SAP Controls and checks

SAP (Systems, Applications, and Products) is a globally renowned enterprise software that facilitates business operations and customer relationship management. Among its extensive suite of tools, SAP controls and checks play a crucial role in ensuring system integrity, data accuracy, and process compliance. They help streamline IT landscapes, optimize business processes, and provide robust system management.

This article provides a comprehensive overview of SAP controls and checks, covering their key aspects and technical details in a simple and accessible manner. These mechanisms are critical for monitoring system performance, identifying discrepancies, and ensuring adherence to regulatory and organizational standards. By implementing effective controls and checks, organizations can enhance operational efficiency, mitigate risks, and maintain reliable business operations.

What is SAP Controls?

SAP Controls refers to the tools and functionalities used to monitor, manage, and optimize SAP systems. It encompasses a range of solutions to ensure that SAP landscapes run efficiently, securely, and without interruption.

Key Features of SAP Controls

1. System Monitoring: Real-time tracking of system performance, workload, and health.

2. Alert Management: Proactive notifications for potential issues like downtime, performance bottlenecks, or security breaches.

3. Job Scheduling: Automates and monitors background processes and tasks.

4. Performance Optimization: Identifies and resolves inefficiencies in processes and resource usage.

5. User and Role Management: Manages access rights, roles, and authorizations for system security.

Tools for SAP Control

• SAP Solution Manager: Centralizes monitoring and management of SAP systems. Features include system health checks, diagnostics, and root cause analysis.

• SAP Focused Run: Offers high-volume system and application monitoring for large-scale environments.

• SAP Early Watch Alert (EWA): Provides detailed insights into system performance and areas for improvement.

Technical Details and Architecture

SAP Control Architecture

SAP Control operates at different levels:

1. Application Layer: Monitors the behavior of SAP applications (e.g., ECC, S/4HANA).

2. Database Layer: Tracks the health and performance of databases like SAP HANA, Oracle, or SQL Server.

3. Infrastructure Layer: Ensures optimal use of physical resources like CPUs, memory, and storage.

Core Components:

• Diagnostics Agents: Collect data from managed systems.

• SAP Solution Manager System: Analyzes data and provides insights.

• Connectors: Integrate SAP systems with third-party tools.

Process of SAP Controls and checks

1. Master Data Management (Core Setup)

• First Step: Data Integrity and Setup

In any enterprise software system, the foundation for smooth operations begins with the accurate and consistent setup of master data. In SAP, this involves creating and maintaining data for materials, vendors, and customers.

Material Master Data Creation and Changes (MM):

• The first step in material management is to ensure that the materials the company deals with are properly entered into the system. Materials could be raw materials, finished goods, or consumables, and they need correct data to ensure accurate inventory management and procurement.

  • T-Codes:

    • MM01: Create material master data for new materials.

    • MM03: Display material data for auditing or review.

• Audit: Verify that the material data is accurate, complete, and up-to-date. This includes checking for missing or incorrect data in material master records, such as material type, unit of measure, and price control.

• Checks:

  • Ensure material types and procurement types are correctly assigned.

  • Validate material group codes and vendor-master linkages.

  • Use MM04 (Material Change Documents) to track changes to material data.

  • Material Valuation Audit: Ensure that the valuation class, price control (standard or moving average), and valuation area are configured properly.

Vendor Master Data Management (AP):

• Vendors are integral to procurement, and accurate vendor data ensures that the organization can process purchase orders, track deliveries, and make payments efficiently.

• T-Codes:

  • XK01: Create a new vendor master record when a new supplier is onboarded.

  • FK03: Display existing vendor master data to verify details before transactions like payments or orders.

• Audit: Confirm that vendor information is up-to-date and consistent. This includes validation of vendor banking details, payment terms, tax information, and contact details.

• Checks:

  • Validate tax codes and payment terms against the vendor’s country-specific setup.

  • Use MKVZ (Vendor List) to verify the list of active vendors.

  • Audit changes to vendor master data using XK05 for blocking and MK01/MK02/MK03 for creating and changing vendor data.

  • Master Data Change Logs: Review changes to vendor details using SCU3 for transaction logs.

Customer Master Data Management (AR):

• Customer information must be maintained meticulously to ensure smooth billing, credit management, and timely collection of receivables.

• T-Codes:

  • XD03: Display customer master records to review or audit details.

  • FD32: Display customer credit information to manage credit limits and payment terms. 

• Audit: Ensure that customer information is accurate for billing, credit management, and invoicing. This includes verifying customer credit limits, payment terms, and billing addresses.

• Checks:

  • Review credit limit settings in FD32 (Customer Credit Management).

