During my experience as an SAP auditor, I've compiled a practical reference of key SAP transaction codes (T-Codes) organized by business cycle. These are particularly useful for tracking, control monitoring, and audit testing. Focused primarily on display and reporting functions, they cover the most frequently used transactions for auditors.
I've shared this cheat sheet in numerous presentations and training sessions, consistently receiving strong positive feedback from participants.
Procurement – Supply Chain
ME23 : Display Purchase Order
FBL1 : Display Vendor Line Items
XK03 : Display vendor (centrally)
FK10 : Vendor Account Balance
MK03 : Display vendor (Purchasing)
VL03 : Display Delivery
KO03 : Display Internal Order
FCH2 : Display Payment Document Checks
Sales – Order Fulfillment
FD10 : Customer Account Balance
FBL5 : Display Customer Line Items
VF03 : Display Billing Document
VA03 : Sales Orders
VA05 : List of Sales Orders
VF05 : List of Billing Documents
KSB1 : Cost Line Items for CoCe
VD03 : Display Customer (Sales)
VT03N : Display Shipment
ME2L : Purchase Orders by Vendor
ME2M : Purchase Orders by Material
Asset Management
IE03 : Display Equipment
MI03 : Display Physical Inventory Document
AS03 : Display Asset Master Record
AR01 : Call Asset List
IH10 : Display Equipment
Finance & Controlling
FBV3 : Display Parked Document
FB03 : Display Document
KSB1 : Cost Line Items
KE5Z : Profit Center: Actual Line Items
FS10 : Balance GL
KCH3 : Display profit center hierarchy
FBL3 : Display G/L Account Line Items
KS03 : Display Master Cost Center
FBU3 : Display Intercompany Document
Inventories
MB03 : Display Material Document
MM03 : Display Material
MB51 : Material Doc. List
CKMB : Display Material Ledger Document
MD04 : Display Stock/Requirements Situation
MC.9 : Material Analysis / Stock
MMBE : Stock Overview
System
VL03N : Display Outbound Delivery
SP01 : Spool Request
SP02 : Spool - Output Device LOCL Wide Report
SE16 : Data Browser
SM35 : Batch Session: Overview
SMX : Own Jobs
Essential SAP Transaction Codes For Auditing: A Comprehensive Reference By Business Cycle
Why Transaction Code Fluency Matters For SAP Auditors
Effective auditing in an SAP environment requires the auditor to navigate the system with the same fluency as the business users whose activities are under review. Transaction codes are the entry points to every function in SAP, and an auditor who cannot locate, display, and analyze transactional data directly within the system is dependent on information prepared and filtered by the auditee, which compromises the independence and completeness of the audit.
This reference compiles the most frequently used SAP transaction codes for internal audit, SOX testing, compliance monitoring, and control verification, organized by business cycle. The codes are predominantly display transactions, meaning they allow the auditor to view data without modifying it. This distinction is important because auditors should generally operate with display-only access to production systems, and authorization profiles assigned to audit users should restrict access to display functions to prevent inadvertent or unauthorized changes to live data.
The reference covers both SAP ECC and, where applicable, the equivalent or replacement transactions in SAP S/4HANA. Organizations that have migrated or are migrating to S/4HANA should note that many classic transactions remain functional in the S/4HANA environment through backward compatibility, but several have been deprecated and replaced by new transactions or SAP Fiori applications. The S/4HANA implications are addressed within each business cycle section where relevant changes affect audit procedures.
Procure To Pay
The procure-to-pay cycle encompasses vendor management, purchasing, goods receipt, invoice verification, and payment processing. It is one of the highest-risk areas for fraud and financial misstatement and therefore one of the most heavily audited business cycles in any SAP environment.
ME23N displays individual purchase orders including header data, line items, conditions, delivery schedules, and the complete document history. This is the current standard transaction for purchase order display, having replaced the older ME23 transaction. Auditors use ME23N to verify authorization levels, pricing conditions, vendor selection, and whether purchase orders were created before or after the goods or services were received.
