Skip to Content
Product Information
Author's profile photo Katrin Deissner

SAP S/4HANA Cloud, Private Edition, and SAP S/4HANA for Governance, Risk, and Compliance (GRC)| 2022 Product Update

This blog illustrates selected highlights in the area of Governance, Risk, and Compliance (GRC) with the SAP S/4HANA Cloud, private edition, and SAP S/4HANA | 2022 release. This time, we focus on innovations from International Trade Management, SAP Financial Compliance Management, SAP Privacy Governance, and Global Tax.

For the innovations in the area of Finance, please refer to the blog ‘SAP S/4HANA Cloud, Private Edition, and SAP S/4HANA for Finance | 2022 Product Update’ from Ulrich Hauke.

In detail, the blog covers the following topics:

International Trade Management

SAP Financial Compliance Management

SAP Privacy Governance

Global Tax

International Trade Management

Trade Compliance Checks for Purchase Requisitions

As you know, we offer tree kinds of checks when it comes to trade compliance: embargo, legal control, and SAP Watch List Screening checks. In addition to the already available integration in the import side, we support trade compliance checks for purchase orders, purchasing contracts, and purchasing scheduling agreements. Now with the SAP S/4HANA Cloud, private edition, and SAP S/4HANA | 2022 release, trade compliance specialists can take advantage of an additional document type to be included in their compliance checks on the import side: purchase requisitions. What we also offer are legal control checks for purchase requisitions for stock transport orders.

On the export side, we continue to support e.g. sales orders, sales orders without charge, sales contracts, and sales scheduling agreements.

Thanks to the embargo check, you can prevent activities with embargoed countries. With the SAP Watch List Screening integration, you can check your purchase requisitions for addresses of business partners who are part of a denied-party list and consequently block the corresponding transactions. In addition, via the legal control checks, you can check controlled goods in your purchase requisitions.

In the ‘Analyze and Resolve Blocked Documents’ app, you can identify blocked purchase requisitions in the system and process them as needed – e.g. by assigning missing licenses or classifications. In the ‘Manage Documents’ app, you can check the embargo, legal control, and sanctioned-party list screening status of the respective trade compliance documents and confirm or release trade compliance blocks.

Fig. 1: With the 2022 release, trade compliance specialists benefit from trade compliance checks for purchase requisitions

Please note:
Purchasing requisitions can only be considered by trade compliance checks if a supplier has been entered. Otherwise, the checks cannot be carried out. This can be either the fixed or the desired supplier. In case that both has been entered, the system takes the fixed supplier into account for its trade compliance checks.

Back to Top

Enterprise Search for Trade Compliance Documents

My next innovation today is from international trade. With the 2022 release, we introduce Enterprise Search to do fuzzy search for trade compliance documents. Thanks to this functionality, it is now very easy to gain an overview of the trade compliance documents that are existing in the system. For example, you can now display all of them and then use the available filters to narrow down the search results list e.g. by document category, company code, plant, partner country/region and document date.

From the search result list, you can use the smart links on the document numbers to get to the details of the respective search result with a summary of relevant information such as document status item number, check direction, product, plant, and partner.

Fig. 2: With the new release, trade compliance specialists can use the enterprise search functionality for trade compliance documents

In addition to using the smart link on the document number, you can also navigate directly from the respective entry in the search result to the ‘Manage Documents – Trade Compliance’ app to take further action on the respective trade compliance document, e.g. if there is a block regarding the document due to a missing license, you could assign it here and solve the issue. Moreover, it is also possible to search for trade compliance documents by material number.

Back to Top

Pop-Up in Sales Documents in Case of Trade Compliance Blocks

In sales documents, we now have pop-ups to show if a document is blocked by trade compliance checks. This is to make sales representatives aware of trade compliance findings regarding a sales order. So far this was only possible if a delivery document that is blocked by trade compliance is created.

Back to Top

SAP Financial Compliance Management

As you know from previous sessions, SAP Financial Compliance Management is a controls solution in the cloud which is closely integrated with SAP S/4HANA Cloud, private edition, and SAP S/4HANA. The corresponding scope item is ‘Financial Operation Monitoring with SAP Financial Compliance’ (3KY).

