Highlights for Governance, Risk and Compliance (GRC) in SAP S/4HANA 2020: Part 2 – SAP Assurance and Compliance Software for SAP S/4HANA
Hello and welcome to PART 2 of my blog illustrating the latest and greatest highlights for Governance, Risk, and Compliance (GRC) with SAP S/4HANA 2020. In this blog, I highlight what is new with SAP Assurance and Compliance Software for SAP S/4HANA for Business Integrity Screening and Audit Management. If you’re interested in International Trade and/or SAP Privacy Governance, I highly recommend that you check out PART 1 of this blog: Highlights for Governance, Risk and Compliance (GRC) in SAP S/4HANA 2020 – International Trade and Integration with SAP Privacy Governance.
This blog covers the following topics:
Business Integrity Screening
- Address-Only Screening
- Delta Screening of Key Changes on Screening Lists
- Ad-Hoc Screening of Business Partners
- Maintenance of Additional Data Sources by Business Users
Business Integrity Screening
The solution enables enterprises across industries such as Insurance, Public Sector, Banking and Health-Care, Utilities or High Tech to detect, investigate, analyze, and prevent irregularities or fraud in ultra-high volume environments.
The first innovation with the 2020 release in the area of Business Integrity Screening that I would like to point your attention to is our new screening method called address-only screening. With this detection method, you can avoid sanctions imposed by screening regulations by identifying business partners who are co-located with business partners on sanction lists.
The new functionality allows you to screen and detect conspicuous business partner addresses without the name of the business partner. This is especially important for conspicuous addresses where there are several people co-located and/or in cases where there are people who have changed their names. The beauty of this screening method is that you can screen parts of an address such as street names, cities, ZIP codes, and country against uploaded watch lists lists from data providers. In addition, the UI of the Address Screening Hits section has been redesigned in order to improve usability and facilitate mass processing.
Fig. 1: As of SAP S/4HANA 2020, you can screen parts of conspicuous addresses without names of business partners
In the screenshot above, you see three screened addresses. When we look at the first screened address with the name and the address in Walldorf, Germany, we can easily see that we have one hit. The respective name was not found, meaning that it is not part of a sanctions list. However, the corresponding address has been found by the system and is an overall match of 100%. This means that this address is suspicious, but not for the fact that this person lives there. The address itself is a separate entity on a screening list. The overall match shows you how close, in percentage, the name and/or address is to a name from a watch list.
In the second example, with the name and the address in West Chester, USA, the system has screened name, address, and a combination of both, and it has returned three suspicious screening hits. The hit for the first screening where name and address screening has been combined, has the highest overall match with 98%. If you would like to have more information about what has been taken into account for the calculation of the overall match percentage, you can do a mouse over for the respective screening result. In the screenshot, you see that the system has calculated an overall match of 89%. There is a match regarding the address, but the name is stated as not applicable meaning it has not been taken into account with the overall match.
Fig. 2: The the percentage of the overall match is calculated based on the results in different areas such as address and/or name.
In the screenshot above, you can see how the system calculates separate matches for name and address and then calculates an overall match based on these percentages.
The next innovation that I would like to mention is the delta screening of key changes on screening lists. In the past, we sometimes had the situation that we had many unnecessary alerts due to insignificant changes on the sanction lists. In order to prevent this, we introduce a new functionality to reduce the number of unnecessary alerts by allowing you to select which changes you are interested in, e.g. names, addresses, cities/regions, provider list types, and provider list groups. All other changes are not taken into account by the system to reduce the number of alerts caused by insignificant list changes during delta screening. As you can imagine, this increases efficiency to a large extend as you have less manual efforts.
Fig. 3: Regarding delta screening of addresses, you can now select for the key changes to be considered with alerts
My next innovation is a new SAP Fiori app called ‘Ad-Hoc Screening’ which allows you to manually screen either a single name, a single address of a person or institution, or a name and an address against names and addresses in available screening lists. All you have to do is simply type in a name and/or an address and start the screening process. Also here it’s possible to screen address parts such as street names, city, ZIP codes, and country.
Fig. 4: With the new ‘Ad-Hoc Screening’ app, you can manually screen names and/or addresses in available screening lists.
With this innovation, business users who can’t make changes on the database level or create their own CDS views are now able to include complex lists of parameters into their detection methods. maintain lists which can be used in detection methods. For this, they can create, update, delete lists and upload them to the system.These lists can then be considered as parameters for screening methods and screening strategies.
Fig. 5: Business users can now easily upload complex parameter lists to include them in their screening methods
Audit Management supports and brings the existing audit process of an organization to the next level with an easy to use audit software.
This innovation brings the following benefits: It provides better collaboration between Audit Managers and Chief Audit Executives for updates of auditable item and the user experience for audit planning has been improved. In addition, efficiency is increased thanks to more flexibility.
In detail, the following new functionality is offered: Audit managers can now submit new auditable items or notify chief audit executives regarding changes to existing auditable items in order to have them approved. Audit Managers or Chief Audit Executives can now edit audits directly from within the audit plan. In addition, it is now possible to audit only parts of organizations and/or dimensions in auditable items. Chief Audit Executives can decide and document the audit scope for each audit plan based on the audit strategy in different time periods.
Fig. 6: As of this release, Chief Audit Executives can now edit audits directly from within the audit plan.
The Audit Management Overview app provides an analytical dashboard with interactive charts that present a consolidated view of the internal audit across your organization. It shows top risks, ongoing audit status overview, distributed audits, overdue action plans, escalated action plans, and action plans which require follow-ups. The data is visualized in compelling analytical dashboards to gain additional insights into the organization’s audit situation. The comprehensive audit reports support Chief Audit Executive in decision-making.
Fig. 7: The new app ‘Audit Management Overview’ shows audit-relevant analytical dashboard for Chief Audit Executives
For the maintenance of audit master data, we introduce several new SAP Fiori apps to support audit managers and auditors to focus their time on value-adding tasks through reduced complexity and time requirements for maintenance tasks.
- The ‘Risk Register’ app allows you to restore removed risks, define risk category ranges and use them to categorize risk, use color coding to denote risk levels, assign underlying risks and import risk assignments from SAP Risk Management.
- With the ‘Audit Universe’ app, you can enable approval processes which audit managers can use to submit auditable items to chief audit executives for review. In addition, chief audit executives can release auditable items. Auditable items can be deleted directly from within the app and you can display the activity history of auditable items.
- With the ‘Controls’ app, you can restore removed controls.
Fig. 8: With the ‘Audit Universe’ app, audit managers can enable approval processes for auditable items.
For more information on SAP S/4HANA 2020, check out the following links
- SAP S/4HANA release info: here
- Link Collection – Governance, Risk and Compliance (GRC) with SAP S/4HANA and SAP S/4HANA Cloud here
- SAP S/4HANA Community here
- SAP S/4HANA PSCC Digital Enablement Wheel here
- Inside SAP S/4HANA Podcast here
- Join the SAP S/4HANA Movement
- Best practices for SAP S/4HANA here
- Help Portal Product Page here