Document template

Application: Global Enterprise Management System Business Process: Financials Sub-Process: General Accounting

Integrated Systems Risk Management Practices (ISRMP)

CONTROLS CATALOG

Version:2010.1 Date last signed by owner : 28 July 2010

Page 1 of 28

Row

R

efer

ence

(1)

Exposure Control Concern

– Severity / Probability (2) (3)

Ris

k I /

R (

4)

Control Measure

Possibility (B A) B = Before the control is in place A = After the control is in place

(5)

Type

(6)

Stat

us

(7)

Freq

uenc

y (8

)

Control Resp.

Key

attached (10)

Control or User

Measure Reference

Procedure

and/or ABAP (9)

Remarks

Master Data Maintenance (Chart of Accounts) 7.1.1.1.1 Incorrect, unauthorized and/or

inaccurate creation/changes to general ledger accounts may lead to misinformed management.

Incorrect initial set-up in production environment III/B

M/L Initial set-up of chart of accounts / and subsequent changes GFCM to be made based on approval from EMDS /EMCC. (B->D)

P C E FI99 FIN-GEM-0702 (U)

7.1.1.2.1 Incorrect/insufficient data is entered/changed in the account master record. III/B

Configuration of Account Groups (Table 077S) limits fields available during account creation process. (B->D)

P E O GEMS

7.1.1.2.2 Validation checks are performed during the processing of the account upload program. A special validation will also force the entry of the alternative COA for countries where it is required. (B->D)

P E E GEMS ZFIX0010 (upload Program) Not an IXOS Control Report

7.1.1.2.3

M/L

After Data is entered/ changed in the account master data, COE will verify the data against the original approved form &GL checklist and take appropriate action. (B->D)

D/C C E FI99 FIN-GEM-0702 (U)

7.1.1.3.1 Required maintenance not performed III/B

Change request for GL account master data maintenance will be managed by FI COE and followed up appropriately. (B->D)

D/C E FI99 FIN-GEM-0702 (U)

7.1.1.3.2

M/L

Help Desk/ticket management process will monitor status of requests for changes and follow up appropriately. (B->C)

D/C E E FI99

7.1.1.4.1 Unauthorized or improper changes/creations/deletions to chart of accounts master records are made, resulting in incorrect financial reporting. III/B

M/L Table and master should be maintained only by COE GL account administrator(s) who are granted access privileges. (B->D)

P C A OWNR



CONTROLS CATALOG


Page 2 of 28

Row

R

efer

ence

(1)



Ris

k I /

R (

4)

Control Measure


(5)

Type

(6)

Stat

us

(7)

Freq

uenc

y (8

)

Control Resp.

Key

attached (10)

Control or User

Measure Reference

Procedure

and/or ABAP (9)

Remarks

7.1.1.4.2 Additions/Changes to chart of accounts master data are logged (Table logging) and are available if required for troubleshooting. Follow up as appropriate. (B->D)

D/C E E SAP Table logging to be used for SKA1/SKB1 for trouble-shooting

7.1.1.4.3 Person(s) requesting change to Chart of Accounts master data reviews changes/additions/ deletions and follows up appropriately. (B->D)

D/C E E FI-ACCTS FIN-GEM-0718 (U)

7.1.1.5.1 Obsolete GL accounts are still active in the chart of accounts. III/B

Responsible person to analyze list of accounts with no balance or activity for the last two years and request blocking of the account so that no postings will be permitted. (B->D)

P O Y LBU Operational Report RFSSLD00 Operational Report RFBILA00

7.1.1.5.2

M/L

System error message will appear when attempt is made to post to blocked account. (B->E)

P E O SAP

7.1.1.6.1 Accounts deleted resulting in loss of underlying data. III/C

Accounts should only be deleted if never posted against in the on-line system. For archived postings, the system will archive the account descriptions on the archived file. Otherwise the account descriptions will not be reflected on future reports against this account. (C->D)

P E O FI99 FIN-GEM-0702 (U)

7.1.1.6.2

M/L

SAP prevents you from deleting if balances exist. Must be marked for deletion and deleted via a special utility program. (C->E)

P E E SAP



CONTROLS CATALOG


Page 3 of 28

Row

R

efer

ence

(1)



Ris

k I /

R (

4)

Control Measure


(5)

Type

(6)

Stat

us

(7)

Freq

uenc

y (8

)

Control Resp.

Key

attached (10)

Control or User

Measure Reference

Procedure

and/or ABAP (9)

Remarks

7.1.1.7.1 Accounts should not be block/deleted until configuration updated. For example, if an account is blocked and it is referenced in configuration, then operating processes will fail, e.g., cannot move materials. III/B

M/L Whenever the Account Master is updated, the impact on configuration must be assessed for concurrent update as part of the account set up checklist. (B->D)

P C E TSKC FIN-GEM-0702 (U)

Postings These control measures apply

generically for the G/L Postings Control Concerns to avoid repeating them for each concern.

1. Cost Stewardship Review Process 2. Project Stewardship Review Process 3. Material Balance Stewardship Review Process 4. Account Reconciliation Review Process 5. Monthly Close Analysis

FIN-BUS-0707 FIN-BUS-0708 FIN-BUS-0709 FIN-BUS-0710 FIN-BUS-0711

7.2.2.1.1 Incorrect manual postings will result in inaccurate financial statements and misinformed management.

Not all postings are made (example: accruals, Material Balance Adjustments, corrections) III/B

Each User to refer to monthly close check list to ensure that all required activities are completed in time for the financial month-end closing (B->D)

P P D FI17 FIN-BUS-0701

7.2.2.1.2 Closing Coordinator (CC) to review and advise of completeness of month-end close activities included in the batch scheduler per CC procedures. (B->C)

D/C C M FI16 FIN-GEM-0701 (U)

7.2.2.1.3 Where applicable, e.g. user is unexpectedly out of office due to illness or unplanned vacation, a User's Supervisor would review and ensure close activities are performed in a timely manner according to the User's desk procedures. (B->C)

D/C P M FI48

7.2.2.1.4

M/L

Material Balance Process will detect unbooked sales/purchases/inventory entries and appropriate action taken. (B->C)




CONTROLS CATALOG


Page 4 of 28

Row

R

efer

ence

(1)



Ris

k I /

R (

4)

Control Measure


(5)

Type

(6)

Stat

us

(7)

Freq

uenc

y (8

)

Control Resp.