ME2N provides a flexible purchase order list with multiple selection and filter criteria, enabling auditors to extract purchase order populations for analysis by date range, purchasing organization, vendor, material group, or account assignment. This transaction is more versatile than the older list transactions for generating audit samples.
ME2L lists purchase orders by vendor, allowing the auditor to review the complete purchasing relationship with a specific supplier over a defined period. This is particularly useful for identifying concentration of spend with specific vendors or unusual purchasing patterns.
ME2M lists purchase orders by material, enabling the auditor to trace purchasing activity for a specific item across vendors and time periods. This transaction supports price comparison analysis and helps identify whether the organization is obtaining competitive pricing.
ME2K lists purchase orders by account assignment category, which is useful for identifying purchase orders charged to specific cost centers, internal orders, or projects. Auditors use this transaction to verify that expenditures are assigned to the correct organizational units and that approval authorities correspond to the account assignment.
MIR4 displays posted invoice documents from the invoice verification process. Auditors use this transaction to verify that invoices match purchase orders and goods receipts through the three-way matching process, to identify price variances, and to examine invoice blocking and release procedures.
FBL1N displays vendor line items, providing a complete view of all financial postings against a vendor account including invoices, payments, credit memos, and clearing entries. This is the current version of the vendor line item display, replacing the older FBL1 transaction. The N-version provides enhanced filtering, sorting, and layout capabilities that support more efficient audit analysis.
FK10N displays the vendor account balance, showing the aggregate balance and transaction summary for a vendor across company codes and fiscal years. Auditors use this to identify vendors with unusual balances, credit balances that may indicate overpayments, or aged open items that may indicate disputed transactions.
XK03 displays vendor master data centrally, including general data, company code data, and purchasing data in a single view. In S/4HANA, vendor master data is maintained through the Business Partner framework using transaction BP. Auditors should be aware that the transition to Business Partner consolidates customer, vendor, and other partner data into a single master record, which changes the navigation path and the authorization objects required for access. The older transactions MK03 for purchasing-specific vendor data and FK03 for financial accounting vendor data remain functional in S/4HANA but will eventually be fully deprecated.
VL03N displays outbound delivery documents, allowing the auditor to verify delivery quantities, dates, picking and packing status, and goods issue postings. In the procure-to-pay cycle, delivery documents are relevant when the organization manages inbound deliveries from vendors or when reverse logistics processes are in scope.
KO03 displays internal order master data, including the order type, responsible cost center, settlement rules, and status. Auditors review internal orders to verify that cost collection objects are properly configured and that settlement rules direct costs to the correct receiving objects.
FCH2 displays payment document checks, providing details of check payments including check numbers, amounts, payees, and encashment status. This transaction is relevant for auditing the payment disbursement process and for identifying checks that have been voided, reissued, or remain outstanding beyond expected clearing periods.
MRBR releases blocked invoices. While this is a processing transaction rather than a display transaction, auditors should be aware of it because the release of blocked invoices is a control point in the procure-to-pay cycle. Auditors can review the population of blocked and released invoices using report MIR6, which lists invoices in the invoice verification workflow.
Order To Cash
The order-to-cash cycle encompasses customer management, sales order processing, delivery, billing, and accounts receivable. This cycle is critical for revenue recognition, credit management, and the prevention of fictitious revenue and customer fraud.
VA03 displays individual sales orders, including header data, line items, pricing conditions, delivery status, and billing status. Auditors use this transaction to verify pricing accuracy, discount authorization, credit limit compliance, and whether orders were processed in accordance with the organization's sales policies.
VA05 lists sales orders by various selection criteria including date range, customer, sales organization, and order type. This transaction enables auditors to generate order populations for sample selection and trend analysis.
XD03 displays customer master data centrally, including general data, company code data, and sales area data. As with vendor master data, S/4HANA consolidates customer master maintenance into the BP transaction. The older module-specific transactions VD03 for sales and distribution customer data and FD03 for financial accounting customer data remain available but are being progressively deprecated.
