7

SAP S/4HANA Cloud, Private Edition, and SAP S/4HANA for Governance, Risk, and Co...

 1 year ago
source link: https://blogs.sap.com/2022/10/27/sap-s-4hana-cloud-private-edition-and-sap-s-4hana-for-governance-risk-and-compliance-grc-2022-product-update/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

SAP S/4HANA Cloud, Private Edition, and SAP S/4HANA for Governance, Risk, and Compliance (GRC)| 2022 Product Update

This blog illustrates selected highlights in the area of Governance, Risk, and Compliance (GRC) with the SAP S/4HANA Cloud, private edition, and SAP S/4HANA | 2022 release. This time, we focus on innovations from International Trade Management, SAP Financial Compliance Management, SAP Privacy Governance, and Global Tax.

For the innovations in the area of Finance, please refer to the blog ‘SAP S/4HANA Cloud, Private Edition, and SAP S/4HANA for Finance | 2022 Product Update’ from Ulrich Hauke.

In detail, the blog covers the following topics:

International Trade Management

SAP Financial Compliance Management

SAP Privacy Governance

Global Tax

International Trade Management

Trade Compliance Checks for Purchase Requisitions

As you know, we offer tree kinds of checks when it comes to trade compliance: embargo, legal control, and SAP Watch List Screening checks. In addition to the already available integration in the import side, we support trade compliance checks for purchase orders, purchasing contracts, and purchasing scheduling agreements. Now with the SAP S/4HANA Cloud, private edition, and SAP S/4HANA | 2022 release, trade compliance specialists can take advantage of an additional document type to be included in their compliance checks on the import side: purchase requisitions. What we also offer are legal control checks for purchase requisitions for stock transport orders.

On the export side, we continue to support e.g. sales orders, sales orders without charge, sales contracts, and sales scheduling agreements.

Thanks to the embargo check, you can prevent activities with embargoed countries. With the SAP Watch List Screening integration, you can check your purchase requisitions for addresses of business partners who are part of a denied-party list and consequently block the corresponding transactions. In addition, via the legal control checks, you can check controlled goods in your purchase requisitions.

In the ‘Analyze and Resolve Blocked Documents’ app, you can identify blocked purchase requisitions in the system and process them as needed – e.g. by assigning missing licenses or classifications. In the ‘Manage Documents’ app, you can check the embargo, legal control, and sanctioned-party list screening status of the respective trade compliance documents and confirm or release trade compliance blocks.

TradeCompl_PurchReq.png

Fig. 1: With the 2022 release, trade compliance specialists benefit from trade compliance checks for purchase requisitions

Please note:
Purchasing requisitions can only be considered by trade compliance checks if a supplier has been entered. Otherwise, the checks cannot be carried out. This can be either the fixed or the desired supplier. In case that both has been entered, the system takes the fixed supplier into account for its trade compliance checks.

Back to Top

Enterprise Search for Trade Compliance Documents

My next innovation today is from international trade. With the 2022 release, we introduce Enterprise Search to do fuzzy search for trade compliance documents. Thanks to this functionality, it is now very easy to gain an overview of the trade compliance documents that are existing in the system. For example, you can now display all of them and then use the available filters to narrow down the search results list e.g. by document category, company code, plant, partner country/region and document date.

From the search result list, you can use the smart links on the document numbers to get to the details of the respective search result with a summary of relevant information such as document status item number, check direction, product, plant, and partner.

Enterprise-Search_ITM.png

Fig. 2: With the new release, trade compliance specialists can use the enterprise search functionality for trade compliance documents

In addition to using the smart link on the document number, you can also navigate directly from the respective entry in the search result to the ‘Manage Documents – Trade Compliance’ app to take further action on the respective trade compliance document, e.g. if there is a block regarding the document due to a missing license, you could assign it here and solve the issue. Moreover, it is also possible to search for trade compliance documents by material number.

Back to Top

Pop-Up in Sales Documents in Case of Trade Compliance Blocks

In sales documents, we now have pop-ups to show if a document is blocked by trade compliance checks. This is to make sales representatives aware of trade compliance findings regarding a sales order. So far this was only possible if a delivery document that is blocked by trade compliance is created.

Back to Top

SAP Financial Compliance Management

As you know from previous sessions, SAP Financial Compliance Management is a controls solution in the cloud which is closely integrated with SAP S/4HANA Cloud, private edition, and SAP S/4HANA. The corresponding scope item is ‘Financial Operation Monitoring with SAP Financial Compliance’ (3KY).

SAP Financial Compliance Management is a relatively new solution as it is available since Q1 2021 and it is steadily growing. In a nutshell, you could describe SAP Financial Compliance Management as a solution to detect and process so-called issues in your connected S/4HANA Cloud system. In order to detect these issues, you use automated and also manual controls which you execute via work package runs. For these controls, we provide a lot of business content, meaning predefined controls which you can use out of the box.

