are blocked.

P

D

1. Select a sample of payments > $100,000 and verify Accounts Admin signature.

2. Observe check run and verify checks =>$100,000 are approved by Accounts Admin.

1 – D10

2 – D4

1, 2 = S

7 Invoices selected for payment may not be reviewed.

Financial loss

H 1. The system is configured to propose invoices that are due for payment in the automatic payment run. A/P reviewer approval is required before payment.

P

D

1. Run a report of all invoices due for a specific date, and compare that to the automatic payment run.

2. Document management’s review of the Payment Proposal List and Exception List.

1 – D1

2 – D4

1, 2 = S

8 Payments could be made more than once for an invoice.

Financial loss from duplicate payments.

H 1. SAP automatically assigns a clearing document number and clearing date when payment is made for open invoice item.

2. SAP will not select cleared items for payment.

3. Print file disappears after it

P 1. Select a sample of paid invoices and verify they were assigned a clearing document number and clearing date.

1 – D1

2 – D1

3 – D1

1, 2, 3 = S

15


No



Controls P / D


SOC

is printed, so checks can’t be printed again. 2. Test the

disbursement run to make sure no cleared items were paid.

3. Document that the print file disappears after it is printed.

9 Payments made are posted to the wrong accounts.


M 1. The FI accounts payable and FI general ledger are fully integrated within SAP. A posting to the vendor account will automatically post to the appropriate reconciliation account in the general ledger on a real time basis. GL account number 222000 is the only reconciliation account.

P

P

1. Select a sample of invoices and verify the g/l account entry.

2. Review activity in g/l account #220000 to verify all invoices were posted to FI-GL.

1 – D1

2 – D1

1 = S

2 = O

10 The check number in the check register may not be updated.

Financial loss due to the difficulty reconciling bank accounts, and noting missing checks.

H 1. SAP automatically assigns a sequential check number to each check, and records it in the register

2. The check register is used to keep track of physical check numbers.

3. Procedures exist for reviewing the check number in the check register. The procedures cover: Reviewing missing checks

or checks number not running in sequence;

Reconcile check register after each check run;

Are spoiled manual checks retained;

Checks printed as overflow documents are denoted as “void”

Payment is made by the first check in the series

P

P

1. Identify process for assigning both electronic and manual check numbers.

2. Review the check register for missing check numbers.

3. Observe procedures for: reviewing

missing checks or check numbers

reconciling check register after each run

spoiled checks

voided checks

1 – D2 &D4

2 – D1

3 – D1

4 – D1

1 = S

2 = S

3 = O

16


No



Controls P / D


SOC

only, and others are denoted as “void”.

4. SAP reports all voided checks during the check run, and the AP Supervisor reviews the report.

5. The AP Supervisor reconciles the number of checks from the check register report to the count on the Job Log.

4. Verify SAP reports all voided checks during the run.

5. Document the reconciliation of Check register and SAP Job Log

4 = S

5 = S

11 The discount amount may be calculated incorrectly.

Financial loss.

M 1. The system automatically calculates discounts.

P 1. Select a sample of invoices and verify that the appropriate discount was taken.

1 – D5 1 = S

12 The transaction in the system may be left as an open item even-though payment has been made.

Financial loss from duplicate payments.

L 1. The system assigns a clearing number and a clearing document to close an outstanding transaction when payment is made.

P 1. Select a sample of paid invoices and verify they were assigned a clearing document number and clearing date.

1 – D1 1 = S

13 In the Check Print Restart and Reset Payment Batch functions:spoiled checks may not be retained for evidence as to restart.Completeness of checks may not be verified prior to restart.

Financial loss due to discarding spoiled checks.

H 1. Have not had to do a check print restart yet. Could not validate.

P 1. Document any “check print restart” events, and verify spoiled checks were retained and checks were completed.

1 – D1 1=O

14 Checks issued to employees may be inappropriate.

Financial loss.

M 1. Employees are grouped in a separate account group.

2. Supervisory approval required through workflow.

3. A/P audit review.

P

P

D

1. Select a sample of checks paid to employees, and verify proper approval and proper account group.

1 – D8

2-4 – all IP

1-4 = S

17


No



Controls P / D


SOC

4. Manual approval required on PCDs entered by A/P clerks.

D2-4 Rely on Invoice Processing testing

15 Manual checks issued may not be recorded in the system.

Financial loss due to the difficulty reconciling bank accounts, and noting missing checks.

H 1. Manual checks are recorded in the SAP check register.

2. The City Controller reviews the SAP check list prior to the release of manual checks.

3. An Accounts Admin staff member reviews the log of manual checks to ensure that no checks are missing and all numbers are entered.

4. Blank check stock is secured.

P 1. Take an inventory of the manual checks, and verify all missing check numbers are in SAP and on the manual log.

2. Document City Controller requires SAP Check List prior to signing manual checks.

3. Verify independent review of manual check log.

4. Verify blank checks are secure.

1-4 – D2 1 = S

2=O

3=O

4=S

16 Printed checks may be lost or stolen.

Financial loss

M 1. The check printer is stored in a public area, but is supervised during the printing.

2. Checks are mailed out the same day they are printed.

3. Printed checks kept for pick up are kept in a secretary’s desk, and locked in the safe for the night.

P 1. Observe the check run, and review the security methods used to make sure checks are mailed out or kept in a secure location.

D1 1 =O

17 Cancellation and re-issue of checks may be improperly processed.

Financial loss.

Misstatement of financial statements

H 1. Controls are in place to ensure that warrants already issued have not been cashed before the re-issue of another warrant by checking with the bank and SAP.

D

D

1. Select a sample of re-issued checks and verify that the original warrant was never cashed.

1-3 – D11 1, 2, 3 = S

18


No



Controls P / D


SOC

. 2. Appropriate and authorized documentation is received from the vendor for review before the re-issue of another warrant.

3. A/P supervisor checks documentation and approves transaction

2. Agree check information to supporting documentation.

3. Verify supervisor approval on all re-issued checks.

18 The bank amount in the books may not agree with the amount at hand in bank.

Financial loss.


H 1. An independent person reviews the bank reconciliation .

2. The bank account is reconciled automatically daily, with exceptions cleared manually.

D 1. Document segregation of duties between disbursements and bank reconciliation.

2. Select a sample of reconciliations and review unreconciled items.

1-2 - D9 1 = O

2=S

19 Signature stamp is used by an unauthorized person

Financial loss

H 1. The signature stamp is kept in a safe in Accounts Admin

1. Verify the signature stamp is secure.

D2

20 Payment to vendor may be made when there is a large outstanding receivable from that company

Financial loss

M 1. AP provides Collections with a list of all checks => $100,000 daily for their review.

1. Verify that Treasury reviews all checks => $100,000.

D10

21 Credit memos due to Accounts Receivable customers may not be processed properly

1. Finance staff performs a separate payment run for credit memos

1. Observe credit memo run and document issues.

D7

19

sap r 3 accounts payable matrix

Documents