SAP Financial Compliance Management is a relatively new solution as it is available since Q1 2021 and it is steadily growing. In a nutshell, you could describe SAP Financial Compliance Management as a solution to detect and process so-called issues in your connected SAP S/4HANA and SAP S/4HANA Cloud systems. In order to detect these issues, you use automated and also manual controls which you execute via work package runs. For these controls, we provide a lot of business content, meaning predefined controls which you can use out of the box.

More Information

Back to Top

Tasks and Task List Templates

With the new release, compliance specialists benefit from a workflow-driven process during the issue and remediation phase as we introduced the concept of tasks and task list templates. This means that the issues have now tasks assigned to them and these tasks are based on context-sensitive, predefined task list templates which can be tailored to the unique requirements of your organization. And – as you can imagine – this allows you to process your issues in a highly structured, consistent, and of course also efficient way.

Let‘s take an example to make this more concrete: One of the predefined controls in the business content that SAP Financial Compliance Management offers for SAP S/4HANA and S/4HANA Cloud, is a control to detect duplicate invoices. Now, let‘s imagine that we want to find all duplicate invoices in our SAP S/4HANA system within a certain time frame with certain search criteria. After executing the control by triggering a so-called a work package run, SAP Financial Compliance Management comes up with a list of issues which match our search criteria. In our example, this is a list of duplicate invoices.

Until this release, we now had a list of issues with which we could do some basic actions, like categorizing them by means of priorities and issue categories, assigning an owner and setting a conclusion, but the actual issue processing and the remediation part was not yet there. So, the end-to-end process, was not yet complete.

Now, with the new release, we close the loop by introducing the concept of tasks and task list templates which allow you to use a workflow-based approach for the processing and the remediation of the issues. This means, you can configure so-called task list templates with tasks which can then be automatically assigned to the issues. So, if we stick with the example of the duplicate invoices, we could have an issue with an task list template that contains two tasks: one task might have the name ‚Visually compare the invoices‘ and another task could be ‘Contact the supplier who sent invoice‘.

The beauty of this is that it allows the compliance specialists to use these tasks from the task list templates and trigger further actions like assigning colleagues who are supposed to perform the respective tasks and very importantly the compliance specialist can also monitor the progress of the respective tasks.

Fig. 3: As of the new release, compliance specialists now benefit from tasks and task list templates for issues in SAP Financial Compliance Management

Let’s take a closer look at the screenshot above:

  • On the left, you the see the list of issues along with the risk level, status, and other information
  • In the middle in the Investigation and Remediation area, you can see which task list templates are assigned to the issue along with the respective completion information.
  • From the this information, the system has automatically assigned two tasks which you can see in the upper right section of the screen.

As a prerequisite, in order for the task list template and the assigned tasks to appear here, this needs to be configured in the system. As the next step, compliance specialists can go ahead and assign the tasks to the respective colleagues which are automatically notified via the Inbox App. In addition, compliance specialists can monitor the progress of the processing of the tasks in here.

More Information

Back to Top

New Business Content for SAP S/4HANA

Also regarding business content for SAP S/4HANA Cloud, private edition, and SAP S/4HANA with SAP Financial Compliance Management, there is good news to spread, as we offer eight additional controls with the new release.

If would like to have a complete overview of which controls are currently available, you can have a look at the SAP Help Portal. There is a section on the available business content where everything is described in detail. The business content itself is delivered in the SAP Financial Compliance Management system. It is available in the form of draft objects for automated procedures and controls in the system which you can then adapt to your needs.

Fig. 4: One of the 8 new predefined controls for SAP S/4HANA in SAP Financial Compliance Management

More Information

Back to Top

GRC Business Content Hub (not released yet)

Note: Expected to be released in Q4 2022!

As outlined already in the previous section, we provide a lot of so-called baseline content for SAP Financial Compliance Management. In addition to that, we would like to go beyond that and provide an option to partners to also provide own content and make business with it.

For that reason, we will introduce the GRC Business Content Hub which allows our partners and SAP to enrich the SAP Financial Compliance Management by providing own content via standardized offerings in order to support a scaleable business model and distribution channel. In For our cloud and on-premise customers, this means that they have have an easy and fast way regarding the consumption of business content for our cloud GRC solutions, such as SAP Financial Compliance Management.