Key

attached (10)

Control or User

Measure Reference

Procedure

and/or ABAP (9)

Remarks

7.2.2.1.5 For Technology, the technology revenue subsystem (LAMS) should be reconciled monthly to the revenue postings in SAP to ensure all revenue postings made in SAP and appropriate action taken. (B->C)

D/C C M FI13 FIN-BUS-0705

7.2.2.2.1 Post to incorrect /invalid account III/B

Invalid accounts are rejected by delivered SAP validation. (B->E)

P C D SAP

7.2.2.2.2 The correct account assignment will be verified and followed up appropriately during the Workflow post entry Supervisor review if the entry falls within 100% review criteria; otherwise, it is in the random selection population. (B->D)

D/C P D FI28 FIN-GEM-0703 (U)

7.2.2.2.3

M/L

Users reference list of account descriptions / definitions provided by EMDS on the Intranet. (B->D)

P P O FI17 FIN-BUS-0702

7.2.2.3.1 Erroneous postings are made, e.g., wrong amount / currency, posting key, tax code, etc. III/B

Both custom and SAP validations (e.g., blank business area) prevent postings with invalid values where applicable. (B->E)

P C D SAP GEMS

7.2.2.3.2

M/L

Workflow post entry supervisor review allows verification of entries for those selected. Sensitive accounts are subject to higher review selection. (B->D)

D/C P D FI28 and FI52 for review

FIN-GEM-0703 (U)

7.2.2.4.1 Post to incorrect period because previous or future period is open III/B

Table T001B enables SAP to validate and prevent postings to closed periods. Table is updated as part of monthly close procedures via an automated batch job, and directly by Close Coordinator on an exception basis (B->D)

P C M FI16 FIN-GEM-0701(U) FIN-BUS-0701

7.2.2.4.2

M/L

Access to change accounting period table is restricted by profile and assigned to Closing Coordinator. (B->D)

P C M OWNR



CONTROLS CATALOG


Page 5 of 28

Row

R

efer

ence

(1)



Ris

k I /

R (

4)

Control Measure


(5)

Type

(6)

Stat

us

(7)

Freq

uenc

y (8

)

Control Resp.

Key

attached (10)

Control or User

Measure Reference

Procedure

and/or ABAP (9)

Remarks

7.2.2.4.3 Posting to the correct period will be verified and followed up appropriately during the Workflow post entry Supervisor review if the entry falls within 100% review criteria; otherwise, it is in the random selection criteria population. (B->D)


7.2.2.4.4 A custom validation will verify the posting period when period 16 is open for local books so that postings are restricted to only period 16 and the most current month. (B->E)

P C D Gems

7.2.2.5.1 Not all required fields are entered in posting III/B

M/L Field status group configuration and custom validations will reject posting if required fields are not entered. (B->E)

P C D SAP GEMS

7.2.2.6.1 Post to incorrect cost object (eg cost center, order, project), or other critical field (Profit Center, Transaction Type) III/B

The cost object will be verified and followed up appropriately during the Workflow post entry Supervisor review if the entry falls within 100% review criteria; otherwise, it is in the random selection criteria population. (B->D)


7.2.2.6.2 Cost center and project steward review process would identify mis-postings and appropriate follow up taken. (B->D)

D/C E M FI08 FIN-BUS-0707 FIN-BUS-0708

7.2.2.6.3

M/L

GFCM required fields such as Profit Center, Business Area, Trading Partner, Transaction Type are made mandatory via custom validations and values are restricted to valid choices. (B->D)

P C D SAP GEMS



CONTROLS CATALOG


Page 6 of 28

Row

R

efer

ence

(1)



Ris

k I /

R (

4)

Control Measure


(5)

Type

(6)

Stat

us

(7)

Freq

uenc

y (8

)

Control Resp.

Key

attached (10)

Control or User

Measure Reference

Procedure

and/or ABAP (9)

Remarks

7.2.2.6.4 Users will receive warning message if they enter an unexpected Business Area for that Company. This is not an error because there are some known exceptions. Also, users will receive an error if they enter incompatible Profit Center / Business Area combination (a chemical business area cannot be used with a downstream profit center) (B->D)

P C D FI17 GEMS

7.2.2.7.1 Duplicate postings are made either manually or via uploading same JV Excel spreadsheet more than once III/B

Timely review of entries during the Workflow post entry Supervisor review process may detect duplicates and followed up appropriately. (B->C)


7.2.2.7.2 Timely account reconciliation and other monthly close and stewardship analysis may detect duplicate entries and appropriate follow up action taken. (B->C)

D/C E M FI17 FIN-BUS-0707 FIN-BUS-0708 FIN-BUS-0709 FIN-BUS-0710 FIN-BUS-0711

7.2.2.7.3

M/L

If applicable, on-line entries and adjustments must be based on original supporting documentation (exceptions being month-end accruals and other entries supported by worksheet calculations). Adjustments should be cross-referenced to adjustment doc numbers (B->C)

P E D FI17 FIN-BUS-0712

7.2.2.8.1 Document that should not be reversed is reversed or deleted, or a document, which already contains cleared items, is reversed III/B

Reversals are selected for 100% Workflow post entry Supervisor review and followed up appropriately. (B->C)


7.2.2.8.2

M/L

SAP does not allow a posted document to be deleted -- original entry must be reversed and correcting entry made. (B->E)

P C D SAP



CONTROLS CATALOG


Page 7 of 28

Row

R

efer

ence

(1)



Ris

k I /

R (

4)

Control Measure


(5)

Type

(6)

Stat

us

(7)

Freq

uenc

y (8

)

Control Resp.

Key

attached (10)

Control or User

Measure Reference

Procedure

and/or ABAP (9)

Remarks

7.2.2.8.3 SAP prevents reversing documents with cleared items, unless a special transaction FBRA is used to reset cleared items - then reversal is possible -Trans code FBRA access can be given only to Close Coordinator. (B->D)

P C D OWNR SAP

7.2.2.9.1 Out of balance postings made III/B

M/L SAP validation prevents saving an entry unless it is balanced by company code and in all currencies. (B->E)

P C D SAP

7.2.2.10.1

Users can make an out of balance posting in local only accounts or XOM only accounts. III/B

M/L Custom validation to ensure entry in balance within the local only or XOM only accounts. Exception is asset local books depreciation. (B->D)

P C D GEMS

7.2.2.11.1

Incorrect or inadvertent postings to sensitive accounts III/B

Postings to High sensitive accounts will be verified 100% , medium accounts by % defined by amount, and followed up appropriately during the Workflow post entry Supervisor review. (B->D)


7.2.2.11.2

M/L

Entries to Employee Vendors to record Employee advances and loans are considered sensitive accounts. The access to make these entries are restricted to the HR role and Payables roles by restricting access to the Empoyee Vendor Group. (A->C)

P C C OWNR/ TSKC

7.2.2.12.1

Unauthorized creation /changes to SAP documents III/B

Only financial staff with authorized profiles can create and change documents (B->D)

P C D OWNR

7.2.2.12.2

M/L

Profiles given to users will be reviewed periodically by Owners as a step within the Annual Access Review process to ensure the appropriateness of the profile with business needs. (B->D)

P E A OWNR Covered in S&C Controls Catalog



CONTROLS CATALOG


Page 8 of 28

Row

R

efer

ence

(1)



Ris

k I /

R (

4)

Control Measure


(5)

Type

(6)

Stat

us

(7)

Freq

uenc

y (8

)

Control Resp.