FD10N displays the customer account balance, showing aggregate balances and transaction summaries across company codes and fiscal years. Auditors use this to identify customers with unusual balances, debit balances in credit accounts, or aged receivables that may indicate collection problems or revenue recognition issues.
FBL5N displays customer line items, providing the complete financial posting history for a customer account. This is the current version replacing the older FBL5. Auditors use this transaction to review invoice and payment activity, identify unusual clearing patterns, and trace individual transactions from order through collection.
VF03 displays billing documents, allowing the auditor to verify invoice amounts, pricing conditions, billing dates, and accounting entries generated by the billing process. The relationship between the sales order, delivery, and billing document forms the core audit trail in the order-to-cash cycle.
VF05 lists billing documents by various selection criteria, enabling auditors to generate billing populations for analysis and sample selection.
VT03N displays shipment documents, providing logistics detail about how goods were physically transported to the customer. Auditors may review shipment documents to verify that deliveries were actually shipped and to identify discrepancies between shipping records and billing documents.
Inventory And Materials Management
The inventory cycle encompasses material master management, goods movements, physical inventory, and inventory valuation. Inventory is a significant account for most manufacturing, distribution, and retail organizations and is subject to specific audit procedures for existence, completeness, and valuation.
MM03 displays material master data, including basic data, purchasing data, accounting data, and plant-specific data. Auditors review material master records to verify valuation class assignments, standard costs, and inventory management indicators that affect financial reporting.
MB03 displays individual material documents, which record every goods movement in the system including goods receipts, goods issues, transfer postings, and physical inventory adjustments. Each material document generates a corresponding accounting document, and the audit trail between these two documents is fundamental to inventory accuracy.
MB51 lists material documents by various selection criteria including date range, material number, plant, movement type, and user. This is one of the most important audit transactions for inventory because it enables the auditor to analyze the complete population of goods movements and to identify unusual movement types, off-hours postings, or movements processed by unauthorized users.
MIGO is the primary transaction for goods movement processing in current SAP versions. While it is a processing transaction, auditors should understand its functionality because it is the transaction through which goods receipts, goods issues, and transfer postings are executed. Display functions within MIGO allow the auditor to review goods movement documents with full detail.
MI03 displays physical inventory documents, including the count results, differences between book and physical quantities, and the status of the physical inventory process. Auditors use this transaction to verify the completeness and accuracy of cycle counting and year-end physical inventory procedures.
MMBE provides a stock overview for a material, showing current quantities across all plants, storage locations, and stock types including unrestricted, quality inspection, and blocked stock. This transaction is essential for verifying the existence and classification of inventory balances.
MD04 displays the stock and requirements situation for a material, showing the current stock position alongside planned receipts and requirements. Auditors may use this transaction to assess whether inventory levels are reasonable relative to demand and to identify materials with excess or obsolete stock positions.
CKMB displays material ledger documents, which record the actual cost flows associated with materials when the material ledger is activated. In organizations that use actual costing, this transaction is relevant for verifying inventory valuation adjustments at period end.
CKM3N displays the material price analysis, showing the price determination and variance allocation for a material in a specific period. This transaction is particularly important in organizations using the material ledger for actual cost determination, as it reveals the components of inventory valuation including purchase price variances, production variances, and exchange rate differences.
Asset Management
The asset management cycle encompasses the creation, capitalization, depreciation, transfer, and retirement of fixed assets. Fixed assets represent a significant balance sheet account for capital-intensive organizations and are subject to audit procedures for existence, completeness, valuation, and proper classification.
AS03 displays asset master records, including the asset class, cost center assignment, capitalization date, useful life, depreciation terms, and current book values. Auditors review asset masters to verify that capitalization policies are correctly applied and that depreciation parameters are consistent with the organization's accounting policies.
AR01 and S_ALR_87011990 generate asset listing reports that provide a complete inventory of fixed assets with their current values, accumulated depreciation, and net book values. These reports are the starting point for existence and completeness testing of the fixed asset register.
AW01N displays the asset explorer, providing a comprehensive view of an individual asset's values, depreciation, and transactions across all depreciation areas and fiscal years. This is one of the most useful audit transactions for fixed assets because it consolidates all financial information about an asset in a single view.
