Start of Content Area

Component documentation Management of Internal Controls (FIN-CGV-MIC) Locate the document in its SAP Library structure

Purpose

The Management of Internal Controls (MIC) component enables you to move toward compliance with the software requirements laid out in the Sarbanes-Oxley Act of 2002 (SOA). Furthermore, you can deploy the component in other projects for process enhancement, such as Six Sigma projects.

The Sarbanes-Oxley Act applies to all companies whose stock is traded on a large scale in the USA. SOA establishes heightened requirements in the areas of corporate governance, financial disclosures, and accountability for fraud.

In particular, the MIC component enables companies to implement the requirements laid out in sections 302 and 404 of the SOA:

·        Section 404 mandates a report by company management regarding the internal controls implemented in the company. This report forms a mandatory part of the annual financial statement and must consist of the following parts:

¡        Documented internal controls for the correctness of financial reporting

¡        Documented internal controls that concern the complete and accurate representation of the company for public disclosure

¡        An assessment of the completeness and effectiveness of the internal controls

This is checked and attested by the external auditing company during the annual audit of year-end financial statements.

·        Section 302 stipulates that management must provide either annually or for each quarter written assurance regarding the correctness of financial reporting and the effectiveness of the internal controls implemented in the company.

Notes on Implementation

MIC forms part of the software component FINBASIS.

The Implementation Guide with which you perform Customizing and in which you find the administration functions for MIC forms part of the SAP Reference IMG.

Note also the Structure linkSecurity Guide for MIC, which you also find on SAP Service Marketplace at service.sap.com/securityguide.

Recommendations on Client Usage

·        If you want to record table changes, we recommend running MIC on a different client. For more information, see the IMG documentation under Management of Internal Controls ®Record Table Changes.

·        If you use MIC in your HCM system and have stored your company's organizational plan in the Organizational Management component, the organizational plan is visible in MIC as the organizational hierarchy when you use the same client. If you do not want the HCM data to be visible in MIC (and vice versa), you can run MIC in a separate client or store the structures that are only relevant for MIC under Structure Setup ® Mark Organizational Hierarchy as Relevant for MICin Customizing for MIC.

·        If you run MIC in your HCM system and want to use the automatic transport connection in this system for Organizational Management, you should run MIC on a different client because the Web applications for structure setup in MIC do not support the automatic transport connection.

 

See the following matrix for an overview of the recommendations on client usage:

 

Table Changes Are Recorded

Organizational Management Data Is Applied

Automatic Transport Connection Used in Organizational Management

Separate Client for MIC

X

 

X

Same Client

 

X (*)

 

(*) Alternatively, you can use the ALE functionality or the upload/download functionality available in Organizational Management.

 

Note also that you cannot run MIC and Public Sector Records Management (PS-RM) in the same client.

Features

MIC allows you to represent the control activities in your company that are implemented in the processes having an impact on financial statements.

MIC applies the recommendations for internal controls made by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) in the COSO Report.

User Interface

The MIC functions are not accessed from the SAP Easy Access menu in the SAP GUI, but instead using an HTML start page. The reason for this is that the MIC applications are realized as Web applications in the People-Centric UI Application Window). Authorizations for access to the Web applications are assigned to users using a roles and authorizations concept that is specific to MIC.

Central Catalogs

MIC enables you to centrally define an organizational hierarchy, a central process catalog, an account group hierarchy, and a management control catalog. Furthermore, you can document your decision as to why the individual organizational units of the organizational hierarchy fall within the scope of your MIC project (see Documenting Organizational Units within the Project Scope).

Local Settings

It is then possible for each organizational unit to decide locally which processes, account groups, and management controls are relevant to them and to document their internal controls accordingly (see Settings for the Organizational Unit).

Workflow

Moreover, MIC supports a workflow for assessing the documented controls from the control design and efficiency point of view as well as for testing control effectiveness (see Assessment and Test).

Once the reported issues have been resolved, the org unit owners from the lowest to the highest level of the organizational hierarchy can sign-off (bottom-up) in accordance with SOA section 302, thereby confirming that they acknowledge the status of the internal controls and that they are informed about any issues present (see Sign-Off).

 

 

End of Content Area