FOR ACADEMIC USE ONLY ALL MATERIALS FROM SAP LIBRARY ADAPTED WITH PERMISSION OF SAP AMERICA UNIVERSITY ALLIANCE
©2013 Ronny Daigle, Fawzi Noman, and Ross Quarles Page: 1
Classic Rockers Case
Student Text (MM, PP, SD, FI/CO)
Classic Rockers Case: Processing Transactions through the
Logistics and Support Processes of SAP with an Emphasis on Internal Control
Ronny Daigle Fawzi Noman Ross Quarles
Version 1.0
6/1/2013
Sam Houston State University Huntsville, Texas
Acknowledgements: The authors thank Kimberly Omura, Chris McMillan and Matt Williams for helpful edits of this case.
FOR ACADEMIC USE ONLY ALL MATERIALS FROM SAP LIBRARY ADAPTED WITH PERMISSION OF SAP AMERICA UNIVERSITY ALLIANCE
©2013 Ronny Daigle, Fawzi Noman, and Ross Quarles Page: 2
Table of Contents – Student Text
I. Chapter 1: Introduction This chapter provides a general description of the case for students and introduction to basic SAP modules and terminology, business processes, and types of data. This chapter also provides an overview of basic internal control concepts; specifically those emphasized throughout all chapters of the Case, such as control objectives, separation of duties, preventive vs. detective controls, and general vs. application controls. Many of the internal control questions asked throughout this case will require students to refer back to material discussed in this chapter.
II. Chapter 2: Procurement Logistics (MM) Discussion of the procurement process in SAP along with descriptions of the exercises in the Student Exercises document that require students to create vendor and material master records and go through the purchasing cycle from purchase requisition to logistics invoice verification.
III. Chapter 3: Production Logistics (PP) Discussion of the production logistics process along with descriptions of the exercises in the Student Exercises document that require students to create MRP views for materials, BOM, routing, run MRP, convert planned orders, issue goods to manufacturing, confirmation of completion, and order settlement.
IV. Chapter 4: Sales Logistics (SD) Contains description of the sales and distributions logistics process along with descriptions of the exercises in the Student Exercises document that require students to create customers, create sales views for trading goods and finished products, material prices, discounts, customer material info records, item proposal, customer inquiry, create sale orders, create delivery, pick goods, post goods issue, and bill the customer.
V. Chapter 5: Financial Accounting and Controlling (FI and CO) Contains discussion of both the financial accounting and controlling administrative processes along with descriptions of the exercises in the Student Exercises document that require students to create and/or process general ledger accounts, primary cost elements, vendor records, general ledger document entry, posting vendor invoices, posting outgoing payments, receiving customer payments, distribution cycle, and assessment cycle.
FOR ACADEMIC USE ONLY ALL MATERIALS FROM SAP LIBRARY ADAPTED WITH PERMISSION OF SAP AMERICA UNIVERSITY ALLIANCE
©2013 Ronny Daigle, Fawzi Noman, and Ross Quarles Page: 3
CHAPTER 1: Introduction to Case Case Overview Classic Rockers allows participants to process transactions and learn fundamental internal control concepts for sales logistics, production logistics, procurement logistics, and accounting/controlling. The case is preconfigured with all control/configuration data and master data necessary to process those transactions. However, for each area, the case has optional exercises that can be used by participants to set up the master data required for transaction processing. Each participant will utilize his/her own set of master data (either self- created or pre-established) to process transactions within Classic Rockers. The case can be used in its entirety (all sets of exercises – either with pre-established master data or with self-created master data) in classes that have the objective of addressing the primary business processes of sales, production, procurement and materials management, etc. Alternatively, each set of exercises addressing a particular logistics or support area can be used independently in classes where only that business area is of concern (again with or without master data creation exercises). Through the use of the Classic Rockers case, in total or in part, students are introduced to SAP navigation, master data use (and optional creation), transaction processing, the flow of data through each business process, the integration of the various processes with one another (i.e., an organization’s value chain), and fundamental internal control concepts specific to SAP. This feature allows the use of the case across disciplines with minimum detailed knowledge of the complete SAP system on the part of the instructor. Its best use would be to introduce students to how transactions are processed, how processing makes use of master data to process transactions across the value chain, and how internal control can help make information more reliable and the value chain more efficient and effective. These concepts, especially internal control, are typically covered in Accounting Information Systems courses. SAP Overview SAP (Systems, Applications and Products in Data Processing) started operations in Germany in 1972. It is the world’s largest vendor of standard application software, the fourth largest software vendor in the world, and the market leader in enterprise applications software. The most current version of R/3 utilizes client server technology and contains over 30,000 relational data tables that enable a company to link its business processes in a real-time environment. Each instance (installation) of SAP can be distinctively configured to fit the needs and requirements of customer operations (within limits). Basic SAP Modules Classic Rockers utilizes the five “basic” modules of SAP R/3 as described in the following table.
