Scribd Logo
Upload

Welcome to Scribd!

  • Mitigating Control: 1. General Information

    Uploaded by

    Ravi Kumar
    27 views2 pages
    This document outlines mitigating controls for purchase to pay risks in Korea. It describes risks around creating unauthorized purchase orders and vendors. Controls in place include monthly bank and creditor reconciliations, finance review of payments and contracts, and monthly review of vendor master data changes. Evidence of control operation includes reconciliation reports, reviewed documents, and audit logs of vendor data changes.

    Original Description:

    Original Title

    Mitigating Control Template

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document outlines mitigating controls for purchase to pay risks in Korea. It describes risks around creating unauthorized purchase orders and vendors. Controls in place include monthly bank and creditor reconciliations, finance review of payments and contracts, and monthly review of vendor master data changes. Evidence of control operation includes reconciliation reports, reviewed documents, and audit logs of vendor data changes.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    27 views2 pages

    Mitigating Control: 1. General Information

    Uploaded by

    Ravi Kumar
    This document outlines mitigating controls for purchase to pay risks in Korea. It describes risks around creating unauthorized purchase orders and vendors. Controls in place include monthly bank and creditor reconciliations, finance review of payments and contracts, and monthly review of vendor master data changes. Evidence of control operation includes reconciliation reports, reviewed documents, and audit logs of vendor data changes.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 2

    SAP SOD – Mitigating control template

    MITIGATING CONTROL

    MC Reference No: (MC – Function – Company Code – Number)


    1. GENERAL INFORMATION
    Business Process:
    Purchase to Pay
    Company Code: GRC Risk Ref:
    PP31, PP41, PPBA, PPBC

    Risk Owner: Byung Hee, Yoon Valid to:

    Mitigating Control Title:

    Purchase to Pay - Korea

    2. Risk Assessment
    Risk Description:

    Impacted users

    Impacted GRC risks:


    PP31: Create or maintain purchase and have the same person approve that purchase order outside their assigned
    limits
    PP41: Create a fictitious vendor or change existing vendor master data and approve purchases from that vendor
    PPBA: Create an unauthorised vendor and initiate purchasing from that vendor
    PPBC: Maintain unauthorised vendor bank details and approve a resulting fraudulent Purchase Order

    3. Compensating controls in place to mitigate risk


    Control Controlled By Frequency Reference (please insert
    reference doc here)
    All bank reconciliation is Finance Monthly
    done off-line by a
    dedicated staff.

    Finance Controller is Finance Monthly


    responsible for reviewing
    and checking all bank
    reconciliations.

    Finance Controller is Finance Ad-Hoc


    supporting to make
    payments to the vendor
    and is responsible for
    changing to vendor details

    Mitigating Control Template Page1 of 2


    SAP SOD – Mitigating control template

    Finance Controller is Finance Ad-Hoc


    responsible for reviewing
    the purchase contracts
    and the payment.

    Creditor (suppliers) Finance Monthly


    reconciliation is carried out
    to verify liabilities recorded
    in our books are same as
    that reported in creditors
    statement.
    Purchasing document is Finance /Purchase Monthly
    delivered to AP accountant
    and entering into SAP and
    reviewed by management
    and based on the
    document and recorded
    account, the payment is
    performed.
    Internal order process was Finance /Purchase Monthly
    settled and reviewed and
    approved when
    purchasing goods to
    detect any inappropriate
    process.
    Download ‘Display Finance Monthly ‘Display Changes to
    Changes to Vendors’ from
    SAP, and review it
    Vendor’
    All vendor master codes Finance/Purchase Monthly Workflow
    are created or amended
    through MDM/SAP
    workflow

    4. Information available to evidence mitigating controls


    Describe information which will be available to evidence operation of mitigating control and the associated risk has
    been mitigated

    Mitigating Control Template Page2 of 2

    You might also like