Document template

Application: Global Enterprise Management System
Business Process: Financials
Sub-Process: General Accounting
Integrated Systems Risk Management Practices (ISRMP)
CONTROLS CATALOG
Version:2010.1 Date last signed by owner : 28 July 2010 Page 1 of 28
Row
Reference(1)
Exposure Control Concern
– Severity / Probability
(2) (3)
Risk
I/R(4)
Control Measure
Possibility (B A)
B = Before the control is in place
A = After the control is in place
(5)
Type(6)
Status(7)
Frequency(8)
Control
Resp.
Key
attached
(10)
Control or
User
Measure
Reference
Procedure
and/or
ABAP (9)
Remarks
Master Data Maintenance (Chart of Accounts)
7.1.1.1.1 Incorrect, unauthorized and/or
inaccurate creation/changes to
general ledger accounts may
lead to misinformed
management.
Incorrect initial set-up in
production environment
III/B
M/L Initial set-up of chart of accounts / and
subsequent changes GFCM to be made
based on approval from EMDS /EMCC.
(B->D)
P C E FI99 FIN-GEM-
0702 (U)
7.1.1.2.1 Incorrect/insufficient data is
entered/changed in the account
master record.
III/B
Configuration of Account Groups (Table
077S) limits fields available during
account creation process.
(B->D)
P E O GEMS
7.1.1.2.2 Validation checks are performed during
the processing of the account upload
program. A special validation will also
force the entry of the alternative COA for
countries where it is required.
(B->D)
P E E GEMS ZFIX0010
(upload
Program)
Not an IXOS
Control Report
7.1.1.2.3
M/L
After Data is entered/ changed in the
account master data, COE will verify the
data against the original approved form
&GL checklist and take appropriate
action.
(B->D)
D/C C E FI99 FIN-GEM-
0702 (U)
7.1.1.3.1 Required maintenance not
performed
III/B
Change request for GL account master
data maintenance will be managed by FI
COE and followed up appropriately.
(B->D)
D/C E FI99 FIN-GEM-
0702 (U)
7.1.1.3.2
M/L
Help Desk/ticket management process
will monitor status of requests for
changes and follow up appropriately.
(B->C)
D/C E E FI99
7.1.1.4.1 Unauthorized or improper
changes/creations/deletions to
chart of accounts master
records are made, resulting in
incorrect financial reporting.
III/B
M/L Table and master should be maintained
only by COE GL account administrator(s)
who are granted access privileges.
(B->D)
P C A OWNR

CONTROLS CATALOG
Row
Reference(1)
(2) (3)
Risk
I/R(4)
Control Measure
Possibility (B A)
(5)
Type(6)
Status(7)
Frequency(8)
Control
Resp.
Key
attached
(10)
Control or
User
Measure
Reference
Procedure
and/or
ABAP (9)
Remarks
7.1.1.4.2 Additions/Changes to chart of accounts
master data are logged (Table logging)
and are available if required for
troubleshooting. Follow up as
appropriate.
(B->D)
D/C E E SAP Table logging
to be used for
SKA1/SKB1 for
trouble-
shooting
7.1.1.4.3 Person(s) requesting change to Chart of
Accounts master data reviews
changes/additions/ deletions and follows
up appropriately.
(B->D)
D/C E E FI-ACCTS FIN-GEM-
0718 (U)
7.1.1.5.1 Obsolete GL accounts are still
active in the chart of accounts.
III/B
Responsible person to analyze list of
accounts with no balance or activity for
the last two years and request blocking
of the account so that no postings will be
permitted.
(B->D)
P O Y LBU Operational
Report
RFSSLD00
Operational
Report
RFBILA00
7.1.1.5.2
M/L
System error message will appear when
attempt is made to post to blocked
account.
(B->E)
P E O SAP
7.1.1.6.1 Accounts deleted resulting in
loss of underlying data.
III/C
Accounts should only be deleted if never
posted against in the on-line system. For
archived postings, the system will
archive the account descriptions on the
archived file. Otherwise the account
descriptions will not be reflected on
future reports against this account.
(C->D)
P E O FI99 FIN-GEM-
0702 (U)
7.1.1.6.2
M/L
SAP prevents you from deleting if
balances exist. Must be marked for
deletion and deleted via a special utility
program.
(C->E)
P E E SAP

CONTROLS CATALOG
Row
Reference(1)
(2) (3)
Risk
I/R(4)
Control Measure
Possibility (B A)
(5)
Type(6)
Status(7)
Frequency(8)
Control
Resp.
Key
attached
(10)
Control or
User
Measure
Reference
Procedure
and/or
ABAP (9)
Remarks
7.1.1.7.1 Accounts should not be
block/deleted until configuration
updated. For example, if an
account is blocked and it is
referenced in configuration, then
operating processes will fail,
e.g., cannot move materials.
III/B
M/L Whenever the Account Master is
updated, the impact on configuration
must be assessed for concurrent update
as part of the account set up checklist.
(B->D)
P C E TSKC FIN-GEM-
0702 (U)
Postings
These control measures apply
generically for the G/L Postings
Control Concerns to avoid
repeating them for each concern.
1. Cost Stewardship Review Process
2. Project Stewardship Review Process
3. Material Balance Stewardship Review
Process
4. Account Reconciliation Review
Process
5. Monthly Close Analysis
FIN-BUS-
0707
FIN-BUS-
0708
FIN-BUS-
0709
FIN-BUS-
0710
FIN-BUS-
0711
7.2.2.1.1 Incorrect manual postings will
result in inaccurate financial
statements and misinformed
management.
Not all postings are made
(example: accruals, Material
Balance Adjustments,
corrections)
III/B
Each User to refer to monthly close
check list to ensure that all required
activities are completed in time for the
financial month-end closing
(B->D)
P P D FI17 FIN-BUS-
0701
7.2.2.1.2 Closing Coordinator (CC) to review and
advise of completeness of month-end
close activities included in the batch
scheduler per CC procedures.
(B->C)
D/C C M FI16 FIN-GEM-
0701 (U)
7.2.2.1.3 Where applicable, e.g. user is
unexpectedly out of office due to illness
or unplanned vacation, a User's
Supervisor would review and ensure
close activities are performed in a timely
manner according to the User's desk
procedures.
(B->C)
D/C P M FI48
7.2.2.1.4
M/L
Material Balance Process will detect
unbooked sales/purchases/inventory
entries and appropriate action taken.
(B->C)
0713 (U)

CONTROLS CATALOG
Row
Reference(1)
(2) (3)
Risk
I/R(4)
Control Measure
Possibility (B A)
(5)
Type(6)
Status(7)
Frequency(8)
Control
Resp.
Key
attached
(10)
Control or
User
Measure
Reference
Procedure
and/or
ABAP (9)
Remarks
7.2.2.1.5 For Technology, the technology revenue
subsystem (LAMS) should be reconciled
monthly to the revenue postings in SAP
to ensure all revenue postings made in
SAP and appropriate action taken.
(B->C)
D/C C M FI13 FIN-BUS-
0705
7.2.2.2.1 Post to incorrect /invalid account
III/B
Invalid accounts are rejected by
delivered SAP validation.
(B->E)
P C D SAP
7.2.2.2.2 The correct account assignment will be
verified and followed up appropriately
during the Workflow post entry
Supervisor review if the entry falls within
100% review criteria; otherwise, it is in
the random selection population.
(B->D)
D/C P D FI28 FIN-GEM-
0703 (U)
7.2.2.2.3
M/L
Users reference list of account
descriptions / definitions provided by
EMDS on the Intranet.
(B->D)
P P O FI17 FIN-BUS-
0702
7.2.2.3.1 Erroneous postings are made,
e.g., wrong amount / currency,
posting key, tax code, etc.
III/B
Both custom and SAP validations (e.g.,
blank business area) prevent postings
with invalid values where applicable.
(B->E)
P C D SAP
GEMS
7.2.2.3.2
M/L
Workflow post entry supervisor review
allows verification of entries for those
selected. Sensitive accounts are subject
to higher review selection.
(B->D)
D/C P D FI28 and
FI52 for
review
FIN-GEM-
0703 (U)
7.2.2.4.1 Post to incorrect period because
previous or future period is open
III/B
Table T001B enables SAP to validate
and prevent postings to closed periods.
Table is updated as part of monthly close
procedures via an automated batch job,
and directly by Close Coordinator on an
exception basis
(B->D)
P C M FI16 FIN-GEM-
0701(U)
FIN-BUS-
0701
7.2.2.4.2
M/L
Access to change accounting period
table is restricted by profile and assigned
to Closing Coordinator.
(B->D)
P C M OWNR