Key

attached (10)

Control or User

Measure Reference

Procedure

and/or ABAP (9)

Remarks

7.2.2.12.3

Key postings will be verified and followed up appropriately during the Workflow post entry Supervisor review if the entry falls within 100% review criteria (e.g., amt > $250k, recur template, reversals, BDC corrections) otherwise, it is in the random selection criteria population. (B->D)


7.2.2.12.4

User receives custom warning message in a pop up screen as soon as the user executes the upload transaction that has the following reminders: (1) to store EXCEL upload source files in private directory (2) to use the PC screen saver password (3) to use EXCEL spreadsheet passwords to protect integrity of upload if applicable. (Users who need to share files or may need to have a back-up person access their file can use EXCEL spreadsheet passwords on a shared LAN.) (B->C)

P P O FI17 GEMS

Excel Upload ABAP is YFII0260

7.2.2.12.5

An audit trail of document changes by userid is available for any user for problem resolution, etc and appropriate follow up. (B->D)

D/C C E FI17 Operational Report FB04 / SAPMF01A

7.2.2.13.1

Park / Held documents which should be posted are not posted III/B

M/L Users can run List of Parked Document on-line report (FBV3) and List of Held Documents (FB11) to ensure Parked and Held documents are complete. A regional year-end scheduled (2nd WD) batch job exists for documents parked so users can ensure none are pending. (B->D)

D/C P M FI28 FI17

FIN-GEM-0715 (O) Operational Reports based on transaction FBV3 and FB11 / SAPMF05A

7.2.2.14.1

Users could make entries to re-age open items III/B

M/L Entries to re-age accounts are subject to the normal Workflow post entry Supervisor review process with appropriate follow up. 100% review if the re-aging is on a high




CONTROLS CATALOG


Page 9 of 28

Row

R

efer

ence

(1)



Ris

k I /

R (

4)

Control Measure


(5)

Type

(6)

Stat

us

(7)

Freq

uenc

y (8

)

Control Resp.

Key

attached (10)

Control or User

Measure Reference

Procedure

and/or ABAP (9)

Remarks

sensitive account/ sample review if the re-aging is on other accounts. (B->D)

7.2.2.15.1

General Ledger and Sub-ledger are out of balance because a control account is posted to directly III/B

M/L All control accounts are reconciliation accounts which means SAP prevents direct postings. For example, Accounts Receivable, Accounts Payable, Assets. (B->E)

P C D SAP

7.2.2.16.1

Users could review/approve their own journal voucher entries in FI Workflow in the case where a user can make entries and also is a peer reviewer. III/B

M/L Workflow Special Relationship Organizational Table 997 design identifies a reviewer for each user who can post an entry. The entries selected for review are automatically routed to the reviewer specified so a user cannot personally redirect their entry to themselves for review. For stand-ins, SAP will not route a person's document to their own inbox if they are their supervisor's stand-in. (B->E)

P C D SAP

7.2.3.1.1 Incorrect Automatically Generated Postings will result in inaccurate financial statements and misinformed management.

System configured incorrectly resulting in mis-booking (e.g. MM bookings to the wrong 21 A/C, wrong 205 A/C or SD postings may go to the wrong 010 A/C, 018 A/C) III/B

Account determination must be approved by the appropriate process group. (B->D)

P O O FI33

7.2.3.1.2

M/L

Changes of configuration to automatic posting to be performed and thoroughly tested by COE staff who will be granted access. (B->D)

P E E FI99

7.2.3.2.1 Accounts determination created/ changed in the Account Assignment tables could be insufficient, incorrect, and/or erroneous III/B

M/L Upon completion of creation / changes to account determination table, the Skill Center will verify against the approval from the respective process group. (B->D)

D/C E A FI99



CONTROLS CATALOG


Page 10 of 28

Row

R

efer

ence

(1)



Ris

k I /

R (

4)

Control Measure


(5)

Type

(6)

Stat

us

(7)

Freq

uenc

y (8

)

Control Resp.

Key

attached (10)

Control or User

Measure Reference

Procedure

and/or ABAP (9)

Remarks

7.2.3.2.2 Timely account analysis and reconciliation will detect the errors and be followed up appropriately. (B->D)

D/C E M FI17 FI30

FIN-BUS-0707 FIN-BUS-0708 FIN-BUS-0709 FIN-BUS-0710 FIN-BUS-0711

7.2.3.2.3 Material Balance Process will detect unbooked sales/purchases/inventory entries and appropriate action taken. (B->D)


7.2.3.2.4 Custom validations will detect certain account determination errors when insufficient data is provided. (B->E)

P C D GEMS

7.2.3.2.5 Errors on the BW unmapped report will detect certain account determination errors when insufficient data is provided and appropriate follow up taken. (B->D)

D/C C M FI30 Refer to Corporate Reporting Controls Catalog

7.2.3.3.1 Changes to Account Master impacting configuration not updated. For example, if an account is blocked and it is referenced in configuration, then operating processes will fail, e.g., cannot move materials. III/B

M/L Whenever the Account Master is updated, the impact on configuration must be assessed for concurrent update as part of the account set up check list. (B->D)

P C E TSKC FIN-GEM-0702 (U)

7.2.3.4.1 Incorrect automated income tax accrual can misrepresent local and stewardship reporting tax entries III/B

Income tax accrual program does not calculate final tax liability/asset - batch program does not run in period 12 - final numbers are the result of an outside the system calculation following current procedures (B->D)

P E C FI16 / FI30

7.2.3.4.2

M/L

Close coordinator and financial analyst role receive test run report of the program, indicating tax rates used and projected postings (period 1-11) (B->D)

P C M FI16 FI30



CONTROLS CATALOG


Page 11 of 28

Row

R

efer

ence

(1)



Ris

k I /

R (

4)

Control Measure


(5)

Type

(6)

Stat

us

(7)

Freq

uenc

y (8

)

Control Resp.

Key

attached (10)

Control or User

Measure Reference

Procedure

and/or ABAP (9)

Remarks

7.2.3.4.3 Program postings only occur on demand through an interface: no online run with posting. Only posts when close coordinator wants to via batch job. (B->D)

P C M FI16

7.2.4.1.1 Incorrect Recurring Entries will result in inaccurate financial statements and misinformed management.

Recurring entry templates not established or expire without review for reinstatement. III/B

M/L Account reconciliation process should identify entries that are not occurring and appropriate action taken. (B->D)

D/C E M FI17 FIN-BUS-0710

7.2.4.2.1 Recurring entry template incorrectly set-up. III/B

M/L Recurring Entry Templates and changes to templates are selected for 100% Workflow post entry Supervisor review and followed up appropriately. A regional year-end batch job is scheduled for December 5 to give users an opportunity to review what is needed for the new year. (B->D)


7.2.4.3.1 Batch jobs to generate recurring entries from template not executed or executed more than once. III/B

Batch jobs for recurring entries to be formally scheduled via the automatic batch scheduler. (B->C)

P P M BSKC FIN-GEM-0701(U) FIN-BUS-0701

7.2.4.3.2 Standard/formal breakdown procedures would include having Closing Coordinator rerun the job if applicable. (B->C)

D/C P M FI16

7.2.4.3.3

M/L

SAP prevents the duplicate execution of the recurring documents beyond the set frequency. (B->E)

P C M SAP

7.2.4.4.1 Exception messages for recurring documents in batch job execution not resolved. III/B

M/L Closing Coordinator should take necessary actions to address error messages in the batch job log with the owner responsible for each job/report (B->D)

P P M FI16 FIN-GEM-0701(U)



CONTROLS CATALOG


Page 12 of 28

Row

R

efer

ence

(1)



Ris

k I /

R (

4)

Control Measure


(5)

Type

(6)

Stat

us

(7)

Freq

uenc

y (8

)

Control Resp.