  • Use VCUSTHIS to view the history of customer master data changes.

  • Perform periodic audits using XD03 to review customer data for completeness.

Example: A company, "ABC Electronics," creates a new vendor (e.g., "XYZ Supplies") to purchase raw materials for production. The vendor details (tax codes, payment terms, etc.) are input using XK01, ensuring that all purchase orders and payments to the vendor are processed smoothly.

2. Procurement and Payment Flow

• Second Step: Procurement and Payment Verification

Once master data is set up, procurement processes begin. This step ensures that the purchase of goods or services is tracked, validated, and payments are made correctly.

Purchase Requisition and Order Controls (MM):

• To initiate procurement, employees or departments create a purchase requisition when goods or services are needed. Once the requisition is approved, a purchase order is generated.

• T-Codes:

  • ME51N: Create a purchase requisition for materials needed in production or for resale.

  • ME21N: Create a purchase order to send to vendors after the requisition is approved. 

• Audit: Ensure that purchase requisitions and orders are created and approved according to organizational policies. This includes verifying the authorization of requisition creation and changes.

• Checks:

  • Use ME23N to review purchase orders and ensure proper approval and compliance.

  • Track changes using ME22N to ensure all updates to purchase orders are authorized and legitimate.

  • Audit requisition creation using ME51N and verify appropriate approvals.

Invoice Verification (AP):

• When goods are received, the finance team verifies the invoice received from the vendor against the purchase order (PO) and goods receipt (GR). This is a critical step in the "three-way match" process.

  • T-Codes:

    • MIRO: Used to verify the vendor invoice against the PO and GR before payment is made.

    • ME23N: Display the purchase order to ensure the details match the invoice before processing payment.

• Audit: Ensure that invoices are validated correctly against the purchase order (PO) and goods receipt (GR). Verify that invoices are accurate and there are no discrepancies in the amounts or tax codes.

• Checks:

  • Use MIRO to verify the correctness of the invoice by comparing it against PO and GR.

  • Track changes to invoice verification with SCU3 for audit logs.

  • Ensure that the invoice details (tax, price, and quantity) match the purchase order and goods receipt.

3-Way Match Checks (AP):

• The three-way match check ensures that only legitimate invoices are paid. If any discrepancies occur (e.g., the PO doesn't match the invoice or the goods receipt), payment is withheld until resolved.

  • T-Codes:

    • MIRO: Facilitates the invoice verification process where SAP compares the purchase order and goods receipt with the invoice for consistency.

• Audit: Verify that the three-way match between the PO, GR, and invoice has been performed properly before payment.

• Checks:

  • Cross-check MIRO with MIGO (goods receipt) and ME21N (purchase order).

  • Use ME23N to review purchase order details to verify the consistency of data with the invoice and goods receipt.

Example: A vendor sends an invoice for materials purchased. The accounts payable team uses MIRO to compare the invoice with the purchase order (ME21N) and goods receipt (MIGO). If the amounts align, payment is processed.

3. Financial Transaction Posting and Validation

• Third Step: Document and Cost Posting

After procurement is completed, financial transactions need to be posted, costs allocated, and profits segmented according to business requirements.

General Ledger (FI):

• The General Ledger (GL) is central to SAP’s financial accounting, and all transactions must be accurately posted to the appropriate accounts.

  • T-Codes:

    • FB50: Used for posting GL entries directly into the system.

    • FBV0: Allows users to park documents temporarily before final posting, ensuring proper review. 

• Audit: Ensure that all general ledger entries are posted to the correct accounts and in compliance with internal financial policies.

• Checks:

  • Use FB03 to display posted documents and verify the correctness of GL postings.

  • Review changes to GL entries using SCU3 to track document modifications.

  • Use F.01 to generate balance sheet and P&L statements to ensure proper account balancing.

Cost Object Posting (CO):

• Costs must be tracked against specific cost objects, such as cost centers or internal orders, to ensure that they are appropriately allocated.

  • T-Codes:

    • KB11N: Used to post costs directly to cost centers.

    • KB21N: Manually allocate costs to specific cost objects.

    • KSB1: Display cost center postings to review allocations.

• Audit: Ensure that costs are accurately posted to the correct cost centers or internal orders, and that the posting rules are properly followed.

• Checks:

  • Review cost postings using KSB1 (Cost Center Report) and KB11N (Cost Posting).

  • Ensure that cost allocations are in line with the approved budget using OKP1 (Cost Element Planning).

  • Track changes and allocations using SCU3. 

Profit Segment Posting (CO):

• Profitability analysis is crucial to understanding which segments of the business are performing well, such as product lines or geographic regions.