CONTROLS CATALOG
Row
Reference(1)
(2) (3)
Risk
I/R(4)
Control Measure
Possibility (B A)
(5)
Type(6)
Status(7)
Frequency(8)
Control
Resp.
Key
attached
(10)
Control or
User
Measure
Reference
Procedure
and/or
ABAP (9)
Remarks
7.2.2.4.3 Posting to the correct period will be
verified and followed up appropriately
during the Workflow post entry
Supervisor review if the entry falls within
100% review criteria; otherwise, it is in
the random selection criteria population.
(B->D)
0703 (U)
7.2.2.4.4 A custom validation will verify the posting
period when period 16 is open for local
books so that postings are restricted to
only period 16 and the most current
month.
(B->E)
P C D Gems
7.2.2.5.1 Not all required fields are
entered in posting
III/B
M/L Field status group configuration and
custom validations will reject posting if
required fields are not entered.
(B->E)
P C D SAP
GEMS
7.2.2.6.1 Post to incorrect cost object (eg
cost center, order, project), or
other critical field (Profit Center,
Transaction Type)
III/B
The cost object will be verified and
followed up appropriately during the
Workflow post entry Supervisor review if
the entry falls within 100% review
criteria; otherwise, it is in the random
selection criteria population.
(B->D)
0703 (U)
7.2.2.6.2 Cost center and project steward review
process would identify mis-postings and
appropriate follow up taken.
(B->D)
D/C E M FI08 FIN-BUS-
0707
FIN-BUS-
0708
7.2.2.6.3
M/L
GFCM required fields such as Profit
Center, Business Area, Trading Partner,
Transaction Type are made mandatory
via custom validations and values are
restricted to valid choices.
(B->D)
P C D SAP
GEMS

CONTROLS CATALOG
Row
Reference(1)
(2) (3)
Risk
I/R(4)
Control Measure
Possibility (B A)
(5)
Type(6)
Status(7)
Frequency(8)
Control
Resp.
Key
attached
(10)
Control or
User
Measure
Reference
Procedure
and/or
ABAP (9)
Remarks
7.2.2.6.4 Users will receive warning message if
they enter an unexpected Business Area
for that Company. This is not an error
because there are some known
exceptions. Also, users will receive an
error if they enter incompatible Profit
Center / Business Area combination (a
chemical business area cannot be used
with a downstream profit center)
(B->D)
P C D FI17
GEMS
7.2.2.7.1 Duplicate postings are made
either manually or via uploading
same JV Excel spreadsheet
more than once
III/B
Timely review of entries during the
Workflow post entry Supervisor review
process may detect duplicates and
followed up appropriately.
(B->C)
0703 (U)
7.2.2.7.2 Timely account reconciliation and other
monthly close and stewardship analysis
may detect duplicate entries and
appropriate follow up action taken.
(B->C)
D/C E M FI17 FIN-BUS-0707
FIN-BUS-0708
FIN-BUS-0709
FIN-BUS-0710
FIN-BUS-0711
7.2.2.7.3
M/L
If applicable, on-line entries and
adjustments must be based on original
supporting documentation (exceptions
being month-end accruals and other
entries supported by worksheet
calculations). Adjustments should be
cross-referenced to adjustment doc
numbers
(B->C)
P E D FI17 FIN-BUS-
0712
7.2.2.8.1 Document that should not be
reversed is reversed or deleted,
or a document, which already
contains cleared items, is
reversed
III/B
Reversals are selected for 100%
and followed up appropriately.
(B->C)
0703 (U)
7.2.2.8.2
M/L
SAP does not allow a posted document
to be deleted -- original entry must be
reversed and correcting entry made.
(B->E)
P C D SAP

CONTROLS CATALOG
Row
Reference(1)
(2) (3)
Risk
I/R(4)
Control Measure
Possibility (B A)
(5)
Type(6)
Status(7)
Frequency(8)
Control
Resp.
Key
attached
(10)
Control or
User
Measure
Reference
Procedure
and/or
ABAP (9)
Remarks
7.2.2.8.3 SAP prevents reversing documents with
cleared items, unless a special
transaction FBRA is used to reset
cleared items - then reversal is possible -
Trans code FBRA access can be given
only to Close Coordinator.
(B->D)
P C D OWNR
SAP
7.2.2.9.1 Out of balance postings made
III/B
M/L SAP validation prevents saving an entry
unless it is balanced by company code
and in all currencies.
(B->E)
P C D SAP
7.2.2.10.
1
Users can make an out of
balance posting in local only
accounts or XOM only accounts.
III/B
M/L Custom validation to ensure entry in
balance within the local only or XOM only
accounts. Exception is asset local books
depreciation.
(B->D)
P C D GEMS
7.2.2.11.
1
Incorrect or inadvertent postings
to sensitive accounts
III/B
Postings to High sensitive accounts will
be verified 100% , medium accounts by
% defined by amount, and followed up
appropriately during the Workflow post
entry Supervisor review.
(B->D)
0703 (U)
7.2.2.11.
2
M/L
Entries to Employee Vendors to record
Employee advances and loans are
considered sensitive accounts. The
access to make these entries are
restricted to the HR role and Payables
roles by restricting access to the
Empoyee Vendor Group.
(A->C)
P C C OWNR/
TSKC
7.2.2.12.
1
Unauthorized creation /changes
to SAP documents
III/B
Only financial staff with authorized
profiles can create and change
documents
(B->D)
P C D OWNR
7.2.2.12.
2
M/L
Profiles given to users will be reviewed
periodically by Owners as a step within
the Annual Access Review process to
ensure the appropriateness of the profile
with business needs.
(B->D)
P E A OWNR Covered in
S&C Controls
Catalog

CONTROLS CATALOG
Row
Reference(1)
(2) (3)
Risk
I/R(4)
Control Measure
Possibility (B A)
(5)
Type(6)
Status(7)
Frequency(8)
Control
Resp.
Key
attached
(10)
Control or
User
Measure
Reference
Procedure
and/or
ABAP (9)
Remarks
7.2.2.12.
3
Key postings will be verified and followed
up appropriately during the Workflow
post entry Supervisor review if the entry
falls within 100% review criteria (e.g.,
amt > $250k, recur template, reversals,
BDC corrections) otherwise, it is in the
random selection criteria population.
(B->D)
0703 (U)
7.2.2.12.
4
User receives custom warning message
in a pop up screen as soon as the user
executes the upload transaction that has
the following reminders: (1) to store
EXCEL upload source files in private
directory (2) to use the PC screen saver
password (3) to use EXCEL spreadsheet
passwords to protect integrity of upload if
applicable. (Users who need to share
files or may need to have a back-up
person access their file can use EXCEL
spreadsheet passwords on a shared
LAN.)
(B->C)
P P O FI17
GEMS
Excel Upload
ABAP is
YFII0260
7.2.2.12.
5
An audit trail of document changes by
userid is available for any user for
problem resolution, etc and appropriate
follow up.
(B->D)
D/C C E FI17 Operational
Report
FB04 /
SAPMF01A
7.2.2.13.
1
Park / Held documents which
should be posted are not posted
III/B
M/L Users can run List of Parked Document
on-line report (FBV3) and List of Held
Documents (FB11) to ensure Parked and
Held documents are complete. A
regional year-end scheduled (2nd WD)
batch job exists for documents parked so
users can ensure none are pending.
(B->D)
D/C P M FI28
FI17
FIN-GEM-
0715 (O)
Operational
Reports
based on
transaction
FBV3 and
FB11 /
SAPMF05A
7.2.2.14.
1
Users could make entries to re-
age open items
III/B
M/L Entries to re-age accounts are subject to
the normal Workflow post entry
Supervisor review process with
appropriate follow up.
100% review if the re-aging is on a high
0703 (U)