Key

attached (10)

Control or User

Measure Reference

Procedure

and/or ABAP (9)

Remarks

7.2.4.5.1 Expiration may not be reviewed for reinstatement III/B

Users should review the recurring documents to make sure whether or not expiring documents should be reinstated using the batch run standard report RFDAUB00 and follow up appropriately. (B->D)

D/C C Y FI17 FIN-GEM-0712(O) Operational Report RFDAUB00

7.2.4.5.2

M/L

Automated annual job to list applicable recurring templates to be reviewed by the Close Coordinator who will initiate appropriate action with the User to confirm existence for the new year. (B->C)

P P Y FI16 FIN-GEM-0701(U)

7.2.5.1.1 Batch schedule process fails ==> This includes any financial process batch job, which is not specifically covered elsewhere in the catalog. Changed 5/9/02

Batch schedule process may fail resulting in the lack of necessary posting thus resulting in incorrect financials and misinformed management. III/B

M/L Closing Coordinator should take necessary actions to address error messages in the batch job log with the owner responsible for each job/report. (B->D)

D/C P D FI16 FIN-GEM-0701(U)

Accounting Processes 7.3.6.1.1 Exchange gain/loss on foreign

currency assets and liabilities not recognized correctly

Revaluation of foreign currency assets/liabilities not executed (In the context of this Catalog, "revaluation of foreign currency assets/liabilities process" includes: - Foreign exchange revaluation II/B - Foreign exchange EAFE dollarization for Local Fun

Batch jobs for revaluation of foreign currency assets/liabilities to be registered in the Autosys batch scheduler. (B->D)

P E M FI99 FI16

FIN-GEM-0701 (U)

Foreign Exchange Analyst to re-run the job in case of failure/errors

7.3.6.1.2

H/M

Foreign Exchange Analyst does a reasonableness check on all monetary accounts to ensure that they are valuated at month end rate (identified in month-end checklist) Report and follows up appropriately. (B->D)




CONTROLS CATALOG


Page 13 of 28

Row

R

efer

ence

(1)



Ris

k I /

R (

4)

Control Measure


(5)

Type

(6)

Stat

us

(7)

Freq

uenc

y (8

)

Control Resp.

Key

attached (10)

Control or User

Measure Reference

Procedure

and/or ABAP (9)

Remarks

7.3.6.2.1 Revaluation run of foreign currency not executed completely II/B

Closing Coordinator and/or Foreign Exchange Analyst to check that the foreign currency asset/liability revaluation jobs are executed successfully, and ensure that error messages are resolved based on the batch job error log. (B->D)

D/C E M FI25 FI16

FIN-GEM-0701(U)

7.3.6.2.2

H/M

Program selection options (variants) to be tested extensively before it is scheduled for production run (B->D)

P O A GEMS

7.3.6.3.1 Incorrect exchange rates used II/C

M/L Refer to Exchange Rate Section (C->D)

Refer to Exchange Rate Section

7.3.6.4.1 Amounts in detail line item entries are created/changed during execution of Batch Input related to revaluation. IV/B

M/L Foreign Exchange Analyst does a reasonableness check on all monetary accounts to ensure that they are valuated at month-end rate (identified in month-end checklist). (B->D)


7.3.7.1.1 Unauthorized addition / changes are made to Distribution rule Table YFX1 for posting to end accounts resulting in incorrect information

Unauthorized person accesses and makes changes to the YFX1 table (Forex Distribution Table) II/B

All changes to table YFX1 are logged with details like User id and time/date stamp (B->D)

D/C E E SAP

7.3.7.1.2 Access to maintain data in the Distribution Table YFX1 is restricted to only Skill Center personnel (B->D)

P C O FI99 role

7.3.7.1.3

H/M

Analysis of table log control report RSVTPROT is reviewed by the Foreign Exchange Analyst and followed up appropriately. (B->D)

D/C C M FI25 FIN-GEM-0704 (C) RSVTPROT

Control report - procedures in script - Perform Analysis of Table Log - Forex Distribution Table



CONTROLS CATALOG


Page 14 of 28

Row

R

efer

ence

(1)



Ris

k I /

R (

4)

Control Measure


(5)

Type

(6)

Stat

us

(7)

Freq

uenc

y (8

)

Control Resp.

Key

attached (10)

Control or User

Measure Reference

Procedure

and/or ABAP (9)

Remarks

7.3.7.1.4 A copy of YFX1 table content to be taken each month and stored electronically for a period of 3 months to allow for re-setting parameters, if necessary, with appropriate follow up

B/D IP M TSKC FIN-GEM-0716 (U)

Exchange Rate Conversions 7.4.8.1.1 Foreign currency postings are not

converted at correct exchange rates. This creates improper balance sheet and income statement, which may lead to misinformed management and not comply with local statutory exchange rate requirements.

Regional Treasury/Accounting Centers provide wrong source data. III/B

M/L Regional Treasury/Accounting Center Supervisors review and confirm source data before updating the exchange rate table. (B->D)

P E D FI37 FIN-BUS-0703 FIN-GEM-0706 (U)

For RTS, no SAP access required as it is an external review

7.4.8.2.1 Exchange rates are not updated on time III/B

M/L Procedures will define where to obtain the various exchange rates and the update timing. (B->D)

P P D FIN-BUS-0703 FIN-GEM-0706 (U)

7.4.8.3.1 Unauthorized person accesses and makes changes to the exchange rate table. IV/B

M/L Access to make changes to exchange rate table TCURR (Transaction OB08) is restricted by profile and granted only to limited personnel approved by process owner. (B->E)

P C O FI37

7.4.8.4.1 Incorrect exchange rates or exchange rate types are entered III/B

Changes to exchange rate table are logged and followed up as appropriate by Regional Treasury/Accounting Center. (B->C)

D/C E O RTS SAP

FIN-BUS-0703 FIN-GEM-0706 Operational Report RSVTPROT

7.4.8.4.2

M/L

RTS compares table logging control report “RSVTPROT” with source data daily to confirm all changes to the currency table (TCURR), and checks correctness and completeness and follows up appropriately. (B->D)

D/C C D RTS FIN-BUS-0703 FIN-GEM-0706 (C) RSVTPROT



CONTROLS CATALOG


Page 15 of 28

Row

R

efer

ence

(1)



Ris

k I /

R (

4)

Control Measure


(5)

Type

(6)

Stat

us

(7)

Freq

uenc

y (8

)

Control Resp.

Key

attached (10)

Control or User

Measure Reference

Procedure

and/or ABAP (9)

Remarks

7.4.8.4.3 Accountants to review transaction data at time of input for reasonableness of the exchange relationship between currencies, with appropriate follow up. (B->C)

D/C E D FI17 Users representatives from EMEAF and A/P endorsed this comment.

7.4.8.5.1 Batch Schedule Job updating the exchange rate table via month end customized program fails resulting in no exchange rates entered into the system & delay of month-end activities III/B

M/L User reviews the exchange rates table after the month-end exchange rate update program execution. Procedure defined to re-run the program online as well as manual table updates, if necessary, with appropriate follow up. (B->D)

D/C P D FI25/FI37 FIN-BUS-0703 FIN-GEM-0706 (C) YFIV0020_AVG_EXCH_RATE

This is an IXOS Control Report

7.4.8.6.1 Decentralized updating of the exchange rate table causes inconsistency of data IV/B

M/L The exchange rate table maintenance process is centralized by region and carried out by a regionally central group (B->D)

P C O OWNR

7.4.8.7.1 On entries in the system, manual exchange rate not entered correctly III/B

M/L If the exchange rate deviates more than a defined percentage from the rates maintained in the table TCURR, the system would issue a warning message of deviation. Each user responsible for postings must check and verify the deviated rate before posting. (B->C)

P E D FI17 GEMS

5% is default rate, but EUAT can recommend country specific tolerance.

