Académique Documents
Professionnel Documents
Culture Documents
A001
Risk Level
High
A002
High
A003
High
A008
High
B002
High
B004
High
B006
High
B008
High
B009
High
B010
High
B011
High
B012
High
B017
High
B018
High
B019
High
D003
High
D004
High
D005
High
D006
High
D007
High
D008
High
D009
High
D010
High
D011
High
D013
High
D014
High
D015
High
D016
High
D017
High
D018
High
D019
High
E001
High
E002
High
E003
High
E004
High
E005
High
E010
High
E011
High
E012
High
E013
High
E014
High
E015
High
E019
High
E020
High
E021
High
E022
High
E023
High
E024
High
F005
High
F006
High
F007
High
F008
High
F013
High
F014
High
F015
High
F016
High
F017
High
F025
High
F027
High
G001
High
G002
High
G003
High
G004
High
G005
High
G006
High
G007
High
G008
High
G009
High
G010
High
G011
High
G012
High
G013
High
G014
High
H001
High
H002
High
H003
High
H004
High
H005
High
H006
High
H007
High
H008
High
H009
H010
High
High
H011
High
H012
High
H013
H014
High
High
H015
High
H016
High
M006
High
M011
High
M012
High
P001
High
P002
High
P003
High
P004
High
P005
High
P006
High
P007
High
P008
High
P011
High
P014
High
P016
P019
High
High
P020
High
P021
High
P022
High
P023
High
P026
High
P027
High
P028
High
P029
High
P030
High
P038
High
P045
High
P046
High
P047
High
P048
High
P051
High
P052
High
P053
High
P054
High
P055
High
P056
High
P057
High
P058
High
P059
High
S001
High
S002
High
S003
High
S004
High
S005
High
S006
High
S007
High
S008
High
S010
High
S011
High
S012
High
S013
High
S014
High
S015
High
S016
S017
High
High
S018
High
S019
High
S022
High
S023
High
S024
High
S025
High
S026
High
S027
High
S028
High
S029
High
Description of Risk
Unauthorized maintenance of planning model and version may adversely impact
the production planning data stored in APO. This transaction should be limited to
selected demand planning super user or manager.
Tc
AO03
AO04
AO09
BS02
BS02
BS04
BS04
An individual could modify data in tables or modify valid configuration values and
setup the production environment to run transactions and programs using the
inappropriately modified data. This could affect data integrity, system
performance, and proper
BS03
BS03
An individual could inappropriately modify roles and assignments and reflect this
change to the production's mirror copy eliminating the chance to revert to the
appropriate setup.
BS10
BS10
Can create transports, add objects to the transport, and move the transport: Can
put unauthorized object changes into production, bypassing the Change Control
process.
BS07
AO02
Can reset the number ranges (1) and delete your log/audit trail (2).
BS08
One person controlling both the access in the profile/role and the user Ids
increases the risk of inappropriate access
A user could create a fictitious business partner and initiate fraudulent sales
orders for that partner. Master data such as business partners should not be
maintained by the same users who process transactions using that master data.
BS13
CR04
CR04
User can create a fictitious business partner and then process billing in CRM for
that partner.
User can create a fictitious business partner and then process billing in R3 for
that partner.
Inappropriately accept or confirm a service order and generate a corresponding
billing document in CRM for the order.
CR07
CR06
User could create a fictitious credit memo and run billing due in CRM to prompt a
payment to a customer. The customer could provide a kickback to the internal
user.
CR08
User could create a fictitious credit memo and run billing due in R3 to prompt a
payment to a customer. The customer could provide a kickback to the internal
user.
CR08
AR07
A user could enter a sales order in CRM and lower prices via conditions for
fraudulent gain
Commission or Incentives may be paid based on the number of qualified leads.
Inappropriately qualified leads could result in fraudulent commission payments.
CR04
CR05
CR04
SR01
Enter fictitious orders for personal use and accept the goods or services through
goods receipt or service acceptance
SR02
CR03
CR04
CR05
AR05
CR06
CR02
SR02
Enter fictitious invoices and accept goods or services via goods receipt or service
acceptance
SR03
SR01
A user can hide differences between bank payments and posted AP records.
FI03
Accept goods via SRM goods receipts and perform a WM physical inventory
adjustment afterwards.
SR06
Accept goods via SRM goods receipts and perform IM physical inventory
adjustment afterwards.