CONTROLS CATALOG
Row
Reference(1)
(2) (3)
Risk
I/R(4)
Control Measure
Possibility (B A)
(5)
Type(6)
Status(7)
Frequency(8)
Control
Resp.
Key
attached
(10)
Control or
User
Measure
Reference
Procedure
and/or
ABAP (9)
Remarks
sensitive account/ sample review if the
re-aging is on other accounts.
(B->D)
7.2.2.15.
1
General Ledger and Sub-ledger
are out of balance because a
control account is posted to
directly
III/B
M/L All control accounts are reconciliation
accounts which means SAP prevents
direct postings. For example, Accounts
Receivable, Accounts Payable, Assets.
(B->E)
P C D SAP
7.2.2.16.
1
Users could review/approve
their own journal voucher
entries in FI Workflow in the
case where a user can make
entries and also is a peer
reviewer.
III/B
M/L Workflow Special Relationship
Organizational Table 997 design
identifies a reviewer for each user who
can post an entry. The entries selected
for review are automatically routed to the
reviewer specified so a user cannot
personally redirect their entry to
themselves for review. For stand-ins,
SAP will not route a person's document
to their own inbox if they are their
supervisor's stand-in.
(B->E)
P C D SAP
7.2.3.1.1 Incorrect Automatically
Generated Postings will result in
inaccurate financial statements
and misinformed management.
System configured incorrectly
resulting in mis-booking (e.g.
MM bookings to the wrong 21
A/C, wrong 205 A/C or SD
postings may go to the wrong
010 A/C, 018 A/C)
III/B
Account determination must be approved
by the appropriate process group.
(B->D)
P O O FI33
7.2.3.1.2
M/L
Changes of configuration to automatic
posting to be performed and thoroughly
tested by COE staff who will be granted
access.
(B->D)
P E E FI99
7.2.3.2.1 Accounts determination created/
changed in the Account
Assignment tables could be
insufficient, incorrect, and/or
erroneous
III/B
M/L Upon completion of creation / changes to
account determination table, the Skill
Center will verify against the approval
from the respective process group.
(B->D)
D/C E A FI99

CONTROLS CATALOG
Row
Reference(1)
(2) (3)
Risk
I/R(4)
Control Measure
Possibility (B A)
(5)
Type(6)
Status(7)
Frequency(8)
Control
Resp.
Key
attached
(10)
Control or
User
Measure
Reference
Procedure
and/or
ABAP (9)
Remarks
7.2.3.2.2 Timely account analysis and
reconciliation will detect the errors and
be followed up appropriately.
(B->D)
D/C E M FI17
FI30
FIN-BUS-0707
FIN-BUS-0708
FIN-BUS-0709
FIN-BUS-0710
FIN-BUS-0711
7.2.3.2.3 Material Balance Process will detect
unbooked sales/purchases/inventory
entries and appropriate action taken.
(B->D)
0713 (U)
7.2.3.2.4 Custom validations will detect certain
account determination errors when
insufficient data is provided.
(B->E)
P C D GEMS
7.2.3.2.5 Errors on the BW unmapped report will
detect certain account determination
errors when insufficient data is provided
and appropriate follow up taken.
(B->D)
D/C C M FI30 Refer to
Corporate
Reporting
Controls
Catalog
7.2.3.3.1 Changes to Account Master
impacting configuration not
updated. For example, if an
account is blocked and it is
referenced in configuration, then
operating processes will fail,
e.g., cannot move materials.
III/B
M/L Whenever the Account Master is
updated, the impact on configuration
must be assessed for concurrent update
as part of the account set up check list.
(B->D)
P C E TSKC FIN-GEM-
0702 (U)
7.2.3.4.1 Incorrect automated income tax
accrual can misrepresent local
and stewardship reporting tax
entries
III/B
Income tax accrual program does not
calculate final tax liability/asset - batch
program does not run in period 12 - final
numbers are the result of an outside the
system calculation following current
procedures
(B->D)
P E C FI16 / FI30
7.2.3.4.2
M/L
Close coordinator and financial analyst
role receive test run report of the
program, indicating tax rates used and
projected postings (period 1-11)
(B->D)
P C M FI16
FI30

CONTROLS CATALOG
Row
Reference(1)
(2) (3)
Risk
I/R(4)
Control Measure
Possibility (B A)
(5)
Type(6)
Status(7)
Frequency(8)
Control
Resp.
Key
attached
(10)
Control or
User
Measure
Reference
Procedure
and/or
ABAP (9)
Remarks
7.2.3.4.3 Program postings only occur on demand
through an interface: no online run with
posting. Only posts when close
coordinator wants to via batch job.
(B->D)
P C M FI16
7.2.4.1.1 Incorrect Recurring Entries will
result in inaccurate financial
statements and misinformed
management.
Recurring entry templates not
established or expire without
review for reinstatement.
III/B
M/L Account reconciliation process should
identify entries that are not occurring and
appropriate action taken.
(B->D)
0710
7.2.4.2.1 Recurring entry template
incorrectly set-up.
III/B
M/L Recurring Entry Templates and changes
to templates are selected for 100%
and followed up appropriately. A regional
year-end batch job is scheduled for
December 5 to give users an opportunity
to review what is needed for the new
year.
(B->D)
0703 (U)
7.2.4.3.1 Batch jobs to generate recurring
entries from template not
executed or executed more than
once.
III/B
Batch jobs for recurring entries to be
formally scheduled via the automatic
batch scheduler.
(B->C)
P P M BSKC FIN-GEM-
0701(U)
FIN-BUS-
0701
7.2.4.3.2 Standard/formal breakdown procedures
would include having Closing
Coordinator rerun the job if applicable.
(B->C)
D/C P M FI16
7.2.4.3.3
M/L
SAP prevents the duplicate execution of
the recurring documents beyond the set
frequency.
(B->E)
P C M SAP
7.2.4.4.1 Exception messages for
recurring documents in batch
job execution not resolved.
III/B
M/L Closing Coordinator should take
necessary actions to address error
messages in the batch job log with the
owner responsible for each job/report
(B->D)
P P M FI16 FIN-GEM-
0701(U)

