ACL ESSENTIALS Get insight into your ERP process health, compliance & financial exposure SEGEREGATION OF DUTIES
Page Analytic Name User creates a vendor and an invoice for this vendor SD Analytic 01 User creates a customer and an invoice for this customer SD Analytic 02 User creates a purchase order and receipts the goods or services SD Analytic 03 User creates a credit memo for a customer and creates a refund for the customer SD Analytic 04 User creates and approves the purchase order SD Analytic 05 User creates general ledger account and posts journal entry SD Analytic 06 User amends vendor bank account number and pays vendor SD Analytic 07 User pays vendor and performs bank reconciliation SD Analytic 08 User adjusts selling prices and creates customer invoices SD Analytic 09 User receives goods and adjusts the inventory levels SD Analytic 10 User receives goods and writes off inventory SD Analytic 11 User receipts goods or services and creates invoice SD Analytic 12 Version 6.0.0 2018/02
ACCOUNTS PAYABLE Identifies where a user creates a vendor and an invoice for this vendor ACL ESSENTIALS SEGREGATION OF DUTIES PAGE 3
CONTEXT There should be segregation of duties between the person creating a vendor and the person creating invoices to that vendor as this will ensure the integrity of the vendor master data is maintained. RISK The user could potentially create and ultimately pay fraudulent or fictitious vendors. PROCEDURE Identifies where a user creates a vendor and an invoice for this vendor. ANALYTIC LOGIC Extracts accounts payable and vendor data and analyzes processed activities to identify where the same user has created a vendor and also created an invoice for this same vendor. OUTPUT RESULTS FIELD NAMES Activity Description Activity Indicator User ID User Full Name Vendor ID Vendor Name Document Number Document Type Date Document Currency Amount in Document Currency Amount in Reporting Currency Report Currency Company Name Company Code OUTPUT VISUALIZATION EXAMPLES Summary of exceptions user creates a vendor and an invoice for that vendor Count of exceptions where user created a vendor and an invoice for that vendor ACL ESSENTIALS SEGREGATION OF DUTIES SD_ANALYTIC_01_SDCS501 PAGE 4
Identifies where a user creates a customer and an invoice for this customer ACL ESSENTIALS SEGREGATION OF DUTIES PAGE 5
CONTEXT Maintaining customer master data should be segregated from customer related transactions, such as customer invoicing. This will ensure valid and accurate customer invoices issued. RISK A user who is able to create customers should not be able to create a customer invoice for that same customer as the details on the invoice could be amended to that of the employee to ensure payment into their own account. PROCEDURE Identifies where a user creates a customer and an invoice for this customer. ANALYTIC LOGIC Extracts accounts receivable data and customer data, and analyzes processed activities to identify where the same user has created the customer and also creates an invoice for the same customer. OUTPUT RESULTS FIELD NAMES Activity Description Activity Indicator Customer Number Customer Name User ID User Full Name Date Document Number Document Type Amount in Document Currency Document Currency Amount in Reporting Currency Report Currency Company Name Company Code OUTPUT VISUALIZATION EXAMPLES Heat map of amount exceptions of users who create a customer and an invoice Total amount of exceptions by user and customer name ACL ESSENTIALS SEGREGATION OF DUTIES SD_ANALYTIC_02_SDCS503 PAGE 6
Identifies where a user creates a purchase order and receipts the goods or services ACL ESSENTIALS SEGREGATION OF DUTIES PAGE 7
CONTEXT The person ordering goods should not be receiving the goods. Adequate segregation will allow for proper review and approval of transactions as well as preventing possible fraudulent/incorrect orders. RISK A user who is able to create purchase orders and receipt those goods or services exposes a risk that a user could be ordering such goods or services for their own benefit and without much oversight. PROCEDURE Identifies where a user creates a purchase order and receipts the goods or services. ANALYTIC LOGIC Extracts purchase order and goods receipts data, and analyzes processed activities to identify where the same user has created the purchase order and also receipted the goods or services on that purchase order. OUTPUT RESULTS FIELD NAMES Activity Description Activity Indicator User ID User Full Name Vendor ID Vendor Name Date Document Number Document Line Number Line Description Material Number Amount in Document Currency Document Currency Amount in Reporting Currency Report Currency Company Code Company Name OUTPUT VISUALIZATION EXAMPLES Heat map of total value by material and user Total value of exceptions by material & user Pie chart of total value of exceptions by material ACL ESSENTIALS SEGREGATION OF DUTIES SD_ANALYTIC_03_SDCS504 PAGE 8
Identifies where a user creates a credit memo for a customer and creates a refund for the customer ACL ESSENTIALS SEGREGATION OF DUTIES PAGE 9
