SAP Audit Guidelines

SAP R/3 Audit Guidelines
SAP Audit Guidelines R/3
SAP R/3 Audit Guidelines

SAP R/3 AUDIT GUIDELINES Introduction 1. System Overview 1.1 Objective 1.1.1 Technical and o !ani"ational ove vie# o$ the %&%te' 1.1.( )la it& o$ the %&%te' $o the a*dito /a*ditin! ta%+ 1.1.3 De$inin! the %co,e o$ the a*dit 1.( Re-*i e'ent% 1.3 Ri%+% 1.. A*dit% 1...1 Re%,on%ibilitie% 1...( S&%te'% in *%e /te%tin!0 ...0 live1 1...3 A*tho i"ation and *%e 'en* $o the a*dito 1.... Reco din! the b*%ine%% %t *ct* e 1...2 Relea%e ve %ion% 1...3 )o',onent%/$*nctionalit& 1...4 5odi$ication% 1...6 U,date te 'ination 1...7 Data $lo# ,lan 1.2 P o,o%ed a*dito a*tho i"ation% 1.3 )o',lete ove vie# o$ c*%to'e na'e an!e% Security and Access Protection (.1 Objective (.( Re-*i e'ent% (.3 SAP $act% (.3.1 8a%ic% o$ the a*tho i"ation 'odel (.3.( A*tho i"ation %t *ct* e% (.3.3. Se,a atin! 'aintenance and activation (.3... U%e 'a%te (.3.2 Pa%%#o d , otection and lo!on (.3.3 )*%to'e 9%,eci$ic a*tho i"ation , o$ile% (.3.4 U,%t ea' %ec* it& %&%te'% (.3.6 Table TST) : ;SAP T an%action )ode%; (.3.7 )*%to'i"in! (.. Ri%+% (.2 A*dit% (.2.1 U%e 'ana!e'ent (.2.( Sec* it& and acce%% , otection (.2.3 I',o tant individ*al a*tho i"ation% Workbench Organizer and rans!ort System 3.1 Objective
2.
3.
3.(
3.3
3..
3.2
3.1.1 <*nctional inte! it& 3.1.( T aceabilit& Re-*i e'ent% 3.(.1 =ob %*b'i%%ion 3.(.( I',le'entation o$ a chan!e 3.(.3 Acce,tance and , od*ction t an%$e SAP $act% 3.3.1 P* ,o%e and %t *ct* e 3.3.( SAP %&%te'% 3.3.3 )o ection and e,ai 3.3.. >8OT %ettin!% 3.3.2 )ond*ctin! t an%,o t% Ri%+% 3...1 ?alidit& o$ ODE% 3...( Inco ect )TS %ettin!% 3...3 Acce%% to o,e atin! %&%te' level 3.... In%tabilit& 3...2 5ani,*lation A*dit% 3.2.1 Reco din! the e@i%tin! , oced* e 3.2.( Revie# o$ the 'odel 3.2.3 )o',liance #ith the 'odel 3.2.. )onc ete a*ditin! %te,%
".
Accessing and #ogging ab$es ..1 Objective ..( Re-*i e'ent% ..(.1 Lo!!in! ..(.( )*%to'e 9%,eci$ic table% ..(.3 Acce%% , otection ..(.. >o + and o !ani"ation in%t *ction% ..(.2 Sa$e!*a din! the in$o 'ation $lo# ..3 SAP $act% ..3.1 P* ,o%e and %t *ct* e o$ table% ..3.( Table acce%% and lo!!in! ..3.3 ?alidit& an!e and c*%to'e table% ..3.. A8AP e,o t% ..3.2 E@a',le% o$ i',o tant table% ... Ri%+% ..2 A*dit% &ob re'uest Procedure()ocumentation and System #ogs 2.1 Objective 2.1.1 P oced* e $o e-*e%tin! job% 2.1.( =ob doc*'entation 2.1.3 =ob lo!% 2.( Re-*i e'ent% 2.(.1 P oced* e $o e-*e%tin! job%
%.
2.3 2.. 2.2
2.3
2.(.( =ob doc*'entation 2.(.3 S&%te' lo!% SAP $act% Ri%+% A*dit% 2.2.1 Reco din! e@i%tin! , oced* e 2.2.( )hec+in! , oced* al 'odel% 2.2.3 )hec+in! adhe ence to , oced* e Doc*'entin! SAP job% /%*!!e%ted $o 'at1 2.3.1 Gene al ite'% 2.3.( Re-*i e'ent% $o %ta tin! the job 2.3.3 Po%t9, oce%%in! e-*i e'ent% a$te the job *n 2.3.. 5ea%* e% $o e%ta tin! a job
*.
+atch In!ut Inter,aces 3.1 Objective 3.( Re-*i e'ent% 3.3 SAP $act% 3.3.1 Int od*ction 3.3.( A*tho i"ation% 3.3.3 R*n 'ode% 3.3.. Se%%ion lo!% 3.3.2 Anal&"in! %e%%ion% 3.. Ri%+% 3.2 A*dit% .aster )ata /hanges 4.1 Se,a ation o$ $*nction% 4.1.1 Objective 4.1.( Re-*i e'ent% 4.1.3 SAP <act% 4.1.. Ri%+% 4.1.2 A*dit% 4.( T aceabilit& 4.(.1 Objective 4.(.( Re-*i e'ent% 4.(.3 SAP $act% 4.(.. Ri%+% 4.(.2 A*dit% 1econci$ing Posting )ata /$osings 6.1 Objective 6.( Re-*i e'ent% 6.3 SAP $act% 6.3.1 Reconcilin! ,o%tin! data 6.3.( Pe iodic clo%in! 6.3.(.1 Da&9end clo%in! 6.3.(.( 5onth9end clo%in!
-.
0.
6.. 6.2
6.3.3 Aea 9end clo%in! 8alance %heet and , o$it and lo%% %tate'ent 8alance ca ied $o #a d Reo !ani"ation/A chivin! Ri%+% A*dit% 6.2.1 Reconciliation 6.2.( Pe iodic clo%in! 6.2.3 Aea 9end clo%in!
2.
Invoice /hecking and Payment 1un 7.1 Objective 7.( Re-*i e'ent% 7.3 SAP $act% 7.3.1 ?endo 'a%te data 7.3.( S,ecial $ield% 7.3.3 P e eco din! doc*'ent% 7.3.. Po%tin! acco*nt% *%in! the net a'o*nt , oced* e 7.3.2 A'o*nt li'it% and tole ance% 7.3.3 Pa&'ent , o! a'% 7.3.4 A*tho i"ation% )*%to'e and vendo 'a%te data 8an+% <inancial calenda Acco*ntin! doc*'ent ) edit li'it Pa&'ent *n D*nnin! *n 7.3.6 Re,o t% 7.. Ri%+% 7...1 ?endo 'a%te eco d% 7...( Invoice chec+in! 7...3 Pa&'ent , o,o%al0 ,a&'ent *n 7.2 A*dit% 7.2.1 <*nctional %e,a ation 7.2.( S*%,en%e acco*nt% 7.2.3 Pa&'ent , o,o%al li%t and ,a&'ent li%t 7.2.. Do*ble ,a&'ent%
Introduction
Thi% 1e$ease 3.3 A*dit G*ideline% 'an*al0 de%i!ned $o SAP 1(3 %&%te'%0 i% intended to , ovide e@te nal a*dito %0 IT a*dito %0 and 'e'be % o$ inte nal a*ditin! %ta$$ o$ co',anie% *%in! SAP #ith *%e$*l ti,% on ho# to , oceed in a*ditin! SAP %o$t#a e %&%te'%. Thi% !*ide a,,lie% , i'a il& to the ba%i% and i',o tant a%,ect% o$ the <I /<inancial Acco*ntin!1 a,,lication. The in$o 'ation in thi% 'an*al i% intended a% a ;%*!!e%tion0; not a% a ;bindin! !*ideline; o ;%tanda d.; An& and all e%,on%ibilit& $o the t&,e0 %co,e and e%*lt% o$ inte nal and e@te nal a*dit% lie% %olel& #ith the a*dito . To %t*d& thi% 'an*al , o,e l&0 &o* %ho*ld have a $*nda'ental +no#led!e o$ the SAP %&%te'0 and &o* %ho*ld al%o be $a'ilia #ith %o*nd acco*ntin! , inci,le%. In$o 'ation i% available in $* the detail in the SAP R/3 online doc*'entation 'an*al%0 ,a tic*la l&B 9 9 The 'an*al The *%e !*ide% ;8) S&%te' Ad'ini%t ation; ;)on$i!* ation and O !ani"ation;
1 System Overview
1. System Overview 1.1 Objective 1.1.1 Technical and o !ani"ational ove vie# o$ the %&%te' 1.1.( )la it& o$ the %&%te' $o the a*dito /a*ditin! ta%+ 1.1.3 De$inin! the %co,e o$ the a*dit 1.( Re-*i e'ent% 1.3 Ri%+% 1.. A*dit% 1...1 Re%,on%ibilitie% 1...( S&%te'% in *%e /te%tin!0 ...0 live1 1...3 A*tho i"ation and *%e 'en* $o the a*dito 1.... Reco din! the b*%ine%% %t *ct* e 1...2 Relea%e ve %ion% 1...3 )o',onent%/$*nctionalit& 1...4 5odi$ication% 1...6 U,date te 'ination 1...7 Data $lo# ,lan 1.2 P o,o%ed a*dito a*tho i"ation% 1.3 )o',lete ove vie# o$ c*%to'e na'e an!e%
Thi% $i %t cha,te o$ the SAP a*dit !*ide , ovide% a -*ic+ ove vie# o$ the SAP %&%te' and it% technical and o !ani"ational inte! ation. The a*dito need% thi% ove vie# in o de to obtain an ade-*ate %&%te' o ientation0 to be able to a%%e%% the ove all %tate o$ the %&%te' and to dete 'ine #hich a*dit %te,% #ill be e-*i ed. Ao* can al%o %et *, &o* o#n user menu to be *%ed in !ene atin! a %&%te' ove vie#. <* the detail% a e , ovided in section 1.".3.
1.1 Ob4ective
The ,* ,o%e% o*tlined above 'a& be b o+en do#n a% $ollo#%B 1.1.1 echnica$ and organizationa$ overview o, the system
8eca*%e o$ the technica$ %co,e o$ the %&%te' and the chan!e% that a e con%tantl& bein! 'ade to it0 onl& tho%e #ho conce n the'%elve% e@cl*%ivel& #ith the R/3 S&%te' %o$t#a e a e ca,able o$ obtainin! a $*ll ove vie# o$ the R/3 S&%te'. Gene all&0 a*dito % do not $all into thi% cate!o &C the& a e !ene all& o*t%ide % #ho '*%t dete 'ine #hich technical $*nctionalit& i% e',lo&ed b& a ,a tic*la *%e #ith onl& a $e# initial %te,% on the %&%te'. Thi% enti e technical ove vie# %ho*ld be obtained in the %ho te%t ,o%%ible ti'e and #itho*t the need $o co',le@ additional technical e$$o t%. Ideall&0 the %&%te' #o*ld be able to a*to'aticall&9;at the , e%% o$ a b*tton0; %o to %,ea+9, ovide ,e tinent %el$9dia!no%tic in$o 'ation0 di%,la& the %&%te' %tat*% and0 i$ a,,licable0 identi$& an& chan!e% that 'i!ht have been 'ade to the %&%te' #ithin a %,eci$ied ti'e. < o' an a*ditin! ,oint o$ vie#0 the 'ain a%,ect% o$ the %&%te' %tat*% incl*deB 9 9 9 9 9 9 9 T an%action% A8AP , o! a'% Table% <ile% A*tho i"ation%0 a*tho i"ation , o$ile% and *%e 'a%te eco d% Data ca ie % Othe %ec* it& 'ea%* e% /%*ch a% table t&,e% and %e,a atin! di$$e ent client%1
The SAP R/3 S&%te'D% organizationa$ inte! ation and the chan!e% 'ade to it dete 'ine the e$$ectivene%% o$ technical 'ea%* e% ai'ed at en%* in! e$$icient data , oce%%in!. Plea%e en%* e that co', ehen%ive doc*'entation i% acce%%ible to e@,lain the o !ani"ational %&%te' %tat*%. The ove vie# i% to be %*,,le'ented b& ando' %a',lin! at the *%e co',anie% /$o e@a',le0 to e@a'ine *%e a*tho i"ation t an%action%10 the %&%te' doc*'entation /$o e@a',le0 to chec+ the , o! a' and table doc*'entation1 and the %&%te' envi on'ent /$o in%tance0 #o +in! #ith the %&%te' in the event o$ an abno 'al te 'ination1. 1.1.2 /$arity o, the system ,or the auditor(auditing task In addition to the !ene al objective o$ ea%e o$ *%e0 the objective o$ cla it& $o the a*dito %,eci$icall& incl*de% the abilit& to !ain an *nde %tandin! o$ the ove all %&%te' #ithin a ea%onable
ti'e. Thi% abilit& i% %*bjectivel& ,o%%ible and objectivel& , e%ent0 and i% , e e-*i%ite $o 'a+in! a co',etent0 acc* ate eval*ation o$ %&%te' event%. 1.1.3 )e,ining the sco!e o, the audit <inall&0 the %&%te' ove vie# %ho*ld enable the a*dito to concent ate hi% a*ditin! ta%+% on %,eci$icall& de$ined a*ditin! a ea%. Once the& have obtained an ove vie#0 the $*nctional %co,e o$ the a*dit %ho*ld be de$ined $o all conce ned. In addition0 it %ho*ld be ,o%%ible at thi% ,oint to de$ine both the $*nctional and the ch onolo!ical $ a'e#o + o$ the a*dit.
1.2 1e'uirements
The in%tallation to be e@a'ined '*%t 'eet a*ditabilit& e-*i e'ent%. The a%%*',tion i% that0 in !ene al0 the a*ditabilit& e-*i e'ent% o$ ta@ a*tho itie% a e bein! $*l$illed. In ,a tic*la 0 a co',an&D% i',le'entation o$ R/3 and all 'odi$ication% to the in%tallation '*%t be 'ade #ithin the $ a'e#o + o$ SAPD% o#n eco''endation% /%ee the cha,te ;Na'e Ran!e% and Na'in! )onvention%; in the 8) SAP St&le G*ide 'an*al $o R/31. Thi% %,eci$icall& a$$ect%B 9 9 9 The , oced* e% $o 'a+in! chan!e% and con$i!* ation adj*%t'ent% to the %tanda d %o$t#a e Doc*'entation o$ chan!e% to the %&%te' and the %&%te' envi on'ent Na'in! convention% #hen alte in! t an%action%0 A8APE%0 table%0 $ile% and othe SAP object% /%ee the ove vie# in %ection 1.31
/$ient 555 'a& on$y be *%ed b& the %tanda d %o$t#a e %*,,lied b& SAP0 beca*%e it %e ve% a% a e$e ence $o othe client% and i% ,a tiall& ove # itten b& the %*b%e-*ent elea%e o ,*t level chan!e. )e tain +e& in$o 'ation %*,,lied b& SAP e%ide% in )lient FFF and 'a& onl& be 'aintained b& the %&%te' ad'ini%t ato /#he e a,,licable in conj*nction #ith SAP con%*ltant%1. )O 6O #o + in )lient FFFG /$ient 555 shou$d be used as an auditing ob4ect in con4unction with the !roductive system. 6ote7 See %ection (.2.3 $o a %*''a & o$ the %&%te' ad'ini%t ato D% a*tho i"ation%.
1.3 1isks
The $ollo#in! i%+% a e e%%entiall& involved in a*ditin! SAP b*%ine%% t an%action%B 9 9 <ail* e to $ollo# %o*nd acco*ntin! , inci,le% Incon%i%tent data
9 9 9
<a*lt& o,e ation Lac+ o$ cont ol Un eliabilit&
1." Audits
1.".1 1es!onsibi$ities Ao* '*%t ac-*i e an ove vie# o$ the total %&%te' e%,on%ibilitie% and o$ e%,on%ibilitie% involvin!B 9 ) itical data and table%0 9 A*tho i"ation%0 9 P o! a'%0 and 9 Inte $ace%0 a% #ell a% chan!e% to the%e ele'ent%. The ove vie# #ill be e@,anded and enhanced a% the a*dit , oceed%. 1.".2 Systems in use 8testing9 ...9 $ive: U%in! t an%action SEF3 ;Settin! U, the )o ection and T an%,o t S&%te'0; dete 'ine #hich %&%te'% a e c* entl& de,lo&ed and0 o$ the%e0 #hich a e *%ed $o , od*ction0 develo,'ent and/o te%tin! ,* ,o%e%0 and #hich a e *%ed $o acce,tance and/o t ainin! ,* ,o%e%. In the , od*ctive %&%te' /#ho%e a*dit i% the $oc*% o$ the , e%entation belo#1 *%e ab$e 555 in /$ient 555 to identi$& #hich client% a e active in thi% in%tallation. <i %t dete 'ine #hich %&%te' in #hich client contain% theB 9 9 P od*ction client% Te%t client%
<o in$o 'ation on connection% #ith othe %&%te'% /i.e. SAP R/(10 %ee )ha,te % 30 ;)o ection and T an%,o t S&%te'; and 3 ;8atch In,*t Inte $ace%.; 1.".3 Authorization and user menu ,or the auditor The a*dito %ho*ld be ! anted di ect acce%% to the %&%te'0 incl*din! all a*tho i"ation% li%ted in %ection 1.2. In ! antin! acce%% to ,e %onal data0 ca e %ho*ld be ta+en to en%* e co',liance #ith data %ec* it& e-*i e'ent% and an& e@i%tin! cont act*al o b*%ine%% a! ee'ent%. Re%t ictin! a*dito %E a*tho i"ation to di%,la& onl& %ho*ld be %*$$icient to !*a antee that the a*dito 'a& not and cannot 'a+e an& chan!e% to data. ;ser menu7 Set *, a ,e %onal user menu to !et an ove vie# o$ the %&%te'. To do thi%B
1. 8e!in 'en* 'aintenance b& %electin! S&%te'99HH U%e , o$ile99HH 5aintain *%e 'en*. (. The %&%te' di%,la&% a dialo! #indo# in #hich &o* ente the na'e o$ &o* $i %t /o onl&1 #o + a ea /i.e. di%,la&in! %&%te' %tat*%1. Ao* can then ente additional #o + a ea% /%*ch a% chan!e% to %&%te' %tate0 %ettin!% in )*%to'i"in!0 etc.1. The 'aintenance %c een $o the *%e 'en* a,,ea %. Select Ne# Ent ie% to di%,la& a li%t containin! the 'en* ba te@t% $ o' the SAP %tanda d 'en*. The%e te@t ele'ent% a e the %a'e one% &o* %ee #hen &o* lo! in to a %tanda d R/3 %&%te'. Ao* can al%o %#itch the di%,la& o$ the acco',an&in! t an%action de%c i,tion% b& , e%%in! the ;Ne# Ent ie% via T)ode; ,*%hb*tton on the %&'bol ba . Ne@t %elect individ*al t an%action code% one a$te anothe /%ee %ection 1...41. 3. To incl*de othe a,,lication% in &o* #o + a ea0 e,eat %te, (. Navi!ate do#n#a d in the %tanda d 'en*% li%t b& do*ble9clic+in! on the 'en* na'e%0 o !o bac+ *, the li%t b& clic+in! ;8ac+.; .. To %ave &o* #o + a ea to!ethe #ith it% a,,lication%B 9 >hen &o* a e $ini%hed %electin! the a,,lication% &o* need0 clic+ on ;8ac+; a% 'an& ti'e% a% nece%%a & *ntil the enti e li%t o$ a,,lication% %elected $o &o* #o + a ea ea,,ea %. Ao* can chan!e the te@t% contained in the li%t. 9 Save the 'en* b& , e%%in! <11ISave /o clic+ on the a,, o, iate %&'bol1. Once it i% clo%ed0 &o* have acce%% to the *%e 'en* in a %e,a ate #indo#. I$ &o* #ant to 'a+e chan!e% to &o* 'en*0 , oceed a% nece%%a &. 8e!innin! #ith Relea%e 3.FD0 the %o9called Se%%ion 5ana!e #ill be %et *, in%tead o$ the *%e 'en*::initiall& $o >indo#% 72 and late $o othe client%. Ao* doc*'entation , ovide% additional in$o 'ation abo*t c*%to'i"in! individ*al *%e 'en*% in the Se%%ion 5ana!e . 1."." 1ecording the business structure In the $i %t %te,0 &o* ente and anal&"e the %t *ct* e 'aintained b& the SAP %&%te' #ithin each , od*ctive client /%ee Table TFFF1. U%e % can vie# the %t *ct* e in a hie a chical ! o*,in! o$ data and acce%% %t *ct* e% in theB 9 )lient0 9 )o',an& code0 9 8*%ine%% a ea0 9 Plant0 and 9 Sto a!e location. ab$e 551 di%,la&% the co',an& code% #ithin a client. Othe lin+% a e %to ed in Table TFF18 /,o%tin! ,e iod%10 TGS8 /b*%ine%% a ea%1 and TFF1> /,lant%1.
1.".% 1e$ease versions Thi% !*ide i% ba%ed on 1e$ease 3.5). Ao* can dete 'ine the Relea%e ve %ion o$ the a,,lication to be a*dited b& callin! *, the %&%te' %tat*% $ o' the ;S&%te'; 'en*. ?ie# an& elea%e9 elated chan!e% o enhance'ent% to the %&%te' b& %electin! the 'en* ,ath Tool%99H <ind99H In$o %&%te'99 H Relea%e in$o 'ation. 1.".* /om!onents(,unctiona$ity The %&%te'D% active 'ain $*nction% a% -*e ied *nde %ection 1...2 e$e to %,eci$ic %&%te' $*nctionalitie% %*,,lied b& SAP0 na'el&B 9 9 9 9 9 A8AP/. , o! a'% 5en*% D&n, o% Table% Data Dictiona & object% SE36 SE.1 SE 210 SE 2( )*%to'i"in! t an%action% OJ0 S5310 A8AP% DIJ t an%action%
The $*nctionalitie% on the le$t can be e@,anded and 'odi$ied #ith the $*nction% li%ted to thei i!ht. Ao* can 'o%t ea%il& e@a'ine the co elation bet#een the 'ain *%e 9activated $*nction% and the e%,ective $*nctionalitie% %*,,lied b& SAP $o tho%e ,* ,o%e b& *%in! the 8*%ine%% Navi!ato in the )o',onent vie# /T an%action S8F10 o Tool%99H 8*%ine%% navi!ato 99H )o',onent vie#C t an%action de%c i,tion% belon!in! to the di%,la&ed $*nction% can be di%,la&ed at eithe the to, le$t o the botto' i!ht #ithin the ! a,hic% via the 'en* Settin!%99H Att ib*te ,o%ition%.1 1.".- .odi,ications SAP eco''end% that *%e 'odi$ication% be 'ade in con$o 'it& #ith the na'in! convention%. Section 1.3 contain% a co',lete li%t o$ na'e an!e% e%e ved $o c*%to'e %D *%e. The a*dito %ho*ld di%,la& and e@a'ine allB 9 9 9 T an%action% $ o' Table TST)T that be!in #ith a A o a K A8AP% that be!in #ith A o K Table% be!innin! #ith T70 P70 A o K
In a %econd %te,0 t an%action%0 e,o t%0 and table% in the %&%te' and in $ile% o online hel, $ile% %ho*ld be e@a'ined to dete 'ine #hethe the& $*nction , o,e l& and a e %*$$icientl& doc*'ented. The a*dito %ho*ld te%t othe 0 ando'l& %a',led $*nction% that 'a& not o*t#a dl& a,,ea to have been alte ed o 'odi$ied. Thi% can be done b& %&%te'aticall& inve%ti!atin! #hich *%e /be%ide% SAP1 'ade #hich la%t chan!e0 and on #hat date the chan!e #a% 'ade. Detail% a e , ovided in the table belo#B
S&%te' Doc. Table%
S&%te' State SE13 and DIF1 /in DIF( via Edit 'en*HH %elect Table t&,e0 and %ho# #he e a,,licable Pool0 )l*%te 0 and ?ie# Table%1
)han!e% SEF10 SEF3 t an%,o t in$o %&%te' DIF(0 and/o RST8PROT0 RSPARA5 ec/client I All o %a'e a% @@@0 #he e @@@ i% the client to be e@a'inedC date and la%t chan!e in table in$o SEF10 SEF3 t an%,o t in$o %&%te' Doc %tate ve %ion I USR in %election %c een SEF10 SEF3 t an%,o t in$o %&%te' in SE360 di%,la& att ib*te% Lc eated b&E /SAP onl&1 SEF10 SEF3 t an%,o t in$o %&%te'0 Doc. ve %ion I USR in %elect %c een i'a!e $ o' DI@& SEF10 SEF3 t an%,o t in$o %&%te'B date and chan!e $o la%t TST)T chan!e in )lient FFF SEF10 SEF3 t an%,o t in$o %&%te' Date/Ti'e d&n, o #a% %aved/!ene ated and chan!e in S521 SEF10 SEF3 t an%,o t in$o %&%te' Doc ve %ion I USR in %election %c een In$oHH)han!e doc*'ent% In$oHH)han!e doc*'ent% In$oHH)han!e doc*'ent% SEF10 SEF3 t an%,o t in$o %&%te'
Table $ield%
SE1(
A8APE%
SA360 SE360 TADIR
P o! a' $ield%
SE1(
T an%action%
TST)T0 TADIR
D&n, o%
SE210 SE2(0 SE.10 SE.(
D&n, o $ield%
SE1(
A*tho i"ation%
SUF1 /*%e %1 SUF( /, o$ile%1 SUF3 /a*tho i"ation%1 RSUSRFF(
P ice li%t co',onent%
TADIR0 TRDIR0 S8F1
)o',an& o !. %t *ct* e
S&%te'% in *%e TSAST )lient% TFFF )o',an& code% TFF1 Po%tin! ,e iod% TFF18 8*%ine%% a ea% TGS8 Plant% TFF1> DIF( DIF(
Date and la%t chan!e in table lo! #ith RST8PROT and RST8SER?
Databa%e table% Databa%e table $ield%
SEF10 SEF3 t an%,o t in$o %&%te' SEF10 SEF3 t an%,o t in$o %&%te'
1.".0 ;!date termination >hen an *,date te 'ination occ* %0 co',leted databa%e chan!e% $o the c* ent *,date e-*e%t a e eve %ed. The ;e ; indicato i% in%e ted in the lo! eco d0 #hich #ill not be deleted. The *%e i% in$o 'ed o$ the *,date te 'ination via R/3 'ail. The te 'ination it%el$ i% eco ded in the SASLOG. Each *%e can anal&"e and ,o%t9, oce%% hi% o#n *,date eco d% a% needed. SMAD5IM<)D a*tho i"ation *nde 8a%i% Ad'ini%t ation i% e-*i ed in o de to , oce%% othe *%e %D eco d%. The R<?8ERFF e,o t , ovide% a /dail&1 li%t o$ te 'inated *,date%. 1.".2 )ata ,$ow !$an Inco'in! data $ o' non9SAP %&%te'% need% to be eco dedC %,eci$icall&0 it% $o 'at /a% a data eco d de%c i,tion10 content0 o i!in and -*antit& %ho*ld be e!i%te ed. Data $lo#in! o*t o$ the SAP S&%te' '*%t al%o be noted and eco dedC the detail% e-*i ed in thi% ca%e a e $o 'at /that i%0 data eco d de%c i,tion and in$o 'ation e!a din! the $ile $o 'at10 content0 o i!in0 and -*antit&. The detail% %ho*ld be %c *tini"ed b& doin! ando' chec+% on a*tho i"ation% ! anted to , oce%% batch in,*t %e%%ion%0 and on do#nload ca,abilitie%0 i$ the& e@i%t.
1.% Pro!osed auditor authorizations