CONTROLS CATALOG
Row
Reference(1)
(2) (3)
Risk
I/R(4)
Control Measure
Possibility (B A)
(5)
Type(6)
Status(7)
Frequency(8)
Control
Resp.
Key
attached
(10)
Control or
User
Measure
Reference
Procedure
and/or
ABAP (9)
Remarks
7.2.4.5.1 Expiration may not be reviewed
for reinstatement
III/B
Users should review the recurring
documents to make sure whether or not
expiring documents should be reinstated
using the batch run standard report
RFDAUB00 and follow up appropriately.
(B->D)
D/C C Y FI17 FIN-GEM-
0712(O)
Operational
Report
RFDAUB00
7.2.4.5.2
M/L
Automated annual job to list applicable
recurring templates to be reviewed by
the Close Coordinator who will initiate
appropriate action with the User to
confirm existence for the new year.
(B->C)
P P Y FI16 FIN-GEM-
0701(U)
7.2.5.1.1 Batch schedule process fails ==>
This includes any financial
process batch job, which is not
specifically covered elsewhere in
the catalog.
Changed 5/9/02
Batch schedule process may fail
resulting in the lack of
necessary posting thus resulting
in incorrect financials and
misinformed management.
III/B
M/L Closing Coordinator should take
necessary actions to address error
messages in the batch job log with the
owner responsible for each job/report.
(B->D)
0701(U)
Accounting Processes
7.3.6.1.1 Exchange gain/loss on foreign
currency assets and liabilities not
recognized correctly
Revaluation of foreign currency
assets/liabilities not executed
(In the context of this Catalog,
"revaluation of foreign currency
assets/liabilities process"
includes:
- Foreign exchange revaluation
II/B
- Foreign exchange EAFE
dollarization for Local Fun
Batch jobs for revaluation of foreign
currency assets/liabilities to be registered
in the Autosys batch scheduler.
(B->D)
P E M FI99
FI16
FIN-GEM-
0701 (U)
Foreign
Exchange
Analyst to re-
run the job in
case of
failure/errors
7.3.6.1.2
H/M
Foreign Exchange Analyst does a
reasonableness check on all monetary
accounts to ensure that they are
valuated at month end rate (identified in
month-end checklist) Report and follows
up appropriately.
(B->D)
0701

CONTROLS CATALOG
Row
Reference(1)
(2) (3)
Risk
I/R(4)
Control Measure
Possibility (B A)
(5)
Type(6)
Status(7)
Frequency(8)
Control
Resp.
Key
attached
(10)
Control or
User
Measure
Reference
Procedure
and/or
ABAP (9)
Remarks
7.3.6.2.1 Revaluation run of foreign
currency not executed
completely
II/B
Closing Coordinator and/or Foreign
Exchange Analyst to check that the
foreign currency asset/liability revaluation
jobs are executed successfully, and
ensure that error messages are resolved
based on the batch job error log.
(B->D)
D/C E M FI25
FI16
FIN-GEM-
0701(U)
7.3.6.2.2
H/M
Program selection options (variants) to
be tested extensively before it is
scheduled for production run
(B->D)
P O A GEMS
7.3.6.3.1 Incorrect exchange rates used
II/C
M/L Refer to Exchange Rate Section
(C->D)
Refer to
Exchange Rate
Section
7.3.6.4.1 Amounts in detail line item
entries are created/changed
during execution of Batch Input
related to revaluation.
IV/B
M/L Foreign Exchange Analyst does a
reasonableness check on all monetary
accounts to ensure that they are
valuated at month-end rate (identified in
month-end checklist).
(B->D)
0701
7.3.7.1.1 Unauthorized addition / changes
are made to Distribution rule
Table YFX1 for posting to end
accounts resulting in incorrect
information
Unauthorized person accesses
and makes changes to the
YFX1 table (Forex Distribution
Table)
II/B
All changes to table YFX1 are logged
with details like User id and time/date
stamp
(B->D)
D/C E E SAP
7.3.7.1.2 Access to maintain data in the
Distribution Table YFX1 is restricted to
only Skill Center personnel
(B->D)
P C O FI99 role
7.3.7.1.3
H/M
Analysis of table log control report
RSVTPROT is reviewed by the Foreign
Exchange Analyst and followed up
appropriately.
(B->D)
0704
(C)
RSVTPROT
Control report -
procedures in
script - Perform
Analysis of
Table Log -
Forex
Distribution
Table

CONTROLS CATALOG
Row
Reference(1)
(2) (3)
Risk
I/R(4)
Control Measure
Possibility (B A)
(5)
Type(6)
Status(7)
Frequency(8)
Control
Resp.
Key
attached
(10)
Control or
User
Measure
Reference
Procedure
and/or
ABAP (9)
Remarks
7.3.7.1.4 A copy of YFX1 table content to be taken
each month and stored electronically for
a period of 3 months to allow for re-
setting parameters, if necessary, with
appropriate follow up
B/D IP M TSKC FIN-GEM-
0716 (U)
Exchange Rate Conversions
7.4.8.1.1 Foreign currency postings are not
converted at correct exchange
rates. This creates improper
balance sheet and income
statement, which may lead to
misinformed management and
not comply with local statutory
exchange rate requirements.
Regional Treasury/Accounting
Centers provide wrong source
data.
III/B
M/L Regional Treasury/Accounting Center
Supervisors review and confirm source
data before updating the exchange rate
table.
(B->D)
P E D FI37 FIN-BUS-
0703
FIN-GEM-
0706 (U)
For RTS,
no SAP access
required as it is
an external
review
7.4.8.2.1 Exchange rates are not updated
on time
III/B
M/L Procedures will define where to obtain
the various exchange rates and the
update timing.
(B->D)
P P D FIN-BUS-
0703
FIN-GEM-
0706 (U)
7.4.8.3.1 Unauthorized person accesses
and makes changes to the
exchange rate table.
IV/B
M/L Access to make changes to exchange
rate table TCURR (Transaction OB08) is
restricted by profile and granted only to
limited personnel approved by process
owner.
(B->E)
P C O FI37
7.4.8.4.1 Incorrect exchange rates or
exchange rate types are entered
III/B
Changes to exchange rate table are
logged and followed up as appropriate by
Regional Treasury/Accounting Center.
(B->C)
D/C E O RTS
SAP
FIN-BUS-
0703
FIN-GEM-
0706
Operational
Report
RSVTPROT
7.4.8.4.2
M/L
RTS compares table logging control
report “RSVTPROT” with source data
daily to confirm all changes to the
currency table (TCURR), and checks
correctness and completeness and
follows up appropriately.
(B->D)
D/C C D RTS FIN-BUS-
0703
FIN-GEM-
0706
(C)
RSVTPROT

CONTROLS CATALOG
Row
Reference(1)
(2) (3)
Risk
I/R(4)
Control Measure
Possibility (B A)
(5)
Type(6)
Status(7)
Frequency(8)
Control
Resp.
Key
attached
(10)
Control or
User
Measure
Reference
Procedure
and/or
ABAP (9)
Remarks
7.4.8.4.3 Accountants to review transaction data at
time of input for reasonableness of the
exchange relationship between
currencies, with appropriate follow up.
(B->C)
D/C E D FI17 Users
representatives
from EMEAF
and A/P
endorsed this
comment.
7.4.8.5.1 Batch Schedule Job updating
the exchange rate table via
month end customized program
fails resulting in no exchange
rates entered into the system &
delay of month-end activities
III/B
M/L User reviews the exchange rates table
after the month-end exchange rate
update program execution. Procedure
defined to re-run the program online as
well as manual table updates, if
necessary, with appropriate follow up.
(B->D)
D/C P D FI25/FI37 FIN-BUS-
0703
FIN-GEM-
0706
(C)
YFIV0020_AV
G_EXCH_RA
TE
This is an IXOS
Control Report
7.4.8.6.1 Decentralized updating of the
exchange rate table causes
inconsistency of data
IV/B
M/L The exchange rate table maintenance
process is centralized by region and
carried out by a regionally central group
(B->D)
P C O OWNR
7.4.8.7.1 On entries in the system,
manual exchange rate not
entered correctly
III/B
M/L If the exchange rate deviates more than
a defined percentage from the rates
maintained in the table TCURR, the
system would issue a warning message
of deviation. Each user responsible for
postings must check and verify the
deviated rate before posting.
(B->C)
P E D FI17
GEMS
5% is default
rate, but EUAT
can
recommend
country specific
tolerance.
7.4.8.8.1 The SAP transaction FBB1 (or
F-05) to adjust currency values
and bypass the exchange rate
calculation is used incorrectly.
III/B
Access to this transaction is limited to the
Close Coordinator and Forex Analysis
roles. Also, FI workflow includes FBB1
and F-05 in its 100% selection criteria.
(B->D)
P C D OWNR
7.4.8.8.2
M/L
Transactions using this transaction type
will be 100% reviewed in the journal
entry review process and followed up
appropriately.
(B->D)
0703 (U)
Financial Close
7.5.9.1.1 Information Processing Loss -
Inability to close books/delay
closing would require additional
staffing to estimate earnings and
Jobs are not executed due to
loss of Job Scheduling Service
- server failure
II/B
H/M Financial Close Schedule scripts and
procedures to be maintained so that the
closing jobs can be submitted manually
by Close Coordinator if necessary
D/C C A FI16
BSKC
FIN-GEM-
0701 (U)
This process
will be
coordinated
between the