  • T-Codes:

    • KE30: Profitability report to analyze performance across various business segments.

    • KE24: Display profitability data for deeper analysis. 

• Audit: Ensure that profitability segments (e.g., by product or region) are accurately captured and reported in line with business requirements.

• Checks:

  • Use KE30 (Profitability Report) to analyze segment performance.

  • Validate profitability segment postings using KE24.

  • Review FAGL_SPLIT for document splitting to ensure proper segmentation.

Document Splitting (FI):

• Document splitting in SAP automatically divides financial postings into different segments (e.g., profit centers, segments) to support detailed reporting and compliance.

  • T-Codes:

    • FAGL_SPLIT: Used to configure and manage document splitting, ensuring compliance with accounting regulations.

Example: A company allocates costs of production (materials, labor) to different cost centers for accurate reporting. The financial team uses KB11N and KB21N to post these costs and uses KE30 to analyze profitability by region.

4. Exchange Rate and Taxation Setup

• Fourth Step: Maintain Exchange Rates and Tax Configurations

For global transactions, currency exchange rates and tax calculations must be accurate to prevent financial discrepancies and ensure compliance with tax regulations.

Foreign Exchange Rate Maintenance (FI):

• Accurate exchange rates are vital for transactions involving foreign currencies. These rates must be maintained regularly to reflect the current market rates.

  • T-Codes:

    • OB08: Configure exchange rates and their validity periods.

• Audit: Verify that exchange rates are updated correctly and match the current market rates to prevent financial discrepancies in cross-currency transactions.

• Checks:

  • Use OB08 to verify and maintain exchange rates.

  • Regular audits to ensure validity periods and currency pairs are properly configured.

  • Review transaction logs for rate changes using SCU3.                             

Withholding Tax Management (AP):

• When making payments to vendors, withholding taxes need to be deducted as per local tax laws. These configurations help ensure the correct tax is withheld.

  • T-Codes:

    • OBYZ: Set up withholding tax configurations for accurate tax deductions.

    • FTXP: Maintain and configure tax codes for various financial transactions, including VAT/GST.

• Audit: Ensure that withholding taxes and general tax codes are correctly applied to vendor invoices based on applicable tax laws.

• Checks:

  • Validate withholding tax configurations using OBYZ.

  • Use FTXP to ensure tax codes are set up correctly for vendor transactions.

  • Use F110 to audit payments for correct withholding tax deductions.

  • Review tax details in vendor invoices and payments using MIRO and F110.

Tax Masters for Customer (AR):

• Just as for vendors, proper tax codes must be configured for customer transactions to ensure proper billing and tax reporting.

  • T-Codes:

    • OBYZ: Configure customer tax codes and determine how taxes are calculated for each customer transaction.

    • FTXP: Maintain and validate customer tax codes for accurate sales tax or GST application.

Example: When making payments to international vendors, exchange rates are updated in OB08 to ensure that payments are calculated correctly. Additionally, tax configurations in OBYZ ensure that withholding taxes are deducted during payment processing.

5. Payment and Reconciliation

• Fifth Step: Clear Items and Reconcile

After transactions are posted, accounts must be cleared, and payments reconciled to ensure financial statements are accurate.

Accounts Payable Clearing (AP):

• The clearing process ensures that vendor payments match against outstanding invoices and no discrepancies remain.

  • T-Codes:

    • F-44: Used to review and clear open items in vendor accounts, reconciling payments with invoices. 

• Audit: Ensure that vendor payments are cleared against outstanding invoices and that all discrepancies are addressed.

• Checks:

  • Track payment history and discrepancies using FBL1N (Vendor Line Item Display).

Accounts Receivable Clearing (AR):

• Similarly, customer payments need to be applied to open receivables to clear outstanding balances.

  • T-Codes:

    • F-28: Used for posting incoming customer payments and clearing open invoices.

• Audit: Ensure that customer payments are cleared correctly against open receivables.

• Checks:

  • Review customer accounts with FBL5N for accurate payment postings.

GL Clearing (FI):

• General Ledger clearing ensures that all open items in the GL accounts are matched and closed appropriately.

  • T-Codes:

    • F-03: Used for clearing open GL items, ensuring the financial records are up-to-date.          

• Audit: Ensure that all open GL items are properly cleared to maintain accurate financial records.

• Checks:

  • Review all open GL items and ensure they are appropriately cleared.

Example: After receiving payments from customers, the accounts receivable team uses F-28 to apply the payments to open invoices, while the accounts payable team uses F-44 to match payments to outstanding vendor invoices.