7.4.8.8.1 The SAP transaction FBB1 (or F-05) to adjust currency values and bypass the exchange rate calculation is used incorrectly. III/B

Access to this transaction is limited to the Close Coordinator and Forex Analysis roles. Also, FI workflow includes FBB1 and F-05 in its 100% selection criteria. (B->D)

P C D OWNR

7.4.8.8.2

M/L

Transactions using this transaction type will be 100% reviewed in the journal entry review process and followed up appropriately. (B->D)


Financial Close 7.5.9.1.1 Information Processing Loss -

Inability to close books/delay closing would require additional staffing to estimate earnings and

Jobs are not executed due to loss of Job Scheduling Service - server failure II/B

H/M Financial Close Schedule scripts and procedures to be maintained so that the closing jobs can be submitted manually by Close Coordinator if necessary

D/C C A FI16 BSKC

FIN-GEM-0701 (U)

This process will be coordinated between the



CONTROLS CATALOG


Page 16 of 28

Row

R

efer

ence

(1)



Ris

k I /

R (

4)

Control Measure


(5)

Type

(6)

Stat

us

(7)

Freq

uenc

y (8

)

Control Resp.

Key

attached (10)

Control or User

Measure Reference

Procedure

and/or ABAP (9)

Remarks

could cause misstated earnings and incorrect financial statements.

instead of the Job Scheduler. (B->C)

Skill Center and Close Coordinator

7.5.9.2.1 Month end close schedule run out of sequence or month end close schedule not set up on batch schedule correctly causing reruns III/B

M/L Once setup, Job Scheduler will execute jobs in the proper sequence. Any changes to closing using Job Scheduler will have to be reviewed or tested based on certain Change Control Procedures prescribed by the COE (B->D)

P C D FI16 BSKC

7.5.9.3.1 Delays from manual postings resulting in deadlines not met III/B

Closing deadlines for month-end, quarter-end, year-end, etc. for each calendar year will be formally established and communicated to all users and skill centers (B->D)

P C A FI16

7.5.9.3.2

M/L

User to confirm to Closing Coordinator when close critical task is completed. If deadline is likely not to be met, user must inform the Coordinator and explain reasons and follow up appropriately. (B->D)

D/C C E LBU FIN-GEM-0701 (U) FIN-BUS-0701

7.5.9.4.1 Manually requested job may not be executed, or certain jobs may fail, time out or finish with wrong financial results, leading to incomplete or inaccurate postings. III/B

Each report or batch job has a custodian to monitor and review the report and identify any performance issues and follow up appropriately. (B->D)

D/C C M FI16 FIN-BUS-0706

7.5.9.4.2

M/L

Close Coordinator to monitor closing jobs by checking that all batch input sessions are cleared/posted. Specifically, to check that certain batch jobs which generate BDC sessions are cleared and follow up appropriately (e.g. reversal of accruals, revaluation of foreign currency, etc.) (B->D)

D/C C M FI16 FIN-GEM-0701(U) FIN-BUS-0701

7.5.9.5.1 Incorrect Carry Forward of Year-End balances. II/B

H/M Control Report RFBILA00 (Trial Balance) must be executed and reviewed to ensure that the ending balance for the previous year and opening balance for

D/C E Y FI16 FIN-GEM-0707 (C) RFBILA00



CONTROLS CATALOG


Page 17 of 28

Row

R

efer

ence

(1)



Ris

k I /

R (

4)

Control Measure


(5)

Type

(6)

Stat

us

(7)

Freq

uenc

y (8

)

Control Resp.

Key

attached (10)

Control or User

Measure Reference

Procedure

and/or ABAP (9)

Remarks

the new year is the same. (B->C)

7.5.10.1.1

Accounting period not properly managed

Opening and closing of accounting period may not be timely. II/B

H/M Majority of the opening and closing of accounting period steps are registered in the batch scheduler. Certain exceptions are managed by Close Coordinator (B->C)

P C O FI16 FIN-GEM-0701(U) FIN-BUS-0701

7.5.10.2.1

Batch jobs to open/close accounting period fail II/B

H/M Closing Coordinator / FI COE to manually open/close accounting period. (B->E)

D/C C M TSKC FI16

FIN-GEM-0701(U) FIN-BUS-0701

7.5.10.3.1

Unauthorized updates to the accounting period table. III/B

Access is restricted to Close Coordinator and COE. (B->D)

P C M OWNR

7.5.10.3.2

M/L

Control report RSVTPROT is reviewed by the closing coordinator's supervisor monthly and followed up appropriately. (B->D)

D/C C M FI28 FIN-GEM-0705 (C) RSVTPROT

Control report - procedures in script - Perform Analysis of Table Log - Acctg Per Table

BDC Error Correction 7.6.11.1.1

Incorrect information entered during the manual correction in batch input session resulting in the distorting of data in the system

Data is incorrectly changed or unauthorized changes are made during batch data corrections (BDC) III/B

Manual correction of BDC sessions is restricted by access profile to authorized users. Changes are also logged by user id of person making changes. (B->D)

P C O OWNR Also covered in Generic Control Catalog

7.6.11.1.2

M/L

BDC naming convention is established to provide a means to granting limited access (B->D)

P C O GEMS



CONTROLS CATALOG


Page 18 of 28

Row

R

efer

ence

(1)



Ris

k I /

R (

4)

Control Measure


(5)

Type

(6)

Stat

us

(7)

Freq

uenc

y (8

)

Control Resp.

Key

attached (10)

Control or User

Measure Reference

Procedure

and/or ABAP (9)

Remarks

7.6.11.1.3

Changes made during manual processing of batch input session are logged by user id of person making change and log can be consulted for appropriate follow-up when needed. (B->D)

D/C E O SAP

7.6.11.1.4

Manual changes to batch job entries are selected for 100% Workflow post entry Supervisor review and followed up appropriately. (B->C)

D/C C D FI28 FIN-GEM-0703 (U)

7.6.11.1.5

User training and documentation of BDC reject correction process and periodic review of BDC sessions (B->C)

P C A BSKC Also covered in Generic Control Catalog

7.6.11.2.1

Unauthorized person gains access to the BDC source / output file III/B

M/L Change access to all directories storing the files is restricted to authorized users only. (B->D)

P C O OWNR Refer to Inbound Interface Control Catalogs.

7.6.11.3.1

Session can be cancelled or deleted during batch data correction (BDC) III/B

M/L Users are prevented from deleting production job BDC sessions via access profiles (Restricted to the Close Coordinator Role). Users can, however, delete user -generated sessions for the EXCEL journal voucher upload BDCs. (B->D)

P C O FI17 OWNR

Also covered in Generic Control Catalog

7.6.11.4.1

A batch input session that was processed contains errors but is not reprocessed, causing incomplete data to be posted into the system. III/B

The batch input session Overview highlights BDC that contains the error or has not been processed. Reviewed by the assigned owner and appropriate action taken. (B->D)

D/C E A FI16 FIN-GEM-0711 (U)

7.6.11.4.2

M/L

Closing Coordinator reviews batch overview prior to month end closing and follows up appropriately. (B->D)

D/C E M FI16 FIN-GEM-0701 (U) FIN-BUS-0701

7.6.11.5.1

Inappropriate access to process BDC sessions III/B

M/L Authorization to process batch session in batch is limited to batch userID only. There are some exceptions in the FI area, where the BDC session is

P C A GEMS This is an exception to the Generic Control Catalog



CONTROLS CATALOG


Page 19 of 28

Row

R

efer

ence

(1)



Ris

k I /

R (

4)

Control Measure


(5)

Type

(6)

Stat

us

(7)

Freq

uenc

y (8

)

Control Resp.