More Information

Back to Top

Tasks and Task List Templates

With the new release, compliance specialists benefit from a workflow-driven process during the issue and remediation phase as we introduced the concept of tasks and task list templates. This means that the issues have now tasks assigned to them and these tasks are based on context-sensitive, predefined task list templates which can be tailored to the unique requirements of your organization. And – as you can imagine – this allows you to process your issues in a highly structured, consistent, and of course also efficient way.

Let‘s take an example to make this more concrete: One of the predefined controls in the business content that SAP Financial Compliance Management offers for SAP S/4HANA and S/4HANA Cloud, is a control to detect duplicate invoices. Now, let‘s imagine that we want to find all duplicate invoices in our SAP S/4HANA system within a certain time frame with certain search criteria. After executing the control by triggering a so-called a work package run, SAP Financial Compliance Management comes up with a list of issues which match our search criteria. In our example, this is a list of duplicate invoices.

Until this release, we now had a list of issues with which we could do some basic actions, like categorizing them by means of priorities and issue categories, assigning an owner and setting a conclusion, but the actual issue processing and the remediation part was not yet there. So, the end-to-end process, was not yet complete.

Now, with the new release, we close the loop by introducing the concept of tasks and task list templates which allow you to use a workflow-based approach for the processing and the remediation of the issues. This means, you can configure so-called task list templates with tasks which can then be automatically assigned to the issues. So, if we stick with the example of the duplicate invoices, we could have an issue with an task list template that contains two tasks: one task might have the name ‚Visually compare the invoices‘ and another task could be ‘Contact the supplier who sent invoice‘.

The beauty of this is that it allows the compliance specialists to use these tasks from the task list templates and trigger further actions like assigning colleagues who are supposed to perform the respective tasks and very importantly the compliance specialist can also monitor the progress of the respective tasks.

FCM_Task-List.png

Fig. 3: As of the new release, compliance specialists now benefit from tasks and task list templates for issues in SAP Financial Compliance Management

Let’s take a closer look at the screenshot above:

  • On the left, you the see the list of issues along with the risk level, status, and other information
  • In the middle in the Investigation and Remediation area, you can see which task list templates are assigned to the issue along with the respective completion information.
  • From the this information, the system has automatically assigned two tasks which you can see in the upper right section of the screen.

As a prerequisite, in order for the task list template and the assigned tasks to appear here, this needs to be configured in the system. As the next step, compliance specialists can go ahead and assign the tasks to the respective colleagues which are automatically notified via the Inbox App. In addition, compliance specialists can monitor the progress of the processing of the tasks in here.

More Information

Back to Top

New Business Content for SAP S/4HANA

Also regarding business content for SAP S/4HANA Cloud, private edition, and SAP S/4HANA with SAP Financial Compliance Management, there is good news to spread, as we offer eight additional controls with the new release.

If would like to have a complete overview of which controls are currently available, you can have a look at the SAP Help Portal. There is a section on the available business content where everything is described in detail. The business content itself is delivered in the SAP Financial Compliance Management system. It is available in the form of draft objects for automated procedures and controls in the system which you can then adapt to your needs.

2208_FCM_BestPracticeContent.png

Fig. 4: One of the 8 new predefined controls for SAP S/4HANA in SAP Financial Compliance Management

More Information

Back to Top

SAP Privacy Governance

As you know, SAP Privacy Governance is a cloud GRC solution which is closely integrated with SAP S/4HANA Cloud via the scope item ‘Privacy Risk Detection with SAP Privacy Governance (‏3KX‏)‘. The general direction of the solution is moving towards a security framework. In this context, many changes have taken place in the last months as the risk management part has been completely redesigned. The result is that now we have a completely new risk service and a new risk response service. In addition, we have a new asset service with which you can build a repository of assets.

More Information

Back to Top

Redesigned Risk Service and Risk Response

GRC Risk Service

For risk management in SAP Privacy Governance, we previously had two services, the Manage Risk Service and the Assess Risk Service. These two services have been merged together into the new GRC Risk Service where you can both maintain and assess your risks. The new functionality can be used in privacy or IT security contexts and supports NIST-compatible risk management processes.

The service allows you to display an overview of all potential risks identified by your organization and create or edit risks for further analysis. In addition, you can assess risk types and their impact for your organization. Moreover, you can calculate the likelihood of risks along with the estimated potential cost.

Please note that what is currently available is the minimum viable scope which is planned to be extended over the course of the next quarters.

2208_SPG_RiskService.png

Fig. 5: With the new GRC Risk Service, compliance specialists can maintain and assess risks

Back to Top

Risk Response

The second part of the new risk management is Risk Response. Here, you can create and assign response measures to risks. These measures are actions which should be implemented in order to handle the respective risk in case it occurs. They should be designed in such a way that they reduce the probability of the risk or its impact.