6. Audit and Compliance Checks

• Sixth Step: Auditing Transactions for Compliance

Regular auditing ensures transparency and compliance with legal and organizational standards.

Transaction Audit Trails (FI, CO, AP):

• SAP tracks all changes to financial documents, ensuring that modifications are traceable and compliant with internal controls.

  • T-Codes:

    • SCU3: Review change documents, detailing modifications made to financial documents.

    • FB03: Display documents for audit and investigation.

Vendor and Customer Data Audits (AP & AR):

• Vendor and customer data should be periodically audited to ensure correctness and detect any discrepancies.

  • T-Codes:

    • MKVZ: Vendor list for verification of active vendors.

    • VCUSTHIS: Customer data history to track changes made to customer records.

Regulatory Compliance Validation (FI):

• Ensuring compliance with regulatory standards such as GAAP or IFRS is essential for accurate financial reporting.

  • T-Codes:

    • F.01: Generate balance sheet and profit & loss statements for compliance verification.

Example: An internal audit using SCU3 might reveal a change in a vendor master record that wasn't properly authorized. Auditors can trace the changes and ensure everything is in compliance.

7. Performance Monitoring and Reporting

• Seventh Step: Monitoring and Reporting for Efficiency

Ongoing monitoring and reporting help ensure the system runs efficiently and reports are accurate for management.

System Monitoring and Alerting (SAP Control):

• SAP system health needs to be continually monitored to ensure performance standards are met.

  • T-Codes:

    • SAP Solution Manager: Provides detailed insights into the system's health and performance.

    • SAP EWA: Early warning system that sends alerts about system performance and potential issues.

Backup and Recovery (Basis):

• Ensuring that regular backups are taken is essential to prevent data loss.

  • T-Codes:

    • DB13: Schedule and monitor backups of the SAP database.

Reporting Controls (Basis):

• Proper user and access management ensures that only authorized personnel can make critical changes or access sensitive data.

  • T-Codes:

    • PFCG: Configure and manage user roles and permissions.

    • SU01: User management and authorization controls.

Example: The IT department uses SAP Solution Manager to monitor the performance of the SAP system, while the backup team schedules regular data backups using DB13 to prevent data loss.

Conclusion

SAP control and checks are essential for optimizing and managing SAP systems. SAP control tools enable the monitoring, management, and optimization of system performance, ensuring smooth operations. By implementing robust system checks, organizations can achieve optimal performance, reduce downtime, and improve business processes. This approach provides a comprehensive solution for maintaining reliable and efficient SAP environments.

List of Tcodes 

Material Master Data Management (MM)

1. MM01 – Create material master data for new materials.

2. MM03 – Display material data for auditing or review.

3. MM04 – Material change documents.

Vendor Master Data Management (AP)

1. XK01 – Create a new vendor master record.

2. FK03 – Display existing vendor master data.

3. XK05 – Block or unlock vendor master data.

4. MKVZ – Vendor list for verification of active vendors.

Customer Master Data Management (AR)

1. XD03 – Display customer master records.

2. FD32 – Display customer credit information.

3. VCUSTHIS – View history of customer master data changes.

Procurement and Purchase Order Management (MM)

1. ME51N – Create a purchase requisition.

2. ME21N – Create a purchase order.

3. ME23N – Display purchase order.

4. MIRO – Verify vendor invoice against purchase order and goods receipt.

5. MIGO – Goods receipt.

General Ledger and Financial Accounting (FI)

1. FB50 – Post general ledger entries.

2. FBV0 – Park documents temporarily before final posting.

3. FB03 – Display posted documents.

4. F.01 – Generate balance sheet and P&L statements.

5. F-44 – Clear open items in vendor accounts.

6. F-28 – Post incoming customer payments and clear open invoices.

7. F-03 – Clear open GL items.

Cost and Profitability Management (CO)

1. KB11N – Post costs directly to cost centers.

2. KB21N – Manually allocate costs to specific cost objects.

3. KSB1 – Display cost center postings.

4. KE30 – Profitability report.

5. KE24 – Display profitability data.

6. FAGL_SPLIT – Configure and manage document splitting.

Exchange Rate and Tax Configuration (FI)

1. OB08 – Configure exchange rates.

2. OBYZ – Set up withholding tax configurations.

3. FTXP  – maintain, and configure tax codes.

4. F110 – Run automatic payments for vendor invoices.

Backup and Data Management (Basis)

1. DB13 – Schedule and monitor backups of the SAP database.

User and Authorization Management (Basis)

1. PFCG – Configure and manage user roles and permissions.

2. SU01 – User management and authorization controls.

Audit and Compliance (FI, CO, AP)

1. SCU3 – Review change documents.