Key

attached (10)

Control or User

Measure Reference

Procedure

and/or ABAP (9)

Remarks

processed by the end user userid. In those cases, the specific batch job names are specified in the specific roles. (B->D)

Analysis & Control 7.7.12.1.1

Accounts may not be reconciled resulting in incorrect financial statements

Account may not be reconciled due to absence of responsibility assignment. III/B

M/L Accounts are assigned to owners to identify ownership for reconciliation activities. Review process established to ensure that all accounts are reconciled (B->D)

P E A LBU FIN-BUS-0704

7.7.12.2.1

Account reconciliations and required clearing not adequately reviewed and approved III/B

M/L Balance Sheet Account Management (BSAM) guidelines cover review and approval process. (B->D)

P E M FI17 FIN-BUS-0710

7.7.12.3.1

Acct Recv subledger and GL is out of balance. II/B

H/M The control report RFDSLD00 (Accounts Receivable balances in local currency) is checked against the control report RFSSLD00 (GL accounts balances) to ensure that AR balances are reconciled with GL based on reconciliation accounts. (B->C)

D/C C M FI16 FIN-GEM-0708 (C) RFDSLD00 variant 2 (C) RFSSLD00 variant 3

7.7.12.4.1

Acct Payable subledger and GL is out of balance. II/B

H/M The control report RFKSLD00 (Accounts payable balances in local currency) is checked against the control report RFSSLD00 (GL accounts balances) to ensure that AP balances are reconciled with GL based on reconciliation accounts. (B->D)

D/C E M FI16 FIN-GEM-0709 (C) RFKSLD00 variant 2 (C) RFSSLD00 variant 2

7.7.12.5.1

General Ledger transactions are not aligned with the GL Balance . II/B

H/M The control report SAPF190 (Financial accounting comparative analysis) will detect, and advise users of differences between a GL, AP or AR account balance and the total of all open items contained in that account i.e. compare AR, AP and GL accounts balances and the totals from posted documents. (B->C)

D/C E M FI16

FIN-GEM-0710 (C) SAPF190

7.7.12.6. The balances in the Material H/M The operational report RM07MMFI will D/C C M FI33 FIN-GEM- This is not an



CONTROLS CATALOG


Page 20 of 28

Row

R

efer

ence

(1)



Ris

k I /

R (

4)

Control Measure


(5)

Type

(6)

Stat

us

(7)

Freq

uenc

y (8

)

Control Resp.

Key

attached (10)

Control or User

Measure Reference

Procedure

and/or ABAP (9)

Remarks

1 Master (MM module) are out of balance with the General Ledger balance for Inventory II/B

detect differences between MM and FI is appropriately followed up. (B->C)

0714 Operational Report RM07MMFI

IXOS Control report.

7.7.12.7.1

The balances in the Fixed Asset subledger are out of balance with the General Ledger II/B

H/M Covered in the Asset Controls Catalog (B->C)

Refer to Assets Controls Catalog

7.7.13.1.1

Private Employee Advance and Loan data may be available for viewing to all Financial users in the system. (This data was designated as Private by the HR Controls Advisor Scott Leonard)

Employee privacy may be compromised. III/B

M/M View access to the Employee Advance and Loan accounts are limited to HR role (via use of account group on certain sensitive GL accounts, and by use of the account group on the vendor master) (A->B)

P C C OWNR

Local Accounting Entries 7.8.13.1.1

Local statutory books not properly recorded

Local accounting differences not identified IV/D

L/L Performance of year-end audit of local books by auditors with appropriate follow up. (D->D)

D/C E Y LBU PWC

7.8.13.2.1

Differences not calculated/improperly calculated and not/improperly incorporated into local books III/B

Affiliate Controller to ensure that all accounting differences are incorporated into local purpose accounts as required (B->D)

P E A Regional Controller

7.8.13.2.2

M/L

Performance of year-end audit of local books by auditors with appropriate follow up. (B->D)

D/C E Y LBU PWC

7.8.13.3.1

Local reports, data not properly reviewed before sending to government III/C

M/L Business procedures will address each countries' needs for outside system review of the data before sending to local government. Where needed business procedures are required to either electronically or manually sign of that documents have been reviewed (e.g. France grandes livres reports) (C->D)

D O C LBU

Document Retention 7.9.14.1.0

Supporting documentation is not properly filed

Local books, local data sent to the government without a formal sign-off

H/M Local record retention guidelines to address requirements

P C O Regional Controller

Retention guidelines as put



CONTROLS CATALOG


Page 21 of 28

Row

R

efer

ence

(1)



Ris

k I /

R (

4)

Control Measure


(5)

Type

(6)

Stat

us

(7)

Freq

uenc

y (8

)

Control Resp.

Key

attached (10)

Control or User

Measure Reference

Procedure

and/or ABAP (9)

Remarks

II/B forward by Controllers management

7.9.14.1.1

Document retention does not meet ExxonMobil, Local Statutory or Legal requirements. II/B

H/M Documents to be stored to meet statutory / legal and ExxonMobil requirements in accordance with retention schedule appropriate for the affiliate. (B->C)

P E D LBU Retention guidelines as put forward by Controllers management



CONTROLS CATALOG


Page 22 of 28

Attachment 1

Remarks for the control catalog table:

1) Row Reference: A simple reference row number to facilitate internal referrals in the document. Format should be S.E.C.M, where S is control catalog section, E is exposure, C is concern, and M is measure, and each is numbered sequentially within each occurrence.

2) Severity: Severity of unwanted result and business consequence (I = Highest, II, III, IV = Lowest). Refer to ISRMP Risk Screening template definitions.

3) Probability: Possibility of control concern happening (A = Frequent, B = Probable, C = Occasional [once during system life], D = Remote, E = Improbable). Refer to ISRMP Risk Screening template definitions.

4) Risk: Based upon severity and probability. Refer to ISRMP Risk Screening template definitions. "IR" refers to inherent risk before any control is in place, and "RR" refers to residual risks after the control is in place. Refer to 2 and 3 above. Situations where residual risk (RR) is not reduced to low (L) should be further assessed to determine whether further cost/effective controls are practical, and may be candidates for identification as a "risk acceptance."

5) Control Measure Possibility: Effect of control in reducing possibility before (B) and after (A) the control implementation. "B" corresponds to 3 above. Refer to 3 above for values.

6) Control Type: P = Preventive, D = Detective, or C = Corrective. Detective control measures should normally have an associated corrective measure.

7) Status: E = Existing, C = Complete, IP = In Progress, O = On-going (recurring control activity), P = Pending, R = Rejected (should have accompanying remark explaining reason)

8) Control Frequency: D = Daily, W = Weekly, M = Monthly, Q = Quarterly, Y = Yearly, A = Ad hoc (as determined by owner or responsible control role), O = One-time, E = After event, C = Continuous

9) Control Measure Reference: Either or both the program (ABAP) and/or procedure related to a control measure should be indicated. Where a control report is produced, the appropriate ABAP should be specified. Where a procedure has to be followed, enter the procedure reference. Format for

procedure reference should be PPP-LLL-NNNN, where PPP is a three alphabetic character business process identifier (e.g. PTP, PLM, OTC, etc.), XXX is the procedure level identifier (BUS for business procedures or GEM for GEMS specific procedures, mainly stored on GEMS KW for reference by users) and NNNN is a four character sequence number. Values are to be established by process team. If the procedure has a (U) noted then it is a user procedure related to the respective control measure.