An a*tho i"ation , o$ile $o a*dito % %ho*ld be %t ictl& li'ited to di%,la& ca,abilitie% onl&0 $o all a,,lication% and ba%ic $*nction%. An a*dito %ho*ld al%o be able to di%,la& chan!e doc*'ent% in addition to active data. SAP %*,,lie% %tanda d , o$ile% #ith di%,la& a*tho i"ation% onl&. <=A6> A=A6> .=A6> $o the $inancial %ecto $o the inve%t'ent %ecto $o the 'ate ial %ecto
S=A.S?OW $o ba%ic $*nction%0 etc. /,l*% activit& F6G1 Thi% i% the 'o%t #idel& a,,licable eco''endationC ,lea%e bea in 'ind all le!al e!*lation% e!a din! data %ec* it&0 a% #ell a% an& elevant b*%ine%% o cont act*al a! ee'ent% that 'a& e@i%t.
1.* /om!$ete overview o, customer name ranges

O+&@/ 7 )han!e doc. object A*tho i"ation/A*th. , o$ile A*tho i"ation object Data ele'ent Data ele'.%*,,.no. Dialo! 'od*le Doc*'entation 'od*le%B Gene al te@t /TN1 8oo+ cha,te /)OAP1 Relea%e in$o 'ation St *ct* e Do'ain% D&n, o n*'be Develo,'ent cla%% <o ' <*nction 'od*le% <*nction ! o*, Device cate!o & Lo!ical databa%e 5atchcode ID 5atchcode object 5en* 5od*le ,ool d&n, o IN)LUDES 5od*le ,ool dialo! IN)LUDES 5od*le ,ool %*b o*tine% IN)LUDES 5od*le ,ool *,date IN)LUDES 5e%%a!e ID 5e%%a!e n*'be % N*'be an!e doc. object Pool/cl*%te na'e Relation ID Re,o t Re,o t cate!o ie% SPA/GPA ,a a'ete Loc+ object St&le SASLOG e,o t% Table% /Pool0 cl*%te 0 t an%,o t1 6A.@ #@6A ?7 1F 1( 1F 1F . 3F (6 (F (F 1( 1F . . 13 3F . 6 ( 1 . 6 6 6 6 6 6 6 6 6 ( 3 1F 1F ( 6 . 3 1F 6 ( 1F /#I@6 1@S@1BA IO6S7 N...0 K... No *nde line in (nd cha acte AM...0 KM... A...0 K... 7FFF97777 A...0 K... A...0 K... A...0 K... A...0 K... A...0 K... A...0 K... 7FFF97777 A...0 K... A...0 K... AM...0 KM... A...0 K... A...0 K... A...0 K... F97 5ENUA...0 5ENUK... SAP5A...0 SAP5K... 5A...0 5K... SAPDA...0 SAPDK... DA...0 DK... SAP<A...0 SAP<K... <A...0 <K... SAPUA...0 SAPUK... UA...0 UK... A...0 K... 7FF9777 A...0 K... A...0 K... A...0 K... A...0 K... A...0 K... A...0 K... A...0 K... A...0 K... A...0 K... A...0 K...0 T7...0 P7...
T an%action code% ?ie# Oel, vie#
. 1F 1F
A...0 K... A...0 K... OMA...0 OMK...
2 Security and Access Protection

2. Security and Access Protection (.1 Objective (.( Re-*i e'ent% (.3 SAP $act% (.3.1 8a%ic% o$ the a*tho i"ation 'odel (.3.( A*tho i"ation %t *ct* e% (.3.3. Se,a atin! 'aintenance and activation (.3... U%e 'a%te (.3.2 Pa%%#o d , otection and lo!on (.3.3 )*%to'e 9%,eci$ic a*tho i"ation , o$ile% (.3.4 U,%t ea' %ec* it& %&%te'% (.3.6 Table TST) : ;SAP T an%action )ode%; (.3.7 )*%to'i"in! (.. Ri%+% (.2 A*dit% (.2.1 U%e 'ana!e'ent (.2.( Sec* it& and acce%% , otection (.2.3 I',o tant individ*al a*tho i"ation%
2.1 Ob4ective
An acce%% , otection %&%te' and the abilit& to ! ant individ*al a*tho i"ation% %e ve% $o* ba%ic ,* ,o%e%B 9 9 9 9 P otection o$ con$idential data a!ain%t *na*tho i"ed di%clo%* e P otection o$ data a!ain%t *na*tho i"ed /incl*din! *nintentional1 chan!e% o deletion A%%* ance o$ , oced* e cla it& b& , ovidin! t ac+in! o$ #ho ha% o ha% had #hich a*tho i"ation% #ithin the %&%te'0 and #hen the& had tho%e a*tho i"ation% G*a antee that a,,lication% a e a*ditable
Acco din! to co''e cial la#0 the%e 'ea%* e% /i.e.0 , ee',tive cont ol% in the inte nal cont ol %&%te'1 %ho*ld , event violation% o$ an& le!al e%t iction% e!a din! the e a%* e o$ elect onicall& %to ed data. The& %ho*ld al%o !*a antee the le!all& e-*i ed a*dit t ail t aceabilit& and en%* e that no violation% o$ %o*nd acco*ntin! , inci,le% occ* . In othe #o d%0 the%e 'ea%* e% en%* e that no *na*tho i"ed0 inco',lete0 o inco ect data0 o no data ,o%ted to the # on! ,e iod o$ acco*nt i% ente ed into the %&%te'.
2.2 1e'uirements
The acce%% , otection %&%te' '*%t en%* e that onl& a*tho i"ed individ*al% have acce%% to the %&%te' and to ,a tic*la data. It '*%t be ,o%%ible to +e& in the co e%,ondin! code% /,a%%#o d%1 , otected $ o' the vie# o$ othe %. The %&%te' %ho*ld en%* e thatB 9 9 9 9 9 Onl& ,a%%#o d% o$ a de$ined 'ini'*' len!th a e acce,ted0 )e tain %e-*ence% o$ cha acte % that co*ld ea%il& be !*e%%ed a e not acce,ted0 The ,a%%#o d 'a& be de$ined and alte ed b& the *%e onl&0 The %&%te' a*to'aticall& de'and% the ,a%%#o d to be chan!ed at de$ined inte val%0 Pa%%#o d% a e , otected a!ain%t bein! div*l!ed to an&one othe than the *%e hi'%el$.
The a*tho i"ation 'odel '*%t en%* e that the *%e D% i!ht% o$ acce%% a e e%t icted to tho%e activitie% #ithin the %&%te' that a e ab%ol*tel& e-*i ed $o hi' to acco',li%h0 ba%ed on hi% $*nction/ e%,on%ibilit& #ithin the co',an& /, inci,le o$ 'ini'al a*tho i"ation%1. In othe #o d%0 the 'odel '*%t envi%a!e the dee,e%t hie a chical %t *ct* in! ,o%%ible #ith e%,ect toB 9 9 9 9 The nat* e o$ the data acce%% / eadin!0 c eatin!0 chan!in!0 deletin!1 P o! a'% Data o $ile% <*nction% /'en*% and 'en* line%1
in conj*nction #ith a% 'an& di$$e ent co'bination% o$ the%e level% a% ,o%%ible. Since the e$$ectivene%% o$ the SAP a*tho i"ation 'odel i% %t on!l& in$l*enced b& the , oced* e $o a%%i!nin! a*tho i"ation%0 the , oced* e it%el$ '*%t be e@a'ined a% a ,a t o$ the a*ditin! , oce%%. The , oced* e %ho*ld be o !ani"ationall& de$ined and allocated and %ho*ld be t aceable. The e %ho*ld al%o be cont ol% en%* in! that the , oced* e i% $ollo#ed. <inall&0 bea in 'ind that *%e 'a%te eco d%0 a*tho i"ation% and , o$ile% a e ne#l& c eated0 chan!ed o deleted in the P*alit& A%%* ance /te%tin!1 S&%te'0 and a e then t an%,o ted to the , od*ction envi on'ent via the )o ection and T an%,o t S&%te'.
2.3 SAP ,acts

