Hi Silvia,
For manual postings (KB11N, KB21N, KB15N), only authorization object K_VRGNG is checked. So there is no authorization check as company code is not CO object. You might want to consider the User-Exit: (Enhancement COCCA002 and COCCA001) Customer Functions for
Organizational Authorization Checks. You may get your ABAPER to code and activate the user-exit.
Best regards, Gordon