CONTROLS CATALOG
Row
Reference(1)
(2) (3)
Risk
I/R(4)
Control Measure
Possibility (B A)
(5)
Type(6)
Status(7)
Frequency(8)
Control
Resp.
Key
attached
(10)
Control or
User
Measure
Reference
Procedure
and/or
ABAP (9)
Remarks
could cause misstated earnings
and incorrect financial
statements.
instead of the Job Scheduler.
(B->C)
Skill Center and
Close
Coordinator
7.5.9.2.1 Month end close schedule run
out of sequence or month end
close schedule not set up on
batch schedule correctly
causing reruns
III/B
M/L Once setup, Job Scheduler will execute
jobs in the proper sequence. Any
changes to closing using Job Scheduler
will have to be reviewed or tested based
on certain Change Control Procedures
prescribed by the COE
(B->D)
P C D FI16
BSKC
7.5.9.3.1 Delays from manual postings
resulting in deadlines not met
III/B
Closing deadlines for month-end,
quarter-end, year-end, etc. for each
calendar year will be formally established
and communicated to all users and skill
centers
(B->D)
P C A FI16
7.5.9.3.2
M/L
User to confirm to Closing Coordinator
when close critical task is completed. If
deadline is likely not to be met, user
must inform the Coordinator and explain
reasons and follow up appropriately.
(B->D)
D/C C E LBU FIN-GEM-
0701 (U)
FIN-BUS-
0701
7.5.9.4.1 Manually requested job may not
be executed, or certain jobs
may fail, time out or finish with
wrong financial results, leading
to incomplete or inaccurate
postings.
III/B
Each report or batch job has a custodian
to monitor and review the report and
identify any performance issues and
follow up appropriately.
(B->D)
D/C C M FI16 FIN-BUS-
0706
7.5.9.4.2
M/L
Close Coordinator to monitor closing jobs
by checking that all batch input sessions
are cleared/posted. Specifically, to check
that certain batch jobs which generate
BDC sessions are cleared and follow up
appropriately (e.g. reversal of accruals,
revaluation of foreign currency, etc.)
(B->D)
0701(U)
FIN-BUS-
0701
7.5.9.5.1 Incorrect Carry Forward of Year-
End balances.
II/B
H/M Control Report RFBILA00 (Trial Balance)
must be executed and reviewed to
ensure that the ending balance for the
previous year and opening balance for
D/C E Y FI16 FIN-GEM-
0707
(C) RFBILA00

CONTROLS CATALOG
Row
Reference(1)
(2) (3)
Risk
I/R(4)
Control Measure
Possibility (B A)
(5)
Type(6)
Status(7)
Frequency(8)
Control
Resp.
Key
attached
(10)
Control or
User
Measure
Reference
Procedure
and/or
ABAP (9)
Remarks
the new year is the same.
(B->C)
7.5.10.1.
1
Accounting period not properly
managed
Opening and closing of
accounting period may not be
timely.
II/B
H/M Majority of the opening and closing of
accounting period steps are registered
in the batch scheduler. Certain
exceptions are managed by Close
Coordinator
(B->C)
P C O FI16 FIN-GEM-
0701(U)
FIN-BUS-
0701
7.5.10.2.
1
Batch jobs to open/close
accounting period fail
II/B
H/M Closing Coordinator / FI COE to
manually open/close accounting period.
(B->E)
D/C C M TSKC
FI16
FIN-GEM-
0701(U)
FIN-BUS-
0701
7.5.10.3.
1
Unauthorized updates to the
accounting period table.
III/B
Access is restricted to Close Coordinator
and COE.
(B->D)
P C M OWNR
7.5.10.3.
2
M/L
Control report RSVTPROT is reviewed
by the closing coordinator's supervisor
monthly and followed up appropriately.
(B->D)
0705
(C)
RSVTPROT
Control report -
procedures in
script - Perform
Analysis of
Table Log -
Acctg Per
Table
BDC Error Correction
7.6.11.1.
1
Incorrect information entered
during the manual correction in
batch input session resulting in
the distorting of data in the
system
Data is incorrectly changed or
unauthorized changes are made
during batch data corrections
(BDC)
III/B
Manual correction of BDC sessions is
restricted by access profile to authorized
users. Changes are also logged by user
id of person making changes.
(B->D)
P C O OWNR Also covered in
Generic Control
Catalog
7.6.11.1.
2
M/L
BDC naming convention is established to
provide a means to granting limited
access
(B->D)
P C O GEMS

CONTROLS CATALOG
Row
Reference(1)
(2) (3)
Risk
I/R(4)
Control Measure
Possibility (B A)
(5)
Type(6)
Status(7)
Frequency(8)
Control
Resp.
Key
attached
(10)
Control or
User
Measure
Reference
Procedure
and/or
ABAP (9)
Remarks
7.6.11.1.
3
Changes made during manual
processing of batch input session are
logged by user id of person making
change and log can be consulted for
appropriate follow-up when needed.
(B->D)
D/C E O SAP
7.6.11.1.
4
Manual changes to batch job entries are
selected for 100% Workflow post entry
Supervisor review and followed up
appropriately.
(B->C)
D/C C D FI28 FIN-GEM-
0703 (U)
7.6.11.1.
5
User training and documentation of BDC
reject correction process and periodic
review of BDC sessions
(B->C)
P C A BSKC Also covered in
Generic Control
Catalog
7.6.11.2.
1
Unauthorized person gains
access to the BDC source /
output file
III/B
M/L Change access to all directories storing
the files is restricted to authorized users
only.
(B->D)
P C O OWNR Refer to
Inbound
Interface
Control
Catalogs.
7.6.11.3.
1
Session can be cancelled or
deleted during batch data
correction (BDC)
III/B
M/L Users are prevented from deleting
production job BDC sessions via access
profiles (Restricted to the Close
Coordinator Role). Users can, however,
delete user -generated sessions for the
EXCEL journal voucher upload BDCs.
(B->D)
P C O FI17
OWNR
Also covered in
Generic Control
Catalog
7.6.11.4.
1
A batch input session that was
processed contains errors but is
not reprocessed, causing
incomplete data to be posted
into the system.
III/B
The batch input session Overview
highlights BDC that contains the error or
has not been processed. Reviewed by
the assigned owner and appropriate
action taken.
(B->D)
D/C E A FI16 FIN-GEM-
0711 (U)
7.6.11.4.
2
M/L
Closing Coordinator reviews batch
overview prior to month end closing and
follows up appropriately.
(B->D)
D/C E M FI16 FIN-GEM-
0701 (U)
FIN-BUS-
0701
7.6.11.5.
1
Inappropriate access to process
BDC sessions
III/B
M/L Authorization to process batch session in
batch is limited to batch userID only.
There are some exceptions in the FI
area, where the BDC session is
P C A GEMS This is an
exception to the
Generic Control
Catalog