8& a%%i!nin! authorizations0 an o !ani"ation de$ine% , o, ieta & data 'a& be , oce%%ed b& e',lo&ee% #ithin the co',an&0 a% #ell a% #hich , oce%%in! $*nction% a e nece%%a & to acco',li%h thi%. >ith Relea%e 2.F in the R/( envi on'ent0 a ne# , oced* e #a% int od*ced $o c eatin! and 'aintainin! *%e 'a%te %0 , o$ile% and a*tho i"ation%0 and $o , otectin! acce%% to the SAP S&%te'. The , oced* e e'ain% e%%entiall& the %a'e $o R/3 %&%te'%. Thi% a*tho i"ation 'odel allo#% o !ani"ation% to , eci%el& &et $le@ibl& ! ant and cont ol *%e acce%% to the R/3 %&%te'. Thi% allo#% di$$e ent a*tho i"ation% to be a%%i!ned to the %a'e *%e $o di$$e ent co',an& code%. <o e@a',le0 a *%e 'i!ht be ! anted chan!e a*tho it& in co',an& code F1 and ead9onl& a*tho i"ation in FF(. The a*tho i"ation 'odel al%o incl*de% %ec* it& 'ea%* e% to di%co* a!e *na*tho i"ed lo!on% o acce%% to *%e 'a%te eco d%0 , o$ile% and a*tho i"ation%. The $ollo#in! $act% a,,l& to ad'ini%t ation o$ *%e 'a%te % and a*tho i"ation% in R/3 %&%te'%B 2.3.1 +asics o, the authorization mode$ U%e 'a%te eco d% and a*tho i"ation co',onent% a e client9de,endent. The e$o e0 %e,a ate 'a%te eco d% and a*tho i"ation co',onent% '*%t be 'aintained $o each client in the R/3 %&%te'. Ob4ects /i.e.0 data0 table%0 etc.1 a e , otected b& authorizations o collective a*tho i"ation% that a e allocated to the , otected object% li+e loc+% on a doo . The& contain va$ues /$o e@a',le0 a conc ete co',an& code FFF11 $o ,ie$ds that a e de$ined $o an a%%ociated a*tho i"ation object. A*tho i"ation , o$ile% a e li+e +e&% $o the *%e 0 and a collective a*tho i"ation , o$ile i% co',a able to a collection o$ +e&% on a +e& in!. The%e ;+e&%; a e ente ed in the *%e D% 'a%te eco d. The %&%te' chec+% to %ee #hethe a *%e D% a*tho i"ation , o$ile $it% an a*tho i"ation9li+e dete 'inin! #hethe a +e& $it% a loc+9#hen an a,,lication i% e@ec*ted o #hen0 in %o'e ca%e%0 the +e&#o d AUTOORITA )OE)Q a,,ea % in an A8AP /%ee %ection (.3.3 and )ha,te 30 ;)o ection and T an%,o t S&%te';1. Authorization checks are carried out on$y within the !rograms themse$ves. A*tho i"ation chec+% at t an%action level a e no lon!e co''onl& *%ed0 *nle%% the chec+ #a% e@,licitl& de$ined d* in! develo,'ent o$ the t an%action /$o validation object% and/o validation *le%1. In an& ca%e0 the chec+in! o$ bloc+ed t an%action% e@,i e% #hen the a*tho i"ation chec+ be!in%. SAP e-*i e% that no di ect chan!e% a e eve 'ade to a , od*ctive %&%te'. SAP al%o eco''end% that chan!e a*tho i"ation% not be a%%i!ned to *%e % in the $ollo#in! a*tho i"ation object%B 9 9 A*tho i"ation object SMDE?ELOP ;A8AP/. Develo,'ent >o +bench; A*tho i"ation object SMPROGRA5 ;A8AP/. P o! a' <lo# ?alidation%;
9 9
A*tho i"ation object DMDDI)MALL ;A*tho i"ation $o Data Dictiona & and Databa%e Utilit&; A*tho i"ation object SMTA8UM)LI ;Table 5aintenance $o )lient9inde,endent Table%;
Acce%% to the A8AP/. , o! a''in! lan!*a!e i% validated *%in! the $ollo#in! a*tho i"ation object%B 9 9 SMPROGRA5B Sta tin! A8AP/. , o! a'% and 'aintainin! va iant%0 att ib*te% and te@t% SMAD5IM<)DB A8AP/. Ad'ini%t ation
<* the in$o 'ation i% available in the $ollo#in! doc*'entation 'an*al%B 9 9 8) ;S&%te' Ad'ini%t ation; NN ;)on$i!* ation and O !ani"ation; $o the e%,ective SAP a,,lication%
/NoteB NN %tand $o the e%,ective SAP a,,lication.
2.3.2 Authorization structures /Re$e to o i!inal ,a!e 31 $o ! a,hic/ Data , otection / Data %ec* it& A*tho i"ation 5odel )*%to'i"in! )ollective , o$ile% P o$ile%99H U%e A*tho i"ation99H Object ?al*e99H <ield Ao* can b*ild co',le@ a*tho i"ation %t *ct* e% $ o' %i',le one% b& co'binin! a*tho i"ation% to c eate /individ*al1 , o$ile% and co'binin! individ*al , o$ile% to c eate collective , o$ile%. >ith thi% technolo!&0 &o* can0 $o e@a',le0 c eate a collective , o$ile $o Acco*nt% Receivable cle +% #ithin co',an& code F1. Each e',lo&ee #ith that job de%c i,tion #ill then have thi% collective , o$ile in hi% *%e 'a%te . I$ the , o$ile need% to be chan!ed0 the chan!e need% to be 'ade onl& once /in the collective , o$ile10 and not in each *%e 'a%te . <o ,* ,o%e% o$ ,e $o 'ance and %&%te' cla it&0 it i% not advi%able /altho*!h it i% ,o%%ible1 to ! o*, collective , o$ile% into othe collective , o$ile%. 2.3.3. Se!arating maintenance and activation In the inte e%t o$ %ec* it&0 the $*nction% o$ 'aintainin! and activatin! , o$ile% and a*tho i"ation% in the %&%te' a e +e,t %e,a ate. Onl& the active ve %ion o$ a , o$ile o a*tho i"ation i% valid in the %&%te'. An individ*alE% 'aintenance a*tho i"ation can be e%t icted to %,eci$ic *%e %0 , o$ile% and object%. 2.3." ;ser master The *%e 'a%te eco d contain% a li%tin! o$ the , o$ile% and collective , o$ile% a*tho i"ed $o that *%e . A eve %e inhe itance , inci,le a,,lie% he e0 'eanin! that chan!e% 'ade at an& level belo# the *%e 'a%te eco d level a$$ect all hi!he level% above it0 *, to and incl*din! the *%e 'a%te eco d. 2.3.% Password !rotection and $ogon U%e 9%,eci$ic initial ,a%%#o d% a e a%%i!ned to i', ove , otection $o ,a%%#o d% and %&%te' lo!9 in. Ne# ,a%%#o d% have to 'eet %&%te'9dete 'ined %&nta@ e-*i e'ent%0 and con%e-*entl& *nde !o a va iet& o$ chec+% /%ee online doc*'entation1.
5o eove 0 c*%to'e % can al%o add thei o#n ,a%%#o d validit& chec+% to the SAP lo!on , oced* e a% $ollo#%B An& #o d%/cha acte %e-*ence% that a e not allo#able a% ,a%%#o d% can be ente ed in Table USR.F. The table can be 'aintained #ith t an%action S53F. NoteB I$ the adj*%table 'a@i'*' n*'be o$ *%e atte',t% i% e@ceeded0 the *%e #ill be bloc+ed $o a 'a@i'*' o$ (. ho* %0 beca*%e the bloc+ i% cancelled b& the %&%te' #hen the date chan!e%. 2.3.* /ustomerCs!eci,ic authorization checks )*%to'e % can add thei o#n a*tho i"ation chec+% in an R/3 %&%te' b& $ollo#in! one o$ the%e t#o , oced* e%B 9 9 Addin! an a*tho i"ation object to a transaction in ab$e S /D in thi% ca%e , o! a''in! i% not e-*i ed. P o! a''in! a*tho i"ation chec+% in A+AP(" Programs *%in! the A; ?O1I EC /?@/F co''and
2.3.- ;!stream security systems The $ollo#in! level% a e %i!ni$icant $o %ec* it& chec+%B 9 9 9 9 P) level Net#o + level O,e atin! %&%te' level Databa%e level
<* the validation i% ca ied o*t at the SAP a,,lication level. At thi% ,oint0 e$e ence %ho*ld al%o be 'ade to the co e%,ondin! SAP 8a%i% doc*'entation and to the 'an*$act* e D% doc*'entation. 2.3.0 A+#@ S / G HSAP ransaction /odesH
T an%action SE73 i% *%ed to 'aintain t an%action code% in Table TST) o$ )lient FFFC *%e S5F1 to loc+ and *nloc+ it. 2.3.2 /ustomizing Re$e to )ha,te 30 ;)o ection and T an%,o t S&%te'0; $o in$o 'ation on %ec* it& and acce%% , otection #hen c*%to'i"in!.
2." 1isks
The hi!h $le@ibilit& o$ the SAP a*tho i"ation 'odel and *%e ad'ini%t ation 'odel can lead to con%ide able %ec* it& i%+% i$ the& a e *%ed i', o,e l&. It i% ,o%%ible0 $o in%tance0 $o a *%e to in$l*ence #o + , oce%%e% o ,o%tin! ta%+%. E@a',le%B 9 9 Reco din! o$ chan!e doc*'ent% /'a%te data0 doc*'ent% and cont ol table%1 can be ,a tiall& o co',letel& deactivated. A*tho i"ation chec+% in , o! a'% /AUTOORITA9)OE)Q1 can be e'oved.
SAP %hi,% a #ide a a& o$ ;standardH !ro,i$es0 each tailo ed to one o$ 'an& di$$e ent $*nction% #ithin a b*%ine%%. 5an& *%e % ado,t the%e , o$ile% beca*%e o$ the co',le@it& o$ the ne# a*tho i"ation 'odel. Thi% 'i!ht e%*lt in %,eci$ic risksB 9 9 S,eci$ic b*%ine%% e-*i e'ent% 'a& not be %*$$icientl& cove ed b& the %tanda d , o$ile%. On the othe hand0 ne# i%+% 'i!ht e%*lt $ o' an atte',t to ada,t the %tanda d , o$ile to the co',an&D% b*%ine%% e-*i e'ent% /i.e.0 b& e@,andin! the a*tho i"ation% a%%i!ned to a *%e 1. A*ditabilit& 'i!ht be adve %el& a$$ected i$ the SAP na'e% $o the , o$ile% a e +e,t a$te 'a+in! chan!e% to the , o$ile%.
The , o$ile% S=A.SES @. and S=A.)@B@#OP both contain c itical a*tho i"ation% and the e$o e shou$d not be assigned in a !roductive system. <inall&0 a , o! a' $o the te%t %&%te' that i% ;,ac+a!ed; in anothe , o! a' co*ld in %o'e ca%e% be t an%$e ed to the , od*ctive %&%te' and e@ec*ted the e0 *nle%% a 'echani%' #ithin the co',an& ,e $o '% detailed chec+% o$ all t an%,o t% to the , od*ctive %&%te' be$o e elea%in! the'. The%e e@a',le% ill*%t ate the $act that the %ec* it&9a% #ell a% the , o,e and o de l& $*nctionin!9o$ the enti e %&%te' i% di ectl& de,endent on the ! anted a*tho i"ation%. S!ecia$ attention shou$d there,ore be !aid to the granting o, authorizations. 8e$o e evie#in! , oce%%in! e%*lt%0 al#a&% chec+ the elevant *%e a*tho i"ation% to en%* e that the , oce%%in! e%*lt% a e ba%ed on a*tho i"ed o*tine% and ent ie%.
2.% Audits
2.%.1 ;ser management <a'ilia i"e &o* %el$ #ith the , oce%% $o ! antin! *%e a*tho i"ation% /a,,lication and a,, oval , oced* e% and divi%ion o$ ;c eate/'aintain *%e 0; ;c eate/'aintain object% and a*tho i"ation%0; and ;activate , o$ile and a*tho i"ation%; e%,on%ibilitie%1 and al%o e@a'ine the inte nal , oced* e% dealin! #ith tho%e %*bject% /I)S1. <ind o*t #hethe # itten in%t *ction% e@i%t $o allocatin! and chan!in! USERID%. Obtain the elevant a,,lication $o '% and $ile the' #ith the #o +in! ,a,e %. )hec+ #hethe o$$icial 'ea%* e% e@i%t $o en%* in! that an e',lo&eeD% USERID i% deleted a% %oon a% he leave% the co',an&. )hec+ #hethe the ! antin!0 chan!in! and deletin! o$ USERID% '*%t be a*tho i"ed b& a e%,on%ible 'e'be o$ %ta$$. Dete 'ine #hethe cont ol , oced* e% a e ca ied o*t b& e%,on%ible de,a t'ent% #hen a ne# *%e 'a%te i% c eated o #hen a *%e D% acce%% level% a e chan!ed. )hec+ #hethe a 'andato & , oced* e i% e-*i ed to chan!e a *%e D% acce%% level #henB 9 The *%e D% e%,on%ibilitie% #ithin the o !ani"ation chan!e0 nece%%itatin! chan!e% to hi% *%e 'a%te eco d /dan!e o$ acc*'*lated data acce%% a*tho it& d*e to $ e-*entl& chan!in! e%,on%ibilitie% #ithin the $i '1 E',lo&ee% leave the co',an& / e%i!nation1
)hec+ #hethe e',lo&ee%D a*tho i"ation , o$ile% co e%,ond to thei a ea% o$ e%,on%ibilit&. Ta+e ando' %a',le% to co',a e a,, oved a*tho i"ation% #ith a*tho i"ation% act*all& ! anted. )hec+ #hethe a 'andato & , oced* e i% e-*i ed to chan!e , o$ile% and a*tho i"ation% #hen an object i% chan!ed. )hec+ #hethe chan!e% to the *%e a*tho i"ation conce,t a e bein! doc*'ented0 and #hethe thi% doc*'entation i% bein! etained $o at lea%t 1F &ea %. S!ecia$ individua$ checks7 >ho i% active in the %&%te'R 5en* ,ath Tool%99H Ad'ini%t ation99H 5onito 99H S&%te' 'onito in!99H U%e ove vie# Alte nativeB T an%action code S5F.
Stati%tical eval*ation via *%e activitie% /,e a,,. %e ve onl&G1 5en* ,ath Tool%99H Ad'ini%t ation99H 5onito 99H Pe $o 'ance99H >o +load99H Stati%tic% Reco d99H )hoo%e Reco d ,*%hb*tton. Then loo+ at SE36 /$o e@a',le1. Alte nativeB T an%action code STAT )han!e% 'ade to *%e NNN 5en* ,ath Tool%99H Ad'ini%t ation99H U%e 'aintenance99H U%e %99H In$o99H )han!e doc*'ent%99H U%e %99H U%e na'e99H )han!e% %ince99H )h!.A*th. ,*%hb*tton. Alte nativeB T an%action codeB SUF1 >hich *%e ha% c itical %&%te' a*tho i"ation%R 5en* ,ath Tool%99H Ad'ini%t ation99H U%e 'aintenance99H P o$ile%99H In$o99H Ove vie#99 H U%e %99H Select Object99H 8a%i% Ad'ini%t ation99H S&%te' a*tho i"ation%. ?al*e% #ith J I te%t all. Alte nativeB T an%action codeB SUF199H In$o %&%te' 2.%.2 Security and access !rotection Dete 'ine #hethe an& %,ecial acce%% , otection %o$t#a e i% in%talled. Oave %o'eone e@,lain and de'on%t ate the lo!on , oced* e%. Obtain a co,& o$ an& # itten doc*'entation that i% available /'an*al%0 o !ani"ational in%t *ction%0 etc.1. E%tabli%h #hethe the %&%te' $o ce% the *%e to e!*la l& chan!e% hi% ,a%%#o d /%&%te' ,a a'ete % and/o eIterna$ %ec* it& %o$t#a e1. )hec+ Table USR.F to %ee #hich c*%to'e 9%,eci$ic ,a%%#o d% a e not allo#ed. <ind o*t #hethe chan!e% can be 'ade to thi% table online0 and dete 'ine #hich ,eo,le have acce%% to the co e%,ondin! e,o t a*tho i"ation ! o*,. )hec+ #hethe ,a%%#o d% '*%t be e9ente ed a$te the %&%te' ha% been le$t *nnin! *n*%ed $o lon! ,e iod% o$ ti'e /%&%te' ,a a'ete % and/o eIterna$ %ec* it& %o$t#a e1. 5a+e %* e that all a*tho i"ation% $o *%e SAPJ have been evo+ed and have been t an%$e ed to a %ec et e'e !enc& *%e . /aution7 I$ the SAPJ *%e 'a%te i% deleted0 SAPJ i% e%et to the %tanda d ,a%%#o d ;PASS; and eve t% to the %tanda d , ivile!e% o$ a %*,e *%e .
Al%o en%* e that the %tanda d ,a%%#o d o$ *%e DDI)0 #hich i% !ene all& e-*i ed onl& $o in%tallation and 'aintenance activitie%0 ha% been chan!ed in )lient% FFF and FF1. In addition0 the e@ten%ive a*tho i"ation% in the DDI) %ho*ld be onl& te',o a il& acce%%ible.
U%in! the 'en* o t an%action% SUF19SUF30 di%,la& *%e 'a%te eco d% and a*tho i"ation in$o 'ation. The $ollo#in! anal&%e% a e ,o%%ibleB 9 9 9 9 9 U%e 'a%te eco d% P o$ile% A*tho i"ation% A*tho i"ation object% )han!e doc*'ent%
U%e the%e anal&%e% to dete 'ine i$ onl& a,, o, iate0 job9%,eci$ic a*tho i"ation% #e e i%%*ed. Pa& %,ecial attention to a*tho i"ation% $o data , oce%%in! e',lo&ee%C a*tho i"ation to act*all& chan!e data %ho*ld be ! anted to DP e',lo&ee% onl& in e@ce,tional ca%e%. Al%o dete 'ine #hat eco d% o$ a%%i!ned a*tho i"ation% a e available. U%in! t an%action S@1*0 &o* can loo+ at Table ;S152 to dete 'ine #hich *%e % have not been lo!!ed in to the %&%te' $o an e@ten%ive ,e iod o$ ti'e o at one ti'e #e e not lo!!ed in $o an e@ten%ive ,e iod o$ ti'e. >hen e-*e%ted0 ente the *%e #ith a ;J; cha acte and 'a+e an *n'a%+ed 69cha acte F ent & in the ;TRDAT; $ield. Reco''end to the co',an& bein! a*dited that the& delete the%e *%e 'a%te eco d%0 o at lea%t bloc+ the'. 5ani,*lation ,o%%ibilitie% e@i%t #hen the%e *n*%ed *%e 'a%te eco d% a e acce%%ed #itho*t , o,e a*tho i"ation. Thi% can occ* i$ the ;o#ne %; o$ the%e eco d% have neve lo!!ed into the %&%te' and the e$o e neve chan!ed the ,a%%#o d $ o' the %tanda d initial ,a%%#o d. In thi% ca%e0 it 'i!ht be ,o%%ible $o an *na*tho i"ed *%e to 'ani,*late data *%in! othe *%e na'e%. In thi% conte@t0 &o* %ho*ld al%o chec+ #hethe the %&%te' e-*i e% the %tanda d ,a%%#o d to be chan!ed o a$te a ce tain n*'be o$ da&% /al%o ,o%%ible $o all othe ,a%%#o d%1 o #hethe the *%e i% bloc+ed i$ thi% doe% not occ* . Thi% $*nction i% %,eci$ied *%in! the %&%te' , o$ile ,a a'ete ;lo!in/,a%%#o dMe@,i ationMti'e; /Re,o t 1SPA1A.1. U%in! t an%action S.510 $ind o*t #hich t an%action% a e bloc+ed /an N indicate% that the t an%action i% bloc+ed $o all *%e %1. >hen the rec(c$ient %#itch in the o,e atin! %&%te' i% %et to ;All; o ;S'dH0; lo!% o$ table chan!e% can be called *, *%in! the A8AP e,o t% 1S +P1O /table lo! databa%e eval*ation1 o 1S +S@1B /anal&%i% via di%,la& and co',a i%on o$ table9li+e object%1. Thi% $*nction i% o i!inall& %et *, in )*%to'i"in! /'onito in! #ith e,o t 1SPA1A.1. )han!e doc*'ent% a e !ene ated i$ a table incl*de% the technical ,a a'ete ;lo!!in!; and i$ the ;# ite chan!e doc*'ent%; $*nction i% active in the %&%te'. )hec+ #hethe an ade-*ate table chan!e and elea%e , oced* e e@i%t% /%ee )ha,te .1 and #hethe an& 'echani%' e@i%t% to ve i$& that all chan!e% in Table S / a e co',letel& lo!!ed. Dete 'ine #hethe each de,a t'ent $ollo#% , oced* e% to en%* e that data $o #hich it i% e%,on%ible cannot be chan!ed #itho*t it% a*tho i"ation.
En%* e that no validation object% can be %#itched o$$ o deleted /Table S /0 Table% and )hec+ Ro*tine% and0 in thi% conte@t0 t an%action% S.31 and S@301. )hec+ #hethe the in%talled acce%% cont ol , oced* e% %ec* e the $*nction that lo!% chan!e%0 %o that an& i', o,e chan!e% o atte',t% to conceal the' can be di%cove ed. 2.%.3 Im!ortant individua$ authorizations A% a *le0 SAP *%e % in %ec* ed a ea% /e%,eciall& Acco*ntin! and S&%te' 5aintenance1 %ho*ld o,e ate *nde the dua$ contro$ !rinci!$e. >hat thi% !ene all& 'ean% $o %&%te' and 'a%te t an%action% i% that an E5ERGEN)A USER %ho*ld be a,,ointed to $*l$ill e-*i ed 'ea%* e% in con4unction with a e, e%entative $ o' the elevant de,a t'ent. A %*b%tit*te $o the e'e !enc& *%e %ho*ld al%o be na'ed in ca%e the e'e !enc& *%e i% ab%ent. Relevant %tanda d , o$ile%0 a*tho i"ation object% and t an%action% $ o' the acco*ntin! and %&%te' 'aintenance a ea% a e li%ted in the $ollo#in! %ection. MMMMMMMMMM 6ote7 Transactions with mandatory posting will not only/no longer be entered and generated by the Accounting department alone, due to the increased integration of various programs (modules). This will apply to both documents and master records from other SAP systems. MMMMMMMMM Posting authorizations SAP %&%te'% incl*de va io*% %tanda d , o$ile%0 a*tho i"ation object% and t an%action% $o ,o%tin!0 chan!in! and di%,la&in! doc*'ent%0 not onl& in the <I a,,lication0 b*t in A50 )O0 OR0 550 SD0 etc. a% #ell. In +ee,in! #ith the , inci,le o$ divi%ion $*nction%0 the a*tho i"ation $o ,o%tin! and doc*'entin! chan!e t an%action% %ho*ld be e%t icted to e',lo&ee% #ho a e e%,on%ible $o tho%e ta%+%. Audits7 Dete 'ine #hethe the a*tho i"ation object% $o ,o%tin! $*nction% o$ the SAP %&%te'%0 a% #ell a% the co e%,ondin! %tanda d , o$ile% $o ,o%tin! $*nction%0 a e ! anted onl& to e',lo&ee% o$ the a,, o, iate de,a t'ent% #ho a e e%,on%ible $o tho%e ta%+%. E@a',le%B 9 9 9 9 9 Acco*ntin! doc*'entB A*tho i"ation $o doc*'ent t&,e% Acco*ntin! doc*'entB A*tho i"ation $o co',an& code% Acco*ntin! doc*'entB A*tho i"ation $o b*%ine%% a ea% Acco*ntin! doc*'entB A*tho i"ation $o acco*nt t&,e% Acco*ntin! doc*'entB Acco*nt A*tho i"ation $o c*%to'e %
9 9
Acco*ntin! doc*'entB Acco*nt A*tho i"ation $o vendo % Acco*ntin! doc*'entB Acco*nt A*tho i"ation $o G/L acco*nt
.aster data maintenance 8such as <)II9 <FII9 <SII9 etc.: 6oteB @@ %tand% $o F10 F(0 F30 etc. In an inte nal cont ol %&%te' /I)S10 ca e %ho*ld be ta+en to !*a antee %e,a ation o$ the ;,o%tin!; and ;'a%te data 'aintenance; $*nction%. In %'alle acco*ntin! de,a t'ent%0 thi% can be done b& havin! the c*%to'e and vendo 'a%te data 'aintained b& di$$e ent de,a t'ent%0 b*t #ith the e%,on%ible acco*ntin! de,a t'ent etainin! the $*nction% o$ 'onito in! and ,o%tin!. Alte nativel&0 the SAP %&%te' can 'onito 'a%te data chan!e% to the e%,ective a ea% b& *%in! t an%action <QF. $o vendo %0 <SF. $o G/L acco*nt%0 and <DF. $o c*%to'e %. It i% al%o ,o%%ible to ,e $o ' e!*la anal&%e% *%in! the R<DA8LFF /c*%to'e %1 and R<QA8LOO /vendo %1 A8AP e,o t%. The%e e,o t% can , int o*t and di%,la& all 'a%te data chan!e% on%c een. U%e e,o t R<QQAGFF to co',a e vendo 'a%te eco d% e@i%tin! in both the <inancial Acco*ntin! and P* cha%in! a ea%. 6ote7 Othe anal&%i% e,o t% a e available $o 'a%te eco d% $o B R<8A8LFF /doc*'ent%10 R<SA8LFF /G/L acco*nt%10 R<DQLIA8 /c edit 'ana!e'ent10 and R<8QA8LF /ban+%1. All 'a%te data chan!e% '*%t be lo!!ed $o a% lon! a% the& 'aintain doc*'ent %tat*%. A% it i% !ene all& -*ite di$$ic*lt to di%tin!*i%h bet#een chan!e% #ith and chan!e% #itho*t doc*'ent %tat*%0 all 'a%te data chan!e% '*%t be incl*ded *nde the lo!!in! e-*i e'ent $o %ec* it& ea%on%. It '*%t be i',o%%ible to chan!e and/o delete chan!e doc*'ent%. Audits7 Gain an ove vie# o$ #hich a*tho i"ation% $ o' the individ*al a*tho i"ation object% , ede$ined b& SAP a e act*all& de$ined0 and #hat val*e% a e contained in the $ield% o$ tho%e object%. Dete 'ine #hich e',lo&ee% can maintain master records /i.e.0 object% <MQNAIM@@@0 <ML<A1M@@@0 <MSQA1M@@@1. )hec+ #hethe tho%e e',lo&ee% can al%o ,o%t t an%action%. <ind o*t ho# 'a%te data chan!e% a e 'onito ed. )hec+ co',liance #ith 'andato & doc*'ent etention ,e iod%. System transactions P o$ile% containin! %&%te' a*tho i"ation% /SMUSERMAll0 SAPMALL0 SAPMNE>1 %ho*ld be restricted to a% $e# e',lo&ee% a% ,o%%ible. <ind o*t0 the e$o e0 #ho ha% cont ol o$ the%e %&%te'
a*tho i"ation%. On$y the emergency user shou$d !er,orm the debugging re!$ace ,unction 8authorization S=)@B@#OP: in a !roductive system9 and that user must strict$y observe the re'uirements o, audit traceabi$ity. .aster transactions 5a%te t an%action% /SE@@0 S5@@0 SU@@10 a% #ell a% %tanda d , o$ile% SMA.SASTE50 SMA.AD5IN0 SMA.)USTO5IK0 SMTSQOMALL and the SMAD5IM<)D a*tho i"ation object0 %ho*ld be a%%i!ned onl& to a $e# %elected *%e /i.e.0 the E5ERGEN)A USER and hi% %*b%tit*te1. Audits7 It i% i',o tant to dete 'ine #ho ha% the transaction authorizations7 S.51 S.52 H+$ock and unb$ock transactionsH HSe$ect b$ocking entriesH
and #ho 'aintain% the co e%,ondin! $*nction% in the authorization ob4ectsB S=A).I=</) S=@6K;@ System authorizations9 inc$uding H+$ocking transactionsH )is!$ay(de$ete b$ocking entries
I$ ab$e S / i% valid $o all client%0 &o* '*%t ,e $o ' thi% a*dit in the delive & client0 othe #i%e ,e $o ' it in the , od*ctive client. Dete 'ine #ho ha% a*tho i"ation to %et o chan!e %&%te' ,a a'ete % /*%in! o,e atin! %&%te' techni-*e%1. Dete 'ine #ho cont ol% the transaction S A ;Dail& %&%te' %tati%tic%.; Dete 'ine #ho cont ol% the 'aintenance a*tho i"ation% S;51(S;52(S;53 and/o the SMUSERMGRP0 SMUSERMPRO and SMUSERMAUT object%0 and chec+ #hethe the%e e',lo&ee% %ho*ld be able to c eate and/o 'aintain SAP %&%te' *%e %. )hec+ the a%%i!n'ent o$ 'aintenance t an%action% S;II0 in o de to en%* e %e,a ation o$ $*nction%B 9 9 9 U%e ad'ini%t ato B A*tho i"ation ad'ini%t ato B Activation ad'ini%t ato B ) eate *%e % A*tho i"ation 'aintenance Activation 8S;O1: 8S;529 S;53: 8S;529 S;53:
MMMMMMMMMM 6ote7 An administrator should not have both maintenance and activation authori ation for profiles and authori ations. A user with these authori ations could assign restricted privileges to
authori ations, then activate and assign them. This means, for e!ample, that the value "# in the authori ation ob$ects S%&S'(%P() and S%&S'(%A&T should be accessible only to the activation administrator. The SAP manual *+,- System Administration* contains further information on re.uired authori ations for system and authori ation administrators, especially in ,hapter /, *&ser 0aster (ecords,* and ,hapter 1, *Authori ations.* Since administrators often have e!tensive system privileges, you should chec2 from time to time whether the authori ations assigned to them are correct and still correspond to the organi ational situation of the company. MMMMMMMMMM )hec+ to %ee #ho ha% S=6;.+@1 ;5aintain n*'be an!e%; a*tho i"ation. <ind o*t #hich *%e % have client9de,endent o c o%%9client a*tho i"ation $o the t an%action a*tho i"ation% S.35 and S.31 and/o %tanda d , o$ile% li+e S= A+;=)IS9 S= A+;=/#I ;5aintain ATA8 Table%.; Then dete 'ine #hich a*tho i"ation cla%%e% e@i%t $o table% in Table T8RG and/o TDDAT. )hec+ #hethe table a*tho i"ation $o all *%e % #ith S531 a*tho i"ation i% e%t icted to individ*al cla%%e%. Each a*tho i"ed *%e %ho*ld be able to 'aintain onl& the table% belon!in! to hi% a ea o$ e%,on%ibilit&. <ind o*t #ho ha% a*tho i"ation $o the S@30 t an%action ;A8AP/. P o! a''in!0; and #ho ha% a*tho i"ation $o t an%action S@%1 ;Sc een ,ainte /D&n, o chan!e%.; )ue to traceabi$ity re'uirements re'uired by $aw9 transaction S@30 is not !ermitted within a !roductive system. Oo#eve 0 a %,ecial *%e #ith that a*tho i"ation %ho*ld be c eated $o e'e !encie% /#ith the na'e E5RGN)A0 $o e@a',le1. All ent ie% 'ade b& thi% *%e '*%t then be lo!!ed in an ea%il& t aceable 'anne . The , inci,le o$ dua$ contro$ %ho*ld be %t ictl& $ollo#ed in thi% %it*ation. Dete 'ine #ho ha% t an%action a*tho i"ation $o S.13 ;Oandlin! *,date eco d%.; Re,o t 1<B+@155 c eate% a li%t o$ te 'inated *,date% that %ho*ld have been ,o%ted *%in! the ;,o%t doc*'ent; $*nction. It al%o incl*de% ,o%tin!% that have ente ed <I $ o' othe a,,lication%.
3 Workbenc Or!ani"er and #rans$ort System

3. Workbench Organizer and rans!ort System 3.1 Objective 3.1.1 <*nctional inte! it& 3.1.( T aceabilit& 3.( Re-*i e'ent% 3.(.1 =ob %*b'i%%ion 3.(.( I',le'entation o$ a chan!e 3.(.3 Acce,tance and , od*ction t an%$e 3.3 SAP $act% 3.3.1 P* ,o%e and %t *ct* e 3.3.( SAP %&%te'% 3.3.3 )o ection and e,ai 3.3.. >8OT %ettin!% 3.3.2 )ond*ctin! t an%,o t% 3.. Ri%+% 3...1 ?alidit& o$ ODE% 3...( Inco ect )TS %ettin!% 3...3 Acce%% to o,e atin! %&%te' level 3.... In%tabilit& 3...2 5ani,*lation 3.2 A*dit% 3.2.1 Reco din! the e@i%tin! , oced* e 3.2.( Revie# o$ the 'odel 3.2.3 )o',liance #ith the 'odel 3.2.. )onc ete a*ditin! %te,%
3.1 Ob4ective
The >o +bench O !ani"e and T an%,o t S&%te' />8OT1 ha% the $*nction% li%ted belo# /a% o$ Relea%e 3.F0 the )TS i% located *nde >8OT1B 9 Re!i%t ation and doc*'entation o$ all chan!e% to %&%te' object% /object% in the develo,'ent envi on'ent0 o ODE%1. Thi% incl*de% Data Dictiona & ele'ent% /%*ch a% table%10 A8AP/. , o! a'%0 %c een te',late%0 and *%e 9de$ined object% /UDO%1 and c*%to'i"in! object%. Avoidance o$ conc* ent chan!e% to a %&%te' object 'ade b& di$$e ent develo,e %. O de l& t an%$e and elea%e o$ ODE% bet#een di$$e ent SAP %&%te'% o va io*% client% #ithin a SAP %&%te'.
9 9
3.1.1 <unctiona$ Integrity )han!e% 'ade to table% and , o! a'% lead to $*nctional chan!e% in the %&%te'. It i% the e$o e i',o tant to en%* e that onl& a*tho i"ed chan!e% a e i',le'ented and that all $*nction% etain thei , o,e elation%hi, to each othe . 3.1.2 raceabi$ity
A $* the ai' i% to co',letel& doc*'ent all chan!e% to the %&%te' in o de to 'a+e the' t aceable.
3.2 1e'uirements
All chan!e% a e to be 'ade *%in! the >o +bench O !ani"e /and T an%,o t S&%te'1. S*$$icient and bindin! *le% '*%t be e%tabli%hed $o job %*b'i%%ion /%*ch a% the c eation o$ an A8AP1 and i',le'entation o$ chan!e%0 a% #ell a% $o te%tin!0 acce,tance0 and t an%$e in! chan!e% to the , od*ctive %&%te' /%ee al%o %ection 3.(.31. 3.2.1 &ob submission Eve & , o! a''in! chan!e '*%t be de%c ibed in detail in a chan!e e-*e%t and '*%t be $o 'all& a,, oved b& the o#ne o$ the data. Thi% a,,lie% to both a*tho i"ation $o chan!e% to , o! a'% and to the t an%$e o$ data%et%. 3.2.2 Im!$ementation o, a change Since ODE% a e o$ten valid %&%te'9#ide0 the te%t and , od*ction %&%te'% '*%t be 'aintained %e,a atel&. the >8OT *%e% a loc+in! 'echani%' to avoid 'a+in! conc* ent chan!e% to the %a'e object b& di$$e ent develo,e %. >hen ODE% a e chan!ed *%in! the >o +bench O !ani"e 0 the %&%te' lo! 'aintain% a hi%to & lo!. Thi% 'ean% that it i% ,o%%ible to e%to e , io ve %ion% o$ e@i%tin! , o! a'%. <ollo# the SAP na'in! convention% /na'e an!e $o c*%to'e object%1 to avoid , oble'% d* in! late elea%e o ,*t level chan!e%. Sel$9de$ined ODE% '*%t be ade-*atel& doc*'ented. 3.2.3 Acce!tance and !roduction trans,er The d*al cont ol , inci,le '*%t be ob%e ved d* in! acce,tance te%tin!C and it %ho*ld be ,e $o 'ed inde,endentl& o$ the , o! a''e . A% a *le0 it %ho*ld be ,e $o 'ed b& the e',lo&ee /de,a t'ent1 e-*e%tin! the chan!e. I$ , o! a' chan!e% have 'ade0 e@a'ine the %o* ce code to 'a+e %* e that onl& that ,a t o$ the , o! a' that #a% 'eant to be chan!ed #a% act*all& 'odi$ied. The acce,tance te%t %ho*ld be ,e $o 'ed in an SAP %&%te' that i% co',letel& %e,a ate $ o' the , od*ctive %&%te' /, e9, od*ction10 *%in! the %a'e c*%to'i"in! %ettin!% that e@i%t in the , od*ctive %&%te' a% #ell a% a %*itable data%et. O !ani"ational 'ea%* e% %ho*ld !*a antee that no %*b%e-*ent chan!e% can be 'ade to the
chan!e% o ne# develo,'ent% a$te the c* ent chan!e ha% been. Acce,tance and t an%$e to , od*ction '*%t be doc*'ented in # itin!. Othe acco',an&in! doc*'entation /%*ch a% o de and elea%e $o '%1 %ho*ld be a chived acco din! to a,, o, iate le!al e-*i e'ent%.
3.3 SAP ,acts