CONTEXT An employee should not be able to request a customer credit and process the refund. This eliminates review and approval of credit notes and creates the opportunity for incorrect/fraudulent credit notes. RISK A user who is able to create a credit memo should not also be able to create or force a refund to the customer as this gives the user the ability to pay customers or themselves which may not seem material at first, but could mount and also cause reputational risk. PROCEDURE Identifies where a user creates a credit memo for a customer and creates a refund for the customer. ANALYTIC LOGIC Extracts accounts receivable data and analyzes processed activities to identify where the same user has created a credit memo and also created a refund for the same customer. OUTPUT RESULTS FIELD NAMES Activity Description Activity Indicator Customer Number Customer Name User ID User Full Name Date Document Number Document Type Amount in Document Currency Document Currency Amount in Reporting Currency Report Currency Company Code Company Name OUTPUT VISUALIZATION EXAMPLES Heat map of total value exceptions by customer and user name Total value of exceptions by user name and activity ACL ESSENTIALS SEGREGATION OF DUTIES SD_ANALYTIC_04_SDCS506 PAGE 10
Identifies where a user creates and approves the purchase order ACL ESSENTIALS SEGREGATION OF DUTIES PAGE 11
CONTEXT Creation and approval of purchase orders should be segregated to ensure accuracy and validity of the purchase order. RISK The user could commit the entity into unplanned and unknown purchases that would otherwise not be approved and would need to be fulfilled. PROCEDURE Identifies where a user creates and approves the purchase order. ANALYTIC LOGIC Extracts purchase order data and analyzes processed activities to identify where the same user has created the purchase order and also approved the same purchase order. OUTPUT RESULTS FIELD NAMES Activity Description Activity Indicator User ID User Full Name Vendor ID Vendor Name Document Number Document Line Number Line Description Material Number Date Amount in Document Currency Document Currency Amount in Reporting Currency Report Currency Company Code Company Name OUTPUT VISUALIZATION EXAMPLES Heat map of total value exceptions by user and vendor Total value of exceptions by user and activity description ACL ESSENTIALS SEGREGATION OF DUTIES SD_ANALYTIC_05_SDCS510 PAGE 12
Identifies where a user creates general ledger account and posts journal entry ACL ESSENTIALS SEGREGATION OF DUTIES PAGE 13
CONTEXT The responsibility for creating general ledger accounts should be separated from posting journals to an associated general ledger account. This is to ensure the accuracy and validity of general ledger accounts as well as any journal posted. RISK A user could be using newly created general ledger accounts to post one side of journals intended to either overstate sales, create liabilities, affect bank balances or conceal reconciling items or a wide range of transactions. PROCEDURE Identifies where a user creates a general ledger account and posts journal entry. ANALYTIC LOGIC Extracts general ledger data and analyzes processed activities to identify where the same user has created a new general ledger account and also posted journal entries to the general ledger account. OUTPUT RESULTS FIELD NAMES Activity Description Activity Indicator GL Account Number GL Account Description User ID User Full Name Vendor ID Vendor Name Document Number Date Amount in Document Currency Document Currency Amount in Reporting Currency Report Currency Company Code Company Name OUTPUT VISUALIZATION EXAMPLES Pie chart of total value of exceptions by GL account Count of exceptions where user creates general ledger and posts entry ACL ESSENTIALS SEGREGATION OF DUTIES SD_ANALYTIC_06_SDCS511 PAGE 14
Identifies where a user amends vendor bank account number and pays vendor ACL ESSENTIALS SEGREGATION OF DUTIES PAGE 15
CONTEXT Maintaining vendor master data should be segregated from vendor related transactions, such as vendor payments. This will support valid and accurate vendor payments. RISK A user who is able to pay vendors and amend a vendor s bank account number could direct payments to incorrect or their own bank accounts. PROCEDURE Identifies where a user amends the vendor bank account number and pays vendor. ANALYTIC LOGIC Extracts accounts payable and vendor data, and analyzes processed activities to identify where the same user has amended a vendor's bank account number and also paid the same vendor. OUTPUT RESULTS FIELDS Activity Description Activity Indicator User ID User Full Name Vendor ID Document Number Document Type Date Amount in Document Currency Vendor Name Document Currency Amount in Reporting Currency Report Currency Company Name Company Code OUTPUT VISUALIZATION EXAMPLES Total value of exceptions by user Count of exceptions where user amends vendor bank account and pays vendor ACL ESSENTIALS SEGREGATION OF DUTIES SD_ANALYTIC_07_SDCS502 PAGE 16
Identifies where a user pays vendors and performs bank reconciliation ACL ESSENTIALS SEGREGATION OF DUTIES PAGE 17
CONTEXT Any person allowed to perform payments should not be able to perform the bank reconciliation. This would eliminate proper review and creates the opportunity to perform incorrect/invalid payments. The bank reconciliation may also be manipulated to hide errors or fraudulent activity. RISK A user who is able to pay vendors should not be able to perform the bank reconciliation function where one can further hide a fraudulent payment or process the transaction as reconciled. PROCEDURE Identifies where a user pays vendors and performs bank reconciliation. ANALYTIC LOGIC Extracts accounts payable and bank reconciliation data and analyzes processed activities to identify where the same user has paid a vendor and also performs the bank reconciliation. OUTPUT RESULTS FIELD NAMES Activity Description Activity Indicator User ID User Full Name Vendor ID Document Number Document Type Date Amount in Document Currency Vendor Name Document Currency Amount in Reporting Currency Report Currency Company Code Company Name OUTPUT VISUALIZATION EXAMPLES Heat map of total value exceptions by user name and activity description Total value of exceptions by user ACL ESSENTIALS SEGREGATION OF DUTIES SD_ANALYTIC_08_SDCS507 PAGE 18