CONTROLS CATALOG
Row
Reference(1)
(2) (3)
Risk
I/R(4)
Control Measure
Possibility (B A)
(5)
Type(6)
Status(7)
Frequency(8)
Control
Resp.
Key
attached
(10)
Control or
User
Measure
Reference
Procedure
and/or
ABAP (9)
Remarks
processed by the end user userid. In
those cases, the specific batch job
names are specified in the specific roles.
(B->D)
Analysis & Control
7.7.12.1.
1
Accounts may not be reconciled
resulting in incorrect financial
statements
Account may not be reconciled
due to absence of responsibility
assignment.
III/B
M/L Accounts are assigned to owners to
identify ownership for reconciliation
activities.
Review process established to ensure
that all accounts are reconciled
(B->D)
P E A LBU FIN-BUS-
0704
7.7.12.2.
1
Account reconciliations and
required clearing not adequately
reviewed and approved
III/B
M/L Balance Sheet Account Management
(BSAM) guidelines cover review and
approval process.
(B->D)
P E M FI17 FIN-BUS-
0710
7.7.12.3.
1
Acct Recv subledger and GL is
out of balance.
II/B
H/M The control report RFDSLD00 (Accounts
Receivable balances in local currency) is
checked against the control report
RFSSLD00 (GL accounts balances) to
ensure that AR balances are reconciled
with GL based on reconciliation
accounts.
(B->C)
0708
(C)
RFDSLD00
variant 2
(C)
RFSSLD00
variant 3
7.7.12.4.
1
Acct Payable subledger and GL
is out of balance.
II/B
H/M The control report RFKSLD00 (Accounts
payable balances in local currency) is
checked against the control report
RFSSLD00 (GL accounts balances) to
ensure that AP balances are reconciled
with GL based on reconciliation
accounts.
(B->D)
0709
(C)
RFKSLD00
variant 2
(C)
RFSSLD00
variant 2
7.7.12.5.
1
General Ledger transactions are
not aligned with the GL Balance
.
II/B
H/M The control report SAPF190 (Financial
accounting comparative analysis) will
detect, and advise users of differences
between a GL, AP or AR account
balance and the total of all open items
contained in that account i.e. compare
AR, AP and GL accounts balances and
the totals from posted documents.
(B->C)
0710
(C) SAPF190
7.7.12.6. The balances in the Material H/M The operational report RM07MMFI will D/C C M FI33 FIN-GEM- This is not an

CONTROLS CATALOG
Row
Reference(1)
(2) (3)
Risk
I/R(4)
Control Measure
Possibility (B A)
(5)
Type(6)
Status(7)
Frequency(8)
Control
Resp.
Key
attached
(10)
Control or
User
Measure
Reference
Procedure
and/or
ABAP (9)
Remarks
1 Master (MM module) are out of
balance with the General
Ledger balance for Inventory
II/B
detect differences between MM and FI is
appropriately followed up.
(B->C)
0714
Operational
Report
RM07MMFI
IXOS Control
report.
7.7.12.7.
1
The balances in the Fixed Asset
subledger are out of balance
with the General Ledger
II/B
H/M Covered in the Asset Controls Catalog
(B->C)
Refer to Assets
Controls
Catalog
7.7.13.1.
1
Private Employee Advance and
Loan data may be available for
viewing to all Financial users in
the system. (This data was
designated as Private by the HR
Controls Advisor Scott Leonard)
Employee privacy may be
compromised.
III/B
M/M View access to the Employee Advance
and Loan accounts are limited to HR role
(via use of account group on certain
sensitive GL accounts, and by use of the
account group on the vendor master)
(A->B)
P C C OWNR
Local Accounting Entries
7.8.13.1.
1
Local statutory books not
properly recorded
Local accounting differences not
identified
IV/D
L/L Performance of year-end audit of local
books by auditors with appropriate follow
up.
(D->D)
D/C E Y LBU
PWC
7.8.13.2.
1
Differences not
calculated/improperly calculated
and not/improperly incorporated
into local books
III/B
Affiliate Controller to ensure that all
accounting differences are incorporated
into local purpose accounts as required
(B->D)
P E A Regional
Controller
7.8.13.2.
2
M/L
Performance of year-end audit of local
books by auditors with appropriate follow
up.
(B->D)
D/C E Y LBU
PWC
7.8.13.3.
1
Local reports, data not properly
reviewed before sending to
government
III/C
M/L Business procedures will address each
countries' needs for outside system
review of the data before sending to local
government. Where needed business
procedures are required to either
electronically or manually sign of that
documents have been reviewed (e.g.
France grandes livres reports)
(C->D)
D O C LBU
Document Retention
7.9.14.1.
0
Supporting documentation is not
properly filed
Local books, local data sent to
the government without a formal
sign-off
H/M Local record retention guidelines to
address requirements
P C O Regional
Controller
Retention
guidelines
as put

CONTROLS CATALOG
Row
Reference(1)
(2) (3)
Risk
I/R(4)
Control Measure
Possibility (B A)
(5)
Type(6)
Status(7)
Frequency(8)
Control
Resp.
Key
attached
(10)
Control or
User
Measure
Reference
Procedure
and/or
ABAP (9)
Remarks
II/B forward by
Controllers
managemen
t
7.9.14.1.
1
Document retention does not
meet ExxonMobil, Local
Statutory or Legal requirements.
II/B
H/M Documents to be stored to meet
statutory / legal and ExxonMobil
requirements in accordance with
retention schedule appropriate for the
affiliate.
(B->C)
P E D LBU Retention
guidelines
as put
forward by
Controllers
managemen
t

CONTROLS CATALOG
Attachment 1
Remarks for the control catalog table:
1) Row Reference: A simple reference row number to facilitate internal referrals in the document. Format should be S.E.C.M, where S is control catalog section, E is exposure, C is
concern, and M is measure, and each is numbered sequentially within each occurrence.
2) Severity: Severity of unwanted result and business consequence (I = Highest, II, III, IV = Lowest). Refer to ISRMP Risk Screening template definitions.
3) Probability: Possibility of control concern happening (A = Frequent, B = Probable, C = Occasional [once during system life], D = Remote, E = Improbable). Refer to ISRMP Risk
Screening template definitions.
4) Risk: Based upon severity and probability. Refer to ISRMP Risk Screening template definitions. "IR" refers to inherent risk before any control is in place, and "RR" refers to
residual risks after the control is in place. Refer to 2 and 3 above. Situations where residual risk (RR) is not reduced to low (L) should be further assessed to
determine whether further cost/effective controls are practical, and may be candidates for identification as a "risk acceptance."
5) Control Measure
Possibility: Effect of control in reducing possibility before (B) and after (A) the control implementation. "B" corresponds to 3 above. Refer to 3 above for values.
6) Control Type: P = Preventive, D = Detective, or C = Corrective. Detective control measures should normally have an associated corrective measure.
7) Status: E = Existing, C = Complete, IP = In Progress, O = On-going (recurring control activity), P = Pending, R = Rejected (should have accompanying remark explaining
reason)
8) Control Frequency: D = Daily, W = Weekly, M = Monthly, Q = Quarterly, Y = Yearly, A = Ad hoc (as determined by owner or responsible control role), O = One-time, E = After event,
C = Continuous
9) Control Measure
Reference: Either or both the program (ABAP) and/or procedure related to a control measure should be indicated.
Where a control report is produced, the appropriate ABAP should be specified. Where a procedure has to be followed, enter the procedure reference. Format for
procedure reference should be PPP-LLL-NNNN, where PPP is a three alphabetic character business process identifier (e.g. PTP, PLM, OTC, etc.), XXX is the
procedure level identifier (BUS for business procedures or GEM for GEMS specific procedures, mainly stored on GEMS KW for reference by users) and NNNN is a
four character sequence number. Values are to be established by process team. If the procedure has a (U) noted then it is a user procedure related to the respective
control measure.
10) Control Responsibility: Designates the business role (i.e. individual[s]) responsible for executing/performing a control activity/measure (e.g. role responsible for reviewing and approving
price change report). Where the responsible business role is defined within SAP (i.e. it corresponds to a user access role), the specific 4-5 character user access role
should be indicated. In cases where the responsible business role is not within SAP, a role abbreviation should be used. All control reports are to be approved on-
line through SAP and should accordingly indicate appropriate "approver" role.
See following pages for a list of valid values, contact GEMS S&C Team for additions or changes. Role ID observes the following naming convention --
- For SAP roles: PPnn, where PP is a 2-character business process/module identifier, and nn is a 2-digit number (00-99). This value corresponds to the role's
SAP technical name. Where roles are functionally the same as those from other systems, the same role ID should be used when it conforms
with corporate and GEMS naming conventions. The values for business process and format for role ID are specified in GIS Naming
Conventions for Workplace.
- For non-SAP roles: aa-aaaaaa, where 'a' is an alphabetic character. It is recommended that business process identifier be used for first two characters, where
practical.
Note: Where specific values are indicated these are the only valid values.