3.3.1 Pur!ose and structure The >o +bench O !ani"e and T an%,o t S&%te' con%i%t% o$ the $ollo#in! co',onent%B 9 9 >o +bench O !ani"e T an%,o t S&%te'
The Workbench Organizer !*a antee% that onl& a %in!le o i!inal object% e@i%t% $o each e@i%tin! ODE in all /net#o +ed1 SAP %&%te'%. )han!e% a e no 'all& 'ade onl& to thi% o i!inal and a e then t an%$e ed to othe SAP %&%te'% via the t an%,o t %&%te'. The >o +bench O !ani"e %ave% all chan!e% to Data Dictiona & ele'ent% and A8AP/. , o! a'%. Old ve %ion% can then be e%to ed o co',a ed a!ain%t the c* ent ve %ion. )*%to'i"in! %ettin!% can al%o be eco ded acco din! to %&%te' %ettin! /Table TFFF1. The >o +bench O !ani"e i% a*to'aticall& activated a% %oon a% a *%e t ie% to chan!e an object. U%e % cannot c eate o chan!e an object *ntil the& have $i %t c eated a chan!e e-*e%t #ith job% in the >o +bench O !ani"e o *nle%% the& *%e an e@i%tin! chan!e e-*e%t. To , event conc* ent alte ation%0 all othe develo,e % a e loc+ed o*t o$ an object #heneve a job i% bein! ente ed. Thi% loc+ i% not e'oved *ntil the e-*e%t i% elea%ed. >hen job% a e elea%ed0 the& a e $o #a ded to the T an%,o t S&%te'. The T an%,o t S&%te' i% de%i!ned to en%* e co',lete and t aceable t an%,o t o$ ODE and )*%to'i"in! %ettin!%. It i% %&%te'9inde,endent0 'eanin! that ODE% can be t an%,o ted bet#een all o,e atin! %&%te'% %*,,o ted b& R/3. The %&%te' a*to'aticall& ca ie% o*t all e-*i ed conve %ion%. The >o +bench O !ani"e and T an%,o t S&%te' a e %et *, to #o + in conce t #ith each othe . At the be!innin! o$ the develo,'ent , oce%%0 a chan!e e-*e%t and one o 'o e ta%+% $o each e',lo&ee conce ned i% c eated. The co e%,ondin! object% a e then !ene ated and chan!ed0 and the& a e e!i%te ed in the job. At the end o$ develo,'ent0 individ*al e',lo&ee% elea%e thei ta%+/%1 %o that the chan!e e-*e%t and all edited object% can be e@,o ted o*t o$ the %o* ce %&%te' via a elea%e. T an%,o t to the e%,ective ta !et %&%te' then occ* % at o,e atin! %&%te' level. Seve al co ection% can be co'bined into one t an%,o t o de . 3.3.2 SAP systems <o )TS0 a net#o +ed SAP %&%te' con%i%t% o$ one o 'o e SAP R/3 %&%te'% o$ the %a'e ve %ion that %ha e a co''on databa%e %&%te'. SAP e',lo&% the $ollo#in! no'enclat* e to di%tin!*i%h a'on! the%e %&%te'%B 9 /S,ecial1 )eve$o!ment system7 Se,a ate develo,'ent o$ c itical co',onent% o$ a , oject in an i%olated envi on'ent
Integration system7 <o develo,'ent #o + on non9c itical a,,lication% and %&%te' te%t%
/onso$idation system7 To en%* e develo,'ent %tat*%C di%t ib*tin! $*nction $o $ollo#in! delive & %&%te'%
)e$ivery systems7 )an a*to'aticall& i',o t %o$t#a e /ODE% $ o' con%olidation %&%te'%1
6ote7 The te ' ;delive & %&%te'; %tand% $o the totalit& o$ a %&%te' delive ed to a c*%to'e . The 'ini'*' envi on'ent eco''ended b& SAP i% a %&%te' con$i!* ation containin! develo,'ent and , od*ctive %&%te'%. <o 'an& client%0 the develo,'ent and inte! ation %&%te'% a e co'bined into one ;te%t %&%te'0; and the con%olidation and delive & %&%te'% a e co'bined into a %in!le ;, od*ctive %&%te'.; I, deve$o!ment work is done on O)@s9 a system with mu$ti!$e c$ients ,or deve$o!ment9 test9 and re$ease is not su,,icient9 because O)@s are genera$$y va$id ,or a$$ c$ients9 which means that any changes cou$d immediate$y a,,ect !roduction. A clientD% %&%te' t&,e% a e a,,a ent #hen vie#in! the c* ent %ettin!% $o the ASES and SES cont ol table% /%ee %ection 3.3..1. 3.3.3 /orrection and re!air SAP di%tin!*i%he% bet#een 9 9 o i!inal object% and co,ie% o$ o i!inal object%
An ODE i% an o i!inal in e@actl& one SAP %&%te'. All othe /net#o +ed1 %&%te'% onl& contain co,ie% o$ the o i!inal. All ODE% a e %to ed in Table TADIR alon! #ith thei develo,'ent cla%%0 o i!inal %&%te'0 a*tho e%,on%ible0 and la%t co ection o la%t t an%,o t. The table i% *,dated *%in! the a,, o, iate 'aintenance t an%action $o the ODE. All SAP ODE% /table%0 A8AP%0 etc.1 a e %to ed at SAP in thei o i!inal $o 'C onl& co,ie% a e %hi,,ed to c*%to'e %. I$ *%e % a e develo,in! thei o#n , o! a'%0 tho%e object% e@i%t a% o i!inal%. O i!inal% #ill neve be ove # itten b& a t an%,o t. The te ' correction a% *%ed b& SAP e$e % to chan!e% 'ade to an o i!inal object0 #hile the te ' re!air e$e % to chan!e% 'ade to a co,&.
The , inci,le o$ uni'ue changeabi$ity a,,lie% he eB An object can be chan!ed onl& b& a co ection in the %&%te' in #hich it #a% c eated. 1e!airs /chan!e% to co,ie%1 %ho*ld be 'ade onl& i$ the ;no 'al; 'ethod0 'eanin! a correction o, the origina$ and trans!orting to another SAP system0 cannot be *%ed. Thi% 'a& be the ca%e i$ the e a e e o % #ithin the SAP object% the'%elve%0 #hich0 a% 'entioned above0 a e onl& available at the c*%to'e D% %ite a% co,ie% /%o9called e'e !enc& e,ai %1. The %tat*% o$ an ODE /o i!inal0 co,&0 e,ai 0 etc.1 i% ad'ini%te ed in Table TADIR. Thi% table %ho*ld be , otected a!ain%t 'an*al acce%%. A e,ai ed object #ill not be ove # itten b& t an%,o t% a% lon! a% no con$i 'ation o$ a chan!e to the o i!inal i% ente ed. The %tat*% indicato $o chan!e% to o i!inal% i% not ve i$ied b& the %&%te'0 #hich 'ean% that the %&%te' doe% not chec+ #hethe the o i!inal object #a% al%o co ected and #hethe it 'atche% the e,ai ed co,&. 3.3." W+O settings The >8OT i% cont olled b& table% that can be di%,la&ed and edited *%in! t an%action S@5* /S&%te' %ettin!% $o )o ection and T an%,o t S&%te'1B 9 ab$e SES 7 )ontain% the technical de%c i,tion o$ all available SAP %&%te'% /in the net#o +10 incl*din! na'e0 o,e atin! %&%te'0 databa%e %&%te'0 etc. The T an%,o t S&%te' e@cl*%ivel& *%e% the na'e ente ed in the ;S&%te' na'e; $ield #hen chec+in! the availabilit& o$ an SAP %&%te'. S,eci$ication% in the othe $ield% in thi% table a e o,e ational0 #ith the e@ce,tion o$ the ;)ha %et; att ib*te /the cha acte %et *%ed in each %&%te'1. 9 A+#@ ASES7 )ontain% in$o 'ation de$inin! the ta !et %&%te'% $o t an%,o t% $ o' the con%olidation %&%te'. 9 ab$e )@B#7 )ontain% the de$inition o$ t an%,o t level%. A t an%,o t level %,eci$ie% the t an%,o t ,ath $ o' the inte! ation %&%te' to the con%olidation %&%te'. /I$ the e a e '*lti,le delive & %&%te'%0 table T>SAS i% al%o *%ed.1 9 ab$e WSES7 )ontain% the con%olidation ,ath% $o chan!e e-*e%t%
ab$e )@B/7 )ontain% a di ecto & o$ all develo,'ent cla%%e%. An inte! ation and con%olidation %&%te' i% a%%i!ned to each cla%%.
The%e table% can be 'aintained on$y by user ))I/ and '*%t have the %a'e content% in all SAP %&%te'% lin+ed to the >8OT. <* the 0 &o* can dete 'ine #hich %&%te'9#ide chan!e% a e allo#ed. Thi% %ettin! can onl& be 'ade *nde *%e DDI) o b& a *%e #ho ha% all a*tho i"ation% $o the >o +bench O !ani"e /t an%action SEF3 o Tool%99H A8AP/. >o +bench99H Ove vie#99H >o +bench O !ani"e 99H =*',99 Tool%1 /T an%action SEF199H Utilitie%99H Tool%99 Set S&%te' )han!eabilit&1. The $ollo#in! o,tion% a e availableB 9 9 Object% not chan!eableB Thi% %ettin!% allo#% no chan!e% #hat%oeve to object%. No ne# object% can be c eated. Onl& o i!inal object% /#ith >o +bench O !ani"e 1 Thi% %ettin! allo#% onl& o i!inal object% o$ the %&%te' to be chan!ed0 %*bject to co ection cont ol. All c*%to'e object% /#ith >o +bench O !ani"e 1B Thi% %ettin! incl*de% the %ettin! ;Onl& o i!inal object%; and al%o incl*de% the ca,abilit& o$ e,ai in! c*%to'e object% in non9o i!inal %&%te'%. All object% /#ith >o +bench O !ani"e 1B In addition to ;All c*%to'e object%0; thi% %ettin! al%o o$$e % the ca,abilit& o$ e,ai in! SAP object%. 6ote7 Acco din! to SAP0 chan!e% to the%e %&%te' %ettin!% a e not lo!!ed. In Relea%e 3.F the >8OT can be a%%i!ned to an a*tho i"ation object0 #hich , ovide% %,ecial , otection a% ,a t o$ the a*tho i"ation 'odel. 3.3.% /onducting trans!orts >hen a t an%,o t e-*e%t i% !ene ated0 a hel, $ile #ith the a,, o, iate t an%,o t content% i% c eated at the o,e atin! %&%te' level. >hen i',o ted to the ta !et %&%te'0 thi% $ile i% eval*ated b& the Ht!H trans!ort !rogram. The ; 3t an%; , o! a' *%ed in ea lie elea%e% %ho*ld no lon!e be *%ed0 acco din! to SAP eco''endation%. I$ the SAP %&%te'% have a co''on t an%,o t di ecto &0 a ;te%t i',o t; can be a*to'aticall& cond*cted #hen the t an%,o t e-*e%t% a e e@,o ted $ o' the %o* ce %&%te' to the ta !et %&%te'. The a*tho % o$ the t an%,o t e-*e%t% #ill be in$o 'ed o$ the %*cce%%/$ail* e /o$ the e@,o t o te%t i',o t1. T an%,o t lo!% can be di%,la&ed in the In$o %&%te'.
3." 1isks
3.".1 Ba$idity o, O)@s Since ODE% a e valid th o*!ho*t the %&%te'0 chan!e% 'ade to an A8AP , o! a'0 $o e@a',le0 a$$ect all client% #ithin the indicated SAP %&%te'. <o thi% ea%on0 a*tho i"ation% to chan!e an ODE '*%t be heavil& e%t icted in the , od*ctive %&%te' /$o e@a',le0 no , o! a''in! a*tho i"ation%1. 3.".2 Incorrect / S settings So'e t an%,o t% 'a& $ail i$ the >8OT i% not c*%to'i"ed , o,e l& /Table% TSAST0 TASAS and DE?L1. The enti e T an%,o t S&%te' can be ci c*'vented i$ the %&%te'D% chan!eabilit& i% i', o,e l& con$i!* ed /;all object% chan!eable;1C in %*ch a ca%e0 the chan!e% 'ade #o*ld no lon!e be t aceable. 6ote7 The ;all object% chan!eable; %ettin! i% %till available a% o$ Relea%e 3.F. 3.".3 Access to o!erating system $eve$ >hen the >8OT i% *%ed0 all t an%,o table chan!e e-*e%t% a e %to ed in a $ile at the o,e atin! %&%te' level. The chan!ed data and c*%to'i"in! %ettin!% a e %to ed in the $ile S&%te' na'eS%idH QT7FFF1. S*b%c i,t% and doc*'entation a e %to ed in $ile S%idHQN7FFF1. The act*al i',o t into the ta !et %&%te' i% e$$ected b& callin! *, the ;t,; , o! a' at o,e atin! %&%te' level. >hile the i',o t o$ $ile S%id. QT7FFF1 i% i',o ted b& the o,e atin! %&%te' *%in! the co''and ;t, i',o t S%idHQT7FFF10; the %econd $ile S%idHQN7FF1 can al%o be i',o ted $ o' SAP /in the ta !et %&%te'1. Li+e othe t&,e% o$ %&%te' data0 all di ecto % and $ile% involved %ho*ld be , otected $ o' acce%% b& *na*tho i"ed *%e %. Onl& S*b%c i,t $ile S%idHQN7FFF1 can be i',o ted di ectl& $ o' the R/3 envi on'ent. 3."." Instabi$ity The SAP %&%te' con%i%t% o$ va io*% chan!eable co',onent%0 each inde,endent o$ the othe %. 8eca*%e o$ thi% co',le@it&0 'odi$ication% can ea%il& lead to %ec* it& la,%e% and in%tabilit&. <o e@a',leB 9 9 9 E o % cannot be eco!ni"ed i''ediatel&. Data 'a& e oneo*%l& e'ain *n, oce%%ed o be inco',letel& , oce%%ed o , oce%%ed '*lti,le ti'e%. The needed availabilit& o$ %&%te' $*nction% i% not al#a&% !*a anteed.
9 9 9
The e 'a& be dela&% d* in! ,lanned $*nction e@ec*tion / *n %ec* it&1 Planned chec+% 'a& not al#a&% be ca ied o*t0 #hich ende % the' totall& ine$$ective. The %&%te' i% then no lon!e eliable.
It i% obvio*% that the%e %it*ation% can , od*ce a ! eat deal o$ i%+. 3.".% .ani!u$ation The co',le@it& o$ an SAP %&%te' and the acco',an&in! e o i%+ i$ 'odi$ication% a e not 'onito ed can lead to in%tabilitie% that 'i!ht be ab*%ed. I$ no a,, o, iate 'onito in! 'echani%'% a e e%tabli%hed0 the $*nda'ental ,o%%ibilit& o$ %&%te' 'ani,*lation e@i%t%.
3.% Audits
3.%.1 1ecording the eIisting !rocedure The $i %t e-*i e'ent i% to !et an ove vie# o$ all *%e 9de$ined ODE% and all co ection%/ e,ai % to SAP object%. It i% i',o tant that a clea de%c i,tion o$ thei $*nction% i% 'ade available. The e@i%tin! , oced* e and doc*'entation o$ the %&%te' 'aintenance and elea%e , oced* e /i$ e-*i ed $o the a*dit1 %ho*ld then be eco ded. 3.%.2 1eview o, the mode$ The a$o e'entioned e-*i e'ent% %ho*ld be the ba%i% $o eval*atin! the 'odel de%c ibed above. In addition0 &o* %ho*ld ,e $o ' a !ene al chec+ o$ the %&%te'0 bea in! in 'ind the objective% and i%+% detailed above. D* in! thi% !ene al chec+0 note #hethe an ade-*ate %e,a ation o$ $*nction% e@i%t% /develo,'ent9 elea%e9 t an%,o t1. 3.%.3 /om!$iance with the mode$ )ond*ct ando' te%t% o$ develo,'ent e-*e%t% #ith the a%%ociated te%tin! and elea%e lo!%. The%e %ho*ld be both to,9do#n /$ o' the chan!e e-*e%t to the ODE in the , od*ction envi on'ent1 and botto'9*,. 3.%." /oncrete auditing ste!s Re-*i ed a*dit%B 9 9 )hec+ the >8OT %ettin!% and %&%te' chan!eabilit&. Dete 'ine #hat , oced* e i% *%ed $o the c*%to'e D% o#n develo,'ent a% #ell a% co ection and e,ai /a% o$ Relea%e 3.F0 e,ai % to SAP object% a e ,o%%ible onl& a$te e-*e%tin! a e,ai +e& $ o' SAP1. Identi$& #hich *%e % 'a& !ene ate and elea%e a t an%,o t e-*e%t. 9 )ond*ct ando' te%t% o$ the t an%,o t lo!% /T an%action% SEF3 and A8AP RDDITF4F9 RDDIF441. 9 9 Identi$& #hich *%e % 'a& ,e $o ' i',o t% to the , od*ctive %&%te'. Dete 'ine #hat co',an&9#ide e!*lation% a e in ,lace $o *%in! the )o ection and T an%,o t S&%te'0 and dete 'ine the #a&% in #hich co',liance #ith tho%e e-*i e'ent% i%
ve i$ied. 9 E@a'ine 'an*al acce%% to Table TADIR.
6ote7 )han!e% to %ettin!% in )*%to'i"in! #hich #e e 'ade in the te%t %&%te' o develo,'ent %&%te' and t an%,o ted into the , od*ction %&%te' *%in! the >8OT 'a& be lo!!ed onl& in the te%t %&%te'. To t ace chan!e%0 con%*lt the chan!e lo!% in the te%t o develo,'ent %&%te'. )han!e% that a e %ent to the , od*ction %&%te' b& a t an%,o t e-*e%t a e not lo!!ed the e.
% Accessin! and &o!!in! #ables

". Accessing and #ogging ab$es ..1 Objective ..( Re-*i e'ent% ..(.1 Lo!!in! ..(.( )*%to'e 9%,eci$ic table% ..(.3 Acce%% , otection ..(.. >o + and o !ani"ation in%t *ction% ..(.2 Sa$e!*a din! the in$o 'ation $lo# ..3 SAP $act% ..3.1 P* ,o%e and %t *ct* e o$ table% ..3.( Table acce%% and lo!!in! ..3.3 ?alidit& an!e and c*%to'e table% ..3.. A8AP e,o t% ..3.2 E@a',le% o$ i',o tant table% ... Ri%+% ..2 A*dit%
".1 Ob4ective
The objective% o$ the , oced* e $o chan!in! table% a eB 9 9 To en%* e , o,e table con$i!* ation To , ovide the abilit& to t ace all chan!e%
The te ' ;chan!e%; i% *nde %tood in thi% conte@t a%B 9 )han!e% to the content o$ table% containin! %&%te' cont ol data $ o' the $ollo#in! delive & cla%%e%B )9 G9 E9 S9 >9 9 )*%to'i"in! table9 'aintained b& c*%to'e onl&9 no SAP %*,,o t )*%to'i"in! table9 c*%to'e can onl& in%e t in$o 'ation S&%te' cont ol table9 SAP and c*%to'e ,o%%e%% individ*al +e&% S&%te' table9 'aintained %olel& b& SAP chan!e I 'odi$ication )*%to'e E% %&%te' table
)han!e% 'ade to table %t *ct* e% a e 'onito ed b& the >o +bench O !ani"e and the T an%,o t S&%te'.
".2 1e'uirements
".2.1 #ogging The %&%te' '*%t lo! all / elevant1 chan!e% 'ade to in$o 'ation contained in table% /data eco d%1. St *ct* al chan!e%0 %*ch a% chan!e% 'ade b& co ection% and e,ai % to the Data Dictiona &0 '*%t al%o be eco ded. The lo!% $o ;c itical; table%0 %*ch a% table% that cont ol the $lo# o$ -*antitie% and val*e% /i.e. Acco*nt Dete 'ination o ?al*ation10 %ho*ld be chec+ed e!*la l& *%in!0 at 'ini'*'0 a ando' %a',le. 1ecords o, tab$e changes must be retained ,or 15 years 8in Aermany:. U%e % '*%t be able to ead chan!e% 'ade to table% #ithin a ea%onable ti'e ,e iod. ".2.2 /ustomerCs!eci,ic tab$es The SAP na'in! convention '*%t be $ollo#ed to avoid c eatin! con$lict% #ith $*t* e elea%e *,! ade% and to 'aintain %&%te' t aceabilit&. Doc*'ent ca e$*ll& all table% that &o* de$ine &o* %el$ and all object% that &o* develo, &o* %el$. ".2.3 Access !rotection An a*tho i"ation 'odel '*%t e@i%t that e!*late% #hich *%e ID% a e a%%i!ned a*tho i"ation $o table 'aintenance /$o e@a',le0 a*tho i"ation object% SMTA8UMDIS0 SMTA8UM)LI1. SMTA8UM)LI cont ol% a*tho i"ation $o 'aintainin! c o%%9client table%. SAP ha% c eated a %e ie% o$ a*tho i"ation ! o*,% $o the %tanda d %&%te' and ha% allocated an a*tho i"ation ! o*, to each table and vie#. 9 9 E@i%tin! a*tho i"ation ! o*,% a e %to ed in table +1A A%%i!n table% to a*tho i"ation ! o*,% via table ))A
In o de to 'aintain table%0 %ho*ld it beco'e nece%%a & to do %o0 &o* need the $ollo#in! a*tho i"ation%B 9 9 A*tho i"ation $o the table a*tho i"ation ! o*, and $o the ;Table 5aintenance; activit& Global a*tho i"ation $o client9inde,endent table%
The !lobal a*tho i"ation chec+ i% $o all table% #ith delive & cla%% ) /c*%to'e %10 G /c*%to'e
table% #ith SAP ent ie%10 and E /%&%te' table% the c*%to'e can chan!e1. Thi% additional a*tho i"ation i% e-*i ed beca*%e chan!e% 'ade to a client9inde,endent table 'i!ht al%o a$$ect othe client% #ithin the %&%te'. U%e , o! a' 1S/#AS);0 ;Table )la%%i$ication0; to li%t all table% that e-*i e client9inde,endent a*tho i"ation. ".2." Work and organization instructions In o de to be 'o e inde,endent o$ the +no#led!e o$ individ*al% and to in%* e that table% a e , o,e l& con$i!* ed0 c itical table% %ho*ld contain ;#o + and o !ani"ation in%t *ction%; that , ovide the $ollo#in! in$o 'ationB 9 9 9 Na'in! convention% )a*%e% o$ and ea%on% $o chan!in! a table )on%e-*ence% o$ chan!in! a table
)han!e e-*e%t% $o c itical table% '*%t al%o $ollo# the elea%e , oced* e and '*%t be ,e $o 'ed via the )o ection and T an%,o t S&%te'. It '*%t be ,o%%ible to doc*'ent a chan!e that ha% been 'ade to a table. ".2.% Sa,eguarding the in,ormation ,$ow 8eca*%e o$ the hi!h level o$ inte! ation #ithin the SAP S&%te'0 a table chan!e 'a& e%*lt in *nintentional %ide e$$ect% /to othe 'od*le%0 $o e@a',le1. <o thi% ea%on0 the %&%te' '*%t incl*de a 'andato & , oced* e to en%* e the $lo# o$ in$o 'ation to eve &one a$$ected b& a chan!e in a ;c itical; table.
".3 SAP ,acts