10) Control Responsibility: Designates the business role (i.e. individual[s]) responsible for executing/performing a control activity/measure (e.g. role responsible for reviewing and approving price change report). Where the responsible business role is defined within SAP (i.e. it corresponds to a user access role), the specific 4-5 character user access role should be indicated. In cases where the responsible business role is not within SAP, a role abbreviation should be used. All control reports are to be approved on-line through SAP and should accordingly indicate appropriate "approver" role.

See following pages for a list of valid values, contact GEMS S&C Team for additions or changes. Role ID observes the following naming convention -- - For SAP roles: PPnn, where PP is a 2-character business process/module identifier, and nn is a 2-digit number (00-99). This value corresponds to the role's

SAP technical name. Where roles are functionally the same as those from other systems, the same role ID should be used when it conforms with corporate and GEMS naming conventions. The values for business process and format for role ID are specified in GIS Naming Conventions for Workplace.

- For non-SAP roles: aa-aaaaaa, where 'a' is an alphabetic character. It is recommended that business process identifier be used for first two characters, where practical.

Note: Where specific values are indicated these are the only valid values.



CONTROLS CATALOG


Page 23 of 28

Attachment 1 (continued)

Values For Business Module/Process in Role ID AM Asset Management PO Advanced Planning Optimization (APO) AP Accounts payable PP Production Planning AR Accounts Receivable PR Production BC Basis (DBAs, Operations, Scheduling, and related activities) PS Projects BW Business Warehouse PT Purchase-to-Pay CO Costing / Controlling QM Quality Management CR Customer Relationship Management SC Security and Controls FI Financial Accounting SD Sales and Distribution KW Knowledge Warehouse SK Skill Center LO Logistics SP Succession Planning MM Material Management SS Employee self-service OT Order-to-Cash TE Training and Events PM Plant Maintenance TR Treasury XX Miscellaneous

Roles Role ID Role Name Role ID Role Name FI01 Project Engineering FI02 Capital Budget Coordination FI03 Capital Project Admin FI04 Fixed Asset Analysis FI05 Project Engineering Management FI06 GSC Fixed Asset Custodian FI07 Fixed Asset Accounting FI08 Fixed Asset Coordination FI09 US Tax Fixed Asset Accounting FI11 Tax Rule Admin FI13 Cost/TJC Accounting FI15 Timekeeping Accounting FI16 Coordinate Close FI17 General Accounting FI18 Financial Data Admi nistration FI19 Late Period Adjustment for General Accounting (FI17) FI20 Intercompany Accounting FI21 Balance Sheet Account management FI22 Tax Accounting FI23 Tax Advisor FI25 Foreign Exchange Analysis FI26 Payroll Accounting FI27 Workflow Coordinator FI28 Supervise/Manage Financial FI29 Joint Venture Analysis FI30 Financial Analysis FI31 Planning Coordination FI32 Worldwide Mapping FI33 Inventory Analysis FI34 PCA Data Administration



CONTROLS CATALOG


Page 24 of 28

FI35 Business Analysis FI36 Timecharging FI37 Treasury Analysis FI38 TJC CATS Approval FI39 Financial Display Only FI40 Treas. Interface Admin FI43 Proj Sys View FI47 Cost Analysis FI50 Internal Order Creation FI51 Payables Internal Order Support FI52 JE Workflow Approval FI53 Technology Project Administration FI55 Profit Center Display Only FI56 Human Resource Accounting FI57 Product Cost Analyst FI61 Write to WW-SL FI62 US Tax Reporting FI63 Dollar Value LIFO Inventory tax Analysis FI64 FOREX Rate Administrator FI65 FOREX Validation File Approver FI67 Inventory Cost of Production Book / Tax Manager FI70 Archive Data Retrieval FI80 - FI99 Technical Skill Center Roles Other Possibly Relevant Roles BSKC Business Skill Center OWNR FI Process Owner/Custodian GEMS GEMS Configuration SAP Inherent SAP FI-ACCTS Central Controller Rep-in charge of screening changes to

accounts LBU Local Business Unit

TSKC Technical Skill Center RTS Regional Treasury Supervisor - external view-no SAP PWC PriceWaterhouseCoopers External Auditor

Note: Delete the non-relevant roles from the list above. The above role IDs and roles are initial DRAFT and currently under review.



CONTROLS CATALOG


Page 25 of 28

Control Procedures

Procedure ID

Procedure Title

Procedure Description (Summary)

Script Name

(URL or File Path, or GEMS KW search

Created By/ or

comment (Org and Indiv Initials)

FIN-BUS-0701 Closing Coordinator ME Procedures Closing Coordinator should have detailed procedures documented to identify manual tasks needed to be performed by workday

GEMS KW "FI16: close coordination"

Lists responsibilities, controls and procedures

FIN-BUS-0702 Provide G/L account descriptions to users Users will need access to a list of G/L account descriptions to help them in their selection process.(similar to EMDS Database)

SAP transaction S_ALR_87012326 and S_ALR_87012328

FIN-BUS-0703 Procedures for updating exchange rate table Regional Treasury Center Supervisors review and confirm source data before updating the exchange rate table; also need to set up the procedure to get the various exchange rates

FIN-BUS-0704 Assign owners to Balance Sheet Accounts-question over process in follow up items

New owners must be assigned for GEMS implementation BS-account assignment lists available per region, stored at local controllers LAN

FIN-BUS-0705 Technology Revenue Reconciliation For Technology, compare revenue posted in SAP to revenue in LAMS subsystem, this is done is areas where revenues are generated.

Local LAMS procedures available, including reconciliation forms.

FIN-BUS-0706 Define custodian for each job in batch schedule Each job/report requires a custodian to ensure run executed timely and results complete

GEMS KW " A guide to batch jobs in APO" this includes lists and batch jobs schedules

FIN-BUS-0707 Cost Stewardship Review Cost Stewardship Review Process. This is a process where each cost center is assigned to a steward, and the steward performs a periodic review to ensure charges to the cost center are reasonable.

Procedures at intranet controllers site, EMCC controllers global financial process model

FIN-BUS-0708 Project Stewardship Review Project Stewardship Review Process. This is a process where each project or group of projects is assigned to a steward, and the steward performs a periodic review to ensure charges to the project are reasonable.

Procedures at intranet controllers site, EMCC controllers global financial process model

FIN-BUS-0709 Material Balance Stewardship Review Material Balance Stewardship Review Process. This is a process where the change in Inventory is compared to the purchases and sales from Inventory to ensure all purchases and sales are recorded in the correct period.

GEMS KW: 'reviewing the material balance report" and " the validate and correct material balance" and "FI48: material balance analysis"

FIN-BUS-0710 Account Reconciliation Review Account Reconciliation Review Process - this is a Controller's process where each balance sheet account is assigned to a custodian who ensures the reasonableness of the entries and the timely clearing of open items.

BSAM Guidelines are in place, centrally stored at CAS Controllers Intranet

FIN-BUS-0711 Monthly Close Analysis Monthly Close Analysis Process - this is a process where financial analysts review the earnings/reporting results for reasonableness and comparison to prior periods.

