This blog illustrates selected highlights in the area of Governance, Risk, and Compliance (GRC) with the SAP S/4HANA Cloud, private edition, and SAP S/4HANA | 2022 release. This time, we focus on innovations from International Trade Management, SAP Financial Compliance Management, SAP Privacy Governance, and Global Tax.
For the innovations in the area of Finance, please refer to the blog '
SAP S/4HANA Cloud, Private Edition, and SAP S/4HANA for Finance | 2022 Product Update' from
ulrich.hauke.
In detail, the blog covers the following topics:
International Trade Management
SAP Financial Compliance Management
Global Tax
SAP Process Control
SAP Risk Management
SAP Privacy Governance
International Trade Management
Trade Compliance Checks for Purchase Requisitions
As you know, we offer tree kinds of checks when it comes to trade compliance: embargo, legal control, and SAP Watch List Screening checks. In addition to the already available integration in the import side, we support trade compliance checks for purchase orders, purchasing contracts, and purchasing scheduling agreements. Now with the SAP S/4HANA Cloud, private edition, and SAP S/4HANA | 2022 release, trade compliance specialists can take advantage of an additional document type to be included in their compliance checks on the import side: purchase requisitions. What we also offer are legal control checks for purchase requisitions for stock transport orders.
On the export side, we continue to support e.g. sales orders, sales orders without charge, sales contracts, and sales scheduling agreements.
Thanks to the embargo check, you can prevent activities with embargoed countries. With the SAP Watch List Screening integration, you can check your purchase requisitions for addresses of business partners who are part of a denied-party list and consequently block the corresponding transactions. In addition, via the legal control checks, you can check controlled goods in your purchase requisitions.
In the ‘Analyze and Resolve Blocked Documents’ app, you can identify blocked purchase requisitions in the system and process them as needed – e.g. by assigning missing licenses or classifications. In the ‘Manage Documents’ app, you can check the embargo, legal control, and sanctioned-party list screening status of the respective trade compliance documents and confirm or release trade compliance blocks.
Fig. 1: With the 2022 release, trade compliance specialists benefit from trade compliance checks for purchase requisitions
Please note:
Purchasing requisitions can only be considered by trade compliance checks if a supplier has been entered. Otherwise, the checks cannot be carried out. This can be either the fixed or the desired supplier. In case that both has been entered, the system takes the fixed supplier into account for its trade compliance checks.
Back to Top
Enterprise Search for Trade Compliance Documents
My next innovation today is from international trade. With the 2022 release, we introduce Enterprise Search to do fuzzy search for trade compliance documents. Thanks to this functionality, it is now very easy to gain an overview of the trade compliance documents that are existing in the system. For example, you can now display all of them and then use the available filters to narrow down the search results list e.g. by document category, company code, plant, partner country/region and document date.
From the search result list, you can use the smart links on the document numbers to get to the details of the respective search result with a summary of relevant information such as document status item number, check direction, product, plant, and partner.
Fig. 2: With the new release, trade compliance specialists can use the enterprise search functionality for trade compliance documents
In addition to using the smart link on the document number, you can also navigate directly from the respective entry in the search result to the ‘Manage Documents – Trade Compliance’ app to take further action on the respective trade compliance document, e.g. if there is a block regarding the document due to a missing license, you could assign it here and solve the issue. Moreover, it is also possible to search for trade compliance documents by material number.
Back to Top
Pop-Up in Sales Documents in Case of Trade Compliance Blocks
In sales documents, we now have pop-ups to show if a document is blocked by trade compliance checks. This is to make sales representatives aware of trade compliance findings regarding a sales order. So far this was only possible if a delivery document that is blocked by trade compliance is created.
Back to Top
SAP Financial Compliance Management
As you know from previous sessions, SAP Financial Compliance Management is a controls solution in the cloud which is closely integrated with SAP S/4HANA Cloud, private edition, and SAP S/4HANA. The corresponding scope item is ‘Financial Operation Monitoring with SAP Financial Compliance’ (3KY).
SAP Financial Compliance Management is a relatively new solution as it is available since Q1 2021 and it is steadily growing. In a nutshell, you could describe SAP Financial Compliance Management as a solution to detect and process so-called issues in your connected SAP S/4HANA and SAP S/4HANA Cloud systems. In order to detect these issues, you use automated and also manual controls which you execute via work package runs. For these controls, we provide a lot of business content, meaning predefined controls which you can use out of the box.