".3.1 Pur!ose and structure o, tab$es A table i% a t#o di'en%ional 'at i@ that de%c ibe% a elation%hi, #ithin the databa%e %&%te'. It contain% a heade that de$ine% the $ield% /att ib*te%1 and a va iable n*'be o$ identicall& con$i!* ed o#% that contain data val*e% /data eco d%1. A data eco d i% divided into a , i'a & +e& a ea and a $*nctional a ea. The , i'a & +e& *ni-*el& identi$ie% the data eco d% #ithin a table0 and can be 'ade *, o$ %eve al att ib*te%. The e a e $o* 'ain t&,e% o$ tab$esB 9 9 9 9 Table% containin! %&%te' cont ol data Table% containin! ba%ic co''e cial data Table% containin! data o$ an o !ani"ational %t *ct* e Table% $o a,,lication data
ab$es containin! %&%te' cont ol data %ho*ld allo# co',anie% to ada,t the %tanda d %o$t#a e to thei need% #itho*t chan!in! the , o! a' it%el$. Table% contain va iable in$l*encin! $acto % $o B 9 P oce%% $lo# cont ol% /i.e. acco*nt dete 'ination1 9 Lo!ic chec+% /i.e. allo#% onl& %,eci$ic val*e% to be in,*t1 9 )alc*lation o*tine% /i.e. val*e added ta@ calc*lation1 9 A*to'atic , oce%%e% /i.e. ,o%tin! o$ ca%h di%co*nt ecei,t%1 9 Sc een 'odi$ication% /i.e. 'andato & $ield in,*t1 ".3.2 ab$e access and $ogging
<ollo# the introductory guide #hen in%tallin! a %&%te'0 a% thi% can en%* e that all %&%te' %et9*, ta%+% a e co',leted a,, o, iatel&. Acce%% table% in o de to ente in$o 'ation *%in!B 9 9 9 9 9 Int od*cto & !*ide )*%to'i"in! 'en*% Di ect table 'aintenance /t an%action S53F9S53(1 The )o ection and T an%,o t S&%te' A8AP ab$e 555 8modi,y c$ientCde!endent /ustomizing settings: U%e thi% table to %,eci$& #hethe chan!e% to client9%,eci$ic )*%to'i"in! %ettin!% %ho*ld be a*to'aticall& lo!!ed in )*%to'i"in! e-*e%t% /chan!e e-*e%t1 #ithin a client. Ente the ba%ic %ettin! $o thi% o,tion in the ;Di%,la& %co,e; $ield.
)han!e% 'ade to table content% '*%t be lo!!ed. <*l$ill thi% e-*i e'ent b& 'a+in! t#o %&%te' %ettin!%B 9 9 <o elevant table%0 activate the $ield ; ab$e #ogging; /technical %ettin!1 in the Data Dictiona & Initiali"e the ,a a'ete Hrec(c$inetH $o the client/%1 &o* #ant to lo! in the SAP %ta t9*, , o$ile.
Anal&"e %ta t9*, ,a a'ete % *%in! 1SPA1A.. Anal&"e chan!e% to table% *%in! the $ollo#in! A8AP e,o t%B 9 9 1S +P1O 1S +?IS Anal&%i% o$ Lo! Databa%e Table Anal&%i% /#ith Oi%to & Ad'ini%t ation1
)han!e% e%*ltin! $ o' co ection% and e,ai % to table %t *ct* e% lo!!ed in the Data Dictiona & a e 'onito ed b& the )o ection and T an%,o t S&%te' /i$ activated1. The %&%te' 'aintain% a table hi%to & %o that the%e t&,e% o$ chan!e% can be t aced #ith the hel, o$ the SAP In$o 'ation S&%te'. ".3.3 Ba$idity range and customer tab$es A table can a,,l& to all client% in the SAP %&%te' /client9inde,endent1 o a,,l& onl& to a %in!le client /client9%,eci$ic1. 9 9 )lient9inde,endent table% contain data o$ !ene al elevance0 %*ch a% SAP %&%te' cont ol data0 lan!*a!e indicato %0 o t an%action code% )lient9%,eci$ic table% contain a,,lication data a% #ell a% ba%ic co''e cial data /#ith ce tain e@ce,tion%1
A table att ib*te that dete 'ine% #hethe a table i% client9inde,endent o client9%,eci$ic i% %,eci$ied at the ti'e the table i% de$ined in the Data Dictiona &. In client9%,eci$ic table%0 the client i% al#a&% ente ed in the $i %t +e& ,o%ition. To co',l& #ith the SAP na'in! convention0 the na'e% o$ customerCs!eci,ic tab$es %ho*ld be!in #ith A o K. )ha acte %t in!% be!innin! #ith T7 o P7 a e %till ,e 'itted $o na'in! table%0 d*e to 'ethod% that #e e $o 'e l& *%ed. A table na'e can con%i%t o$ a 'a@i'*' o$ ten cha acte %C ho#eve onl& the $i %t %even a e %i!ni$icant. In o de to %et *, a table that can be 'aintained *%in! the ;Table 'aintenance; t an%action /S.35CS.3210 *%e a 'a@i'*' o$ $ive cha acte % to na'e the table. ".3." A+AP re!orts I',o tant A8AP e,o t% $o table anal&%e% incl*deB
9 9 9 9
RS)LASDU RSPARA5 RST8PROT RST8SER?
;Table Li%t #ith )la%%i$ication; ;Anal&%i% o$ Sta t9*, Pa a'ete %; ;Anal&%i% o$ Lo! Databa%e; ;Table Anal&%i% /#ith Oi%to & Ad'ini%t ation1;
".3.% @Iam!$es o, im!ortant tab$es In $inancial acco*ntin!B TFFF TFF1J TFF3J TFF.J TFF4J TFF6J TF1(J TF3F TF33J TF.(J TF..A TF..K TF4. TF44J T137J T8AER T)URJ T7J )lient% )o',an& code% and co',an& code cont ol T&,e% o$ doc*'ent% and te@t% Acco*nt ,lan% )ont ol +e& 8loc+in! ea%on% $o a*to'ated ,a&'ent Oo*%e ban+% <i@ed content table Acco*nt dete 'ination Pa&'ent t an%action% 5ethod% o$ $o ei!n c* enc& val*ation )han!ed econciliation acco*nt% S,ecial !ene al led!e acco*nt% Acco*nt ! o*,% Tole ance% $o acco*nt a*dit% Doc*'ent chan!e *le% E@chan!e ate% )*%to'e table%
In the 8a%i% %&%te'B TST) T8RG TDDAT TA)TK TADIR TSAST TASAS TDE?) TF46J TF47J /J1 T an%action code ad'ini%t ation /incl*din! te%t object1 A*tho i"ation ! o*,% $o table% A*tho i"ation ! o*,% to be anal&"ed b& table ?alid activitie% $o each a*tho i"ation object Develo,'ent object% and t an%,o t att ib*te% Di ecto & o$ available %&%te'% /)TS1 Delive & table /)TS1 Develo,'ent cla%%e% $o T an%,o t S&%te' /)TS1 Sc een %election0 t an%action de,endent Sc een %election0 ent & de,endent
3 indicates that the table contains further subdivisions.
"." 1isks
Since table% in the SAP S&%te' have a cent al cont ol $*nction0 the $ollo#in! i%+% e@i%t i$ the , oced* e $o chan!in! table content% i% in%*$$icientB 9 9 9 Inco ect %ettin!% 'a& be 'ade. )han!e% 'ade to a table 'a& , od*ce *nintentional %ide e$$ect% in anothe a ea. The%e chan!e% 'a& then da'a!e the inte! it& o$ the data%et and %&%te' $*nctionalit&. A*tho i"ation% 'i!ht al%o be chan!ed i$ the& a e de$ined #ithin table%. The e i% a i%+ that %&%te' chan!e% 'i!ht be 'ade that cannot be t aced. )han!e doc*'ent% can be deleted #itho*t a chivin!.
Pa tic*la i%+%B 9 9 9 9 9 <ail* e to initiali"e the ; ec/client; ,a a'ete /%ee ..3.(1 E oneo*% ent & in Table TFFF /%ee ..3.(1 <ail* e to lo! i',o tant table% S&%te' %ettin!% o$ the , evio*% %&%te' /i.e.0 the %&%te' *,%t ea' o$ the , od*ction %&%te'0 $ o' #hich object% a e con$i!* ed via the T an%,o t S&%te'1 )o,& $*nction% bet#een client% that ove # ite the %ettin!% o$ table% #itho*t hi%to & *,date%
".% Audits
The $ollo#in! a*ditin! %te,% a e 'andato &B 9 9 9 Dete 'ine the , oced* e $o chan!in! table%. Eval*ate the , oced* e acco din! to the e-*i e'ent% de%c ibed in the , evio*% %ection. 5a+e ando' chec+% to dete 'ine #hethe e-*i e'ent% have been 'et.
Othe a*dit o,e ation% incl*deB 9 9 9 9 9 Te%t and elea%e , oced* e% Re%,on%ibilitie% and the a*tho i"ation %&%te' $o table chan!e% A ando' chec+ o$ the c*%to'e D% table% #ith e!a d to doc*'entation e-*i e'ent% and adhe ence to SAP convention% Settin!% in the , oced* e $o lo!!in! table%0 e%,eciall& the technical %ettin! in the Data Dictiona & and the ; ec/client; ,a a'ete in the SAP %ta t9*, , o$ile Settin!% 'ade in Table TFFF /)han!e doc*'ent% $o Table TFFF indicate #hethe chan!e% have been 'ade to the di%,la& %co,e d* in! the te%t ,e iod.1 4ote5 The *6og data changes* switch for Table T""" is passive in SAP delivery systems. 9 9 Dete 'ination o$ a chival $*nction% /be$o e deletion1 5onito in! o$ the $ e-*enc& o$ chan!e% to i',o tant table%
'
%.
(ob Re)uest Procedure/*ocumentation and System &o!s

&ob re'uest Procedure()ocumentation and System #ogs 2.1 Objective 2.1.1 P oced* e $o e-*e%tin! job% 2.1.( =ob doc*'entation 2.1.3 =ob lo!% 2.( Re-*i e'ent% 2.(.1 P oced* e $o e-*e%tin! job% 2.(.( =ob doc*'entation 2.(.3 S&%te' lo!% 2.3 SAP $act% 2.. Ri%+% 2.2 A*dit% 2.2.1 Reco din! e@i%tin! , oced* e 2.2.( )hec+in! , oced* al 'odel% 2.2.3 )hec+in! adhe ence to , oced* e 2.3 Doc*'entin! SAP job% /%*!!e%ted $o 'at1 2.3.1 Gene al ite'% 2.3.( Re-*i e'ent% $o %ta tin! the job 2.3.3 Po%t9, oce%%in! e-*i e'ent% a$te the job *n 2.3.. 5ea%* e% $o e%ta tin! a job
%.1 Ob4ective
%.1.1 Procedure ,or re'uesting 4obs The , i'a & objective% o$ thi% , oced* e a eB 9 9 9 P otect co',an& data and ,e %onal data Inte! ate data and $*nction% P otect e%o* ce%
%.1.2 &ob documentation The objective% o$ doc*'entin! job% a eB 9 9 9 En%* e e o 9$ ee , oce%%in! E%tabli%h inde,endence $ o' the detailed +no#led!e o$ individ*al *%e % Enable thi d ,a tie% #ho *nde %tand b*%ine%% activitie% to chec+ the technical $*nction% o$ the DP %&%te' #ithin a !iven ti'e $ a'e.
%.1.3 &ob $ogs =ob lo!% a e e-*i ed in o de to , ove that $*nction% have been ca ied o*t in co',liance #ith %o*nd acco*ntin! , inci,le%0 %,eci$icall& acco din! to the job e-*e%t , oced* e.
%.2 1e'uirements
%.2.1 Procedure ,or re'uesting 4obs The ba%ic job e-*e%t , oced* e '*%t incl*de clea l&9de$ined , oce%%e% and e%,on%ibilitie% $o B 9 9 9 Re-*e%tin! a job E@ec*tin! a job Po%t9, oce%%in! a job and di%t ib*tin! o*t,*t
Since 'an& job% in the R/3 S&%te' can be c eated and %ta ted b& a de,a t'ent0 it i% !ene all& %*$$icient to 'aintain doc*'entation o$ the , oced* e in the *%e 'an*al $o the a,,lication #ithin each e%,ective de,a t'ent. S,ecial , oced* e% '*%t e@i%t $o job% that /11 e-*i e an o,e atin! device and /(1 a e not e@ec*ted e@cl*%ivel& #ith the de,a t'ental o,e ation% beca*%e o$ thi% device. The%e job% in ,a tic*la '*%t not be e@ec*ted #itho*t a e-*e%t /b& a %e vice de,a t'ent %*ch a% the co',*te
cente 0 $o e@a',le1. The job i% *%*all& e-*e%ted b& the de,a t'ent. %.2.2 &ob documentation The SAP S&%te' a*to'aticall& doc*'ent% job% that it !ene ate%. >hen a job i% !ene ated b& a *%e /;native job !ene ation0; %*ch a% %e%%ion%10 the *%e '*%t al%o doc*'ent the job. Thi% doc*'entation %ho*ld be c eated acco din! to a %tanda di"ed $o 'at /%ee the %*!!e%ted $o 'at in %ection 2.31. he retention !eriod ,or 4ob documentation is 15 years. %.2.3 System $ogs =ob lo!% '*%t identi$& the job that #a% %ta ted0 #hen it #a% %ta ted0 and the ,a a'ete % *%ed to *n the job. S&%te'9!ene ated job lo!% '*%t be %,eciall& , otected. <* the 'o e0 e@ce,tional e,o t% '*%t be !ene ated in c itical a ea% ba%ed on %&%te' lo!%.
%.3 SAP ,acts

Gene all&0 the %&%te' a*to'aticall& !ene ate% a job /d*nnin! *n0 $o e@a',le1 ba%ed on a job9 %,eci$ic co''and b& the *%e . Ao* can li'it acce%% to co''and% $o !ene atin! job% a% ,a t o$ the !ene al a*tho i"ation 'odel. Gene all&0 job% a e de$ined0 job %te,% a e c eated0 and %ta t date% a e %,eci$ied in t an%action S.3* o b& %electin! the 'en* ,ath Tool%99H Ad'ini%t ation99H =ob%99H &ob de,inition. So'e job%0 li+e , e,a ation e,o t%0 can be de$ined in t an%action SA30 o b& choo%in! the 'en* ,ath S&%te'99H Se vice%99H Re,o tin!99H Program. U%e t an%action S.3- to di%,la& the job ove vie#0 o choo%e the 'en* ,ath S&%te'99H Se vice%99 H =ob%99H &ob overview. Tool%99H Ad'ini%t ation99H =ob%99H Overview. A job can con%i%t o$ %eve al %te,%. The e a e t#o t&,e% o$ job%B 9 9 One9ti'e job% that a e e@ec*ted i''ediatel& o acco din! to a %ched*le Pe iodic job%
The %&%te' #ill %ta t a job #hen a de$ined event occ* % /i.e. at a %,eci$ied ti'e o *,on co',letion o$ a di$$e ent job1. Thi% allo#% &o* to %et *, a job net#o +. A job al#a&% ha% one %tat*% /and one %tat*% onl&1 $ o' the $ollo#in! li%tB 9 Sched*led 9 Relea%ed 9 Read& 9 Active 9 <ini%hed 9 )ancelled The $ollo#in! lo!% elatin! to an SAP/R/3 S&%te' a e available a% %&%te' lo!%B 9 =ob lo!% 9 S&%te' lo! 9 Databa%e lo! 9 UNIN lo! 9 >o +load lo! Lo!% a e object% o$ the )o ection and T an%,o t S&%te' /%ee )ha,te 31. To date0 the e i% no job lib a &.
%." 1isks
In addition to the%e !ene al i%+%B 9 9 9 9 9 Una*tho i"ed /di%,la&1 acce%% to co',an& data and ,e %onal data Data , o! a' chan!e% that a e *na*tho i"ed0 *ncont olled and *nob%e ved Oi!h e%o* ce con%*',tion d*e to *nconventional , o! a' co'bination% <a*lt& o,e ation0 e%,eciall& in e@ce,tional ca%e% /e o handlin!1 De,endenc& on the +no#led!e o$ individ*al%
the e a e %,eci$ic i%+% elated to the UNIN o,e atin! %&%te'0 %*ch a%B 9 9 9 An SAP job 'a& initiali"e UNIN , o! a'% that co,& o de%t o& the SAP S&%te' S&%te' ,a%%#o d% 'a& be %to ed in , oced* e% that can be o,enl& ead =ob% 'a& de,end on event% e@te nal to the SAP S&%te'
%.% Audits
%.%.1 1ecording eIisting !rocedures Reco d and doc*'ent /to the e@tent e-*i ed b& the a*dit1 the o !ani"ational *le% $o B 9 9 9 Re-*e%tin! job% Doc*'entin! job% Gene atin! and handlin! %&%te' lo!%
%.%.2 /hecking !rocedura$ mode$s )hec+ the o !ani"ational *le% eco ded in the la%t %te, a!ain%t the e-*i e'ent% and i%+% detailed in thi% cha,te . %.%.3 /hecking adherence to !rocedure To dete 'ine #hethe the o !ani"ational *le% have been $ollo#edB 9 9 Revie# co',an& doc*'ent% Eval*ate %&%te' lo!% and lo! $ile% /t an%action S5(11
%.* )ocumenting SAP 4obs 8suggested ,ormat:

The $ollo#in! ite'% a e a %*!!e%ted $o 'at $o doc*'entin! SAP job%C thi% li%t0 ho#eve 0 contain% onl& %*!!e%tion% and doe% not clai' to be co',lete. %.*.1 Aenera$ items Pe %on e%,on%ible $o contentB =ob IDB 8 ie$ ta%+ de%c i,tionB EventB DateB E%ti'ated *nti'eB
Online , oce%%in! advi%ableB P o! a'% #ithin the jobB S,ecial $eat* e% o$ the jobB %.*.2 1e'uirements ,or starting the 4ob /EventB %ee above1 Re-*i ed ,e i,he al%B Re-*i ed table% and ,a a'ete %B Othe e-*i e'ent% $o %ta tin! the jobB %.*.3 PostC!rocessing re'uirements a,ter the 4ob run Data 'edi*' and $o '% e-*i ed $o o*t,*tB S*b%e-*ent job%B %.*." .easures ,or restarting a 4ob E o '*%t be co ected di ectl&B 9 )o ect e o 9 Re%ta t , oced* e E o need not be co ected di ectl&B 9 Reload %aved data 9 Gene ate e o lo! 9 In$o ' ,e %on e%,on%ible $o the o,e ation =ob na'e $o eve %in! dataB >hat job% 'a& not *n a$te a te 'inationB
+ ,atc In$ut Inter-aces

*. +atch In!ut Inter,aces 3.1 Objective 3.( Re-*i e'ent% 3.3 SAP $act% 3.3.1 Int od*ction 3.3.( A*tho i"ation% 3.3.3 R*n 'ode% 3.3.. Se%%ion lo!% 3.3.2 Anal&"in! %e%%ion% 3.. Ri%+% 3.2 A*dit%
*.1 Ob4ective
)o''e cial la#% e-*i e b*%ine%%e% to eco d0 %to e and , oce%% all data co',letel&0 co ectl&0 and in a ti'el& $a%hion in co',liance #ith acco*ntin! , inci,le%0 and the& , ohibit chan!ed data $ o' bein! $al%i$ied in an& #a&. 8*%ine%%e% a e al%o le!all& e-*i ed to 'onito batch in,*t , oced* e%.
*.2 1e'uirements
Re-*i e'ent% $o c eatin! e$$ective 'onito in! incl*deB 9 9 9 O !ani"in! , oce%% $lo#% Se,a atin! inco',atible $*nction% E%tabli%hin! cont ol 'ea%* e% and cont ol o,e ation%
The e$$ectivene%% o$ the inte nal cont ol %&%te' i% ! eatl& in$l*enced b& the t&,e and e@tent o$ , oce%% $lo# o !ani"ation. 5andato & , oce%% e-*i e'ent% '*%t be ob%e ved. <ail* e to co',l& #ith e-*i e'ent% '*%t inte *,t the , oce%% $lo# in a #a& that i% b o*!ht to the attention o$ the cont ol o !ani"ation. In an e$$ective inte nal cont ol %&%te'0 ce tain $*nction% e'ain %e,a ated. The e %ho*ld be a di%tinction bet#een ,lannin!0 e@ec*tin! and %*,e vi%o & $*nction%.
*.3 SAP ,acts