SR06
Accept goods via SRM goods receipts and perform IM physical inventory
adjustment afterwards using powerful IM transactions
SR06
Enter fictitious orders for personal use and access the goods or services through
goods receipt
Enter fictitious orders for personal use and access the goods or services through
service acceptance
Approve the purchase of unauthorized goods and hide the misuse of inventory by
not fully receiving the order in R3
Where release strategies are utilized, the same user should not maintain the
purchase order and release or approve it.
Create a fictitious vendor or change existing vendor master data and approve
purchases to this vendor
Enter fictitious orders for personal use and manipulate the organizational
structure to bypass approvals
Create or maintain fictitious vendor and manipulate the organizational structure to
bypass approvals or secondary checks
SR02
SR08
Pay an invoice and hide it in an asset that would be depreciated over time.
FA01
Create an invoice through ERS goods receipt and hide it in an asset that would
be depreciated over time.
Allows differences between cash deposited and cash collections posted to be
covered up
Create the asset and manipulate the receipt of the associated asset.
FA01
Post overhead expenses to the project and settle the project without going
through the settlement approval process.
Use a fictitious project to allocate overages of an actual project, and settle the
project without going through the settlement approval process.
PS02
PS01
Maintain a non bona-fide bank account and divert incoming payments to it.
FI04
Create a non bona-fide bank account and create manual checks from it
FI04
Users can create a fictitious trade and fraudulently confirm or exercise the trade
FI08
SR02
SR07
SR02
SR01
SR02
SR01
FI04
AR02
FA02
PS01
EC01
EC01
EC01
EC01
EC01
EC01
EC01
EC01
EC01
EC01
EC01
EC01
EC01
EC01
Modify payroll master data and then process payroll. Potential for fraudulent
activity.
HR03
HR01
HR04
PY02
HR05
HR04
PY03
PY02
HR04
HR04
HR03
Users may maintain employee master data including pay rates and delete the
payroll result
HR03
Users may enter false time data and perform work schedule evaluations
PY06
MM04
AP01
Enter fictitious vendor invoices and then render payment to the vendor
AP02
PR02
Enter fictitious purchase orders for personal use and accept the goods through
goods receipt
Enter fictitious vendor invoices and accept the goods via goods receipt
PR02
PR02
PR01
PY07
HR04
HR03
MM04
MM04
PR01
AP02
PR02
PR08
PR04
Create a fictitious vendor or change existing vendor master data and approve
purchases to this vendor
Enter fictitious purchasing agreements and then render payment
PR04
Risk of entry of fictitious Purchasing Agreements and the entry of fictitious Vendor
or modification of existing Vendor especially account data.
PR01
Modify purchasing agreements and then receive goods for fraudulent purposes.
PR05
AP02
Risk of entering unauthorized payments and reconcile with the bank through the
same person.
Inappropriately procure an item and manipulating the IM physical inventory
counts to hide.
Inappropriately procure an item and manipulating the WM physical inventory
counts to hide.
Release a non bona-fide purchase order and the action remain undetected by
manipulating the IM physical inventory counts
AP01
Release a non bona-fide purchase order and the action remain undetected by
manipulating the WM physical inventory counts
PR04
AP04
Enter fictitious vendor invoices and then render payment to the vendor
AP02
PR02
Receive or accept services and manually enter the covering check payments
PR08
PR04
Enter fictitious purchasing agreements and then render manual checks for
payment
Risk of modifying service master data (to add a service that is normally not
ordered by the company) and the entry of covering payments
AP04
FI03
PR04
PR04
PR04
AP01
AP01
PR02
PR02
PR04
AP04
Risk of entering unauthorized manual payments and reconcile with the bank
through the same person.
Where release strategies are utilized, the same user should not maintain the
purchase order and release or approve it.
Enter or modify sales documents and approve customer credit limits
AP04
SD05
SD05
SD01
SD01
Potentially clear a customer's balance before and create or make the same
change to the billing document for the same customer, clearing them of their
obligation.
AR03
SD05
SD01
AR06
AR07
SD05
AR04
Risk of the same person entering changes to the Customer Master file and
modifying the Cash Received for the customer.
AR02
Risk of modifying and entering Sales Invoices and approving Credit Limits by the
same person.
Risk of Sales Price modifications for Sales invoicing.
AR07
SD01
User can create a fictitious customer and then issue invoices to the customer.
SD01
AR02
PR02
AR04
AR04
AR02
AR02
SD05
AR02
AR05
SD02
User able to create a fraudulent sales contract to include additional goods and
enter an incorrect customer invoice to hide the deception.
