GRC Tuesdays: What’s New in SAP solutions for Three Lines
Following the success from the previous “What’s New” blog, I have once again asked their inputs from my colleagues from SAP GRC Product Management – Marie-Luise Wagener-Kirchner and Paul Petraschk, but also extended the invite to James Chiu from SAP GRC Solution Management to add to the list of highlighted enhancements for SAP solutions for Three Lines (i.e. SAP Process Control, SAP Risk Management, SAP Audit Management and SAP Business Integrity Screening).
This blog is therefore only a short summary of the selected enhancements delivered. More details are of course available in the links mentioned at the end of this blog.
Adding Continuous Control Monitoring to Manual Control Performance
Before I even start on detailing this enhancement, just a quick note on few concepts:
- Continuous Control Monitoring (CCM) provides automated monitoring of user-defined business rules and parameters, with identified and exceptions routed to appropriate stakeholders
- Manual Control Performance (MCP) is a process to perform controls manually, which involves a control performance plan documenting the detailed steps to be performed by control performers. Users can add control performance steps to any control (central and local) and create a plan for manual control performance
As requested by customers of SAP Process Control, an integration of Manual Control Performance (MCP) and Continuous Control Monitoring (CCM) functionality has now been delivered to better support the semi-automated performance of controls. With this integration, organizations can now combine automated controls with manual control performance for a holistic representation of associated tasks while automation is now supported to the extent possible.
With the existing Continuous Control Monitoring (CCM) functionality based on data source and business rule, the control logic is defined to generate exception data to be further analyzed and used for further manual control performance.
The integration involves the following process:
Search Work Items
With Support Package 03 delivered some time ago, we already introduced the Work Item Search in SAP Process Control and SAP Risk Management that allows users to search for specific work items matching the criteria defined by the user. This capability has since been continuously enhanced up to the very latest Support Package to meet the different use cases.
With the recent enhancement to the feature, business users and GRC administrators now have a dedicated and comprehensive search function available for their Work Items that also includes sorting and filtering of associated attributes.
Cancel Work Items
With this new feature in SAP Process Control and SAP Risk Management, business users can now delete obsolete or invalid work items from their inbox for a particular set of workflows.
Once a cancellation has been requested by the recipient, GRC administrators receive it automatically and can process it accordingly:
- Confirm cancellation and the work item will actually be cancelled and will disappear from the requestor’s work inbox
- Reject cancellation and the work item will not be cancelled and will remain in business users’ work inbox
Finally, a central administration view is also available to facilitate the monitoring of the process.
Note: the function to cancel work items is not to physically deleting the work item. After the cancellation if confirmed, the work item will disappear from the user’s work inbox and the status of the work items will change to “Cancelled” in Search Work Items. See section just above for more details on the Search Work Items capability.
Evaluation of Business Processes in Audit Engagement
To improve audit efficiency, SAP Audit Management now allows customers to document the business processes in their organization and link them to their audits.
With this capability, companies can structure business processes into hierarchies:
Audit Management users can then map risks and controls to a business process, include business processes in the audit engagement, and follow up with business process related findings.
Furthermore, it is also possible to import business processes in bulk using a spreadsheet template, or directly from SAP Process Control or SAP Risk Management using the dedicated automated jobs.
As mentioned in introduction, these are only some of the enhancements delivered recently. For more details on what’s new, I would recommend having a look at the relevant sections of the Help Portals:
- What’s New in SAP Process Control
- What’s New in SAP Risk Management
- What’s New in SAP Audit Management
- What’s New in SAP Business Integrity Screening
I look forward to reading your thoughts and comments either on this blog or on Twitter @TFrenehard and stay tuned for our next “What’s New” blog!
And if you are interested in learning more about SAP solutions for Governance, Risk, and Compliance, feel free to fill-in the demo request form!