Let’s take more detailed look the different content types:

  • Baseline content is meant to enable the usage of the solution covering various business areas that most customers can use. Every customer of SAP Financial Compliance Management gets this content.
  • General content serves very common business processes that are not industry-specific
  • Industry content serves industry-specific requirements and can be reused
  • Company-specific content is specific for one company or organization unit and solves individual requirements (provided by content provider or customer internally)

 

Fig. 5: Content types of SAP Financial Compliance Management

Key Features of GRC Business Content Hub

  • Partners can apply to become a content provider
  • Content is provided by content provider via so-called content packages, using specific SAP Fiori apps
  • Content is sold and available via the SAP Store and can be purchased by customers
  • Content is installed in a standardized way
  • Content runs out of the box

With the new role ‘Content ‘Manager’, controls, automated procedures, and also manual procedures can be exported to the GRC Business Content Hub via the Export button in the respective apps. After that, content managers can look at the exported objects in the new SAP Fiori app ‘Manage Business Content Objects’ and also see which package the respective objects have been assigned to.

In order to assign new objects to a content package, you to switch to the new SAP Fiori app ‘Manage Business Content Package’, where you can add the respective objects to the new content package and submit the package for release. After a final check by SAP, the package will then be made available on SAP Store for customers.

Back to Top

SAP Privacy Governance

As you know, SAP Privacy Governance is a cloud GRC solution which is closely integrated with SAP S/4HANA Cloud via the scope item ‘Privacy Risk Detection with SAP Privacy Governance (‏3KX‏)‘. The general direction of the solution is moving towards a security framework. In this context, many changes have taken place in the last months as the risk management part has been completely redesigned. The result is that now we have a completely new risk service and a new risk response service. In addition, we have a new asset service with which you can build a repository of assets.

More Information

Back to Top

Redesigned Risk Service and Risk Response

GRC Risk Service

For risk management in SAP Privacy Governance, we previously had two services, the Manage Risk Service and the Assess Risk Service. These two services have been merged together into the new GRC Risk Service where you can both maintain and assess your risks. The new functionality can be used in privacy or IT security contexts and supports NIST-compatible risk management processes.

The service allows you to display an overview of all potential risks identified by your organization and create or edit risks for further analysis. In addition, you can assess risk types and their impact for your organization. Moreover, you can calculate the likelihood of risks along with the estimated potential cost.

Please note that what is currently available is the minimum viable scope which is planned to be extended over the course of the next quarters.

Fig. 6: With the new GRC Risk Service, compliance specialists can maintain and assess risks

Back to Top

Risk Response

The second part of the new risk management is Risk Response. Here, you can create and assign response measures to risks. These measures are actions which should be implemented in order to handle the respective risk in case it occurs. They should be designed in such a way that they reduce the probability of the risk or its impact.

After a risk has occurred, the impact is remediated by taking the defined measures and , if required, risk management can be adapted accordingly. In addition, you can define a response type, assign a purpose, a response owner, and a due date. Furthermore, you can document the completion contribution of the respective measures with regard to the occurred risk.

The second part of the new risk management is Risk Response. Here, you can create and assign response measures to risks. These measures are actions which should be implemented in order to handle the respective risk in case it occurs. They should be designed in such a way that they reduce the probability of the risk or its impact.

After a risk has occurred, the impact is remediated by taking the defined measures and , if required, risk management can be adapted accordingly. In addition, you can define a response type, assign a purpose, a response owner, and a due date. Furthermore, you can document the completion contribution of the respective measures with regard to the occurred risk.

Fig. 7: With the new risk response functionality in SAP Privacy Governance, compliance specialists can create and assign response measures to risks

Please note that what is currently available is the minimum viable scope which is planned to be extended over the course of the next quarters.

Back to Top

GRC Asset Service

The GRC Asset Service is a brand-new service which allows you to maintain an inventory of your IT-related assets as part of your cybersecurity risk management. With this, you can create an inventory of assets by type and you can document the owner as well as the security objectives of an asset. The service provides predefined asset types that you can use out of the box. But of course, it is also possible to create custom asset types which you can tailor to your needs. Moreover, the service also allows you to assess the criticality of assets by running risk analyses with regard to threat and vulnerability analyses.

Fig. 8: With the new GRC Asset Service, compliance specialists can maintain an inventory of IT-related assets as part of a company’s cybersecurity risk management

Please note that what is currently available is the minimum viable scope which is planned to be extended over the course of the next quarters.

Back to Top

Tax

Electronic Purchase Orders and Sales Order Requests

Automate business processes leveraging the Peppol Network.