IE03 displays equipment master records, which contain the technical and maintenance-related data for physical assets. In organizations where equipment records are linked to asset master records, auditors can use this transaction to trace the relationship between the technical asset register and the financial asset register.
IH08 displays the equipment list, enabling auditors to generate populations of equipment records for comparison against the fixed asset register. Discrepancies between the equipment list and the asset register may indicate unrecorded assets, ghost assets, or incomplete retirement processing.
MI03 also applies to the physical inventory of assets when organizations conduct physical verification of fixed assets, though this function is more commonly associated with inventory counting.
ABAV and ABAVN are the transactions for asset retirements by scrapping. While these are processing transactions, auditors should be aware of them because asset retirements are a critical control point for verifying that disposed assets are removed from the register at their correct values and that any gains or losses on disposal are properly recorded.
Finance And General Ledger
The finance and general ledger cycle is the central audit domain because it encompasses all financial postings, period-end adjustments, intercompany transactions, and the production of financial statements. The general ledger is the ultimate consolidation point for all business cycle transactions.
FB03 displays individual financial documents, including the posting date, document type, line items, amounts, and the user who posted the document. This is the most fundamental financial audit transaction and is used to verify the accuracy and authorization of every type of financial posting.
FBV3 displays parked documents, which are financial documents that have been entered into the system but not yet posted. Parked documents represent pending transactions that may or may not be posted and are relevant to the audit because they may contain period-end adjustments, disputed entries, or transactions awaiting authorization.
FBL3N displays general ledger line items, providing the complete posting history for any GL account. This is the current version replacing the older FBL3. Auditors use this transaction extensively for substantive testing, analytical procedures, and the identification of unusual journal entries. The ability to filter by posting date, document type, user, and amount makes this transaction one of the most powerful analytical tools available to the auditor in SAP.
FAGLL03 displays line items in the new general ledger. Organizations that have activated the new GL functionality or migrated to S/4HANA use this transaction instead of or in addition to FBL3N. The new GL provides enhanced capabilities for segment reporting, document splitting, and real-time consolidation that affect how the auditor analyzes financial data.
FS10N displays general ledger account balances by period, providing the opening balance, total debits, total credits, and closing balance for each fiscal period. Auditors use this transaction for analytical review procedures and for reconciling account balances to the financial statements.
FBU3 displays intercompany documents, showing the financial postings that result from transactions between company codes within the same corporate group. Intercompany transactions are a significant audit focus because they must be eliminated in consolidation and because transfer pricing and intercompany margin are subject to regulatory scrutiny.
KSB1 displays cost line items for cost centers, providing the detailed posting history for management accounting objects. Auditors use this transaction to analyze overhead costs, verify cost allocations, and identify unusual charges to specific cost centers.
KE5Z displays profit center actual line items, enabling auditors to review the financial performance of profit centers and to verify that revenues and costs are assigned to the correct organizational units for segment reporting.
KS03 displays cost center master data, including the responsible manager, company code assignment, hierarchy assignment, and activity type indicators. Auditors review cost center masters to verify that the management accounting structure is consistent with the organizational structure and that cost center assignments in transaction data are reasonable.
KCH3 displays the profit center hierarchy, which defines the organizational structure used for internal management reporting and segment reporting. Auditors review the hierarchy to understand how financial results are aggregated for reporting purposes and to identify any structural anomalies that could affect the accuracy of segment disclosures.
OB52 displays and maintains the posting period configuration. This transaction controls which accounting periods are open for posting and is a critical control for the financial close process. Auditors should verify that posting periods are opened and closed in accordance with the organization's close calendar and that access to OB52 is restricted to authorized financial controllers.
S_ALR_87012332 and related standard SAP reports in the S_ALR series provide financial statement reports, trial balances, and other standard financial reporting outputs. The specific report numbers vary by organizational configuration but are essential tools for the auditor's analytical review procedures.
Treasury And Cash Management
Treasury operations encompass bank account management, cash positioning, payment processing, and financial instrument accounting. These functions involve direct control over cash and financial assets and therefore require specific audit attention.