*.3.1 Introduction 8atch in,*t i% t&,icall& *%ed to t an%$e data $ o' non9SAP %&%te'% to SAP %&%te'% o to t an%$e data bet#een SAP %&%te'%. The o*t,*t %&%te' *%e% a data t an%$e inte $ace , ovided b& the R/3 a,,lication in the eceivin! %&%te' to t an%$e data via batch in,*t. The inte $ace , o! a' in the a,,lication then initiate% a batch in,*t %e%%ion. A batch in,*t %e%%ion i% a %et o$ one o 'o e t an%action call% %*,,lied b& a , o! a' containin! *%e data. The %&%te' no 'all& e@ec*te% the t an%action% non9inte activel&0 allo#in! a,id ent & o$ b*l+ data into an SAP S&%te'. A %e%%ion %i'*late% online ent & o$ t an%action code% and data. It !ene all& *%e% the %a'e , oced* e% a% inte active o,e ation. The data ente ed into t an%action %c een% b& a %e%%ion i% %*bject to the %a'e con%i%tenc& chec+in! a% data ente ed in no 'al inte active o,e ation. Ao* can acce%% batch in,*t , oce%%in! b& %electin! the 'en* ,ath S&%te'99H Se vice%99H 8atch in,*t99H Edit0 o b& acce%%in! t an%action S532. In 'o%t %&%te'%0 %e%%ion% a e %ta ted nonCinteractive$y #ith a bac+! o*nd job that ,e iodicall& %can% $o and initiate% an& %e%%ion% that have not &et been *n. To e@ec*te a batch in,*t %e%%ion a*to'aticall&0 call *, the A8AP/. , o! a' RS8D)SU8. Thi% , o! a' %ched*le% %e%%ion% $o i''ediate e@ec*tion in the bac+! o*nd , oce%%in! %&%te'. R*nnin! %e%%ion% interactive$y i% *%*all& e%e ved $o te%tin! o co ectin! %e%%ion%. *.3.2 Authorizations The %&%te' ca ie% o*t the *%*al chec+% on *%e a*tho i"ation% #hen batch in,*t %e%%ion% a e , oce%%ed. I$ a %e%%ion i% *n in batch mode0 the %&%te' chec+% the a*tho i"ation% o$ the *%e %,eci$ied in the batch in,*t %e%%ion. The *%e '*%t be de$ined a% *%e t&,e 8D). I$ a %e%%ion i% , oce%%ed on$ine0 the %&%te' validate% the a*tho i"ation% o$ the *%e #ho i% , oce%%in! the %e%%ion. *.3.3 1un modes A %e%%ion can be *n in one o$ th ee 'ode%B
9 9
8ac+! o*nd In thi% 'ode0 a %e%%ion i% , oce%%ed i''ediatel&. P oce%%/$o e! o*nd T an%action% that contain e o % can be co ected inte activel& and t an%action% that have not &et been e@ec*ted can be %te,,ed th o*!h one at a ti'e. Di%,la& e o % onl& Thi% 'ode i% li+e , oce%%/$o e! o*nd0 e@ce,t that t an%action% that have not &et been *n and that do not contain e o % a e *n non9inte activel&.
A t an%action contain% an e o i$ it i%%*e% a 'e%%a!e o$ t&,e E /e o 1 o t&,e A /abno 'al te 'ination1. Othe 'e%%a!e% a e i!no ed and do not a$$ect the e@ec*tion o$ a %e%%ion. *.3." Session $ogs Eve & batch in,*t %e%%ion !ene ate% a lo! #hen it i% , oce%%ed. Di%,la& thi% lo! b& %electin! the 'en* ,ath S&%te'99H Se vice%99H 8atch in,*t99H Edit99H Lo!0 o b& acce%%in! t an%action S532. It contain% all e o 'e%%a!e% e%*ltin! $ o' t an%action% in %e%%ion%. It al%o incl*de% the batch in,*t e o 'e%%a!e% e%*ltin! $ o' , oble'% in the t an%action , oce%%0 li%tin! the t an%action code and %c een #he e the e o occ* ed. <inall&0 the %e%%ion lo! contain% all %tati%tic% abo*t the %e%%ion , oce%%in!. The %&%te' c eate% a lo! $o a batch in,*t %e%%ion onl& i$ the %e%%ion i% , oce%%ed. That i%0 the %e%%ion '*%t be , oce%%ed in one o$ the above *n 'ode%. >hen , oce%%in! a %e%%ion0 the %&%te' ,o%t% all e o 9$ ee t an%action% and 'a +% the' a% havin! been , oce%%ed in the %e%%ion. T an%action% that contain e o % a e not ,o%ted and a e $la!!ed a% inco ect. A %e%%ion that contain% inco ect t an%action% can be e9, oce%%ed. D* in! e9, oce%%in!0 the %&%te' , oce%%e% onl& tho%e t an%action% , evio*%l& 'a +ed a% inco ect. The %&%te' !ene ate% a %e%%ion lo! $o each , oce%%in! t an%action #hich ove # ite% an& e@i%tin! lo!. Thi% lo! li%t% onl& tho%e 'e%%a!e% i%%*ed in the 'o%t ecent , oce%%. The %&%te' lo!% e o 'e%%a!e% a% #ell a% t an%action 'e%%a!e%. At lea%t one 'e%%a!e #ill a,,ea $o each t an%action , oce%%ed. Delete , oce%%ed %e%%ion%0 thei lo!% and the lo!% $o #hich a %e%%ion no lon!e e@i%t% b& *%in! , o! a' 1S+)/1@O. Thi% , o! a' al%o eo !ani"e% the lo! $ile in the batch in,*t %&%te'. *.3.% Ana$yzing sessions It i% ,o%%ible to anal&"e batch in,*t %e%%ion% both be$o e and a$te , oce%%in!. To do thi%0 'a + the %e%%ion in the ove vie#. Select the %e%%ion in the 'a, lo! %c een b& %electin! the 'en* ,ath Goto99H Anal&%i%99H Se%%ion.
*." 1isks
Non9SAP %o* ce %&%te'% 'a& contain data validation chec+% that di$$e $ o' tho%e $o SAP table%. Thi% 'a& a$$ect 'a%te data and t an%action data. I$ %e%%ion na'e% cannot be validated0 *%e % #ith batch in,*t a*tho i"ation% 'a& be able to *n0 co ect o delete %e%%ion% $ o' othe de,a t'ent% /de,endin! on thei a*tho i"ation%1.
*.% Audits
The a*dito %ho*ld a%+ the $ollo#in! -*e%tion% ba%ed on the%e 'onito in! e-*i e'ent%B I% the e an ove vie# o$ all batch in,*t inte $ace% $o the SAP S&%te' that cove % %,eci$ication% %*ch a% the%eR B 9 9 9 9 9 9 9 9 9 >o + a ea to be t an%$e ed Data content <ile na'e Pe iod Se%%ion na'e P oce%%in! job Relevant table% Reconciliation ! o*, Re%,on%ibilitie%
>hich *%e % a e allo#ed to !ene ate0 *n0 co ect o delete #hich %e%%ion%R /5en* ,athB Tool%99H Ad'ini%t ation99H U%e 'aintenance99H In$o1 I% the e an ove vie# that %ho#% #hich %e%%ion na'e% a e e%e ved $o %,eci$ic de,a t'ent%R /5en* ,athB S&%te'99H Se vice%99H 8atch in,*t99H Edit99H Ove vie# o t an%action S5321 >ho econcile% the ,o%tin! data in the , oce%%ed %e%%ion%R >ho chec+% to %ee #hethe the data $ o' the %o* ce %&%te' ha% been co',letel& and acc* atel& t an%$e ed on a ti'el& ba%i%R >hat inte nal cont ol% a e 'aintained bet#een the %o* ce %&%te'% and the e!*la , oce%%in! %e%%ion%R
. /aster *ata 0 an!es

-. .aster )ata /hanges 4.1 Se,a ation o$ $*nction% 4.1.1 Objective 4.1.( Re-*i e'ent% 4.1.3 SAP <act% 4.1.. Ri%+% 4.1.2 A*dit% 4.( T aceabilit& 4.(.1 Objective 4.(.( Re-*i e'ent% 4.(.3 SAP $act% 4.(.. Ri%+% 4.(.2 A*dit%
-.1 Se!aration o, ,unctions

-.1.1 Ob4ective To obtain ade-*ate %ec* it& and $o ce the inte nal cont ol %&%te' to con$o ' to %o*nd acco*ntin! , inci,le%0 %,eci$ic $*nction% #ithin an o !ani"ation '*%t be %e,a ated. In %'all co',anie%0 thi% objective i% o$ten di$$ic*lt to eali"e $o o !ani"ational ea%on%. The%e co',anie% the e$o e e-*i e %,ecial chec+in! o$ chan!e% to 'a%te data0 a*dit% #hich '*%t be individ*all& de%i!ned to achieve a %*$$icient %tanda d o$ %ec* it&. In la !e $i '%0 the e i% no %*b%tit*te $o the co',lete %e,a ation o$ $*nction%. -.1.2 1e'uirements )o',anie% '*%t clea l& de$ine the e%,on%ibilitie% and a*tho i"ation% elated to 'a%te data 'ana!e'ent. )o',anie% '*%t ade-*atel& %e,a ate the $*nction% bet#een the DP de,a t'ent and the $*nctional de,a t'ent%0 a% #ell a% bet#een 'a%te data 'aintenance and all t&,e% o$ ent & activit&. -.1.3 SAP <acts The de%i!n o$ the SAP S&%te' and the #ide an!e o$ di$$e ent a*tho i"ation% !ene all& allo# ea%onable %e,a ation o$ o !ani"ational $*nction%. A*tho i"ation% $o A(# account master data can be a%%i!ned ba%ed onB 9 9 9 <MSQA1MQTP <MSQA1M8UQ <MSQA1M8ES O !ani"ational *nit cha t o$ acco*nt% O !ani"ational *nit co',an& code G o*,in! o$ acco*nt% acco din! to a*tho i"ation ! o*,% /o,tional1
A*tho i"ation% $o customer and vendor master data can be a%%i!ned ba%ed onB 9 9 9 9 <M....MAPP <M....M8UQ <M....M8E. <M....MAEN A,,lication /<inancial Acco*ntin!0 Sale% o P* cha%in!1 O !ani"ational *nit co',an& code G o*,in! o$ acco*nt% acco din! to a*tho i"ation ! o*,% /o,tional1 G o*,in! o$ individ*al 'a%te eco d $ield% /o,tional1
Individ*al G/L clo%in! acco*nt%0 $o e@a',le0 can be , otected b& a %,ecial $o* 9cha acte a*tho i"ation ! o*, that can be $ eel& de$ined /'a%te eco dB $ield SQ8198EGRU a*tho i"ation ! o*,0 a*tho i"ation objectB <MSQA1M8ES acco*nt a*tho i"ation1. The activity belon!in! to the individ*al a*tho i"ation dete 'ine% the ,o%%ible , oce%%in! $*nctionB
9 9 9 9 9 9 9
) eate )han!e Di%,la& /F31 8loc+/*nbloc+ Delete Di%,la& chan!e doc*'ent% All activitie%
/F11 /F(1 /F21 /F31 /F61 /J1
The activit& code% a e %,eci$ied b& SAPC %ee doc*'entation $o the Activit& $ield $o $* the in$o 'ation. -.1." 1isks An in%*$$icient inte nal cont ol %&%te' to 'onito 'a%te data chan!e% 'a& i',ai co',liance #ith acco*ntin! , inci,le% and the data %ec* it& o$ the o !ani"ation. Inade-*ate %ec* it& $o ,a&'ent t an%action% /'a%te data 'aintenance10 $o e@a',le0 co*ld e%*lt in $inancial lo%%e%. -.1.% Audits >ho ha% a*tho i"ation to c eate /F11 and chan!e /F(1 c*%to'e 0 vendo and !ene al led!e 'a%te dataR In la !e de,a t'ent%0 a e a*tho i"ation% $o acce%%in! %,eci$ic c*%to'e 0 vendo o G/L ! o*,% $* the e%t icted b& acco*nt a*tho i"ation% o chan!e a*tho i"ation% $o %,eci$ic $ield%R >ho ha% %i'*ltaneo*% i!ht% to both chan!e 'a%te data and to ,o%t dataR A e the e an& %,ecial a*tho i"ation , oced* e% /e@te nal to the %&%te'1 $o 'a+in! chan!e% to %en%itive 'a%te data0 and have d*al cont ol , oced* e% been i',le'entedR Oave the a'o*nt li'it% de$ined $o ,o%tin! and the tole ance li'it% de$ined $o ,a&'ent di$$e ence% been $ollo#ed /O8A./O8241R
-.2
raceabi$ity
-.2.1 Ob4ective The acco*ntin! , oce%% '*%t be t aceable in all in%tance%. In co',liance #ith %o*nd acco*ntin! , inci,le% and co''e cial la# /TT (36 $. o$ the OG810 all data that i% ,o%ted i% $inal /U,o%ted i% ,o%tedV1 and 'a& not be e a%ed. The%e , inci,le% '*%t be ob%e ved at all co%t%. -.2.2 1e'uirements All 'a%te data chan!e% and deletion% '*%t be , o,e l& lo!!ed0 doc*'ented and etained. 8ac+! o*ndB Acco*ntin! data '*%t be eco ded in co',liance #ith %o*nd acco*ntin! , inci,le% ove the enti e le!al etention ,e iod /OG8 T (241. In thi% conte@t0 change documents beco'e o$ cent al i',o tance. The& eco d all o$ the chan!e% 'ade to 'a%te eco d%0 table%0 doc*'ent%0 etc.0 and ,* %*ant to T(24 o$ the OG8 /Ge 'an acco*ntin! e!*lation%1 the& '*%t be etained $o *, to ten &ea %. In o de $o the %&%te' to lo! chan!e% 'ade to an object0 it '*%t be de$ined a% a change document ob4ect #ithin the %&%te'. >hen a $ield in a 'a%te eco d/doc*'ent i% chan!ed0 the %tanda d %&%te' c eate% a chan!e doc*'ent. Thi% e-*i e'ent can be e%t icted b& e@,licitl& %,eci$&in! in the Data Dictiona & that no chan!e doc*'ent% %ho*ld be !ene ated $o a ,a tic*la $ield. -.2.3 SAP ,acts The %&%te' $*nda'entall& eco d% all chan!e%0 en%* in! the t aceabilit& o$ all chan!e%. The a*to'atic %&%te' chan!e lo! , oced* e% can be ci c*'vented b& individ*al develo,'ent%. The a*tho i"ation object S=S/)O /Delete 8a%i%9 )ent al <*nction%0 )han!e Doc*'ent%1 a$$ect% onl& chan!e doc*'ent% $o data that a e not elevant $o acco*ntin!. SeeB T an%action SE6. /Re,o%ito & In$o S&%te'1 99H Envi on'ent99H A*tho i"ation%99 H A*tho i"ation object%99H Doc*'ent *%e99H P o! a'/T an%action//
-.2." 1isks 9 9 <ail* e to co',letel& eco d ,o%tin! data Deviation $ o' %o*nd acco*ntin! , inci,le%
-.2.% Audits Do authorizations e@i%t #hich allo# *%e % to chan!e a data%et #itho*t lo!!in! the chan!eR A e ade-*ate chec+% and cont ol% ove 'a%te data changes 'aintained and i',le'ented in a ve i$iable 'anne R )hec+ 'a%te data change documents *%in! the%e A+AP re!orts and transactionsB 9 9 9 9 9 9 1<)A+#55 1<FA+#55 1.5*I/)1 1SS/)155 <S5" ..5" Doc*'entation o$ )*%to'e 5a%te Data )han!e% Doc*'entation o$ ?endo 5a%te Data )han!e% P* cha%in! In$o Reco d )han!e% Di%,la& )han!e Doc*'ent% G/L Acco*nt )han!e% Di%,la& 5ate ial 5a%te Data )han!e%
As o, 1e$ease 3.57 9 9 9 9 1<+A+#55 1<+FA+#5 1<)F#IA+ 1<SA+#55 )han!e Doc*'ent% $o 5a%te Data 8an+ 5a%te Data )han!e% ) edit 5ana!e'ent 5a%te Data )han!e% G/L Acco*nt 5a%te Data )han!e%
1 Reconcilin! Postin! *ata 0losin!s

0. 1econci$ing Posting )ata /$osings 6.1 Objective 6.( Re-*i e'ent% 6.3 SAP $act% 6.3.1 Reconcilin! ,o%tin! data 6.3.( Pe iodic clo%in! 6.3.(.1 Da&9end clo%in! 6.3.(.( 5onth9end clo%in! 6.3.3 Aea 9end clo%in! 8alance %heet and , o$it and lo%% %tate'ent 8alance ca ied $o #a d Reo !ani"ation/A chivin! 6.. Ri%+% 6.2 A*dit% 6.2.1 Reconciliation 6.2.( Pe iodic clo%in! 6.2.3 Aea 9end clo%in!
0.1
Ob4ective
8*%ine%% entitie% a e le!all& obli!ated to +ee, boo+% and co',l& #ith a,,licable acco*ntin! *le% and e!*lation% in doin! %o. I$ acco*ntin! ta%+% a e ,e $o 'ed b& data , oce%%in! %&%te'%0 the b*%ine%% entit& '*%t en%* e that tho%e %&%te'% al%o co',l& #ith acco*ntin! *le% and e!*lation%. Th*%0 the de,a t'ent o the ,e %on e%,on%ible $o acco*ntin! in$o 'ation '*%t 'onito the , oce%%in! e%*lt%. The object o$ doin! %o i% to en%* eB 9 9 9 9 9 9 9 )o',letene%% A*thenticit& Ti'eline%% )o ect data val*ation P eci%e acco*nt a%%i!n'ent Acc* ate %*''ation P o,e ,o%tin!
Acco*ntin! i% dee'ed to be e$$icient and in co',liance #ith acco*ntin! , inci,le% i$ it% de%i!n allo#% o*t%ide ,a tie% #ho have a ea%onable +no#led!e o$ b*%ine%% to obtain an ove vie# o$ the co',an&D% activitie% and ,o%ition #ithin a ea%onable %,an o$ ti'e. U%e % o$ the in$o 'ation '*%t be able to t ace the o i!in and %ettle'ent o$ b*%ine%% activitie%. A% a *le0 the ba%ic $*nction% o$ an acco*ntin! %&%te' co', i%e the $ollo#in! led!e % and %tate'ent%B 9 9 9 9 9 9 O,enin! balance %heet Doc*'ent collection )o',act jo* nal Gene al led!e Li%t o$ a%%et% and liabilitie% in e,o t $o ' 8alance %heet and , o$it and lo%% %tate'ent
0.2 1e'uirements
The $o 'al %t *ct* e o$ an acco*ntin! %&%te' #ill de,end on the le!al e-*i e'ent% o$ the e%,ective co*nt &. S&%te'% that a*to'aticall& , oce%% and %to e acco*ntin! in$o 'ation '*%t $ollo# %,eci$ic , oced* e% $o collectin! and eco din! doc*'ent%0 jo* nal% and led!e % in co',liance #ith co''e cial la#. Thi% data #ill be etained $o %i@ to ten &ea %0 de,endin! on the la#% o$ the e%,ective co*nt & and on #hethe o not a ha d co,& o$ the ,o%tin! doc*'ent i% c eated. To $*l$ill the objective o$ co',letene%%0 it '*%t be ,o%%ible to econcile ,o%tin! data at an& ti'e0 e!a dle%% o$ ho# inte! ated the SAP a,,lication% a e. To that end0 SAP , ovide% the , oce%% cont ol% and chec+% at va io*% level% o$ the a,,lication. )ont ol% that detect and , event incon%i%tencie% '*%t be co',le'enta &. To $*l$ill the ba%ic e-*i e'ent% o$ %o*nd acco*ntin! , inci,le%0 co',anie% '*%t $*ll& and
acc* atel& eco d all b*%ine%% activitie% that a e %*bject to $inancial e,o tin! in a con%i%tent and ti'el& $a%hion #hich can be ea%il& a*dited at an& ti'e. In an inte! ated %&%te'0 the%e e-*i e'ent% a e not li'ited to ,o%tin!9 elated t an%action%C data %ec* it& and bac+*,0 a% #ell a% the table% that cont ol %*ch a %&%te'0 a e al%o %*bject to tho%e e-*i e'ent%. The , oced* e $o &ea 9end clo%in! '*%t incl*de the cont ol% and chec+% $o da&9end and 'onth9 end clo%in!%. Non9 ec* ent ta%+% '*%t al%o be 'onito ed. Re%,on%ibilitie% '*%t be clea l& e!*lated $o the%e ta%+% in ,a tic*la . Po%tin! data '*%t be doc*'ented. Thi% can be acco',li%hed b& eithe , intin! o 'ic o$il'in! the jo* nal% and acco*nt%.
0.3 SAP ,acts