FOR ACADEMIC USE ONLY ALL MATERIALS FROM SAP LIBRARY ADAPTED WITH PERMISSION OF SAP AMERICA UNIVERSITY ALLIANCE
©2013 Ronny Daigle, Fawzi Noman, and Ross Quarles Page: 4
SAP Module
Function (Process) Functional Areas
MM Materials Management (Procurement Logistics)
Purchasing, invoice verification, inventory management, warehouse management
PP Production / MRP (Production Logistics)
MRP, production orders, bills of materials, work centers, routing instructions, batch management
SD Sales and Distribution (Sales Logistics)
Order entry, picking/packing/shipping, invoicing, inquiries, quotes, sales reporting
FI Financial Accounting (Support Process)
General ledger, A/R, A/PAY financial reporting, cash management legal consolidation
CO Cost Accounting (Support Process)
Cost accounting and internal reporting by cost center, internal order, project, profit center, or other unit, profitability analysis
The various modules of SAP R/3 are highly integrated. Much of the data in the system are shared. The table below indicates some of the sharing aspects of master data in SAP.
Master Data Record Modules Using Record
General Ledger Accounts FI, CO, SD,MM, PP
Customer Master Records FI, SD
Vendor Master Records FI, MM, PP
Material Master Records SD, MM, PP, CO
SAP General Terms There are a number of terms that have specific usage and meaning in dealing with SAP. Some of these general terms are identified below.
Client: The highest level in a SAP instance. A client is a self-contained unit with a separate set of master records and its own set of configuration tables. An instance (installation) can have more than one client (e.g., a training client, a testing client, and a production client). In using SAP the user logs on to a particular client that usually has a three digit numeric identifier. Company Code: Represents an independent legal accounting entity that contains a balanced set of books as required by law or regulation. A client may have more than one company code (e.g. a company code for the US, one for Germany, one for Canada, etc.) Chart of Accounts: A list of all accounts in the General Ledger for a company code. Each company code must be assigned one, and only one chart of accounts. However, more than one company code can use the same (i.e., identical) chart of accounts. SAP comes preconfigured with a large number of charts of account. For example, the delivered US chart of accounts is CAUS. Accounts can be added to, deleted from, or modified in the delivered chart of accounts as desired by the user.
FOR ACADEMIC USE ONLY ALL MATERIALS FROM SAP LIBRARY ADAPTED WITH PERMISSION OF SAP AMERICA UNIVERSITY ALLIANCE
©2013 Ronny Daigle, Fawzi Noman, and Ross Quarles Page: 5
Passwords: Each user has a unique password. On the initial log in to the system, the user must change a generic delivered password to one chosen by the user. The password must be at least three characters long, cannot begin with a “!” or “?”, and the first three characters unique and not contained in the user name. Roles and Profiles: Roles specify the sets of tasks or activities that can be performed by a particular user within the system. A role is assigned to each user. When the user logs on, the system automatically presents a specific menu for that user’s assigned role. For example, a receiving clerk should perform only certain tasks within the SAP system. When a receiving clerk logs on, that user’s role will define what the user will be allowed to view, create, change, delete, etc. Profiles work in the same manner as do roles to restrict authorization for access to the system. User profiles and roles are entered by system administrators into user master records thus enabling users to access and use specific functions within the system. SAP also produces a separate application enhancement called Governance Risk and Controls, which can identify compatible and incompatible duties with a color coding. This application is not part of the software you are using, but know that organizations use it to properly define roles. In the Classic Rockers case, users will have authorization to all master data and transaction processing applications. This would be highly unusual in actual practice given the need for internal control and separation of duties. The concept of separation of duties will be discussed later in this chapter, and emphasized through certain internal control questions you may be asked by your instructor at the end of each case. Session: Each instance in which a user is connected to the SAP system is known as a session. A user can have up to nine sessions open at any given time (but each session is logged into the same client and company code). Configuration: Configuration is table-driven customization of the SAP system to meet specific customer requirements. In configuration the user sets values in tables to cause the system to function in a desired manner. Configuration is somewhat like setting the defaults in a word process or spreadsheet application. It does not change the underlying source code in the system. In the Classic Rockers case there are no configuration exercises. The case system has been preconfigured.
