Create a Control Dashboard to Monitor Your Internal Controls

  • by Taylor Erickson, Manager, BearingPoint, Inc.
  • July 15, 2004
It is vital to track user exits to ensure the financial transparency of your company. The author introduces a programmable "control dashboard" that will enable you to recognize, document, and help audit the user exits in your company's system.

How many user exits are working in your R/3 environment? What is the objective of a particular VOFM (Maintain: Requirements and Formulas) routine? When was a customer exit last modified and why?

When I ask these questions of new clients, I'm greeted with everything from blank stares to a resounding, "I don't know." I'm not surprised at the answers, because user exits are considered "deep areas" of SAP and often pass under the radar of even the most vigilant and documented implementations. Why? There are a couple reasons.

First, consultants or programmers who developed user exit functionality may have left either the project or the company with little knowledge transfer. Second, the level of technical granularity required to understand and stay on top of user exit development is out of scope for most project managers. As a result, programmers did what was necessary to make a business process work. While the process was documented, the necessary bits of custom code to hold the process together escaped management's attention.

What I do find surprising, however, is that with the growing awareness and concern over new regulations such as the Sarbanes-Oxley Act and the increasing focus on managing internal controls, the areas of a company's ERP system that exist for no other purpose than to modify the standard behavior of SAP receive little or no attention by Sarbanes-Oxley audit committees. If all businesses ran with "out-of-the-box" preconfigured versions of SAP, Sarbanes- Oxley would be a moot point. The accounts would reconcile. Data integrity would be unquestionable. Financial transparency? No problem.

Taylor Erickson

Taylor Erickson has more than 12 years of experience with ERP systems. He has worked with SAP for eight years, specializing in SD/SCM, reporting, and compliance. Taylor is a member of the Institute of Internal Auditors and has facilitated global SAP system implementations and trained numerous SAP customers. He is currently a manager at BearingPoint. Prior to that, he was a consultant for SAP America, and later, practice director of corporate compliance and security for Virtuoso, LLC, an SAP FI/CO consultancy. His latest research is on the effects that Sarbanes-Oxley will have on IT departments running SAP, and leveraging existing R/3 functionality to achieve compliance.

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.