SD05
AR03
Function 1
APO Maintain Model
Tc
AO01
Function 2
APO Supply & Demand Planning
AO01
AO01
AO01
Basis Development
BS06
Configuration
Basis Development
BS12
Transport Administration
Basis Utilities
BS06
Configuration
Basis Utilities
BS12
Transport Administration
BS11
System Administration
BS05
Client Administration
Security Administration
BS05
Client Administration
Security Administration
BS12
Transport Administration
Create Transport
BS09
Perform Transport
Tc
BS11
System Administration
BS14
CR04
SD02
Delivery Processing
CR07
CRM Billing
AR05
CR06
Service Confirmation
CRM Billing
CR03
CR03
Service Confirmation
CR07
CRM Billing
Service Confirmation
AR05
CR07
CRM Billing
AR05
CR09
Maintain Conditions
CR09
Maintain Conditions
Maintain Opportunity
PY04
Process Payroll
PY04
Process Payroll
PY04
Process Payroll
SR03
SR03
SR04
SR04
SR02
Bank Reconciliation
SR03
MM07
Enter Counts - WM
MM08
MM02
Enter Counts - IM
MM01
MM03
MM05
Goods Receipts to PO
PR08
Service Acceptance
MM05
Goods Receipts to PO
SR07
SR07
SR09
SR09
SR07
AP01
AP Payments
AP02
MM05
Goods Receipts to PO
Cash Application
FI03
Bank Reconciliation
MM05
Goods Receipts to PO
PS03
Settle Projects
Maintain
Elements
Projects
and
WBS
PS03
Settle Projects
Maintain
Elements
Projects
and
WBS
PS02
AR02
Cash Application
AP04
FI09
Maintain Hierarchies
AP01
AP Payments
Maintain Hierarchies
AP02
Maintain Hierarchies
AP04
Maintain Hierarchies
AR02
Cash Application
Maintain Hierarchies
AR07
Maintain Hierarchies
CC03
Maintain Hierarchies
FA01
Maintain Hierarchies
FA02
Maintain Hierarchies
FI01
Revenue Reposting
Maintain Hierarchies
GL01
Maintain Hierarchies
GL02
Maintain Hierarchies
GL03
Post
Journal
Tax/Currency)
Maintain Hierarchies
PR01
Maintain Hierarchies
SD01
Entry
(misc
PY04
Process Payroll
HR Benefits
PY04
Process Payroll
HR02
HR Vendor Data
PY01
Approve Time
PY04
Process Payroll
PY04
Process Payroll
PY02
Modify PD Structure
HR03
PY03
PY04
Payroll Maintenance
Process Payroll
PY03
Payroll Maintenance
PY02
HR05
HR04
Modify PD Structure
Maintain Time Data
PY03
Payroll Maintenance
Payroll Schemas
HR04
Goods Movements
MM07
Enter Counts - WM
MM08
Goods Movements
MM02
Enter Counts - IM
MM01
Goods Movements
MM03
AP02
AP Payments
PR01
AP01
AP Payments
AP02
MM05
Goods Receipts to PO
MM05
Goods Receipts to PO
AP01
AP Payments
PR02
MM03
Bank Reconciliation
AP02
Service Acceptance
PO Approval
AP01
MM05
AP Payments
Goods Receipts to PO
PO Approval
AP01
AP Payments
PO Approval
AP02
PO Approval
MM02
Enter Counts - IM
PO Approval
PR01
AP Payments
PR05
Purchasing Agreements
PR05
Purchasing Agreements
Purchasing Agreements
MM05
Goods Receipts to PO
PR05
Purchasing Agreements
AP Payments
PR03
AP Payments
FI03
Bank Reconciliation
MM02
Enter Counts - IM
MM01
MM07
Enter Counts - WM
MM08
PO Approval
MM03
PO Approval
MM07
Enter Counts - WM
PR01
AP04
AP04
Service Acceptance
AP04
PO Approval
AP04
PR05
Purchasing Agreements
PR03
MM01
MM08
FI03
Bank Reconciliation
PR04
PO Approval
Credit Management
SD05
AR03
SD01
AR07
SD03
Sales Rebates
AR05
AR05
Credit Management
SD03
Sales Rebates
Cash Application
AR05
AR01
AR Payments
AR01
AR Payments
Cash Application
SD04
SD02
Delivery Processing
SD06
SD06
AR02
Cash Application
SD03
Sales Rebates
Cash Application
SD01
AR04
Credit Management
SD06
AR03
AR05
Cash Application
AR07
Delivery Processing
AR02
Cash Application
AR07
AR06
Function 3
Clear Differences - WM
Clear Differences
Management
Inventory
Clear Differences - WM
Clear Differences
Management
Inventory
Clear Differences
Management
Inventory
Inventory
Clear Differences - WM