New Electronic Purchase Orders and Sales Order Requests Though Peppol Network

Automated processing of electronic orders for Germany, Norway and Netherlands (more countries on the road map):

  • Automated creation and exchange of electronic purchase orders upon creation of business documents.
  • Centralized monitoring across all electronic documents worldwide.
  • Handling of incoming sales order requests from customers.

Benefits

  • Increased efficiency and smoother upgrades
  • Early detection of issues and prompt investigation without relying on sample testing only
  • Minimized risk of non-compliance and late submissions due to technical errors

Fig. 9: With the new release, you can automatically create and exchange electronic purchase orders for Germany, Norway and the Netherlands

Back to Top

Manage Withholding Tax Items

Including / Excluding documents for withholding tax reporting with full traceability

New feature to further streamline statutory reporting and increase compliance by enabling manual adjustments of transactional documents in scope for withholding:

  • Enhanced financial documents to record the withholding tax reporting date
  • Ability for the GL accountant, tax consultant, or AP manager to include or exclude one or more documents for withholding tax reporting in a specific tax reporting period by changing the withholding tax reporting date

Benefits

  • Intuitively make corrections in withholding tax reporting
  • Reduce the risk of noncompliance due to manual mistakes
  • Minimize manual efforts for tracking corrections
  • Digitally prove when each invoice has been declared for withholding tax through the full audit

Fig. 10: With the new release, you can include and exclude documents for withholding tax reporting with full traceability

Back to Top

Automatic Sending of Withholding Tax Certificates Via E-Mail

Output Management for Withholding Tax Certificates

New feature to further increase efficiency of withholding tax reporting by automate handling of withholding tax certificates:

  • New address type on Business Partner Master Data for Withholding Tax Certificates.
  • Integration with Output Mangament (new applications) to enable automated Withholding Certificate via e-mail or print channels and handling of email templates in multiple languages.

Benefits

  • Minimize manual efforts for withholding tax certificates
  • Accurate recipient to ensure withholding tax certificates are corrected handled by vendors / customers
  • Reduce the risk of noncompliance due to delays or missed certificates
  • Friendly standard communications handled based on communication language

Fig. 11: With the new release, you can benefit from output management for withholding tax certificates

Back to Top

Automated Regression Tester for Statutory Reporting

Minimize the risk of non-compliance after OSS notes or system upgrades

New Automated Regression

New solution to automate regression testing, monitor finding and promptly notify errors for prompt investigations:

  • One-off definition of a snapshot for automated comparison of newly generated reports.
  • Automated scheduling of regression testing (e.g. daily).
  • Smart comparison to identify anomalies in legal files, file names, preview, validation messages and run-time app.
  • Automated notification is any failure.

Benefits

  • Increased efficiency and smoother upgrades.
  • Early detection of issues and prompt investigation without relying on sample testing only.
  • Minimized risk of non-compliance and late submissions due to technical errors.

Fig. 12: With the new release, you can automate regression testing, monitor finding and promptly notify errors for prompt investigations

Back to Top

For more information on SAP S/4HANA Cloud, private edition, and SAP S/4HANA | 2022, check out the following links

  • GRC Collection Blog (roadmap, release highlights, microlearnings) here
  • SAP S/4HANA release info: com/s4hana
  • SAP S/4HANA Community here
  • SAP S/4HANA PSCC Digital Enablement Wheel here
  • Inside SAP S/4HANA Podcast here
  • Join the SAP S/4HANA Movement
  • Best practices for SAP S/4HANA here
  • Help Portal Product Page here
  • Feature Scope Description here
  • What’s New here

 

Follow us via @SAP and #S4HANA, or myself via LinkedIn or @DeissnerKatrin

Assigned Tags

      2 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Tushar Poddar
      Tushar Poddar

      Hi,

      Thanks for the nice blog.

      Link for business content is not working. in SAP help portal business content page is about the functionality but no list of available content is there.

      Author's profile photo Katrin Deissner
      Katrin Deissner
      Blog Post Author

      Hi Tushar,

      thanks a lot for the positive feedback.

      I checked both links regarding the business content for SAP Financial Compliance Management and they both lead to the desired location: an overview page of the available business content for the solution. In the navigation on the left, you can navigate to the business content for controls, automated, and manual procedures.

      Thanks and best regards,

      Katrin