Month end close procedures are available and centrally stored at local controllers LAN

FIN-BUS-0712 Procedures for Retaining supporting documentation for Journal Entries

This should specify when supporting documentation is required to be retained.

CAS journal voucher procedure is available at local Controllers LAN and management guideline on



CONTROLS CATALOG


Page 26 of 28

local shared controllers LANFIN-GEM-0408 SL User Exit Errors (T Code ZDW4) Report displays errors in related to population of GFCM fields in the

Special Ledger GEMS KW: " reviewing the user exit error table listing"

FIN-GEM-0701 Closing Coordinator ME Procedures Closing Coordinator should have detailed procedures documented to identify what batch schedule jobs should be reviewed and what follow-up actions are required by the position vs users.

GEMS KW "FI16: close coordination"

Lists responsibilities, controls and procedures

FIN-GEM-0702 New Account/Deleted Account Check List Skill Center needs check list to follow for procedures in setting up new accounts or deleting/blocking existing accounts. This should include notifying all users via a broadcast system message when a new account is established.

GEMS KW:" reviewing general account master data" and GIS CoE skill centre procedures.

FIN-GEM-0703 FI Workflow Supervisor Review Procedures Supervisors will have to review FI Documents in their SAP Inbox that have been selected by the FI Workflow sample process. This procedure will highlight key items of interest they should focus on.

Supervisor review guideline is available in local shared controllers LAN directories. And in GEMS KW;" accepting Journal entries via Workflow."

FIN-GEM-0704 Table Log review of YFX1 Table Analyze the changes to Table YFX1 - Forex Distribution Table. ABAP RSVTPROT (This is a critical control report.)

GEMS KW:" displaying the foreign exchange distribution table", and "reviewing the FX gains/losses distribution report".

FIN-GEM-0705 Review Table log T001B -Accounting period table Control report RSVTPROT is reviewed by the closing coordinator's supervisor.

GEMS KW: ' reviewing RSVTPROT: updates to the accounting Period Table Report".

FIN-GEM-0706 Procedures for updating exchange rate table User procedure to update the TCURR Exchange Rate table timely for daily and month end activities, also reviews TCURR Table change log

GEMS KW: "uploading foreign exchange rates" and "reviewing RSVTPROT: updates to the currency table report." And in SAP: YFIV0020_AVG_EXCH_RATE

FIN-GEM-0707 Review YE Close Process - Account Balances Report RFBILA00 (Trial Balance) must be executed and reviewed to ensure that the ending balance for the previous year and opening balance for the new year is the same.

GEMS KW: " year end" procedures such as: "reviewing RFBILA00; account trial balance report."

FIN-GEM-0708 Compare AR subledger and GL The control report RFDSLD00 (Accounts Receivable balances in local currency) is checked against the control report RFSSLD00 (GL accounts balances) to ensure that AR balances are reconciled with GL based on reconciliation accounts

GEMS KW: "reviewing RFDSLD00 Account Receivable sub ledgers."

FIN-GEM-0709 Compare AP subledger and GL The control report RFKSLD00 (Accounts payable balances in local currency) is checked against the control report RFSSLD00 (GL accounts balances) to ensure that AP balances are reconciled with GL based on reconciliation accounts

GEMS KW: "reviewing RFKSDL00; Accounts Payable Subledger balances."

FIN-GEM-0710 Compare GL Data Internal data integrity The control report SAPF190 (Financial accounting comparative analysis) will detect, and advise users of differences between a GL, AP or AR account balance and the total of all open items contained in that account i.e. compare AR, AP and GL accounts balance

GEMS KW: " comparative analysis."

FIN-GEM-0711 Procedures for Correcting BDC errors Procedures for Correcting BDC errors GEMS KW: " BDC errors" procedure " the BDC error correction process"



CONTROLS CATALOG


Page 27 of 28

FIN-GEM-0712 Review recurring documents for re-instatement Recurring documents should be reviewed to see if expiring items should be re-instated (operational report RFDAUB00)

GEMS KW: "reviewing the recurring entry document report." SAP transaction code S_ALR_87012346

FIN-GEM-0713 Material Balance Review Run reports and check for imbalances in sales/purchases/inventories GEMS KW: 'reviewing the material balance report" and " the validate and correct material balance" and "FI48: material balance analysis"

FIN-GEM-0714 Compare MM Inventory subledger and GL balances This operational report (RM07MMFI) does the MM/FI comparison FIN-GEM-0715 Parked/Held Document List report A list of parked and held documents should be run monthly to ensure

users have completed all relevant accounting entries that are work-in-progress

Transaction FBV3 for RFPUEB00 report and transaction FB11 for SAPMF05A report

FIN-GEM-0716 Take monthly copy of Tcurr table to store Skill center procedure to take copies to store for 3 months for parameters and appropriate follow-up

FIN-GEM-0718 Request new General Ledger Account How to request new accounts. Workinstruction; " request for G/L Accounts (additions/changes/blocks)"and related form



CONTROLS CATALOG


Page 28 of 28

Control Reports

Report Name (ABAP Program)

Report Title

User Procedure

(Work Instruction) Reference

Control

Responsibility (SAP Role ID)

iXOS

Document Type

Run

Frequency(D, W, M, Q, Y,

A, O, E)

Remarks (C) ZDWRPT04 SL User Exit Errors FIN-GEM-0408 FI30 ZH1_FS(US) M T Code ZDW4; also

ZB0(EU) & ZH2_FS(LA) iXOSDoc typ

(C) YFIV0020_AVG_EXCH_RATE

Review Month Average and Closing Exchange Rate Update work instruction Job Aid 6 FI25 ZH2_FG M used to rvw comp of mnth avg & clsng crncy exch rt

(C) RSVTPROT Table Log for Table YFX1 FIN-GEM-0704 FI25 ZH1_FG1 M used to rvw updates & chgs to Forex Distr tbl YFX1

(C) RSVTPROT Table Log for Table T001B FIN-GEM-0705 FI28 ZH1_FG M used to rvw updates&chgs to Acctg Period Tbl T001B

(C) RSVTPROT Table Log for Table TCURR FIN-GEM-0706 FI28 ZH2_FG D Used to rvw updates &chgs to Exch Rate Tbl TCURR

(C) RFBILA00 Account / Trial Balances FIN-GEM-0707 FI16 ZH1_FG Y used to vrfy carry fwd of YE bal for GL/AP/AR isok

(C) RFKSLD00 variant 2

Acct Payable Balances in local currency FIN-GEM-0709 FI16 ZH1_FG M Used to reconc vendor bal w/GL to ensure integrity

(C) RFSSLD00 variant 2

GL Balances in local currency ( AP ) FIN-GEM-0709 FI16 ZH1_FG M Used to reconc vendor bal w/GL to ensure integrity

(C) RFDSLD00 variant 2

Acct Receivable balances in local currency FIN-GEM-0708 FI16 ZH1_FG M Used to reconc cust bal w/GL to ensure integrity

(C) RFSSLD00 variant 3

GL Balances in local currency ( AR ) FIN-GEM-0708 FI16 ZH1_FG M Used to reconc cust bal w/GL to ensure integrity

(C) SAPF190 GL Balance Comparative Report (Financial Comparative Analysis) FIN-GEM-0710 FI16 ZH1_FG M detect&advise of diff betw G/L bal&total openitems

(O) FB04/SAPMF01A

(O) FBV3/RFPUEB00

(O) FB11/SAPMF05A

(O) RFDAUB00