Identifies where a user adjusts selling prices and creates customer invoices ACL ESSENTIALS SEGREGATION OF DUTIES PAGE 19
CONTEXT The person who creates customer invoices should not be allowed to amend sales prices. This would eliminate proper review and approval of price changes and could result in invalid/incorrect invoicing. RISK A user who is able to adjust selling prices should not be able to create a customer invoice with those items because the user could be offering customers unapproved or loss-making prices that ultimately affect profitability and reputation of the entity. PROCEDURE Identifies where a user adjusts selling prices and creates customer invoices. ANALYTIC LOGIC Extracts accounts receivable data and sales data and analyzes processed activities to identify where the same user has adjusted the selling price and also created an invoice for a customer for those sales items. OUTPUT RESULTS FIELD NAMES Activity Description Activity Indicator Customer Number Customer Name User ID User Full Name Date Document Number Document Type Amount in Document Currency Document Currency Amount in Reporting Currency Report Currency Company Code Company Name OUTPUT VISUALIZATION EXAMPLES Heat map of total value exceptions by customer and user name Pie chart of total value of exceptions by user name Total value of exceptions by customer and user name ACL ESSENTIALS SEGREGATION OF DUTIES SD_ANALYTIC_09_SDCS505 PAGE 20
Identifies where a user receives goods and adjusts the inventory levels ACL ESSENTIALS SEGREGATION OF DUTIES PAGE 21
CONTEXT Any form of change to inventory levels should be segregated from issuing good received notes, i.e. receiving of goods. Proper segregation will allow for better review of inventory transactions and provide assurance regarding the accuracy and validity of inventory transactions and the associated inventory levels. RISK A user who is able to receive goods and adjust the inventory levels could misuse this ability to misappropriate goods without detection. PROCEDURE Identifies where a user receives goods and adjusts the inventory levels. ANALYTIC LOGIC Extracts inventory data and analyzes processed activities to identify where the same user has received goods and also adjusts inventory levels. OUTPUT RESULTS FIELD NAMES Activity Description Activity Indicator User ID User Full Name Vendor ID Vendor Name Document Number Document Line Number Line Description Material Number Date Amount in Document Currency Document Currency Amount in Reporting Currency Report Currency Company Name Company Code OUTPUT VISUALIZATION EXAMPLES Pie chart of total value exceptions by goods description Total value of exceptions by user name and activity description ACL ESSENTIALS SEGREGATION OF DUTIES SD_ANALYTIC_10_SDCS508 PAGE 22
Identifies where a user receives goods and writes off inventory ACL ESSENTIALS SEGREGATION OF DUTIES PAGE 23
CONTEXT Any form of change to inventory levels should be segregated from issuing good received notes, i.e. receiving of goods. Proper segregation will allow for better review of inventory transactions and provide assurance regarding the accuracy and validity of inventory transactions and the associated inventory levels. RISK A user who is able to receive goods and also write off inventory could misuse this ability to misappropriate goods without detection. PROCEDURE Identifies where a user receives goods and writes off inventory. ANALYTIC LOGIC Extracts inventory data and analyzes processed activities to identify where the same user has received goods and also writes off inventory. OUTPUT RESULTS FIELD NAMES Activity Description Activity Indicator User ID User Full Name Vendor ID Vendor Name Document Number Document Line Number Line Description Material Number Date Amount in Document Currency Document Currency Amount in Reporting Currency Report Currency Company Code Company Name OUTPUT VISUALIZATION EXAMPLES Total value of exceptions by material description Total value of exceptions by user and activity description ACL ESSENTIALS SEGREGATION OF DUTIES SD_ANALYTIC_11_SDCS509 PAGE 24
Identifies where a user receipts goods or services and creates invoice ACL ESSENTIALS SEGREGATION OF DUTIES PAGE 25
CONTEXT Adequate segregation of duties is required between the person receipting goods or services and the person responsible for capturing the supplier invoice. This is to ensure accuracy and validity in the recording of goods and services received. RISK A user who is able to receipt goods or services and also create the invoice for these goods and services poses a risk that the user could receipt the goods and services for personal use and thereafter create the invoice which ordinarily would have had some level of external review because accounts payable would vet the invoice before capturing. PROCEDURE Identifies where a user receipts goods or services and creates invoice. ANALYTIC LOGIC Extracts goods receipt data and accounts payable data and analyzes processed activities to identify where the same user has receipted goods or services and also created the invoices for these goods or services. OUTPUT RESULTS FIELD NAMES Activity Description Activity Indicator User ID User Full Name Vendor ID Vendor Name PO Invoice Ref Number Document Number Document Type Amount in Document Currency Amount in Reporting Currency Report Currency Company Code Document Currency Company Name OUTPUT VISUALIZATION EXAMPLES Total value exceptions by user and activity description Heat map of total value exception by user and vendor ACL ESSENTIALS SEGREGATION OF DUTIES SD_ANALYTIC_12_SDCS512 PAGE 26