CONTROLS CATALOG
Attachment 1 (continued)
Values For Business Module/Process in Role ID
AM Asset Management PO Advanced Planning Optimization (APO)
AP Accounts payable PP Production Planning
AR Accounts Receivable PR Production
BC Basis (DBAs, Operations, Scheduling, and related activities) PS Projects
BW Business Warehouse PT Purchase-to-Pay
CO Costing / Controlling QM Quality Management
CR Customer Relationship Management SC Security and Controls
FI Financial Accounting SD Sales and Distribution
KW Knowledge Warehouse SK Skill Center
LO Logistics SP Succession Planning
MM Material Management SS Employee self-service
OT Order-to-Cash TE Training and Events
PM Plant Maintenance TR Treasury
XX Miscellaneous
Roles
Role ID Role Name Role ID Role Name
FI01 Project Engineering
FI02 Capital Budget Coordination
FI03 Capital Project Admin
FI04 Fixed Asset Analysis
FI05 Project Engineering Management
FI06 GSC Fixed Asset Custodian
FI07 Fixed Asset Accounting
FI08 Fixed Asset Coordination
FI09 US Tax Fixed Asset Accounting
FI11 Tax Rule Admin
FI13 Cost/TJC Accounting
FI15 Timekeeping Accounting
FI16 Coordinate Close
FI17 General Accounting
FI18 Financial Data Admi nistration
FI19 Late Period Adjustment for General Accounting (FI17)
FI20 Intercompany Accounting
FI21 Balance Sheet Account management
FI22 Tax Accounting
FI23 Tax Advisor
FI25 Foreign Exchange Analysis
FI26 Payroll Accounting
FI27 Workflow Coordinator
FI28 Supervise/Manage Financial
FI29 Joint Venture Analysis
FI30 Financial Analysis
FI31 Planning Coordination
FI32 Worldwide Mapping
FI33 Inventory Analysis
FI34 PCA Data Administration

CONTROLS CATALOG
FI35 Business Analysis
FI36 Timecharging
FI37 Treasury Analysis
FI38 TJC CATS Approval
FI39 Financial Display Only
FI40 Treas. Interface Admin
FI43 Proj Sys View
FI47 Cost Analysis
FI50 Internal Order Creation
FI51 Payables Internal Order Support
FI52 JE Workflow Approval
FI53 Technology Project Administration
FI55 Profit Center Display Only
FI56 Human Resource Accounting
FI57 Product Cost Analyst
FI61 Write to WW-SL
FI62 US Tax Reporting
FI63 Dollar Value LIFO Inventory tax Analysis
FI64 FOREX Rate Administrator
FI65 FOREX Validation File Approver
FI67 Inventory Cost of Production Book / Tax Manager
FI70 Archive Data Retrieval
FI80 - FI99 Technical Skill Center Roles
Other Possibly Relevant Roles
BSKC Business Skill Center OWNR FI Process Owner/Custodian
GEMS GEMS Configuration SAP Inherent SAP
FI-ACCTS Central Controller Rep-in charge of screening changes to
accounts
LBU Local Business Unit
TSKC Technical Skill Center RTS Regional Treasury Supervisor - external view-no SAP
PWC PriceWaterhouseCoopers External Auditor
Note: Delete the non-relevant roles from the list above. The above role IDs and roles are initial DRAFT and currently under review.

CONTROLS CATALOG
Control Procedures
Procedure ID Procedure Title Procedure Description (Summary)
Script Name
(URL or File Path, or GEMS
KW search
Created By/ or
comment
(Org and Indiv Initials)
FIN-BUS-0701 Closing Coordinator ME Procedures Closing Coordinator should have detailed procedures documented to
identify manual tasks needed to be performed by workday
GEMS KW "FI16: close
coordination"
Lists responsibilities,
controls and procedures
FIN-BUS-0702 Provide G/L account descriptions to users Users will need access to a list of G/L account descriptions to help
them in their selection process.(similar to EMDS Database)
SAP transaction
S_ALR_87012326 and
S_ALR_87012328
FIN-BUS-0703 Procedures for updating exchange rate table Regional Treasury Center Supervisors review and confirm source
data before updating the exchange rate table; also need to set up the
procedure to get the various exchange rates
FIN-BUS-0704 Assign owners to Balance Sheet Accounts-question
over process in follow up items
New owners must be assigned for GEMS implementation BS-account assignment lists
available per region, stored
at local controllers LAN
FIN-BUS-0705 Technology Revenue Reconciliation For Technology, compare revenue posted in SAP to revenue in LAMS
subsystem, this is done is areas where revenues are generated.
Local LAMS procedures
available, including
reconciliation forms.
FIN-BUS-0706 Define custodian for each job in batch schedule Each job/report requires a custodian to ensure run executed timely
and results complete
GEMS KW " A guide to batch
jobs in APO" this includes
lists and batch jobs
schedules
FIN-BUS-0707 Cost Stewardship Review Cost Stewardship Review Process. This is a process where each
cost center is assigned to a steward, and the steward performs a
periodic review to ensure charges to the cost center are reasonable.
Procedures at intranet
controllers site, EMCC
controllers global financial
process model
FIN-BUS-0708 Project Stewardship Review Project Stewardship Review Process. This is a process where each
project or group of projects is assigned to a steward, and the steward
performs a periodic review to ensure charges to the project are
reasonable.
Procedures at intranet
controllers site, EMCC
controllers global financial
process model
FIN-BUS-0709 Material Balance Stewardship Review Material Balance Stewardship Review Process. This is a process
where the change in Inventory is compared to the purchases and
sales from Inventory to ensure all purchases and sales are recorded
in the correct period.
GEMS KW: 'reviewing the
material balance report" and
" the validate and correct
material balance" and "FI48:
material balance analysis"
FIN-BUS-0710 Account Reconciliation Review Account Reconciliation Review Process - this is a Controller's process
where each balance sheet account is assigned to a custodian who
ensures the reasonableness of the entries and the timely clearing of
open items.
BSAM Guidelines are in
place, centrally stored at
CAS Controllers Intranet
FIN-BUS-0711 Monthly Close Analysis Monthly Close Analysis Process - this is a process where financial
analysts review the earnings/reporting results for reasonableness and
comparison to prior periods.
Month end close procedures
are available and centrally
stored at local controllers
LAN
FIN-BUS-0712 Procedures for Retaining supporting documentation
for Journal Entries
This should specify when supporting documentation is required to be
retained.
CAS journal voucher
procedure is available at
local Controllers LAN and
management guideline on

