Financial Management Blogs by Members
Dive into a treasure trove of SAP financial management wisdom shared by a vibrant community of bloggers. Submit a blog post of your own to share knowledge.
cancel
Showing results for 
Search instead for 
Did you mean: 
1,522
Process Controls as a concept is about providing a centralized controls and compliance management solution. It is designed to assess, document, evaluate, monitor and report the effectiveness of internal controls.

One of the core component of Process Control is Continuous Control Monitoring (CCM). This component monitors the ERP systems based on Business Rule logic and sends exception alerts to the control owners based on the deficieny criteria defined in the Business Rule.

Note: Process Control does not block any business transaction in the ERP system. 

For more details how to configure Business Rule for configurable scenario, please refer below wiki.

Business Rule Functionality – Governance, Risk and Compliance – SCN Wiki

 

Business Scenario: GL account is a master data entity in SAP and it is the heart of financial statements where accounting data is posted from journals and aggregated from subledgers, such as accounts payable, accounts receivable, cash management, fixed assets, purchasing and projects hence monitoring the GL Master Changes settings like blocked for posting in company code is critical to prevent manipulations in the Financial Statements.

T-code FS00 can be used to maintain GL Account and add or remove the block for posting in company code or chart of accounts.

In below example, we will use configurable data source type and business rule in GRC Process Controls to identify the execptions and send alert to the control owner based on a particular company code deemed as sensitive in the enterprise.


Transaction Code FS00


 

As we are using configurable sub scenario with analysis type as changes, it is mandatory to ensure table logging is active in the ERP system. The table SKB1stores GL Account Master Data Changes.

Go to T-code SE11 then Technical Settings and ensure Log Changes field is selected as shown in below screenshot


Log Changes Active


 

Once above steps are validated, please setup the GRC Process Control Master Data

  1. Organization

  2. Business Process

  3. Sub process

  4. Risk

  5. Control

  6. Assign a control owner in the roles tab of control

  7. Create a Data Source

  8. Create Business Rule by using the data source created in step 7

  9. Assign Business Rule to the Control

  10. Go to Scheduling then Automated Monitoring and schedule a job by selecting the control


Create Data Source like shown in the below screenshots


Data Source



Data Source



Data Source data received from ERP system


Now let's see the setup of Business Rule


Business Rule



Business Rule



Business Rule



Business Rule



Business Rule



Business Rule



Business Rule


Now let's see the control performance of the automated monitoring


Control Monitoring



Control Result



Control Result


Finally, lets validate the GL account block for posting changed


Compared with FS00 Result


Conclusion: Continuous Control Monitoring can help organizations in enhancing their cybersecurity program. It can reduce the damage before it is too late and management can proactively monitor the critical financial risks and remediate issues.

 

 
4 Comments