RE:[sap-acct] Risk in giving user AFAB and FBO1
Posted by
Admin at
|
Share this post:
|
on 05/28/2009 03:00:00 PM
Hi -
Normally, I agree with Roy 100% - _including_ the tone of his messages.
It's usually exactly what the situation asks for. In this case, however, I
have to disagree with the content. I also hang out in the Security forum,
and I have to be honest. The folks over there are NOT functionally
knowledgeable about accounting, for the most part. There's a strong chance
they would refer a question like this to the Accounting forum! The
discussions over there tend to be more technical in nature, involving HOW to
manage security - and much less oriented towards WHY to manage it. It
really does take an accounting mind set to realize how the two activities
mentioned here (FB01 and AFAB) might lead to or allow for fraud.
On the other hand I do still sort of agree with Roy - I don't think it's a
question for this forum, either. Instead, I believe it's a _business_
question that must be answered by the upper levels of the Accounting
department - if for no other reason than the risk needs to be considered and
balanced against the very real cost of not allowing one person to perform
both tasks. Not many firms have Depreciation staffs who are unable to post
regular JE's. As for Roy's tone - should you really think it's wise to ask
an Internet forum to assess risk for you?
Dave
From: Jyoti Narang via sap-acct [mailto:sap-acct@Groups.ITtoolbox.com]
Sent: Thursday, May 28, 2009 1:40 AM
To: Dave Thornburgh
Subject: Re: RE: [sap-acct] Risk in giving user AFAB and FBO1
Hi,
I don't know if I should post my reply to this or not. I seriously feel that
there can be better ways to reply to the audience. I'm new to this forum but
after going through such replies, my reaction is to think a few times before
asking any doubt in this forum.
Knowledge can be shared and multiplied softly as well and we can be more
considerate and helpful.
Thats my personal opinion. No intentions to offend anyone.
Regards,
Jyoti
On Thu, May 28, 2009 at 1:33 PM, Roy Brookes via sap-acct <
sap-acct@groups.ittoolbox.com> wrote:
>
>
> The security forum is the only place for security questions. We are not
the
> security experts here.
> When you have earache do you go to the baker?
> Rgds, Roy
> Roy Brookes AFA, FInstBA,
> SAP Financials Expert,
> Senior SAP FI-CO-TR Consultant
> www.RoyBrookes.com
> Roy.Brookes@RoyBrookes.com
> Director,
> Software Partner Solutions limited
> www.software-partner-solutions.com
> RB@software-partner-solutions.com
> Roy.Brookes@Hamburg.de
>
> --------- Original message --------------
> From: rebates007 via sap-acct <sap-acct@Groups.ITtoolbox.com>
> Sent: Thu May 28 09:57:00 CEST 2009
> To: Roy Brookes <Roy.Brookes@Hamburg.de>
> Cc:
> Subject: RE: [sap-acct] Risk in giving user AFAB and FBO1
> >
> > Hi Roy,
> >
> > GRC contains several rules like:
> >
> > risk:F006- Pay a vendor invoice and hide it via asset depreciation : Pay
> an invoice and hide it in an asset that would be depreciated over time.
> > Post depreciation
> > AFAB
> > Post Document
> > FB01
> >
> >
> > I just wonder how exactly they can generate a fraud?
> >
> > Do you think that this type of questions can be answered inside the
> security forum?
> >
> > K.r.
> >
> > Dan
> >
> > ________________________________
> > From: Roy Brookes via sap-acct [mailto:sap-acct@Groups.ITtoolbox.com]
> > Sent: Thursday, May 28, 2009 9:48 AM
> > To: LUYTEN Daniel (BUDG-EXT)
> > Subject: AW:[sap-acct] Risk in giving user AFAB and FBO1
> >
> >
> >
> > The risk is that they may be able to do things. Maybe you do not want
> that.
> > Seriously this is a security question and should be in the security
forum
> not here.
> > Rgds, Roy
> > Roy Brookes AFA, FInstBA,
> > SAP Financials Expert,
> > Senior SAP FI-CO-TR Consultant
> > www.RoyBrookes.com
> > Roy.Brookes@RoyBrookes.com
> > Director,
> > Software Partner Solutions limited
> > www.software-partner-solutions.com
> > RB@software-partner-solutions.com
> > Roy.Brookes@Hamburg.de
> >
> > --------- Original message --------------
> > From: rebates007 via sap-acct <sap-acct@Groups.ITtoolbox.com>
> > Sent: Thu May 28 09:24:07 CEST 2009
> > To: Roy Brookes <Roy.Brookes@Hamburg.de>
> > Cc:
> > Subject: [sap-acct] Risk in giving user AFAB and FBO1
> > >
> > >
> > > Whats the risk giving a user AFAB(post depreciation) and
FB01(posting)? __.____._
Toolbox.com
4343 N. Scottsdale Road
Suite 280
Scottsdale, AZ 85251
In the Spotlight
Manage group e-mails
Create an FAQ on this topic
Tell us what you think
Unsubscribe from discussion