Business Processes A business process can be described as a set of linked activities that transform an input into a more valuable output thus creating value. In many cases business processes are classified as operational processes or as support processes. At the most basic level, a typical business utilizes three operational processes: procurement (purchasing and materials management), production, and sales and distribution (customer order management). The typical support processes include accounting/controlling and human resources. While these processes have specific identities, they are linked together (integrated) in order to carry out the day to day activities of a business. For example, the sale of a manufactured product involves not only the sales process but also production (the creation of the product); procurement (of
FOR ACADEMIC USE ONLY ALL MATERIALS FROM SAP LIBRARY ADAPTED WITH PERMISSION OF SAP AMERICA UNIVERSITY ALLIANCE
©2013 Ronny Daigle, Fawzi Noman, and Ross Quarles Page: 6
necessary raw materials); accounting/controlling to determine the profit on the sale; and human resources to ensure the operations are staffed with qualified or trained employees. These linkages of activities across business processes necessitate the sharing of data across those processes, regardless of which process created the data initially. For example, data related to a finished product may be initially created in the production process, but the data are also required in the procurement process and, of course, in accounting/controlling for costing purposes, as well as in calculating pay based on work production hours. SAP as an integrated ERP system utilizes the principle of a common data record for a given object that can be accessed by any process that has need of the various attributes contained in that common record. Business processes are often viewed as elements of a logistics value chain. From this perspective the operational processes are defined as sales logistics, production logistics, and procurement logistics. This is the approach taken in the overall structure of the Classic Rockers case. The case is separated into the sections as outlined below. Types of Data There are three differing types of data within the SAP system: control or configuration data, master data, and transaction data. Control or configuration data include system and technical functions of the SAP system itself. These data drive the logic of the applications within the system and is primarily used for defining the details of business processes. For the Classic Rockers case, all control/configuration data have been pre-established so that no configuration is necessary to complete the case exercises. Master data represent the various business entities present in the system, both internal and external. For example, master data include internal entities such as the company, a plant, a sales area, a cost center, an account, a material, a routing, a bill of material, or a personnel file. In addition there are external entities that are a part of the system’s master data such as vendors, customers, employees, and even competitors. From one perspective, master data can be thought of as providing the “which” or the “what” that is of interest in the activities of the business process. The attributes of the fields within master data are relatively stable. For example, the master data for a customer containing specific values for the customer’s attributes such as name, address, delivery priority, terms of payment, etc. vary little over time. Once the master data record for the customer is set up in the system, it is rarely changed. Also, once set up within the system, it can also be accessed by any business process that may have use for the master data. For example, a customer master record may be used in sales, transportation and shipping, production, marketing, accounting, or any other process that may have use for data contained in the master record. The sets of exercises in Classic Rockers contain optional exercises that can be used to set up master data for each of the logistics areas and for accounting. If these optional exercises are not assigned or completed, the case contains pre-established master data records for each process that can be used to process transactions in the transaction processing exercises. As an additional alternative, the optional exercises involving creation of master data can also be used to create additional master data beyond that contained in the case. This allows creation of transaction processing exercises in addition to those already contained in the case.
