Each year, we at VC ERP interact with a few hundred SME Finance Managers, Chartered Accountants and CFOs. Most of them find solace in using a simple Accounting System that has been running for several years in their company. However, the pandemic changed everything.

During the pandemic, many CFOs voiced their concerns about how lack of Internal Control was resulting in lack of discipline widely generating Accounting Errors. The implications were adverse, and the audit team has been stringently hitting memos for this chaos.

“Is it really that hard to implement Internal Controls in the company? Can it help streamline the process?”

Internal Controls are generally found to be hard to implement and very expensive to setup and practice. It reduces human errors & potential business loss, protects sensitive data, and brings process driven discipline in the organization. This results in high accuracy of data reporting for the ultimate decision making for the Management / Stake holders.

We must be able to fare appropriate checks and balances in our company for a friction less organization. Our external auditors should be adding the value more from strategy perspective than from just a general audit.

We have championed this topic very well and understand where the CFOs are coming from.

Here are the list of elements from SAP Business One and SAP Business ByDesign to help setup the most desired Internal Controls within the organization.

Elements in SAP Business One & SAP Business ByDesign for CFOs to implement internal controls

  1. Segregation of Duties – Who can access what?
  2. (User Access: Roles, Security and Authorizations)

    The teams work in silos and ERPs bring them together. However, who can / will do what is equally important as it is to work on a single platform.
    SAP Business One has a sophisticated user administration module. You can define a security level for an individual user or a group of users based on their department, role, designation, grade & autonomy and location. The administrator can always increase or decrease the level of authorization as per the needs.

    Examples:Procure to Pay Cycle

    a. A Buyer can create a Purchase Order or modify a draft Purchase Order. They can be restricted from changing an already released / issues Purchase Order. Only a Purchase Supervisor / Senior Manager can modify the Purchase Order and issue an updated PO to the vendor.

    b. An Accounts Payable Manager can only view a released Purchase Order issued from his office location. He / She cannot create a new Purchase Order or change / modify an existing one. They may book a Vendor Invoice against the Purchase Order and process the payment.

    c. CFO / Finance / Treasury Manager is specifically authorized to view the position of Cash, Bank and Liquidity to ensure the company has enough funds to keep the lights on and help grow more. Finance Manager can track budgets, utilization and control the spending.

  3. Change Log– who updated the document and when?
  4. All companies go through some level of attrition. Old people leave or get promoted and new people take their place. In many of the historical transactions, commercial approvals, discount approvals, Invoice Postings document creation and modification, we need to find out who created, who changed and who confirmed the transactions.

    SAP Business One maintains a well-organized trail of Change Log and Access Log. As the name suggests, Change Log maintains the changes recorded in the document. These changes are recorded at each field level, the original value and the updated value. Each change is recorded as a new Instance (Version) number; therefore, the user can recall all the instances where the documents were changed.


    A Sales Employee creates a Sales Quotation for a new customer with 10% standard discount. After further negotiation, the Sales Manager approved additional 5% discount, which results in total discount of 15%. When it is time to raise the invoice, the A/R Manager can review the versions of the Sales Quotation and see the revision made from 10% to 15% in the discount, therefore reflects the correct value in the invoice and share it with the customer.

  5. Access Log – who logged in and when?
  6. We all have secrets and we keep them well. SAP Business One does the same, it records all the logins for the Administrator to review.

    The Access Log maintains the Latest Login and Latest Logoff with date and time, number of failed login attempts, last password changed for each User. You can also view all the log-on and log-off details with IP Addresses and system information record for the given user.

    Administrator must “Monitor” late night logins, suspicious IP addresses and make sure the right users login at the right time. It is an essential parameter for Internal Control.

  7. Document Flow / Relationship Map
  8. Just like people, the documents are also related with each other. In a wholesome end-to-end processes like Procurement Cycle, Sales Cycle, Order Fulfillment Cycle, the documents are generated as in reference to each other.


    When an Accounting Clerk books a Vendor Invoice, the A/P Manager can easily identify all the documents related to the invoice – the vendor deliveries (Goods Receipts) booked by the Inventory team, the Purchase Order booked by the Purchase team in a well-designed graphical representation like an image below.

    SAP Business One records and organizes this in a well-articulated manner forever. When the audit team raises a query, the CFO just simply opens the document and checks the preceding and succeeding documents and easily completes the audit.

  9. Workflows and Approvals
  10. Approvals are the essential part of the business. More so, timely approvals can bring pace and agility in the business processes. However, this is one of most critical point for Internal Controls.

    Businesses suffer a huge loss when the purchases are made without budget checks, approvals or acknowledgement.
    The revenue disruption when wrong discounts are extended or poor customer engagement / experience. We cannot stress enough, approvals are essential.

    Approvals make everyone accountable for their actions, brings awareness / acknowledgement on the subject and commit to the transaction.

    Most commonly used approvals for better Internal Controls

    Invoice Discounts
    Purchase Orders
    Material Consumption Requests
    Production Order
    Stock Transfer Orders
    Leave / Time off Requests

  11. Process Validations / Check Points
  12. Just like workflows & approvals, cross department processes also require process validations and check points. This is to implement “Compliance” requirements, management review check-points or simply reduce human errors – they all improve business processes and Internal Controls.


    A pharmaceutical company following local or international Food & Drug authority rules and regulations, will have to incorporate a lot of regulatory compliance set by the governing bodies.

    The rules would pertain to “expiry date” of the material, quality / potency parameters of the materials, shelf-life compliance etc. The administrator can set the validation in the framework to ensure the right material is picked with appropriate Quality parameters for the Production.

To conclude, regular accounting software maybe comfortable and familiar; however, the need to have greater control has outpaced it. SAP for SME solutions such as SAP Business One and SAP Business ByDesign make implementing internal controls much easier and effective, virtually, taking half the load off the CFO’s shoulders.

Get in touch with VC ERP Consulting, award winning SAP Gold Partner, with 20+ years of experience and expertise today for a Free Consultation. Call us + 91 99789 60138, +91 79 48998911 (India), Whatsapp +254 111229970 (Kenya), +1 469 915 6026 (North America) or drop an email at