We've been working thru controls (with EY and Protiviti) and the ask came from our accounting team if we could lock down the types of journal entries select users can post. When we post a journal entry, currently a user can choose any of the types in the header including the Data Transfer journal entry type (UE) which is used by the technical user acct which our API's use to post store revenue and deposits and supplier invoices.
- Can we limit posting to the UE JE type (so only the technical user can post to it)?
- Can we restrict specific journal entry types to be read/write by user role?
- How are others extracting large sets of data from SAP to support SOX controls (or other needs)?
If we cannot limit the journal entry types our users can post to we have been told we need to export all journal entries for a quarter in the audit in one file. That is 1.5-2.0 million JE line items and growing with every new store opening. We've only been able to export from S/4HC ~130-150,000 records at a time without the browser timing out which means that to get a quarter out of the system we are extracting 10+ files which both audit firms say but as at risk for failing the control.
Really interested in how others are doing it or how they've been advised to do it by auditing firms.