More Information
Back to Top
Tasks and Task List Templates
With the new release, compliance specialists benefit from a workflow-driven process during the issue and remediation phase as we introduced the concept of tasks and task list templates. This means that the issues have now tasks assigned to them and these tasks are based on context-sensitive, predefined task list templates which can be tailored to the unique requirements of your organization. And – as you can imagine – this allows you to process your issues in a highly structured, consistent, and of course also efficient way.
Let‘s take an example to make this more concrete: One of the predefined controls in the business content that SAP Financial Compliance Management offers for SAP S/4HANA and S/4HANA Cloud, is a control to detect duplicate invoices. Now, let‘s imagine that we want to find all duplicate invoices in our SAP S/4HANA system within a certain time frame with certain search criteria. After executing the control by triggering a so-called a work package run, SAP Financial Compliance Management comes up with a list of issues which match our search criteria. In our example, this is a list of duplicate invoices.
Until this release, we now had a list of issues with which we could do some basic actions, like categorizing them by means of priorities and issue categories, assigning an owner and setting a conclusion, but the actual issue processing and the remediation part was not yet there. So, the end-to-end process, was not yet complete.
Now, with the new release, we close the loop by introducing the concept of tasks and task list templates which allow you to use a workflow-based approach for the processing and the remediation of the issues. This means, you can configure so-called task list templates with tasks which can then be automatically assigned to the issues. So, if we stick with the example of the duplicate invoices, we could have an issue with an task list template that contains two tasks: one task might have the name ‚Visually compare the invoices‘ and another task could be ‘Contact the supplier who sent invoice‘.
The beauty of this is that it allows the compliance specialists to use these tasks from the task list templates and trigger further actions like assigning colleagues who are supposed to perform the respective tasks and very importantly the compliance specialist can also monitor the progress of the respective tasks.
Fig. 3: As of the new release, compliance specialists now benefit from tasks and task list templates for issues in SAP Financial Compliance Management
Let’s take a closer look at the screenshot above:
- On the left, you the see the list of issues along with the risk level, status, and other information
- In the middle in the Investigation and Remediation area, you can see which task list templates are assigned to the issue along with the respective completion information.
- From the this information, the system has automatically assigned two tasks which you can see in the upper right section of the screen.
As a prerequisite, in order for the task list template and the assigned tasks to appear here, this needs to be configured in the system. As the next step, compliance specialists can go ahead and assign the tasks to the respective colleagues which are automatically notified via the Inbox App. In addition, compliance specialists can monitor the progress of the processing of the tasks in here.
More Information
Back to Top
New Business Content for SAP S/4HANA
Also regarding business content for SAP S/4HANA Cloud, private edition, and SAP S/4HANA with SAP Financial Compliance Management, there is good news to spread, as we offer eight additional controls with the new release.
If would like to have a complete overview of which controls are currently available, you can have a look at the SAP Help Portal. There is a section on the
available business content where everything is described in detail. The business content itself is delivered in the SAP Financial Compliance Management system. It is available in the form of draft objects for automated procedures and controls in the system which you can then adapt to your needs.
Fig. 4: One of the 8 new predefined controls for SAP S/4HANA in SAP Financial Compliance Management
More Information
Back to Top
GRC Business Content Hub
As outlined already in the previous section, we provide a lot of so-called baseline content for SAP Financial Compliance Management. In addition to that, we would like to go beyond that and provide an option to partners to also provide own content and make business with it.
For that reason, we will introduce the GRC Business Content Hub which allows our partners and SAP to enrich the SAP Financial Compliance Management by providing own content via standardized offerings in order to support a scaleable business model and distribution channel. In For our cloud and on-premise customers, this means that they have have an easy and fast way regarding the consumption of business content for our cloud GRC solutions, such as SAP Financial Compliance Management.
Let's take more detailed look the different content types:
- Baseline content is meant to enable the usage of the solution covering various business areas that most customers can use. Every customer of SAP Financial Compliance Management gets this content.
- General content serves very common business processes that are not industry-specific
- Industry content serves industry-specific requirements and can be reused
- Company-specific content is specific for one company or organization unit and solves individual requirements (provided by content provider or customer internally)
Fig. 5: Content types of SAP Financial Compliance Management
Key Features of GRC Business Content Hub
- Partners can apply to become a content provider
- Content is provided by content provider via so-called content packages, using specific SAP Fiori apps
- Content is sold and available via the SAP Store and can be purchased by customers
- Content is installed in a standardized way
- Content runs out of the box
With the new role 'Content 'Manager', controls, automated procedures, and also manual procedures can be exported to the GRC Business Content Hub via the Export button in the respective apps. After that, content managers can look at the exported objects in the new SAP Fiori app 'Manage Business Content Objects' and also see which package the respective objects have been assigned to.