FF7A displays the cash management position, showing expected cash inflows and outflows by value date. Auditors review this transaction to assess liquidity risk and to verify that cash forecasting procedures are functioning correctly.
FBL1N and FBL5N are also relevant to treasury auditing for the review of payment and receipt transactions against vendor and customer accounts respectively.
FCHI displays check information, allowing the auditor to review the status and history of checks including issuance, encashment, voiding, and reissuance. This transaction complements FCH2 and is useful for reconciling the check register against bank statements.
FF67 displays bank statement postings, enabling the auditor to review how electronic bank statements have been processed and reconciled within the system. Automated bank statement processing is a key control in the cash management cycle, and auditors should verify that the reconciliation rules are correctly configured and that exceptions are reviewed and resolved on a timely basis.
User Access And Security
The audit of user access, authorization controls, and segregation of duties is fundamental to every SAP audit engagement. Access controls determine who can execute which transactions and who can access which data, and weaknesses in the access control framework can undermine every other control in the system.
SUIM is the User Information System and is one of the most important transactions for SAP auditing. It provides a comprehensive set of reports for analyzing users, roles, profiles, authorizations, and transactions. Auditors use SUIM to identify users with critical authorizations, to analyze segregation of duties conflicts, to determine which users have access to specific transactions, and to review changes to user assignments over a defined period.
SU01D displays user master records, including the user's assigned roles, profiles, authorization groups, user type, validity dates, and logon data. Auditors review user masters to verify that access assignments are consistent with the user's job responsibilities and that terminated or transferred employees have had their access appropriately modified or revoked.
SU53 displays the last authorization check failure for the current user, showing the authorization object and field values that caused an access denial. While primarily a troubleshooting tool, auditors can use this transaction to understand the authorization logic applied to specific access attempts.
PFCG is the role maintenance transaction. In display mode, auditors use PFCG to review the composition of roles, including the transactions, authorization objects, and organizational values assigned to each role. Role design is the foundation of the access control framework, and auditors should evaluate whether roles are designed according to the principle of least privilege and whether they create segregation of duties conflicts when assigned in combination.
AGR_1251 and AGR_USERS are database tables, accessible through SE16N, that auditors frequently query to analyze role-to-authorization and role-to-user assignments across the entire system. These table queries are more efficient than reviewing individual roles through PFCG when the audit requires a system-wide analysis of access assignments.
Change Management And System Administration
Auditing the change management process and system administration functions is essential for verifying the integrity of the SAP environment itself. Changes to system configuration, programs, and master data are the mechanisms through which controls can be established, modified, or circumvented.
SE16N is the general table display transaction, providing read-only access to any transparent database table in the system. Auditors use SE16N extensively for direct data extraction when standard reports or transactions do not provide the required level of detail. Access to SE16N should be carefully controlled because it provides access to all data in the system without the application-level security restrictions that govern individual transactions.
SCU3 displays table change logs, showing changes made to customizing and configuration tables. This transaction is critical for auditing the change management process because configuration changes can modify the behavior of controls, posting rules, and business logic throughout the system.
SM21 displays the system log, which records system events, errors, and warning messages. Auditors review the system log to identify unauthorized access attempts, system errors that may indicate data integrity issues, and administrative events that warrant investigation.
SM37 displays the job overview, showing all scheduled and completed background jobs in the system. Auditors use this transaction to verify that critical batch processes such as payment runs, posting runs, and interface jobs have executed successfully and on schedule. Unauthorized or unscheduled batch jobs may indicate unauthorized processing.
SM04 displays the user overview, showing all users currently logged into the system. While primarily an operational monitoring tool, auditors may use this transaction to verify that concurrent logon restrictions are enforced and to identify unusual logon patterns.
SM35 displays the batch input session overview, showing data transfer sessions that have been recorded or are pending execution. Batch input sessions are used for mass data uploads and changes, and auditors should review them to verify that mass changes to master data, financial postings, or configuration data have been properly authorized and executed.
