| Document types give the user the ability to change various security settings related to documents such as whether a buyer can approve their own PO, whether an approver can modify a document, approval hierarchies, which buyers can access the information, which workflow is used, etc. This is a key configuration with many control issues within purchasing. Risks vary based on the setting(s) changed. |