In order to assign new objects to a content package, you to switch to the new SAP Fiori app 'Manage Business Content Package', where you can add the respective objects to the new content package and submit the package for release. After a final check by SAP, the package will then be made available on SAP Store for customers.
Back to Top
Tax
Electronic Purchase Orders and Sales Order Requests
Automate business processes leveraging the Peppol Network.
New Electronic Purchase Orders and Sales Order Requests Though Peppol Network
Automated processing of electronic orders for Germany, Norway and Netherlands (more countries on the road map):
- Automated creation and exchange of electronic purchase orders upon creation of business documents.
- Centralized monitoring across all electronic documents worldwide.
- Handling of incoming sales order requests from customers.
Benefits
- Increased efficiency and smoother upgrades
- Early detection of issues and prompt investigation without relying on sample testing only
- Minimized risk of non-compliance and late submissions due to technical errors
Fig. 9: With the new release, you can automatically create and exchange electronic purchase orders for Germany, Norway and the Netherlands
Back to Top
Manage Withholding Tax Items
Including / Excluding documents for withholding tax reporting with full traceability
New feature to further streamline statutory reporting and increase compliance by enabling manual adjustments of transactional documents in scope for withholding:
- Enhanced financial documents to record the withholding tax reporting date
- Ability for the GL accountant, tax consultant, or AP manager to include or exclude one or more documents for withholding tax reporting in a specific tax reporting period by changing the withholding tax reporting date
Benefits
- Intuitively make corrections in withholding tax reporting
- Reduce the risk of noncompliance due to manual mistakes
- Minimize manual efforts for tracking corrections
- Digitally prove when each invoice has been declared for withholding tax through the full audit
Fig. 10: With the new release, you can include and exclude documents for withholding tax reporting with full traceability
Back to Top
Automatic Sending of Withholding Tax Certificates Via E-Mail
Output Management for Withholding Tax Certificates
New feature to further increase efficiency of withholding tax reporting by automate handling of withholding tax certificates:
- New address type on Business Partner Master Data for Withholding Tax Certificates.
- Integration with Output Mangament (new applications) to enable automated Withholding Certificate via e-mail or print channels and handling of email templates in multiple languages.
Benefits
- Minimize manual efforts for withholding tax certificates
- Accurate recipient to ensure withholding tax certificates are corrected handled by vendors / customers
- Reduce the risk of noncompliance due to delays or missed certificates
- Friendly standard communications handled based on communication language
Fig. 11: With the new release, you can benefit from output management for withholding tax certificates
Back to Top
Automated Regression Tester for Statutory Reporting
Minimize the risk of non-compliance after OSS notes or system upgrades
New Automated Regression
New solution to automate regression testing, monitor finding and promptly notify errors for prompt investigations:
- One-off definition of a snapshot for automated comparison of newly generated reports.
- Automated scheduling of regression testing (e.g. daily).
- Smart comparison to identify anomalies in legal files, file names, preview, validation messages and run-time app.
- Automated notification is any failure.
Benefits
- Increased efficiency and smoother upgrades.
- Early detection of issues and prompt investigation without relying on sample testing only.
- Minimized risk of non-compliance and late submissions due to technical errors.
Fig. 12: With the new release, you can automate regression testing, monitor finding and promptly notify errors for prompt investigations
Back to Top
SAP Process Control
Integration with SAP Analytics Cloud
Functional Details
- Dashboard for Continuous Control Monitoring (CCM) enhancements
- Show monitoring results based on regulation, organization and other information
- Display changed monitoring issues with different time frames
- Supported drill-down to continuous control monitoring job details
Value Proposition
- Provide organization views for monitoring views in different time frames
- Help users quickly identify monitoring result changes
Back to Top
Exception Split to Different Exception Owners
Functional Details
- Issue owner splits identified CCM exceptions and sent to different exception owners for further processing and validation
- Exception owners analyze the results and send their results and feedback to issue owner
- Issue owner decides on further actions regarding the exception
- Issue owner can choose to ignore exceptions without replies and continue with next steps
Value Proposition
- Improved information flow between issue and exception owners
- Optimized exception handling workflow
- Accelerated issue handling process
- Reduced workload and better insights for issue owners
Back to Top
Job Information Archiving for Continuous Control Monitoring
Functional Details
- Select job and related information to archive based on job creation date, job type, job category, and target connector in job header
- Support read, write and reload job information
- Archive completed job; job step, test log, issue and remediation plan
Value Proposition
- Archiving of completed CCM jobs and related objects to remove them business user access
- Improved system performance and response times
- Lower hardware and administration costs
Back to Top
SAP Risk Management
Integration with SAP Analytics Cloud
Functional Details
- Embedded SAP Analytics Cloud user experience for business users
Value Proposition
- Enable quicker decision-making based on up-to-date information and data
- Seamless SAP Analytics Cloud UI integration and UI paradigms for SAP Risk Management users
Back to Top
New SAP Fiori Apps
Functional Details
- Manage Risk/Enteprise Activities/Responses
- Risk Validation/Activity Validation
- Risk Manager Dashboard and navigation for drill down
- Customer-defined fields support in new Fiori apps
Value Proposition
- Enhanced user experience
- Increased productivity and quality of risk-related data
- Reduced training cost and user errors
Back to Top
SAP Privacy Governance
As you know, SAP Privacy Governance is a cloud GRC solution which is closely integrated with SAP S/4HANA Cloud via the scope item ‘
Privacy Risk Detection with SAP Privacy Governance (3KX)‘. The general direction of the solution is moving towards a security framework. In this context, many changes have taken place in the last months as the risk management part has been completely redesigned. The result is that now we have a completely new risk service and a new risk response service. In addition, we have a new asset service with which you can build a repository of assets.
