Image generated by Google Gemini

Following the success of the previous “What’s New” blogs (here and here), I have once again asked inputs from my colleagues from SAP GRC Product Management – Marie-Luise Wagener-Kirchner and Paul Petraschk, about recent enhancements for SAP solutions for Three Lines (i.e. SAP Process Control, SAP Risk Management, SAP Audit Management and SAP Business Integrity Screening).

As previously, this blog is only a short summary of selected enhancements delivered. More details are of course available in the associated SAP Note and the links are mentioned at the end.

Control and Risk Integration with SAP Signavio

As I am sure you will already know, SAP Signavio is an intuitive and comprehensive modelling platform for business process management (BPM) that enables organizations to capture, improve and maintain their business processes, fast and at scale.

Using SAP Signavio, organizations can model business process​es, simulate and compare processes but also outline process interconnections.

In the world of Governance, Risk, and Compliance, processes are key and integration with a BPM tool has long been a customer request. It’s now available and what’s more, with an SAP solution!

Both control and risk integrations have been delivered with this enhancement:

1. Integration of Controls from SAP Process Control with SAP Signavio

In this scenario, process and control information are modelled and visualized in SAP Signavio while control performance, monitoring and evaluation are executed within SAP Process Control.

It is also possible to drill-down from SAP Signavio to the local control in SAP Process Control to view control results, evidence, and issues.

2. Integration of Risks from SAP Process Control and SAP Risk Management with SAP Signavio

Here, the focus is on risks. Processes and tasks are modelled and visualized in SAP Signavio while the risk information, its evaluation and analysis are centrally managed in SAP Process Control and SAP Risk Management.

As for the control integration, it is also possible to drill-down from SAP Signavio to the risk details for end-to-end navigation.

Illustration of the process and control integration:

More details – including “How to” guides, can be found in the associated SAP Note - 3341419 - Integration between SAP Signavio and SAP Process Controls and SAP Risk Management

NIST content as Central Controls

National Institute of Standards and Technology (NIST) SP800-53 revision 5 and Cybersecurity Framework CSF Version 1.1 (soon version 2!) content can now be uploaded as Central Controls in SAP Process Control.

This helps enhance IT Security & Cybersecurity controls in internal control and compliance frameworks with a comprehensive set of guidelines that define the baseline controls for information systems and organizations.

By uploading this information into SAP Process Control, compliance efforts can be streamlined to align the corporate processes and operations with industry standards.

Oh, and makes sure to keep this enhancement in the back of your mind, as I will soon be referring to it in an upcoming blog on the topic of Cybersecurity Supply Chain Risk Management.

Illustration on how to get the content and the “How to” guide:

Enhanced Copy

Enhanced Copy is a step-by-step guided procedure available for both Risks and Activities (and both in NWBC and Fiori user interfaces) where these entities can be copied with all attributes individually selectable. Worthy to note that copy is not restricted to only open activities. By selecting the timeframe, users can copy activities with validity period in the past.

This provides the ability to copy a full risk or a full activity (attributes, associated top and underlying risks, etc.) into a new one. Thereby significantly shortening the process in creating new records.

Illustrations:

Risk Category Owner authorization

Authorizations can now be granted on the Risk Category level and are inherited down the Risk Category hierarchy to all associated Risks.

When the feature is enabled, there is a new tab "Roles" available in the Risk Category master data hierarchy where users can be individually assigned.

Authorizations granted on the Risk Category are inherited down the Risk Category hierarchy to all assigned Risk.

Illustration:

More details – including configurations steps and relevant SAP Implementation Guide (IMG) activities can be found in the associated SAP Note - 3390884 - Role Assignment on the Risk Category

New Risk Management Fiori applications and their Personalization options (available since last year)

I had already mentioned the 3 new Fiori applications (Manage Risks, Manage Reponses and Manage Activities) as well as their personalization options in the “What’s New” blog last year. But I only had screenshots to share. So I thought I would mention it here again, but this time with a short demo!

Illustration of the SAP Fiori apps and their personalization options:

More Information

As mentioned in introduction, these are only some of the enhancements delivered recently. For more details on what’s new, I would recommend having a look at the relevant sections of the dedicated Help Portals:

• What's New in SAP Process Control
• What’s New in SAP Risk Management
• What’s New in SAP Audit Management
• What’s New in SAP Business Integrity Screening

I look forward to reading your thoughts and comments either on this blog or on Twitter @TFrenehard and stay tuned for our next “What’s New” blog!

And if you are interested in learning more about SAP solutions for Governance, Risk, and Compliance, feel free to fill-in the demo request form!