0.3.1 1econci$ing !osting data U%e % can ente o i!inal doc*'ent% in doc*'ent %e%%ion%. The %&%te' a%%i!n% cont ol total%0 %*ch a% the n*'be o$ doc*'ent%0 debit total/c*%to'e %0 etc.0 to each %e%%ion. The <I %&%te' %to e% cont ol total% ,e *%e /<8F41 %o that the& can be co',a ed a!ain%t the e@i%tin! cont ol total. The doc*'ent %to a!e ca,abilit& !*a antee% that the balance o$ all ,o%tin!% e'ain% "e o. Thi% can be ve i$ied at an& ti'e b& *%in! the , o! a'% $o balance %heet% and P/L %tate'ent%. S*b%e-*entl& ,o%t total% *%in! , o! a' R<8USUFF. A *ni-*e doc*'ent n*'be i% a%%i!ned to each doc*'ent. >hen the %&%te' a%%i!n% n*'be % to doc*'ent% /t an%action <8N1/table INRDP10 it n*'be % the' con%ec*tivel&. I$ doc*'ent% a e n*'be ed e@te nall&0 the %&%te' en%* e% that the %a'e n*'be i% not a%%i!ned t#ice. 7hen SAP 0odule 00 is used, non-consecutive document numbers might be issued in some cases in 8inancial Accounting. Specify the .uantity of numbers stored in the buffers by using transaction S4(). 9f entries are made successively from different application servers, each application server assigns the ne!t available document number from its number range buffer. This means that the document numbers are not issued in the chronological order in which the documents were produced. 7hen entering numbers into the buffer, the last number in the buffer is used as the last issued number of the number range interval. 9f the SAP System is powered down, the document numbers that have been entered into the buffer but have not been used are lost. 7hen the system is re-started, the ne!t document numbers are entered into the buffer according to the last document number that was issued. This can cause gaps to occur in the document numbering system.
All doc*'ent% !ene ated #ithin a %,eci$ic ti'e ,e iod a e eco ded in the co',act doc*'ent jo* nal 1<+@#&55. The %*''a & e,o t R<8EL=FF , ovide% the total% %heet% $o econciliation. 5an*all& t an%$e the%e econciliation total% to a li%t #he e the& can be a!! e!ated and thei balance% ca ied $o #a d. To co',a e acco*ntin! $i!* e%0 ,e $o ' the ;accounting reconci$iation0; #hich %ho#% #hethe the 'onthl& debit% and c edit% a e %*,,o ted b& a,, o, iate doc*'entation. <o thi% ,* ,o%e0 *%e e,o t SAP8:;", *8inancial Accounting (econciliation Analysis.* 1econci$ing A(# account !ostings G/L acco*nt% a e econciled *%in! the a*dit t ail. To do thi%0 co',a e the li%t% $ o' e,o t 1<?A+;550 ;Gene al Led!e $ o' the Doc*'ent <ile0; o $ o' e,o t 1<F#+;150 ;Acco*nt Detail% $ o' Oi%to ical Acc*'*lated A*dit T ail; a!ain%t the li%t o$ G/L acco*nt balance% 1<SS#)55. 1econci$ing accounts on an o!en item basis O,en ite' acco*nt% a e econciled b& co',a in! the li%t% o$ c*%to'e and vendo balance% 1<)S#)55 and 1<FS#)55 a!ain%t the li%t% in the a*dit t ail $o o,en ite' acco*nt% o a!ain%t the hi%to ical balance. 9 9 O,en ite' acco*nt balance a*dit t ailB Oi%to ical balance a*dit t ailB 1<FF+;55 o 1<FF+;15 1<?A+;55 o 1<F#+;15
Additional econciliation , o! a'% can be $o*nd b& %electin! the ,ath ;S&%te'99H Se vice%99H Re,o tin!; and then ente in! R<J. P o! a' 1<+P@ 550 ;Doc*'ent Line Ite' E@t act0; can be *%ed $o clo%in! , oced* e% at the doc*'ent level. 0.3.2 Periodic c$osing The 'ain ,* ,o%e o$ !ene al led!e acco*ntin! i% to $*ll& e, e%ent e@te nal acco*ntin! and the acco*nt% involved in it. )ollectin! and 'aintainin! all b*%ine%% t an%action% /, i'a & ,o%tin!% and %ettle'ent% $ o' inte nal acco*ntin!1 in an inte! ated b*%ine%% %o$t#a e %&%te' !*a antee% that the acco*ntin! , oce%% i% co',lete and econciled at de$ined ,e iod% o$ ti'e. The <I !ene al led!e %&%te' o$$e % the $ollo#in! $*nction%B 9 9 9 9 < eel& de$inable cla%%i$ication o$ acco*nt% at the ! o*, o co',an& level A*to'atic ent & o$ all %*b%idia & led!e ite'% to the !ene al led!e / econciliation acco*nt%1 Pe iodic *,date% o$ the !ene al led!e and the val*e% in co%t acco*ntin! a ea% Ti'el& eval*ation% o$ and e,o t% on the c* ent ,o%tin! data in the $o ' o$ acco*nt %tate'ent%0 $inancial %tate'ent% #ith di$$e ent balance %heet ve %ion%0 and othe anal&%e%
Doc*'entation o$ individ*al t an%action% in the $ollo#in! a ea% i% available at all ti'e% in doc*'ent%0 line ite'% and t an%action $i!* e% at va io*% level%B 9 9 9 9 Acco*ntin! in$o 'ation The jo* nal a*dit t ail S*''a & and balance t an%action $i!* e% Eval*ation% o$ the balance %heet and , o$it and lo%% %tate'ent.
D* in! the c* ent $i%cal &ea 0 the !ene al led!e i% , i'a il& *%edB 9 9 9 <o contin*o*%0 cent al collection0 econciliation0 and doc*'entation o$ all ,o%tin! data A% the ba%i% $o a e,o tin! and anal&%i% %&%te' %t *ct* ed acco din! to e-*i e'ent% /%*ch a% t an%action $i!* e% ,e acco*nt o individ*al doc*'ent a*dit t ail1 <o da&9end and/o 'onth9end clo%in! , oced* e% that can be called *, #hen the& a e e-*i ed.
0.3.2.1 )ayCend c$osing Dail& clo%in! , oced* e% a e not 'andato & in the %&%te'. To 'onito data acco din! to the I)S0 &o* can e!*la l& c eate and chec+ the $ollo#in! anal&%e%B 9 9 9 9 9 Doc*'ent jo* nal Po%tin! Total% U,date Te 'ination% Li%t o$ )han!e Doc*'ent% )o e%,ondence 1<+@#&55 1<+;S;55 1<B+@155 1SS/)1%5 SAP<1"5
The%e anal&%e% o$ da&9to9da& o,e ation% a e ,e $o 'ed at the *%e D% di%c etion. 0.3.2.2 .onthCend c$osing The activitie% $o 'onth9end clo%in! #ill de,end0 a'on! othe thin!%0 on ho# the data %t *ct* e /b*%ine%% a ea%0 , o$it cente %0 etc.1 ha% been con$i!* ed. In !ene al0 , oceed a% $ollo#%B 9 9 9 9 9 8loc+ the old 'onth )o',a e doc*'ent% and t an%action $i!* e% ) eate the nece%%a & eval*ation% $o doc*'entin! the ,o%tin! data ) eate the advance et* n $o the ta@ on %ale% and ,* cha%e% Reconcile the acco*nt%
The doc*'ent jo* nal0 R<8EL=FF0 $*nction% li+e the !ene al led!e . Reconcile the ,o%tin! data a% de%c ibed in )ha,te 6.
The acc*'*lated balance a*dit t ail '*%t be e%tabli%hed be$o e the doc*'ent% a e a chived. The %e-*ence in #hich the doc*'ent% a e a chived #ill de,end on the vol*'e o$ doc*'ent% and the a'o*nt o$ available %to a!e %,ace in &o* DP %&%te'. Posting !eriods 5aintain ,o%tin! ,e iod% $o each co',an& code de,endin! on the $i%cal &ea va iant. The R/3 S&%te' eco!ni"e% 1( ,o%tin! ,e iod% $o e!*la ,o%tin! o$ data and $o* additional ,o%tin! ,e iod% $o clo%in! , oced* e%. Di$$e ent ,e iod% can be de$ined $o individ*al acco*nt% o acco*nt ! o*,%. 0.3.3 EearCend c$osing The &ea 9end clo%in! can be ba%ed on the 'onth9end clo%in! , oced* e0 altho*!h thi% i% not 'andato &. A %,eci$ic an!e o$ , o! a'% , e,a e% the acco*nt% and ,o%ted line ite'% $o &ea 9end clo%in!. I',o tant %te,% in , e,a ation $o the clo%in! incl*deB 9 9 9 9 9 )lo%in! the ,o%tin! ,e iod% ?al*in! the line ite'% and G/L acco*nt% in $o ei!n c* encie% Identi$&in! the vendo % ca &in! debit balance% and c*%to'e % ca &in! c edit balance% Po%tin! the eval*ation%0 adj*%t'ent% and acc *al% Reconcilin! the %*bled!e acco*ntin! %&%te'% and the *,%t ea' %&%te'%
A n*'be o$ eal9ti'e e,o t% %*,,o t the clo%in! , oced* e%0 %*ch a%B 9 9 9 9 )o',a i%on o$ doc*'ent% and t an%action $i!* e% A!! e!ate ,o%tin!% Po%tin! o$ o,en ite'% )a &in! $o #a d balance %heet acco*nt balance% #ith '*lti,le balance% ca ied $o #a d a$te the %ta t o$ the ne# $i%cal &ea
All e,o t% can be acce%%ed at an& ti'e online. +a$ance sheet and !ro,it and $oss statement The balance %heet and , o$it and lo%% %tate'ent can onl& be , inted o*t b& 'ean% o$ A8AP. Re,o t 1<+I#A55 i% available a% a %tanda d $eat* e. The li%t contain% the $inancial %tate'ent% /balance %heet and , o$it and lo%% %tate'ent1 o$ the e,o tin! ti'e$ a'e &o* choo%e #ithin a $i%cal &ea 0 incl*din! the ab%ol*te and elative e%*lt% o$ a co',a i%on ,e iod. The %t *ct* e o$ the $inancial %tate'ent% de,end% on the cha t o$ acco*nt% &o* choo%e $o the co',an& code /%ee Table TFFF./t an%action O8131.
+a$ance carried ,orward A ne# $i%cal &ea i% o,ened #ith the $i %t ,o%tin! to the $i%cal &ea . To do thi%0 the a,, o, iate ,o%tin! ,e iod '*%t be o,ened. In the SAP S&%te'0 the balance ca ied $o #a d , oced* e i% e@ec*ted *%in! the a,, o, iate e,o t% /SAP<F1F $o o,en ite' acco*nt% and SAP<F11 $o !ene al led!e acco*nt%1. The , o$it and lo%% acco*nt balance% a e ca ied $o #a d to the etained ea nin!% acco*nt o acco*nt%0 and the balance %heet acco*nt balance% a e ca ied $o #a d to thei o#n acco*nt%. A %,ecial o,enin! balance %heet i% not e-*i ed. Po%tin!% 'ade to the old $i%cal &ea a*to'aticall& adj*%t the balance ca ied $o #a d. The e$o e0 it i% not nece%%a & to clo%e the old $i%cal &ea and 'a+e the clo%in! ent ie% in o de to o,en the ne# $i%cal &ea . I$ a balance ca ied $o #a d , oced* e i% ,e $o 'ed at the end o$ the $i%cal &ea 0 ,o%tin!% 'ade to the old $i%cal &ea #ill not adj*%t the balance ca ied $o #a d0 %ince the %&%te' doe% not inte , et ,o%tin!% to the old $i%cal &ea a% %*ch. 1eorganization(archiving A chive data that i% no lon!e needed in the online %&%te' b& *%in! the %,ecial %tanda d $*nction% /in Acco*ntin!0 $o e@a',le0 *nde the 'en* ,ath <inancial acco*ntin!99H Gene al led!e 99H Pe iodic , oce%%in!99H A chivin! o *%in! t an%action <F.21. The %&%te' eo !ani"e% an& data that e'ain available online. In o de to a chive data0 ce tain condition% that a e ,a tl& , ede$ined b& the %&%te' '*%t be 'et. The *%e can al%o de$ine othe condition%0 %*ch a% the li$e %,an o$ acco*nt% and doc*'ent% /b& %electin! the 'en* ,ath /)*%to'i"in!99H <inancial Acco*ntin! )on$i!* ation 5en*99H Tool%99H A chivin! o b& e@ec*tin! t an%action O8R4 o O8R61. The $ollo#in! object% can be a chivedB 9 Acco*ntin! doc*'ent% 9 T an%action $i!* e% 9 )hec+% 9 5a%te data $ o' c*%to'e %0 vendo % and G/L acco*nt% 9 5a%te data on ban+% 9 The doc*'ent and a chive inde@ )o''e cial e!*lation% o inte nal o,e ation% 'a& e-*i e &o* to et ieve data %to ed in a chive $ile% at a late ti'e ,e iod. One #a& o$ acce%%in! thi% data i% to eload it. The $ollo#in! object% can be eloadedB 9 9 9 9 9 Acco*ntin! doc*'ent% T an%action $i!* e% )hec+% G/L acco*nt 'a%te data 8an+ 'a%te data
The doc*'ent and a chive inde@
The e i% no need to eload the 'a%te data $ o' acco*nt% eceivable and ,a&able.
0." 1isk
I$ ,o%tin! data i% not econciled on a ti'el& ba%i%9that i%0 'onthl&9the e i% a i%+ that e o % 'a& occ* and e'ain *ndetected $o an e@tended ,e iod o$ ti'e. The%e e o % 'a& 'a+e it di$$ic*lt to ca & o*t the &ea 9end clo%in! , oced* e%. Anothe obvio*% con%e-*ence o$ thi% i% that 'ana!e'ent co*ld 'a+e deci%ion% ba%ed on *n eliable in$o 'ation0 #hich #o*ld then lead to %e io*%0 i eve %ible e o %. The e i% al%o a i%+ that &o* 'a& not be able to identi$& #h& o #he e an e o occ* ed in o de to , event it $ o' ec* in! and $ o' jeo,a di"in! the %&%te'D% co',liance #ith %o*nd acco*ntin! , inci,le%. In addition to the i%+ o$ e o e%*ltin! $ o' econciliation that doe% not occ* on a ti'el& ba%i%0 the e a e othe i%+% in 'onth9end clo%in! that '*%t be eli'inated *%in! %&%te'9#ide cont ol% and chec+%. <o e@a',le0 acco*ntin! ,e iod% that a e not acc* atel& de$ined 'a& e%*lt in incon%i%tencie% bet#een the !ene al led!e and %*b%idia & led!e %. Incon%i%tent data co*ld then be *%ed in %*b%e-*ent eval*ation% $o ta@ ,* ,o%e% o %ale% %tati%tic%. Inade-*ate data bac+*, #ill 'a+e it di$$ic*lt to e%t *ct* e in$o 'ation $o e@te nal ,* ,o%e% i$ e o % do occ* . Ri%+% elated to the balance %heet and , o$it and lo%% %tate'ent 'a& a i%e d*e to the t&,e o$ acco*nt% %*''a i"ed in the individ*al &ea 9end clo%in! ite'%. I$ allocation% do not 'atch the $o 'al e-*i e'ent%0 the &ea 9end clo%in! , oced* e 'a& be ejected. Inco',lete data inc ea%e% the i%+ o$ e oneo*% in$o 'ation bein! *%ed b& 'ana!e'ent. Non9co',liance #ith cla%%i$ication e-*i e'ent% and etention ti'e li'it% 'a& e%*lt in le!al con%e-*ence%. I', o,e handlin! o$ the balance ca ied $o #a d 'a& ca*%e lo%%e% in the contin*it& o$ the balance %heet o 'a& e%*lt in balance %heet 'ani,*lation. )han!e% to the doc*'ent n*'be an!e% 'a& a$$ect the a chive in %*ch a #a& that , event% object% $ o' bein! eloaded into the %&%te'.
0.% Audits
0.%.1 1econci$iation 8a%ed on cont ol and 'onito in! e-*i e'ent%0 the $ollo#in! -*e%tion% /a'on! othe %1 a i%e $o the a*dito B
Oo# o$ten a e ,o%tin!% chec+edR >ho chec+% the'R I% acco*ntin! econciliation ,e $o 'ed e!*la l&R >e e an& incon%i%tencie% $o*ndR Oo# #e e the& handledR >hen *,! adin! to a ne# elea%e0 do the clo%in! balance li%t% o$ the old elea%e 'atch the be!innin! balance li%t% o$ the ne# elea%e and have the& been doc*'ented , o,e l&R I% the e an& eco d o$ abno 'al %&%te' te 'inationR 9f other SAP modules are used, do buffers issue document numbers (Transaction S4(", number range ob$ect 0AT+'6'<)= )hec+ the se$ection criteria $o the A8AP% *%ed in the acco*ntin! econciliation. SAP eco''end% de$inin! $i@ed %election c ite ia in va iant% $o each client $o the $ollo#in! e,o t%B 9 9 9 9 R<8EL=FF R<DSLDFF R<QSLDFF R<SSLDFF
>ithin <inancial Acco*nt%0 the econciliation e,o t% $o the Gene al Led!e a ea can be $o*nd in the ,ath UPe iodic , oce%%in!99H 5onth end e,o t%99H ReconciliationV o in the Acco*nt% Receivable o Pa&able a ea% in the ,ath UPe iodic , oce%%in!99H Re,o tin!99H Acco*nt balance%.V To *n the%e e,o t%0 %,eci$& a %tanda d )PU data a% the %election c ite ion $o the ti'e ,e iod. 0.%.2 Periodic c$osing The $ollo#in! -*e%tion% a e e%%ential to a%%e%%in! the %&%te' cont ol% and chec+%B >ho i% e%,on%ible $o the 'onth9end clo%in! , oced* eR Do the *le% $o e@ec*tin! the clo%in! , oced* e %ati%$& the e-*i e'ent o$ %e,a atin! the $*nction% bet#een the $*nctional de,a t'ent and the DP a eaR >hat 'ea%* e% !*a antee that %tanda d , oce%% $lo#% #ill be ca ied o*t in the , o,e o de R A e the e an& *le% !ove nin! e o 'ana!e'entR A e *%e , o$ile% , o,e l& %et *, $o %e,a atin! $*nction% /transaction S;521R A e all doc*'ent% that '*%t be a chived bein! !ene atedR 0.%.3 EearCend c$osing
In addition to -*e%tion% in the a*ditin! %te,% $o 'onth9end clo%in!0 the a*dito '*%t deal #ith , oble'% elated to &ea 9end clo%in!0 #hich incl*de , e%entin! the balance %heet0 doc*'entin! ,o%tin! data and etainin! doc*'ent% %*bject to etention e-*i e'ent%. Re%,on%ibilit& $o &ea 9end clo%in!0 $o ,e iod9end acc *al and de$e al and $o de$inin! the G/L acco*nt% '*%t be obtained $ o' the a%%i!ned *%e , o$ile% /Tool%99H Ad'ini%t ation99H U%e 'aintenance1. )hec+ the , oced* e $o e@ec*tin! the balance ca ied $o #a d0 a% #ell a% the balance% that have been ca ied $o #a d. Al%o chec+ #hethe chan!e% 'ade to the doc*'ent n*'be an!e% d* in! the &ea #ill a$$ect the a chive /t an%action <8N11.
2 Invoice 0 eckin! and Payment Run

2. Invoice /hecking and Payment 1un 7.1 Objective 7.( Re-*i e'ent% 7.3 SAP $act% 7.3.1 ?endo 'a%te data 7.3.( S,ecial $ield% 7.3.3 P e eco din! doc*'ent% 7.3.. Po%tin! acco*nt% *%in! the net a'o*nt , oced* e 7.3.2 A'o*nt li'it% and tole ance% 7.3.3 Pa&'ent , o! a'% 7.3.4 A*tho i"ation% )*%to'e and vendo 'a%te data 8an+% <inancial calenda Acco*ntin! doc*'ent ) edit li'it Pa&'ent *n D*nnin! *n 7.3.6 Re,o t% 7.. Ri%+% 7...1 ?endo 'a%te eco d% 7...( Invoice chec+in! 7...3 Pa&'ent , o,o%al0 ,a&'ent *n 7.2 A*dit% 7.2.1 <*nctional %e,a ation 7.2.( S*%,en%e acco*nt% 7.2.3 Pa&'ent , o,o%al li%t and ,a&'ent li%t 7.2.. Do*ble ,a&'ent%
2.1 Ob4ective
Thi% cha,te di%c*%%e% the invoice chec+in! and ,a&'ent *n in elation to the <inancial Acco*ntin! 'od*le. The e-*i e'ent% $o vendo 'a%te data ad'ini%t ation that a e 'o%t i',o tant $o that a ea a e al%o cove ed. To !*a antee co',liance #ith %o*nd acco*ntin! , inci,le%0 e$e ence i% 'ade to the 'a%te data chan!e %e vice de%c ibed in )ha,te 4. Thi% cha,te doe% not cove lo!i%tic invoice chec+in! in connection #ith SAP R/3 55 5ate ial 5ana!e'ent0 #hich ,e $o '% co',*te i"ed chec+% b& havin! the %&%te' co',a e o de %0 !ood% eceived0 and invoicin!. U,%t ea' and do#n%t ea' o !ani"ational 'onito in! and a,, o, iate $*nctional %e,a ation in the a ea% o$ vendo 'a%te data ad'ini%t ation0 invoice chec+in! and ,a&'ent *n% a e e-*i ed to !*a antee that , oce%%e% #ill $lo# %'oothl& and en%* e that the inte nal cont ol %&%te' i% e$$ective. The %co,e o$ the *,%t ea' and do#n%t ea' 'onito in! de,end% on the %i"e o$ the individ*al co',an& and the co',le@it& o$ b*%ine%% t an%action , oce%%in!. SAP ! ant% a*tho i"ation% ba%ed on a co',an&9%,eci$ic a*tho i"ation 'odel0 and can , ovide e$$ective %*,,o t in that e!a d on %eve al di$$e ent level%.
2.2 1e'uirements
)o ect , oce%%in! and handlin! o$ t an%action data a% ,a t o$ co',an& $*nction% /%*ch a% invoice chec+in! and o$$%ettin! ,a&'ent%1 de,end on co',lete0 con%i%tent0 and *,9to9date vendo 'a%te data. >hen *%in! the 5ate ial 5ana!e'ent 'od*le0 it i% ,a tic*la l& i',o tant to avoid incon%i%tenc& and ed*ndanc& b& clea l& dividin! each de,a t'entD% e%,on%ibilit& $o c eatin! and 'aintainin! 'a%te data bet#een Acco*ntin! and P* cha%in!. Sta$$ #ho have acce%% to 'a%te data %ho*ld not be able to acce%% t an%action data. 5a%te data $ield% that a e *%ed $o ,a&'ent /%*ch a% in$o 'ation on ban+ a$$iliation%1 %ho*ld be %*bject to the d*al cont ol , inci,le o be 'onito ed b& additional co',en%ato & chec+%. In thi% e!a d0 the n*'be o$ %*%,en%e acco*nt% %ho*ld be +e,t to a 'ini'*' and 'onito ed %e,a atel&. )o',liance #ith %o*nd acco*ntin! , inci,le% e-*i e% co',lete0 co ect doc*'entation o$ acco*nt% ,a&able and eceivable. The e$o e0 inco'in! invoice% '*%t be , o',tl& eco ded. The& '*%t be chec+ed to en%* e that the& 'atch the o de and the !ood% o %e vice% eceived. Onl& invoice% that e$lect the , o,e -*antit& o$ !ood% and %e vice% that #e e act*all& eceived *nde the %ti,*lated condition% %ho*ld be ,aid. Tole ance% $o di$$e ence% a e allo#ed and can be con$i!* ed b& the %&%te'. SAP R/3 ha% the ca,abilit& o$ , e eco din! doc*'ent% / e,lace% the e!i%te o$ invoice% eceived10 i$ the invoice% cannot be , o',tl& ,o%ted beca*%e the& have not &et been chec+ed. Pa&'ent %ho*ld be 'ade in a ti'el& $a%hion and %ho*ld 'eet an& deadline% e-*i ed $o di%co*nt%. The o*t$lo# o$ $*nd% i% al%o %*bject to d*al cont ol0 eithe b& 'onito in! ,a&'ent , o,o%al li%t% o b& an a,, o, iate inte nal cont ol %&%te' $o 'a%te data ad'ini%t ation and invoice elea%e.
The $o #a din! o$ t an%$e o de data%et% to ban+% %ho*ld be doc*'ented and , otected a!ain%t 'ani,*lation.
2.3 SAP ,acts