FOR ACADEMIC USE ONLY ALL MATERIALS FROM SAP LIBRARY ADAPTED WITH PERMISSION OF SAP AMERICA UNIVERSITY ALLIANCE
©2013 Ronny Daigle, Fawzi Noman, and Ross Quarles Page: 7
Transaction data describe a business event or may be the result of a business process. For example, a sales order would contain transaction data that have resulted from a customer placing an order to purchase a product from the company. The various attributes necessary to process that sales order transaction would include such data as the customer (which allows detailed customer data to be drawn from the customer master record), the item or items being sold (which would draw data from the material master records for those items), the quantities being sold, the desired delivery date, the customer PO number, etc. While the customer master data for this transaction would be the same for various sales orders to that customer, the other data such as items wanted, quantities, delivery dates, etc. would most likely vary from order to order. For this reason, transaction data vary from event to event. Transaction data may also arise as the result of the outcome of a completed business process. For example, the system may process an inquiry to determine the current stock quantity level for a raw material. That inquiry is a transaction that extracts the data for the quantity on hand in the warehouse. This too, of course, will vary over time. Other examples, pertaining to human resources, would involve the hiring of employees and pay transactions. From one perspective, therefore, transaction data can be viewed as resulting from the events or activities that are taking place in the business. The transaction data represent the recorded attributes, elements, and results or outcomes of business events and activities, and, as a result is the most volatile and frequently used data in day to day business operations. Each of the logistics and support processes addressed in Classic Rockers contains exercises that require the processing of transactions through the particular process. Internal Control Internal control is an essential and fundamental element in any system for it to operate efficiently and effectively. The primary focus of internal control in this case is that in an accounting information system (AIS). To appreciate internal control, it is first important to appreciate the concept of an AIS. This section provides an overview of what is meant by an AIS and its integral components, which includes internal control. It also provides an overview of typical control objectives and internal control procedures, particularly application controls that are present in SAP. This and later sections of this chapter serve to summarize basic fundamental concepts that are discussed in commonly accepted internal control frameworks, such as the Committee of Sponsoring Organizations (COSO) Internal Control – Integrated Framework, and numerous AIS textbooks.1 Your instructor may have you refer to such discussion in conjunction with that summarized here for fully appreciating these concepts. To begin appreciating what is meant by an AIS, it is important to first appreciate what is meant by a system, and then what is meant by an information system. A system is a set of interrelated components working together to achieve a common purpose or set of objectives.
1 As an example of how the information discussed in this and later sections summarizes and can complement a
more thorough discussion found in AIS textbooks, citation references are provided on remaining pages of this chapter to certain information contained in Accounting Information Systems by Romney and Steinbart (11
th
Edition). Similar information to the cited information can be found in a number of other commonly used AIS textbooks,
FOR ACADEMIC USE ONLY ALL MATERIALS FROM SAP LIBRARY ADAPTED WITH PERMISSION OF SAP AMERICA UNIVERSITY ALLIANCE
©2013 Ronny Daigle, Fawzi Noman, and Ross Quarles Page: 8
With a focus on information as the purposeful outcome or objective of a system, an information system is a set of interrelated components working together to collect and process data into reliable information for decision-makers. With a further focus on accounting information, the data collected and processed into information is that from economic and financial events. Economic and financial events are not just those that give rise to recognition in an organization’s financial statements per Generally Accepted Accounting Principles (GAAP), but events that lead up to and follow such GAAP-related events. For example, the receipt of an order of goods is an event requiring recognition in the financial statements per GAAP. While the purchase order placed for those goods received is not recognized in the financial statements per GAAP, it is an important economic event for which data must be collected and processed for ensuring the later event of receiving is proper. Why is this so? It is so because the purchase order authorizes the receipt of goods. The lack of a purchase order should result in no receipt, and therefore no recognition of the receipt in the financial statements. To bring together the concepts of a system, information and accounting, an AIS is therefore a set of interrelated components working together to collect and process data from economic and financial events into information that is useful to decision-makers. AIS Components and Objectives In general, an AIS is comprised of the following basic interrelated components (Romney and Steinbart, 2009):
People who design, implement, manage, operate and maintain the AIS
Data that is collected and processed (see discussion of types of SAP data in the previous section)
Information that has been generated from data collection and processing
Formal and documented procedures to be performed for collecting and processing data into information (the exercises in the cases can be thought of as formal procedures, for example)
Software (such as SAP)
IT infrastructure (such as the computer on which you complete these exercises and the server on which SAP resides)
Internal control over data collection and processing, generating information, and safeguarding assets and data
These components are interrelated, meaning that the failure of one will likely lead to the failure of one or more objectives of the system. For example, if there is a lack of formal and documented procedures for training those who must collect and process data, then the information generated will have diminished value to decision-makers, leading to poor
FOR ACADEMIC USE ONLY ALL MATERIALS FROM SAP LIBRARY ADAPTED WITH PERMISSION OF SAP AMERICA UNIVERSITY ALLIANCE
©2013 Ronny Daigle, Fawzi Noman, and Ross Quarles Page: 9
decisions. As another example, internal control should be formally documented as part of the procedures for helping people and each process within a system. While people are arguably the most important component of any system because people design, implement, manage, operate and maintain all parts of the AIS, the failure of any component will result in the failure of the entire system. In general, there are three basic objectives of an AIS (Romney and Steinbart, 2009):
Collect and process data from economic and financial events
Generate information for decision-makers
Provide internal control over data collection and processing, generating information, and safeguarding assets and data
Just as the components of an AIS are interrelated, so are these basic objectives. If one objective is not met, the other objectives will likely not be met. Note that internal control is a basic component of an AIS, as well as its inclusion as a basic objective for helping collect and process data and generate information for decision-makers. While each organization has unique objectives specific to their business activities, every organization’s accounting information system has the generic objective of providing internal control over data, information, and assets. Internal Control Objectives Just as internal control is part of a system, internal control is also a system comprised of interrelated components that meet certain internal control objectives. The COSO Framework describes internal control as a process implemented by an organization’s management that provides reasonable assurance that certain objectives will be met:
Reliable financial reporting
Efficient and effective operations
Compliance with laws and regulations The objective of reliable financial reporting can be broken down further into common transaction-related control objectives for greater appreciation of just what is meant by “reliable financial reporting” (Romney and Steinbart, 2009):
A particular transaction is properly authorized (i.e., should have occurred).