CONTROLS CATALOG
local shared controllers LAN
FIN-GEM-0408 SL User Exit Errors (T Code ZDW4) Report displays errors in related to population of GFCM fields in the
Special Ledger
GEMS KW: " reviewing the
user exit error table listing"
FIN-GEM-0701 Closing Coordinator ME Procedures Closing Coordinator should have detailed procedures documented to
identify what batch schedule jobs should be reviewed and what follow-
up actions are required by the position vs users.
GEMS KW "FI16: close
coordination"
Lists responsibilities,
controls and procedures
FIN-GEM-0702 New Account/Deleted Account Check List Skill Center needs check list to follow for procedures in setting up new
accounts or deleting/blocking existing accounts. This should include
notifying all users via a broadcast system message when a new
account is established.
GEMS KW:" reviewing
general account master data"
and GIS CoE skill centre
procedures.
FIN-GEM-0703 FI Workflow Supervisor Review Procedures Supervisors will have to review FI Documents in their SAP Inbox that
have been selected by the FI Workflow sample process. This
procedure will highlight key items of interest they should focus on.
Supervisor review guideline
is available in local shared
controllers LAN directories.
And in GEMS KW;"
accepting Journal entries via
Workflow."
FIN-GEM-0704 Table Log review of YFX1 Table Analyze the changes to Table YFX1 - Forex Distribution Table. ABAP
RSVTPROT (This is a critical control report.)
GEMS KW:" displaying the
foreign exchange distribution
table", and "reviewing the FX
gains/losses distribution
report".
FIN-GEM-0705 Review Table log T001B -Accounting period table Control report RSVTPROT is reviewed by the closing coordinator's
supervisor.
GEMS KW: ' reviewing
RSVTPROT: updates to the
accounting Period Table
Report".
FIN-GEM-0706 Procedures for updating exchange rate table User procedure to update the TCURR Exchange Rate table timely for
daily and month end activities, also reviews TCURR Table change log
GEMS KW: "uploading
foreign exchange rates" and
"reviewing RSVTPROT:
updates to the currency table
report." And in SAP:
YFIV0020_AVG_EXCH_RAT
E
FIN-GEM-0707 Review YE Close Process - Account Balances Report RFBILA00 (Trial Balance) must be executed and reviewed to
ensure that the ending balance for the previous year and opening
balance for the new year is the same.
GEMS KW: " year end"
procedures such as:
"reviewing RFBILA00;
account trial balance report."
FIN-GEM-0708 Compare AR subledger and GL The control report RFDSLD00 (Accounts Receivable balances in local
currency) is checked against the control report RFSSLD00 (GL
accounts balances) to ensure that AR balances are reconciled with
GL based on reconciliation accounts
GEMS KW: "reviewing
RFDSLD00 Account
Receivable sub ledgers."
FIN-GEM-0709 Compare AP subledger and GL The control report RFKSLD00 (Accounts payable balances in local
currency) is checked against the control report RFSSLD00 (GL
accounts balances) to ensure that AP balances are reconciled with
GL based on reconciliation accounts
GEMS KW: "reviewing
RFKSDL00; Accounts
Payable Subledger
balances."
FIN-GEM-0710 Compare GL Data Internal data integrity The control report SAPF190 (Financial accounting comparative
analysis) will detect, and advise users of differences between a GL,
AP or AR account balance and the total of all open items contained in
that account i.e. compare AR, AP and GL accounts balance
GEMS KW: " comparative
analysis."
FIN-GEM-0711 Procedures for Correcting BDC errors Procedures for Correcting BDC errors GEMS KW: " BDC errors"
procedure " the BDC error
correction process"

CONTROLS CATALOG
FIN-GEM-0712 Review recurring documents for re-instatement Recurring documents should be reviewed to see if expiring items
should be re-instated (operational report RFDAUB00)
GEMS KW: "reviewing the
recurring entry document
report." SAP transaction
code S_ALR_87012346
FIN-GEM-0713 Material Balance Review Run reports and check for imbalances in sales/purchases/inventories GEMS KW: 'reviewing the
material balance report" and
" the validate and correct
material balance" and "FI48:
material balance analysis"
FIN-GEM-0714 Compare MM Inventory subledger and GL balances This operational report (RM07MMFI) does the MM/FI comparison
FIN-GEM-0715 Parked/Held Document List report A list of parked and held documents should be run monthly to ensure
users have completed all relevant accounting entries that are work-in-
progress
Transaction FBV3 for
RFPUEB00 report and
transaction FB11 for
SAPMF05A report
FIN-GEM-0716 Take monthly copy of Tcurr table to store Skill center procedure to take copies to store for 3 months for
parameters and appropriate follow-up
FIN-GEM-0718 Request new General Ledger Account How to request new accounts. Workinstruction; " request for
G/L Accounts
(additions/changes/blocks)"a
nd related form

CONTROLS CATALOG
Control Reports
Report Name
(ABAP Program) Report Title
User Procedure
(Work Instruction)
Reference
Control
Responsibility
(SAP Role ID)
iXOS
Document
Type
Run
Frequency
(D, W, M, Q, Y,
A, O, E) Remarks
(C) ZDWRPT04 SL User Exit Errors FIN-GEM-0408 FI30 ZH1_FS(US) M T Code ZDW4; also
ZB0(EU) & ZH2_FS(LA)
iXOSDoc typ
(C)
YFIV0020_AVG_E
XCH_RATE
Review Month Average and Closing Exchange Rate Update work instruction Job Aid 6 FI25 ZH2_FG M used to rvw comp of mnth
avg & clsng crncy exch rt
(C) RSVTPROT Table Log for Table YFX1 FIN-GEM-0704 FI25 ZH1_FG1 M used to rvw updates &
chgs to Forex Distr tbl
YFX1
(C) RSVTPROT Table Log for Table T001B FIN-GEM-0705 FI28 ZH1_FG M used to rvw updates&chgs
to Acctg Period Tbl T001B
(C) RSVTPROT Table Log for Table TCURR FIN-GEM-0706 FI28 ZH2_FG D Used to rvw updates
&chgs to Exch Rate Tbl
TCURR
(C) RFBILA00 Account / Trial Balances FIN-GEM-0707 FI16 ZH1_FG Y used to vrfy carry fwd of
YE bal for GL/AP/AR isok
(C) RFKSLD00
variant 2
Acct Payable Balances in local currency FIN-GEM-0709 FI16 ZH1_FG M Used to reconc vendor bal
w/GL to ensure integrity
(C) RFSSLD00
variant 2
GL Balances in local currency ( AP ) FIN-GEM-0709 FI16 ZH1_FG M Used to reconc vendor bal
(C) RFDSLD00
variant 2
Acct Receivable balances in local currency FIN-GEM-0708 FI16 ZH1_FG M Used to reconc cust bal
(C) RFSSLD00
variant 3
GL Balances in local currency ( AR ) FIN-GEM-0708 FI16 ZH1_FG M Used to reconc cust bal
(C) SAPF190 GL Balance Comparative Report (Financial Comparative Analysis) FIN-GEM-0710 FI16 ZH1_FG M detect&advise of diff betw
G/L bal&total openitems
(O)
FB04/SAPMF01A
(O)
FBV3/RFPUEB00
(O)
FB11/SAPMF05A
(O) RFDAUB00

Document template

Recommended

Recommended

More Related Content

Similar to Document template

Similar to Document template (20)

Recently uploaded

Recently uploaded (20)

Document template