2.3.1 Bendor master data To en%* e that invoice% a e ,o%ted in acco dance #ith %o*nd acco*ntin! , inci,le%0 a,, o, iate in$o 'ation i% , ovided $ o' the 'a%te $ile /na'e0 add e%%0 ban+ a$$iliation0 te '% o$ ,a&'ent0 ,a&'ent o*te%0 and acco*nt cont ol data1. <o one9ti'e vendo % o tho%e #ho invoice in$ e-*entl&0 the %&%te' ha% a 'a%te eco d $o %*%,en%e acco*nt%. It contain% no c*%to'e 9%,eci$ic data0 %ince the acco*nt i% *%ed $o '*lti,le vendo %. The %,eci$ic data '*%t be ente ed #hen the invoice i% ,o%ted. 2.3.2 S!ecia$ ,ie$ds The $ollo#in! $ield% in the vendo 'a%te eco d% have a %,ecial $*nctionB C )i,,erent !ayment reci!ient
The ,a&'ent , o! a' can 'a+e ,a&'ent% to a ,a&ee #ho i% di$$e ent $ o' the vendo to #ho%e acco*nt the invoice #a% ,o%ted. The ,a&'ent i% 'ade to a di$$e ent eci,ient. That eci,ient '*%t be ente ed in the !ene al o %,eci$ic co',an& code a ea o$ the 'a%te eco d. I$ the e a e ent ie% in both a ea%0 the ent & in the co',an& code ha% , io it&. The ,a&'ent , o! a' #ill then call *, the na'e and add e%% o$ the di$$e ent ,a&'ent eci,ient #hen , oce%%in! ,a&'ent% $o the a,,licable vendo acco*nt. It i% al%o ,o%%ible to ente the ,a&'ent eci,ient $o the $i %t ti'e in the doc*'ent / e-*i e% 'a +in! o$ the ,a&'ent eci,ient $ield in the doc*'ent1. >hen the doc*'ent i% eco ded0 a $ield #ill then be available $o ent & o$ a di$$e ent ,a&'ent eci,ient. C A,,i$iated com!anies
Invoice% %*b'itted to an a$$iliated co',an& e-*i e %,ecial t eat'ent in a ! o*, con%olidation. All %ale% and ,* cha%e% e%*ltin! $ o' t an%action% #ithin a co',an& ! o*, '*%t be eli'inated /eli'ination o$ inte nal t an%action%1. Thi% e-*i e% eve & a$$iliated co',an& to have a *ni$o ' n*'be in the Pa tne )o',an& $ield that i% con%i%tent th o*!ho*t the ! o*,. That n*'be i% then ente ed in the Pa tne )o',an& $ield in the vendo 'a%te eco d. The con%olidation %&%te' *%e% it to eco!ni"e inte nal t an%action% $o con%olidation. C O,,sets between vendors and customers
I$ a b*%ine%% ,a tne i% both a vendo and a c*%to'e 0 o,en ite'% can be o$$%et b& the ,a&'ent , o! a' and the d*nnin! , o! a'.
Oo#eve 0 o$$%ettin! i% ,o%%ible onl& i$B 1. (. A c*%to'e 'a%te eco d ha% been c eated $o a c*%to'e #ho i% %i'*ltaneo*%l& eco ded a% a vendo . The c*%to'e D% acco*nt n*'be ha% been ente ed in the c*%to'e $ield in the cont ol a ea o$ the !ene al data in the vendo 'a%te eco d0 and the vendo D% acco*nt n*'be ha% %i'ila l& been ente ed in the vendo $ield o$ the c*%to'e 'a%te eco d. The O$$%et #ith )*%to'e o O$$%et #ith ?endo $ield ha% been 'a +ed in the co',an& code data o$ the c*%to'e and vendo 'a%te eco d. Each co',an& code can then %e,a atel& decide #hethe it i% advi%able to o$$%et the a'o*nt% $o the c*%to'e and the vendo .
3.
2.3.3 Prerecording documents P e eco din! doc*'ent% allo#% invoice% to be , e eco ded and ,a +ed #itho*t the need to chec+ ent ie% in detail. A , e eco ded doc*'ent can be chan!ed and co',leted in a %e ie% o$ %te,%. 5an& head and ,o%ition $ield% can be chan!ed. The %&%te' *le% $o chan!e% to doc*'ent eco din! a e not *%ed. )han!e% to , e eco ded doc*'ent% a e lo!!ed and can be di%,la&ed be$o e and a$te ,o%tin!. The doc*'ent n*'be o$ a , e eco ded doc*'ent that ha% been deleted cannot be e*%ed. A , e eco ded doc*'ent can be ,o%ted individ*all& o b& %electin! $ o' a li%t. The %&%te' !ene ate% a li%t that %ho#% #hethe the doc*'ent% #e e %*cce%%$*ll& ,o%ted. Doc*'ent% that have not been ,o%ted can be evi%ed $ o' that li%t. >hen a , e eco ded doc*'ent i% ,o%ted0 the data $ o' that , e eco ded doc*'ent i% deleted0 a doc*'ent i% # itten to the doc*'ent databa%e and the co e%,ondin! data /t an%action $i!* e%1 i% *,dated. The doc*'ent n*'be i% i',o ted into the ,o%ted doc*'ent. 2.3." Posting accounts using the net amount !rocedure In %o'e ca%e%0 the net a'o*nt o$ vendo invoice% '*%t be ,o%tedC that i% the ca%e0 $o e@a',le0 #hen ac-*i in! $i@ed a%%et% o a# 'ate ial%. >hen *%in! the net a'o*nt , oced* e to ,o%t an invoice0 it i% a%%*'ed that the di%co*nt #a% #ithheld. The invoice i% not &et ,aid0 and the %&%te' a*to'aticall& %*bt act% the di%co*nt $ o' the e@,endit* e. Thi% 'ethod i% t&,icall& *%ed to eco d the ac-*i%ition o$ , o,e t&0 ,lant0 and e-*i,'ent. The a'o*nt ed*ced b& the di%co*nt /net a'o*nt1 i% then t an%$e ed to e@,en%e o balance %heet acco*nt%. A ;net doc*'ent t&,e; '*%t be *%ed #hen invoice% a e ,o%ted *%in! the net a'o*nt , oced* e. The acco*nt%0 *le%0 and ,o%tin! +e&% '*%t be %et in the %&%te' con$i!* ation to a*to'atic ,o%tin! o$ the di%co*nt di$$e ence.
2.3.% Amount $imits and to$erances In addition to a%%i!nin! ,o%tin! a*tho i"ation%0 a'o*nt% can be li'ited #hen ,o%tin! doc*'ent% and doc*'ent line ite'% and tole ance li'it% can be %et $o di%co*nt% and ,a&'ent di$$e ence%. S*ch %,eci$ication% 'a& al%o be the %*bject o$ a! ee'ent% #ith b*%ine%% ,a tne %. 8oth %,eci$ication% a,,l& d* in! ,o%tin!. The 'o e e%t ictive li'it% #ill a,,l&. E@a',le% o$ a'o*nt li'it% $o ,o%tin!B >hat i% the 'a@i'*' a'o*nt $o a doc*'ent that an e',lo&ee can ,o%tR >hat i% the 'a@i'*' a'o*nt o$ a doc*'ent line ite' that he can eco d in a c*%to'e o vendo acco*ntR >hat ,e centa!e di%co*nt can the e',lo&ee ! ant in a doc*'ent line ite'R >hat i% the 'a@i'*' acce,table ,a&'ent di$$e enceR The %,eci$ied tole ance% and a'o*nt% a e a $*nction o$ the co',an& code. Thi% 'ean% that it i% ,o%%ible to %,eci$& di$$e ent tole ance% $o %,eci$ic co',an& code% to the %a'e ! o*, o$ e',lo&ee%. I$ no ! o*, i% indicated0 the de$ined tole ance% a,,l& to all e',lo&ee% #ho a e not a%%i!ned to a ! o*,. E@a',le% o$ tole ance% $o ,a&'ent di$$e ence%B Pa&'ent di$$e ence% #ithin %,eci$ied tole ance li'it% a e a*to'aticall& ,o%ted. >hen that occ* %0 the %&%te' can ,o%t the di$$e ence b& co ectin! the di%co*nt o b& boo+in! a %e,a ate e@,en%e o inco'e acco*nt. Tole ance li'it% a e *%ed to dete 'ine ho# the %&%te' %ho*ld ,o%t the di$$e ence. <o e@a',le0 *, to #hat a'o*nt o ,e centa!e doe% the %&%te' a*to'aticall& ,o%t to a %e,a ate e@,en%e o inco'e acco*nt0 i$ it i% not ,o%%ible to co ect the di%co*ntR /#o d% o'itted in o i!inal/ di$$e ence doe% the %&%te' co ect the di%co*ntR In that ca%e0 the di$$e ence i% a*to'aticall& added to o ded*cted $ o' the di%co*nt. 2.3.* Payment !rograms The ,a&'ent , o! a' i% de%i!ned to handle both o*t!oin! and inco'in! ,a&'ent%. 8oth $*nction% a e %*,,o ted $o vendo % and c*%to'e %. The , o! a' !ene ate% ,a&'ent doc*'ent% and , ovide% the data $o the ,a&e , o! a'. It , int% ,a&'ent li%t% and ,a&'ent $o '% /%*ch a% chec+%1 o !ene ate% data ca ie % /di%+ette% o 'a!netic ta,e%1. The ,a&'ent , o! a' dete 'ine% the o,en line ite'% and decide% #hich line ite'% '*%t be ,aid. It al#a&% ,a&% each ite' a% late a% ,o%%ible #itho*t lo%in! the di%co*nt. The e@act ti'e o$ ,a&'ent i% dete 'ined b& the con$i!* ation o$ the ,a&'ent , o! a'.
The ba%e date and the te '% o$ ,a&'ent contained in the o,en line ite' dete 'ine #hen the ent & i% d*e $o ,a&'ent. The ,a&'ent , o! a' calc*late% di%co*nt deadline% and #hen net ,a&'ent i% d*e. D* in! con$i!* ation0 tole ance da&% can be %,eci$ied $o the acco*nt% ,a&able o$ %,eci$ic co',an& code%. The tole ance da&% a e added to the calc*lated ,a&'ent deadline%. Pa&'ent can then be ,o%t,oned. A 'ini'*' di%co*nt ,e centa!e $o o*t!oin! ,a&'ent% can be %,eci$ied $o a %,eci$ic co',an& code. I$ the %,eci$ied 'ini'*' ,e centa!e cannot be obtained0 ,a&'ent i% 'ade #hen the net a'o*nt i% d*e. The 'ini'*' acco*nt ,e centa!e i% *%ed i$ the te '% $o net ,a&'ent a e 'o e advanta!eo*% than the te '% o$ a ,otential di%co*nt. I$ a 'ini'*' a'o*nt i% not indicated0 then the , o! a' ,a&% #hen the hi!he%t ,o%%ible di%co*nt i% available. In addition0 %,ecial 'ain led!e , oced* e%0 %*ch a% in%tall'ent ,a&'ent e-*e%t% o ,a&'ent e-*e%t%0 can be %,eci$ied d* in! con$i!* ation a% , oced* e% to be e!*lated. The date o$ the ne@t ,a&'ent *n '*%t be indicated be$o e each ,a&'ent *n. The , o! a' *%e% that in$o 'ation to decided #hethe a line ite' %ho*ld be incl*ded in the c* ent o ne@t ,a&'ent *n. >hen ,a&'ent ,a a'ete % a e eco ded0 the a*tho i"ation to chan!e ,a&'ent ,a a'ete % can be li'ited to ce tain *%e %. 2.3.- Authorizations The $ollo#in! a*tho i"ation% a e elevant $o a*dit%B /ustomer and vendor master data A*tho i"ation% $o vendo 'a%te data can be a%%i!ned #ith e!a d to the a,,lication /<inancial Acco*ntin! o P* cha%in!10 the co',an& code o !ani"ational *nit0 the individ*al 'a%te eco d% and the individ*al 'a%te eco d $ield%. The a*tho i"ed activitie% a e contained in Table TA)TK. A*tho i"ation object% in detailB Gene al 'aintenance a*tho i"ation $o c*%to'e o vendo 'a%te data /a,,lication a*tho i"ation1 )*%to'e 'a%te dataB ?endo 'a%te dataB <MQNA1MAPP <ML<A1MAPP
A*tho i"ation object $o c*%to'e o vendo 'a%te data in the co',an& code )*%to'e 'a%te dataB <MQNA1M8UQ
?endo 'a%te dataB
<ML<A1M8UQ
A*tho i"ation object $o c*%to'e o vendo 'a%te data a% a $*nction o$ 'a%te eco d /acco*nt a*tho i"ation1 )*%to'e 'a%te dataB ?endo 'a%te dataB A*tho i"ation object to chan!e %,eci$ic $ield% )*%to'e 'a%te dataB ?endo 'a%te dataB <MQNA1MAEN <ML<A1MAEN <MQNA1M8ED <ML<A1M8EQ
A*tho i"ation object to chan!e %,eci$ic acco*nt ! o*,% /a,,lie% onl& to c*%to'e %1B <MQNA1MQGD A*tho i"ation object $o acco*nt anal&%i% /a,,lie% onl& to c*%to'e %1B <MQN81MANA An anal&%i% $*nction i% available $o c*%to'e acco*nt% that , ovide% an ove vie# o$ the total a'o*nt o$ o,en line ite'%0 ded*ction% and inte e%t0 the c edit li'it and the ,a&'ent hi%to &. Thi% $*nction ha% it% o#n a*tho i"ation objectB A*tho i"ation $o acco*nt anal&%i%. The a*tho i"ation object i% co', i%ed onl& o$ the co',an& code $ield. +anks An a*tho i"ation object #a% de$ined $o ban+% #hich can be *%ed to , otect the c eation and , oce%%in! o$ ban+ 'a%te data. A %econd a*tho i"ation object i% *%ed to %,eci$& the co',an& code% in #hich ho*%e ban+% can be de$ined and , oce%%ed. The individ*al a*tho i"ation object% $o the ban+% a eB A*tho i"ation object $o ban+ 'a%te data /!ene al 'aintenance a*tho i"ation1B <M8NQAM5AN A*tho i"ation object $o ho*%e ban+% /a*tho i"ation $o co',an& code%1B <M8NQAM8UQ <inancia$ ca$endar The $inancial calenda , ovide% an ove vie# o$ the ,e iodic #o + ,lanned in the %&%te'0 %*ch a% d*nnin! *n%0 ,a&'ent *n% and e,o t%. All o$ the job% that %ho*ld be di%,la&ed %i'*ltaneo*%l& a e co'bined in the %ched*le. The a*tho i"ation object <MTFF1E /;a*tho i"ation $o $inancial calenda 1 a%%i!n% a*tho i"ation% to 'a+e chan!e% and to di%,la&. Accounting document
A*tho i"ation object% a e de$ined $o the acco*ntin! doc*'ent #hich can be *%ed to li'it ,o%tin!0 di%,la&in!0 and %i'ila $*nction% to co',an& code%0 b*%ine%% a ea%0 doc*'ent t&,e%0 acco*nt t&,e%0 o acco*nt%. A*tho i"ation object $o co',an& code%B <M8QP<M8UQ
The object i% al%o *%ed to de$ine the !ene al a*tho i"ation. An e',lo&ee can call *, the $*nction $o ,o%tin! i$ he i% a*tho i"ed to ,o%t doc*'ent% in one at lea%t one co',an& code. A*tho i"ation object $o b*%ine%% a ea%B <M8QP<MGES
A*tho i"ation% #ith the $ollo#in! object% can be a%%i!ned $o ,o%tin! and editin! doc*'ent% elated to acco*nt% and b*%ine%% t an%action%B A*tho i"ation% $o ,o%tin! ,e iod%B A*tho i"ation% $o acco*nt t&,e%B A*tho i"ation% $o doc*'ent t&,e%B <M8QP<M8UP <M8QP<MQOA <M8QP<M8LA
A*tho i"ation object acco*nt a*tho i"ation $o G/L0 vendo 0 and c*%to'e acco*nt%B G/L acco*nt%B ?endo %B )*%to'e %B <M8QP<MSAQ <M8LP<M8EQ <M8QP<M8ED
A*tho i"ation object chan!e , o,o%ed val*e% $o doc*'ent t&,e and ,o%tin! +e&B <M8QP<M?> The %&%te' i% %*,,lied #ith , o,o%ed val*e% $o the doc*'ent t&,e and ,o%tin! +e&. The%e val*e% a e %*!!e%ted to the *%e #hen a $*nction i% called *,. )han!e a*tho i"ation% can be a%%i!ned %o that the , o,o%ed val*e% can be chan!ed *%in! the con$i!* ation !*ide $o Acco*ntin!. /redit $imit The c edit li'it to be ! anted to a vendo o c*%to'e can !ene all& be e%tabli%hed $o a !ene al c*%to'e o $o an i%olated c*%to'e ba%ed on c edit cont ol a ea%. The c edit cont ol a ea i% an o !ani"ational *nit that i%%*e% and cont ol% c edit li'it%. A cont ol a ea can be e%,on%ible $o one o %eve al co',an& code%. Th ee a*tho i"ation object% have been de$ined $o c edit li'it%B The $i %t a*tho i"ation object e%t ict% the !ene al 'aintenance a*tho i"ation and the %econd e%t ict% c edit li'it 'aintenance and di%,la& to the c edit cont ol a ea. The thi d a*tho i"ation object can be *%ed to , otect %,eci$ic $ield% on c edit 'ana!e'ent in c*%to'e 'a%te data a!ain%t chan!e%. In detail0 the a*tho i"ation object% $o the c edit li'it a eB Gene al 'aintenance a*tho i"ationB A*tho i"ation $o c edit 'onito in! a ea%B <MQNQAM5AN <MQNQAM5AN
)han!e a*tho i"ation $o %,eci$ic $ield%B Payment run
<MQNQAMAEN
To de$ine a*tho i"ation%0 the %&%te' contain% %,ecial activit& +e&% that a,,l& onl& to the ,a&'ent , o! a'. The& can be called *, *%in! the Envi on'ent 'en* ite' in the Re-*e%t %c een o$ the ,a&'ent , o! a'. To de$ine the a*tho i"ation%0 ente the de%i ed activitie% *%in! the +e&%. To de$ine the a*tho i"ation%0 &o* can co'bine the activitie% #ith co',an& code% o acco*nt t&,e%. The $ollo#in! a*tho i"ation% can be a%%i!ned $o the ,a&'ent *nB A*tho i"ation object $o the co',an& codeB A*tho i"ation object $o the acco*nt t&,eB )unning run The $ollo#in! a*tho i"ation% can be a%%i!ned $o the d*nnin! *nB A*tho i"ation object $o the co',an& codeB A*tho i"ation object $o the acco*nt t&,eB 2.3.0 1e!orts R<AUSKFF R<A?IS(F R<8ISAFF R<)OQR1F R<DA8LFF R<DQLI1F R<DQLI(F R<DQLI3F R<DQLI.F R<DQLI.1 R<DQLI2F R<DQLIA8 R<DQLIA8 R<E8)QFF R<QA8LFF R<QORDFF R<QORD1F R<PQD8FF R<SA8LFF R<>EDIFF Gene ate acco*nt %tate'ent Reo !ani"ation o$ ,a&'ent notice% I',o t G/L data $ o' a %o* ce %&%te' into the R/3 %&%te' )o ection i$ the # on! chec+ n*'be #a% ente ed #hen # itin! chec+% )han!e% in c*%to'e data 'a%te % $o '*lti,le acco*nt% Sea ch $o c*%to'e % #itho*t c edit li'it% Re%t *ct* e c edit li'it% o$ %elected c edit 'onito in! a ea% 8 ie$ ove vie# o$ c edit li'it Ove vie# o$ c edit li'it /e@,anded1 ) edit 'a%te %heet )han!e in a%%et% Di%,la& chan!e% in c edit 'ana!e'ent $o '*lti,le acco*nt% Di%,la& chan!e% $o '*lti,le acco*nt% Ente chec+ eve %e *n Li%t chan!e% in vendo 'a%te eco d% $o '*lti,le acco*nt% P int ,a&'ent notice% di ectl& #ith the , int e,o t P int acco*nt %tate'ent and o,en line ite'% li%t Eval*ate liabilitie% $ o' , evio*%l& eco ded doc*'ent% and #he e a,,licable ,o%t a% l*', %*' Li%t chan!e% in G/L acco*nt 'a%te eco d% $o '*lti,le acco*nt% S*b'i%%ion li%t $o the ban+ <M5AONM8UQ <M5AONMQOA <MREGUM8UQ <MREGUMQOA
R<KALIFF R<KALI1F SAP<F17 SAP<1.F 1//#/;S
Re,o t% on !ene ation o$ the ,a&'ent , o,o%al li%t and /#o d% o'itted/ Re,o t% on !ene ation o$ e@ce,tion li%t /#o d o'itted/ 'a%te data in cha t o$ acco*nt% P int all e-*e%ted t&,e% o$ co e%,ondence that ha% not &et been , inted
<o Relea%e 3.FD the e,o t '*%t be %ta ted %o that the data in c*%to'i"in! o$ the cla%% %&%te'0 #hich SAP chan!ed $o thi% elea%e0 #ill al%o be i',o ted in &o* %&%te'. Thi% e,o t t an%,o t% ne# o chan!ed table ent ie% 'ade b& SAP in )lient FFF into all client% o$ &o* , od*ctive %&%te'.
2." 1isks
I$ ,a&'ent t an%action% a e not %*$$icientl& , otected b& %&%te' validation% and a*to'atic chec+%/ econciliation%0 and i$ e$$ective 'an*al chec+% a e not ,e $o 'ed b& the o !ani"ation both *,%t ea' and do#n%t ea'0 #o +in! e o % and/o delibe ate action% 'a& ca*%e econo'ic lo%%e% $o the co',an&. 2.".1 Bendor master records Inco',lete o $a*lt& 'aintenance o$ vendo 'a%te eco d% can e%*lt in the need $o e@ten%ive co ective e$$o t%. T aceabilit& #ill be 'o e di$$ic*lt o i',o%%ible /%ee )ha,te 41. A $ail* e to %e,a ate $*nction% bet#een acce%% to /c eate and 'aintain1 'a%te data and t an%action data inc ea%e% the i%+ o$ 'ani,*lation% to vendo 'a%te data /e.!.0 ban+ a$$iliation1. The *%e o$ %*%,en%e acco*nt% $o ,a&'ent t an%action% al%o involve% additional i%+% d*e to the o,en in,*t ca,abilit& $o the ,a&'ent o*te and ,a&'ent eci,ient and the lac+ o$ cla it& abo*t eval*ation ca,abilitie% /%*ch a% %*,,lie %tati%tic%1. 2.".2 Invoice checking >itho*t inte nal co',an& *le% on invoice chec+in! /d*al cont ol , inci,le0 $*nctional %e,a ation0 elea%e , oced* e1 the e i% a i%+ o$ do*ble ,a&'ent% /%*ch a% ,o%tin! and ,a&'ent o$ co,ie% o$ invoice% o ,a&'ent e'inde %1 and 'ani,*lation% /%*ch a% invoice% $o #hich no %e vice #a% , ovided1. 2.".3 Payment !ro!osa$9 !ayment run 8loc+ed invoice% do not a,,ea on the ,a&'ent , o,o%al li%t. <ail* e to chec+ o econcile ,a&'ent , o,o%al% and ,a&'ent% co*ld allo# invoice% to be elea%ed inadve tentl& a$te elea%e o$ the , o,o%al li%t% and to be incl*ded in the ,a&'ent *n.
2.% Audits
U%e inte vie#%0 job de%c i,tion%0 and $lo# cha t% to collect in$o 'ation abo*t the $o ' o$ , oced* al o !ani"ation that ha% been cho%en b& the co',an&. Then *%e the doc*'entation $o the a*tho i"ation 'odel de%i!ned b& the co',an& to eval*ate the e@tent to #hich the co',an&D% o !ani"ational %t *ct* e ha 'oni"e% #ith it% a*tho i"ation 'odel. 2.%.1 <unctiona$ se!aration )hec+ a*tho i"ation% to dete 'ine #hethe the e i% an a,, o, iate $*nctional %e,a ation bet#een invoice chec+in!0 invoice ,o%tin!0 and elea%e $o ,a&'ent. P*e%tion% that %ho*ld be a%+ed a eB )an an& e',lo&ee% c eate o 'aintain vendo 'a%te data and al%o ,o%t invoice% and/o elea%e the' $o ,a&'entR )an e',lo&ee% #ith %&%te' a*tho i"ation% %et the' *, the'%elve% /%ee )ha,te ( $o a*tho i"ation to do %o1R I$ the%e $*nctional %e,a ation% a e 'i%%in!9i.e.0 i$ %eve al o$ the job% involved in ,a&'ent t an%action% a e co'bined beca*%e o !ani"ational *nit% a e %'alle 9-*e%tion% %ho*ld be a%+ed e!a din! a,, o, iate inte nal cont ol 'ea%* e%. U%e$*l -*e%tion% incl*deB >hat chec+% a e called $o b& the I)SR The d*al cont ol , inci,le %ho*ld be $ollo#ed #hen c eatin! and 'aintainin! vendo %C #hen ,o%tin! and elea%in! $o ,a&'ent at one #o + %tation0 the e %ho*ld be validit& chec+%0 ve i$&in! the %e vice% de%c ibed in the invoice o the a'o*nt invoiced b& each vendo 0 $o e@a',le. Late chec+% o$ ,a&'ent% that have been 'ade %ho*ld al%o be eco''ended0 ,e ha,% b& collectin! an a,, o, iate n*'be o$ ando' %a',le%. 2.%.2 Sus!ense accounts >hen chec+in! inte nal co',an& *le% on the c eation and 'aintenance o$ vendo %0 the handlin! o$ %*%,en%e acco*nt% %ho*ld al%o be e@a'ined. >hat in%t *ction% e@i%t #ith e!a d to the %*%,en%e acco*nt%R A e the %*%,en%e acco*nt% %*bject to %,ecial 'onito in!R >hat a e the condition% $o debitin! %*%,en%e acco*nt%R 2.%.3 Payment !ro!osa$ $ist and !ayment $ist 8e %* e to chec+ the , oced* e% $ollo#ed #hen !ene atin! and 'onito in! the ,a&'ent , o,o%al li%t% and the ,a&'ent *n $ile%. A e the ,a&'ent , o,o%al li%t% chec+ed be$o e ,a&'entR I$ &e%0 do an& e o % o chan!e% detected on the , o,o%al li%t% co e%,ond to the ,a&'ent li%t%R A e the e *le% on ho# to %et and e%et bloc+ed identi$ie %R I% the e a econciliation o$ the , o,o%ed balance %heet total and the ,a&'ent *n totalR Oo# a e ,a&'ent *n $ile% %avedR I% it ,o%%ible to acce%% the $ile% and %,ool %&%te'%R To 'onito the ,a&'ent *n0 the ,a&'ent lo! %ho*ld be ead and the ,a&'ent li%t %ho*ld be chec+ed be$o e the $o '% a e , inted. /To call *, the ,a&'ent lo!0 %elect Edit99H Pa&'ent99H Di%,la& lo!. To di%,la& the ,a&'ent *n0 %elect Edit99H Pa&'ent99H Di%,la& ,a&'ent.1
Thi% allo#% &o* to *%e $*nction% li+e Sea ch and So t to obtain a -*ic+ ove vie# o$ the ,a&'ent%. In addition0 a$te the ,a&'ent *n /Edit99H P o,o%al99H Di%,la&10 a hi%to & o$ the , o,o%ed chan!e% can be t aced0 %ho#in! #ho 'ade #hat chan!e% and #hen. 2.%." )oub$e !ayments Dete 'ine the e@tent to #hich do*ble ,a&'ent% can occ* and #hat 'ea%* e% the co',an& ha% ta+en to avoid the'. A e the e in%t *ction% on ho# to handle co,ie% o$ invoice% and ,a&'ent e'inde %R Oave validation chec+% been incl*ded in the %&%te'R )an the %a'e vendo be c eated in the 'a%te 'o e than onceR

SAP Audit Guidelines

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SAP Audit Guidelines

Uploaded by

Copyright:

Available Formats

SAP R/3 Audit Guidelines

SAP Audit Guidelines R/3

SAP R/3 Audit Guidelines

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

2.3 2.. 2.2

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

<a*lt& o,e ation Lac+ o$ cont ol Un eliabilit&

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

S&%te' Doc. Table%

SA360 SE360 TADIR

SE210 SE2(0 SE.10 SE.(

SUF1 /*%e %1 SUF( /, o$ile%1 SUF3 /a*tho i"ation%1 RSUSRFF(

P ice li%t co',onent%

TADIR0 TRDIR0 S8F1

SAP Audit Guidelines R/3

Databa%e table% Databa%e table $ield%

SAP Audit Guidelines R/3

1.% Pro!osed auditor authorizations

SAP Audit Guidelines R/3

1.* /om!$ete overview o, customer name ranges

SAP Audit Guidelines R/3

T an%action code% ?ie# Oel, vie#

A...0 K... A...0 K... OMA...0 OMK...

SAP Audit Guidelines R/3

2 Security and Access Protection

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

2.3 SAP ,acts

SAP Audit Guidelines R/3

/NoteB NN %tand $o the e%,ective SAP a,,lication.

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

3 Workbenc Or!ani"er and #rans$ort System

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

3.3 SAP ,acts

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

SAP Audit Guidelines R/3

SUF1 /%e %1 SUF( /, o$ile%1 SUF3 /atho i"ation%1 RSUSRFF(