A particular transaction is valid (i.e., did occur).
A particular transaction is recorded (i.e., the transaction has been posted in the records).
FOR ACADEMIC USE ONLY ALL MATERIALS FROM SAP LIBRARY ADAPTED WITH PERMISSION OF SAP AMERICA UNIVERSITY ALLIANCE
©2013 Ronny Daigle, Fawzi Noman, and Ross Quarles Page: 10
A particular transaction is recorded accurately (such as correct account; amounts, including any necessary reevaluations; dates; etc. being updated in records).
These transaction-related internal control objectives not only seek to ensure reliable financial reporting, but also seek to safeguard assets and data from loss or theft, as well as make business operations more efficient and effective through the information generated for making decisions. Just as both the components of an AIS and internal control objectives are interrelated, respectively, so are these objectives. Failing to record transactions accurately will likely result in lost or stolen assets, thereby making operations less efficient and effective. While these control objectives help enhance the processing of transaction data, please recognize that these control objectives are also applicable to master data, which is used for processing transactions. Just as transactions should be properly authorized, valid, recorded, and accurate, so should master data. Further, meeting these control objectives over master data will also enhance the safeguarding of assets and data from loss or theft, as well as make business operations more efficient and effective through the information generated for making decisions. This is because the master data are being used to properly process transactions. It is important to appreciate the emphasis on “reasonable assurance” in COSO’s description of internal control. This means that internal control is not perfect and absolute, but is to be reasonable for helping meet its objectives. Just what is “reasonable” is very subjective within any particular organization. It is the responsibility of an organization’s management to identify risks and respond appropriately with control procedures for helping provide reasonable assurance. Internal control can only provide reasonable assurance because there are certain inherent weaknesses in any system of internal control. These include management override of controls, collusion amongst people with incompatible duties and human error. The cost of a control in comparison to risk minimization can also be a prohibitive factor when designing internal control. For these reasons, there is no full-proof system of internal control. Internal Control Components COSO identifies five interrelated components of internal control for helping meet internal control objectives:
Control environment – The tone at the top of an organization; management’s philosophy and operating style; the board of directors; management’s commitment to integrity and ethics; management process and human resource standards
Risk assessment – Proper identification, response and management of risks that can impede or prevent operational objectives from being met
Control activities – Policies and procedures that help address risks and meet objectives
FOR ACADEMIC USE ONLY ALL MATERIALS FROM SAP LIBRARY ADAPTED WITH PERMISSION OF SAP AMERICA UNIVERSITY ALLIANCE
©2013 Ronny Daigle, Fawzi Noman, and Ross Quarles Page: 11
Monitoring – Review and response to how internal control is meeting risks and meeting objectives; includes internal audit activities
Information and communication – Gathering information about internal control and communicating it to management and employees provides feedback on what is being done successfully and what is not, so that improvements can be made for managing risks and meeting objectives
The most important component or foundation of internal control is the control environment. This is because it is management driven, and management is responsible for an organization’s internal control. In other words, internal control begins with management and its attitude and objectives. With respect to internal control activities, there are two basic categories: