Governance, Risk, and Compliance (GRC) with SAP S/4HANA Cloud 2108
Hello again and welcome to my blog featuring our key highlights for Governance, Risk, and Compliance with S/4HANA Cloud 2108. Adding to the innovations illustrated in my last blog on Governance, Risk, and Compliance (GRC) with SAP S/4HANA Cloud 2105, we deliver exciting innovations from SAP Financial Compliance Management, International Trade, SAP Privacy Governance, as well as SAP Document Compliance and Advanced Compliance Reporting.
Watch my video to get a quick overview of our SAP S/4HANA Cloud 2108 highlights for Governance, Risk, and Compliance:
SAP Financial Compliance Management
- Trade Compliance Checks for Inbound Deliveries and Trade Compliance Status in Delivery Documents
- Enhancement of Global Trade Services Integration for Customs Processes
SAP Privacy Governance
- Manual Procedures for Privacy Risks
- OpenSAP Microlearning Available: Introduction to SAP Privacy Governance
SAP Document Compliance and Advanced Compliance Reporting
SAP Cloud Identity Access Governance
If you are interested in what is new for Finance, you can check out the blog by Ulrich Hauke on Finance for SAP S/4HANA Cloud 2108.
SAP Financial Compliance Management
You might remember from my last two blogs that with the 2102 release, we shipped the first version of SAP Financial Compliance Management. Our nex-next generation control solution is based on SAP Business Technology Platform and allows you to introduce proactive risk management within your company.
If you are new to the topic of SAP Financial Compliance Management, I recommend that you first read my blog on Governance, Risk, and Compliance (GRC) in SAP S/4HANA Cloud 2102. There, you will find a quick introduction into the new cloud GRC product. Please note that SAP Financial Compliance Management is not part of SAP S/4HANA Cloud, but a separate product and requires a separate licence.
My first innovation today is from SAP Financial Compliance Management. Adding to an already extensive list of delivered business content, more than 25 additional predefined automated controls are being made available for S/4HANA Cloud 2108. So by now, you can choose from more than 60 controls. These controls enable your organization to remain compliant with SOX and other regulations like for example IFRS 15 Revenue Recognition.
The beauty of our best practice content is that compliance managers can save time and effort by utilizing ready-made checks that are essential for financial compliance. You can use the predefined automated procedures and controls either out-of-the-box or you can tailor them to your needs by using them as a template.
Here are some examples of controls that we included with 2108:
- Change logs: Monitor and review changes made to customers, suppliers, general ledger accounts, products, and product plants
- Invoice checks: Find inconsistent, missing, or suspicious document data
- Supplier and customer checks: Ensure that no critical information is missing
- Standalone selling price: Monitor your products to ensure that they are being sold at the correct selling price
- Assets under construction: Ensure that only one WBS element is used
In the next chapter, you will find more details on the new control for revenue recognition as well as a system demo of it.
- SAP Help Portal: Best Practice Content of SAP Financial Compliance Management for SAP S/4HANA Cloud
- Best Practice Explorer: Financial Operation Monitoring with SAP Financial Compliance (3KY)
One very prominent example of the new business content for SAP S/4HANA Cloud 2108, is the new control for contract-based revenue recognition which allows you to automate the detection of compliance risks before their effects become material to financials and are identified by auditors. You can use the automated compliance rule to detect a critical deterioration of the actual selling prices compared to the standalone selling prices applied in accounting for the transactions. You can evaluate past transactions to assess whether a narrow range of observable selling prices exists and verify whether the correct standalone selling price is applied to the underlying product or service for the allocation of the transaction prices.
With SAP Financial Compliance Management, you can prioritize your work items for checking revenue issues and track findings and resolution for full auditability, increase overall reliability of financials and provide feedback to policy owners for common issues requiring clarification. In addition, you can utilize a platform to quickly analyze issues and extend the controls on a common framework for setting up detection rules, running automated controls, and remediating identified issues.
In order to achieve this, you can compare the transaction prices that were charged with the standalone selling price (SSP) range for variable time periods, e.g. the previous four quarters. You can validate SSP compliance for each group (e.g. performance obligation name in Revenue Accounting) and a percentage of transactions concentrated around the +/- corridor for the standard SSP price. In addition, you can check the SSP compliance to evaluate whether the correct SSP is applied to the underlying product/service for the allocation of the transaction prices in multiple element arrangements (MEAs).
Video 2: With the 2108 release, compliance managers can detect critical deteriorations of the actual selling prices compared to the standalone selling prices applied in accounting
- Excellent blog ‘Early Warning Mechanism for Standalone Selling Price Compliance Risks‘ by Ling Zeng which describes the control in more detail
- SAP Help Portal: Early Warning Mechanism for Standalone Selling Price Compliance Risks
Also for International Trade, we have several cool innovations that I would like to share with you. With SAP S/4HANA Cloud 2108, trade compliance specialists can now perform legal control, embargo and Watch List Screening checks for inbound deliveries. Moreover, the trade compliance status is now displayed in inbound deliveries.
Video 3: Trade compliance specialists can now perform legal control, embargo and Watch List Screening checks for inbound deliveries
This innovation is especially good news for customers who have a SAP Global Trade Services solution in place already and would like to integrate with SAP S/4HANA Cloud. The integration from SAP S/4HANA Cloud to SAP Global Trade Services (SAP GTS), enables you to use Customs Management in your SAP GTS system. Thanks to the enhancement of the SAP Global Trade Services integration for customs processes with economic impact, you can transfer your existing stock in SAP S/4HANA Cloud to SAP GTS to include it in duty-paid stock. This is to ensure that after you start to use customs processes with economic impact – such as the customs warehouse functionality – your existing stock, which has already been duty-paid, is correctly reflected in SAP GTS.
- Existing scope item: Customs Management with SAP Global Trade Services (2U1)
SAP Privacy Governance
Also with SAP Privacy Governance, there is good news to spread. As you are well aware, we offer already a multitude of pre-defined automated procedures for detecting privacy risks in your connected SAP S/4HANA and SAP S/4HANA Cloud systems. As you can imagine, this is of outmost importance, for example, when it comes to private data which should not reside in the system anymore or in case of missing configurations in ILM.
If you are new to the topic of SAP Privacy Governance, I recommend that you read my blog on Governance, Risk, and Compliance in SAP S/4HANA Cloud 2005 where I provide a quick intro into the product.
What is new with the 2108 release, is that Compliance Managers benefit from the new option to not only create automated procedures, but also manual ones. This is relevant for all aspects of privacy procedures which cannot be automated. Typical examples might be the screening of local files such as MS Excel or MS Access databases, reviews of physical data protection measures, or conducting privacy assessment interviews with important stakeholders.
Fig. 1: As of SAP Privacy Governance 2108, Compliance Specialists can use not only automated but also manual procedures
Using the new manual procedures, you can create action plans with multiple steps which can be manually performed by one or multiple responsibles along with assessments of the individual steps as well as an overall results. Similar to the automated procedures, the manual procedure is mapped to a control and the execution of the control is planned and scheduled by means of a work package. The work package triggers the creation of a task in the inbox of the respective assignee. This person performs and documents the steps along with individual assessments as well as an overall result of the manual procedure.
In addition, we are proud to announce that the first OpenSAP microlearning for SAP Privacy Governance has been published. It provides an introduction to our cloud-based solution SAP Privacy Governance. In addition, you will learn about the two key features Regulation Management and Policy Management.
Fig. 2: The new microlearning on OpenSAP provides an introduction to SAP Privacy Governance and its key features Regulation Management and Policy Management
SAP Document Compliance and SAP Advanced Compliance Reporting
With release 2108, we deliver a single, easy-to-use, SAP Fiori dashboard called ‘Document and Reporting Compliance’ that allows you to monitor and follow-up on all compliance tasks across countries, irrespective of their frequency, from real-time business documents to periodic/ad-hoc aggregated reports. This dashboard will help you to respond to the latest digitization trends all governments follow: They demand more data in more real-time. In fact, this increased complexity of the tax mandates is not only raising the bar for compliance, but also forcing organizations to re-think how they run compliance otherwise they would lose the license to operate. The tight controls being introduced in all countries allow to establish a full digital link between business documents in S/4HANA and Tax Authorities. And that link now forms the basis to transform compliance.
Even if we take a seemingly simple country example like Spain, where invoices are still only sent to Governments after they have been exchanged with Business Partners, the document-level information transmitted electronically in near real-time allows Governments to create the source of truth on their side, that can be used to prepare the return on behalf of Tax Payers. And this is what Spain will do in the near future, creating the need to reconcile the authorities’ draft returns with the actual business transactions in your system in no-time. And it is to fulfill this upcoming business need that we have delivered a combined dashboard that allow to seamless manage real-time, periodic and ad-hoc reporting mandates worldwide.
Fig. 3: As of SAP S/4HANA Cloud 2108, tax accountants can analyze, resolve and complete both compliance issues and compliance apps in the new app ‘Document and Reporting Compliance’.
This combined dashboard provides one centralized cockpit to monitor and manage compliance. It provides real-time insights across legal mandates, one centralized entry point that enables seamless corrections and a unified user-experience across countries and mandates, customizable to your needs. And, if you would like to have a deep dive on what the new app offers with 2108, please check out Video 3 (with audio) which provides a detailed demo.
Video 3: Demo video on the new app ‘Document and Reporting Compliance’ that allows tax accountants as of SAP S/4HANA Cloud 2108 to analyze, resolve and complete both compliance issues and compliance apps in one app.
SAP Cloud Identity Access Governance
The open interface for external system integration to extend access governance enables access compliance for third-party business applications. It supports creating access requests and provides a lookup interface for specific entities that are required to create requests. This allows the initiation of access requests in third-party identity management and ticketing systems and simplifies access request and approval processes by extending the existing processes. In addition, integration with the required data available for submitting access requests has become much easier.
Fig. 4: The ‘Access Request Service’ API enables external applications to submit requests to SAP Cloud Identity Access Governance for further processing.
It comes with the following Rest APIs:
- Access Search: Searches the accesses that can be requested
- Application User: Fetches the list of application users for SAP Cloud Identity Access Governance which are allowed to create or view the status of the request
- Create IAG Request: Creates access requests for assignment creation or update
- Custom Field: Retrieves the list of custom field configured in SAP Cloud Identity Access Governance
- Request Priorities: Returns the available priorities from which one can be chosen to create a request
- Request Reason Codes: Retrieves the list of request reason codes
- Request Status: Retrieves the request status details for already submitted requests
- SAP API Business Hub: SAP Cloud Identity Access Governance, Access Request Service
For more information on SAP S/4HANA Cloud, check out the following links:
- GRC Collection Blog (roadmap, quarterly release highlights, microlearnings) here
- SAP S/4HANA Cloud release info: http://www.sap.com/s4-cloudrelease
- Latest SAP S/4HANA Cloud Release Blogs here and previous release highlights here
- Product videos on our SAP S/4HANA Cloud and SAP S/4HANA YouTube playlist
- SAP S/4HANA PSCC Digital Enablement Wheel here
- Early Release Webinar Series here
- Inside SAP S/4HANA Podcast here
- openSAP Microlearnings for SAP S/4HANA for Finance and GRC here
- Best practices for SAP S/4HANA Cloud here
- SAP S/4HANA Cloud Customer Community for Finance here
- Feature Scope Description here
- Help Portal Product Page here
- Implementation Portal here