hi

Since you are very much concerned with same person carrying out vendor creation, PO creation, gr creation.

You can give

1. authorisation of vendor master display to person concerned with PO creation

2. Vendor master accounting segments will be created by finance department. so u have control at vendor master creation.

3. for PO approval apart from purchase deparment involve some finance or internal audit department in release strategy

4. store will be responsilble for GR and not the person responsible for PO approval.

definitely in system audit these issues are covered and cross-functional and internal controls issues are considered while granting authorisation. For more information you can take guidance from internal controls issued by institute of chartered accountant of india.

thanks

S AP

Rewards points if found suitable

Hi,

This depends totally on the organisational set up. Each company has its own checks for curtailing mal practices. There are also international standards available for controlling these.

There is nothing wrong in the same person creating a vendor master and also issuing a P.O so long as the requisite checks and controls ( e.g release strategy or authorisation control ( to name a few )) are in place.

If the organisation and the responsible / competant authorities are satisfied that a fool proof control mechanism in place to control mal practices it is fine for the same person to create vendormaster as well as P.O ( e.g a small organisation may not have the luxury to keep 2 different people for this activity ).

I hope you are getting my point. SAP is just an enabler for business to run. The checks and controls have to be there anyway.

Regards,

Rajeev

Dear Michael,

You should allow him to enter/change purchasing related data of the vendor. However, accounting department should be given the authority to enter accounting details.

Having said this Accounding Department should be given the authority for FK01/02 and Purchasing Department MK01/MK02.

Central authority should be given to the user who has full authority to create/change vendor data.(XK01/XK02)

However, you can use migatation controls for the respective roles to restrict the same by introducing approval steps even if you give authority to create/change vendor data (central .. XK01/XK02) for either Purchasing Dept or Accounting Dept.

Similarly you can introduce approval steps via mitigation controls for Creating/Changing Purchase order (ME21N/ME22N).

Regards,

Naveen.

Hi Michaël,

You can have a problem if an unique individual can create a vendor, a PO for this vendor an approve the payment of the order. In general, it means that the same individual can also create a GR...

In this case, you could imagine that you create a vendor "HOW TO BECOME RICH EASILY ltd" with your own bank account... Every week, you create a PO for this vendor for, let's say 1000 €. For such amount, no release rule !

You also create the GR for each PO created and let the flow go on...

So every week (with the payment term delay...), you receive on your account 1000 € from your company...and nobody see nothing !

Kind regards

Incase you feel that risk is invovled, you can have a higher authrity who should approve the PO.

Regards,

Rajesh Banka