More Information
Back to Top
Redesigned Risk Service and Risk Response
GRC Risk Service
For risk management in SAP Privacy Governance, we previously had two services, the Manage Risk Service and the Assess Risk Service. These two services have been merged together into the new
GRC Risk Service where you can both maintain and assess your risks. The new functionality can be used in privacy or IT security contexts and supports NIST-compatible risk management processes.
The service allows you to display an overview of all potential risks identified by your organization and create or edit risks for further analysis. In addition, you can assess risk types and their impact for your organization. Moreover, you can calculate the likelihood of risks along with the estimated potential cost.
Please note that what is currently available is the minimum viable scope which is planned to be extended over the course of the next quarters.
Fig. 6: With the new GRC Risk Service, compliance specialists can maintain and assess risks
Back to Top
Risk Response
The second part of the new risk management is
Risk Response. Here, you can create and assign response measures to risks. These measures are actions which should be implemented in order to handle the respective risk in case it occurs. They should be designed in such a way that they reduce the probability of the risk or its impact.
After a risk has occurred, the impact is remediated by taking the defined measures and , if required, risk management can be adapted accordingly. In addition, you can define a response type, assign a purpose, a response owner, and a due date. Furthermore, you can document the completion contribution of the respective measures with regard to the occurred risk.
The second part of the new risk management is
Risk Response. Here, you can create and assign response measures to risks. These measures are actions which should be implemented in order to handle the respective risk in case it occurs. They should be designed in such a way that they reduce the probability of the risk or its impact.
After a risk has occurred, the impact is remediated by taking the defined measures and , if required, risk management can be adapted accordingly. In addition, you can define a response type, assign a purpose, a response owner, and a due date. Furthermore, you can document the completion contribution of the respective measures with regard to the occurred risk.
Fig. 7: With the new risk response functionality in SAP Privacy Governance, compliance specialists can create and assign response measures to risks
Please note that what is currently available is the minimum viable scope which is planned to be extended over the course of the next quarters.
Back to Top
GRC Asset Service
The GRC Asset Service is a brand-new service which allows you to maintain an inventory of your IT-related assets as part of your cybersecurity risk management. With this, you can create an inventory of assets by type and you can document the owner as well as the security objectives of an asset. The service provides predefined asset types that you can use out of the box. But of course, it is also possible to create custom asset types which you can tailor to your needs. Moreover, the service also allows you to assess the criticality of assets by running risk analyses with regard to threat and vulnerability analyses.
Fig. 8: With the new GRC Asset Service, compliance specialists can maintain an inventory of IT-related assets as part of a company's cybersecurity risk management
Please note that what is currently available is the minimum viable scope which is planned to be extended over the course of the next quarters.
Back to Top
For more information on SAP S/4HANA Cloud, private edition, and SAP S/4HANA | 2022, check out the following links
- GRC Collection Blog (roadmap, release highlights, microlearnings) here
- SAP S/4HANA release info: com/s4hana
- SAP S/4HANA Community here
- SAP S/4HANA PSCC Digital Enablement Wheel here
- Inside SAP S/4HANA Podcast here
- Join the SAP S/4HANA Movement
- Best practices for SAP S/4HANA here
- Help Portal Product Page here
- Feature Scope Description here
- What’s New here
Follow us via @Sisn and #S4HANA, or myself via LinkedIn or @DeissnerKatrin