This document outlines mitigating controls for purchase to pay risks in Korea. It describes risks around creating unauthorized purchase orders and vendors. Controls in place include monthly bank and creditor reconciliations, finance review of payments and contracts, and monthly review of vendor master data changes. Evidence of control operation includes reconciliation reports, reviewed documents, and audit logs of vendor data changes.
This document outlines mitigating controls for purchase to pay risks in Korea. It describes risks around creating unauthorized purchase orders and vendors. Controls in place include monthly bank and creditor reconciliations, finance review of payments and contracts, and monthly review of vendor master data changes. Evidence of control operation includes reconciliation reports, reviewed documents, and audit logs of vendor data changes.
This document outlines mitigating controls for purchase to pay risks in Korea. It describes risks around creating unauthorized purchase orders and vendors. Controls in place include monthly bank and creditor reconciliations, finance review of payments and contracts, and monthly review of vendor master data changes. Evidence of control operation includes reconciliation reports, reviewed documents, and audit logs of vendor data changes.
MC Reference No: (MC – Function – Company Code – Number)
1. GENERAL INFORMATION Business Process: Purchase to Pay Company Code: GRC Risk Ref: PP31, PP41, PPBA, PPBC
Risk Owner: Byung Hee, Yoon Valid to:
Mitigating Control Title:
Purchase to Pay - Korea
2. Risk Assessment Risk Description:
Impacted users
Impacted GRC risks:
PP31: Create or maintain purchase and have the same person approve that purchase order outside their assigned limits PP41: Create a fictitious vendor or change existing vendor master data and approve purchases from that vendor PPBA: Create an unauthorised vendor and initiate purchasing from that vendor PPBC: Maintain unauthorised vendor bank details and approve a resulting fraudulent Purchase Order
3. Compensating controls in place to mitigate risk
Control Controlled By Frequency Reference (please insert reference doc here) All bank reconciliation is Finance Monthly done off-line by a dedicated staff.
Finance Controller is Finance Monthly
responsible for reviewing and checking all bank reconciliations.
Finance Controller is Finance Ad-Hoc
supporting to make payments to the vendor and is responsible for changing to vendor details
Mitigating Control Template Page1 of 2
SAP SOD – Mitigating control template
Finance Controller is Finance Ad-Hoc
responsible for reviewing the purchase contracts and the payment.
Creditor (suppliers) Finance Monthly
reconciliation is carried out to verify liabilities recorded in our books are same as that reported in creditors statement. Purchasing document is Finance /Purchase Monthly delivered to AP accountant and entering into SAP and reviewed by management and based on the document and recorded account, the payment is performed. Internal order process was Finance /Purchase Monthly settled and reviewed and approved when purchasing goods to detect any inappropriate process. Download ‘Display Finance Monthly ‘Display Changes to Changes to Vendors’ from SAP, and review it Vendor’ All vendor master codes Finance/Purchase Monthly Workflow are created or amended through MDM/SAP workflow
4. Information available to evidence mitigating controls
Describe information which will be available to evidence operation of mitigating control and the associated risk has been mitigated