SP01 and SP02 display spool requests and output device assignments respectively. Auditors review spool management to verify that sensitive reports and financial data are printed only to authorized output devices and that spool retention and deletion policies are consistent with data security requirements.
STAD displays individual transaction step statistics, providing detailed information about which users executed which transactions at which times. This transaction provides the granular usage data needed to verify whether users have actually executed specific transactions, which is essential for detective SoD monitoring. Access to STAD requires basis-level authorization and should be coordinated with the IT administration team.
SM20 and RSAU_READ_LOG display the security audit log, which records security-relevant events such as logon attempts, failed authorization checks, transaction starts, and RFC calls. The security audit log is a critical detective control and a primary source of evidence for investigating suspected unauthorized access. Auditors should verify that the security audit log is activated, that it captures the events relevant to the organization's security policy, and that it is retained for a period consistent with audit and regulatory requirements.
SAP GRC Access Control
Organizations that use SAP GRC Access Control have access to additional transactions and tools that are specifically designed to support audit and compliance activities.
GRAC_SPM or the Fiori equivalent provides access to the Emergency Access Management (formerly Firefighter) log review, showing all activities performed by users under elevated emergency access. Auditors should review these logs to verify that emergency access was used only for its stated purpose, that activities performed under emergency access were subsequently reviewed by the designated controller, and that emergency access sessions were terminated within the authorized time window.
GRAC_EAM provides access to the Access Risk Analysis functionality, which automates the identification of SoD conflicts across the user population. Auditors should verify that the SoD ruleset is current, that risk analysis is performed regularly, and that identified conflicts are documented with either remediation actions or approved mitigating controls.
NWBC or the SAP Fiori Launchpad in S/4HANA provides access to the GRC dashboards and workflow interfaces that manage access requests, risk analysis results, and remediation tracking. Auditors should evaluate whether the workflows are configured to enforce the organization's access provisioning policies and whether the approval chains reflect appropriate segregation between the requestor, the approver, and the security administrator.
S/4HANA And Fiori Considerations For Auditors
Organizations operating on SAP S/4HANA should be aware that the audit transaction landscape is evolving. Many classic ECC transactions remain functional through backward compatibility, but SAP's strategic direction is to replace them with Fiori applications that provide role-based, browser-based access to the same underlying data.
For auditors, the most significant implications are as follows. The Business Partner transaction BP replaces the separate customer and vendor master display transactions including XK03, XD03, MK03, FK03, VD03, and FD03. Auditors working in S/4HANA must navigate the Business Partner framework to access master data, and the authorization objects governing access have changed accordingly.
Fiori applications carry different authorization objects than their classic GUI counterparts. An audit of user access and SoD in an S/4HANA environment that analyzes only classic transaction code authorizations will produce incomplete results. The SoD ruleset must include the Fiori app authorizations to provide a complete picture of user access.
Embedded analytics in S/4HANA provide real-time reporting capabilities that can supplement or replace some of the standard SAP reports traditionally used in audit. Auditors should familiarize themselves with the analytical capabilities available in their organization's S/4HANA environment, as these tools may provide more efficient access to the data needed for analytical procedures and continuous monitoring.
The simplification of data structures in S/4HANA, including the elimination of aggregate tables in finance and the convergence of financial accounting and management accounting into a single table (ACDOCA), affects how auditors query and analyze financial data. Direct table queries that were valid in ECC may require modification in S/4HANA to reflect the new data model.
From Transaction Codes To Audit Intelligence
A comprehensive transaction code reference is a necessary tool for any SAP auditor, but it is not sufficient by itself. The value of knowing which transaction to use depends on the auditor's ability to interpret the data it reveals, to connect findings across business cycles, and to evaluate whether the controls embedded in the system are designed and operating effectively.
Transaction codes provide access to data. Audit intelligence comes from understanding the business processes that generate the data, the control objectives that the data should satisfy, the fraud and error scenarios that the data may reveal, and the regulatory and financial reporting implications of any anomalies identified. The auditor who approaches SAP with this integrated perspective transforms a reference list into a systematic audit methodology.