After a risk has occurred, the impact is remediated by taking the defined measures and , if required, risk management can be adapted accordingly. In addition, you can define a response type, assign a purpose, a response owner, and a due date. Furthermore, you can document the completion contribution of the respective measures with regard to the occurred risk.

The second part of the new risk management is Risk Response. Here, you can create and assign response measures to risks. These measures are actions which should be implemented in order to handle the respective risk in case it occurs. They should be designed in such a way that they reduce the probability of the risk or its impact.

After a risk has occurred, the impact is remediated by taking the defined measures and , if required, risk management can be adapted accordingly. In addition, you can define a response type, assign a purpose, a response owner, and a due date. Furthermore, you can document the completion contribution of the respective measures with regard to the occurred risk.

2208_SPG_RiskResponse.png

Fig. 6: With the new risk response functionality in SAP Privacy Governance, compliance specialists can create and assign response measures to risks

System Demo of Risk Service and Risk Response

If you would like so see what this looks like in the system, please have a look at this demo recording:

Video 1: System demo illustrating the new GRC Risk Service with Risk Response

Please note that what is currently available is the minimum viable scope which is planned to be extended over the course of the next quarters.

Back to Top

GRC Asset Service

The GRC Asset Service is a brand-new service which allows you to maintain an inventory of your IT-related assets as part of your cybersecurity risk management. With this, you can create an inventory of assets by type and you can document the owner as well as the security objectives of an asset. The service provides predefined asset types that you can use out of the box. But of course, it is also possible to create custom asset types which you can tailor to your needs. Moreover, the service also allows you to assess the criticality of assets by running risk analyses with regard to threat and vulnerability analyses.

2208_SPG_GRCAssetService.png

Fig. 7: With the new GRC Asset Service, compliance specialists can maintain an inventory of IT-related assets as part of a company’s cybersecurity risk management

Back to Top

System Demo of GRC Asset Service

If you would like so see what the GRC Asset Service looks like in the system, please have a look at this demo recording:

Video 2: System demo illustrating the new GRC Asset Service

Please note that what is currently available is the minimum viable scope which is planned to be extended over the course of the next quarters.

Back to Top

Tax

Electronic Purchase Orders and Sales Order Requests

Automate business processes leveraging the Peppol Network.

New Electronic Purchase Orders and Sales Order Requests Though Peppol Network

Automated processing of electronic orders for Germany, Norway and Netherlands (more countries on the road map):​

  • Automated creation and exchange of electronic purchase orders upon creation of business documents.​
  • Centralized monitoring across all electronic documents worldwide.​
  • Handling of incoming sales order requests from customers.

Benefits

  • Increased efficiency and smoother upgrades​
  • Early detection of issues and prompt investigation without relying on sample testing only​
  • Minimized risk of non-compliance and late submissions due to technical errors
PurchaseOrders.png

Fig. 8: With the new release, you can automatically create and exchange electronic purchase orders for Germany, Norway and the Netherlands

Back to Top

Manage Withholding Tax Items

Including / Excluding documents for withholding tax reporting with full traceability

New feature to further streamline statutory reporting and increase compliance by enabling manual adjustments of transactional documents in scope for withholding:

  • Enhanced financial documents to record the withholding tax reporting date
  • Ability for the GL accountant, tax consultant, or AP manager to include or exclude one or more documents for withholding tax reporting in a specific tax reporting period by changing the withholding tax reporting date

Benefits

  • Intuitively make corrections in withholding tax reporting
  • Reduce the risk of noncompliance due to manual mistakes
  • Minimize manual efforts for tracking corrections
  • Digitally prove when each invoice has been declared for withholding tax through the full audit
WHT.png

Fig. 9: With the new release, you can innclude and exclude documents for withholding tax reporting with full traceability

Back to Top

Automatic Sending of Withholding Tax Certificates Via E-Mail

Output Management for Withholding Tax Certificates

New feature to further increase efficiency of withholding tax reporting by automate handling of withholding tax certificates:

  • New address type on Business Partner Master Data for Withholding Tax Certificates.
  • Integration with Output Mangament (new applications) to enable automated Withholding Certificate via e-mail or print channels and handling of email templates in multiple languages.

Benefits

  • Minimize manual efforts for withholding tax certificates
  • Accurate recipient to ensure withholding tax certificates are corrected handled by vendors / customers
  • Reduce the risk of noncompliance due to delays or missed certificates
  • Friendly standard communications handled based on communication language
WHT_Mail.png

Fig. 10: With the new release, you can benefit from output management for withholding tax certificates

Back to Top

Automated Regression Tester for Statutory Reporting

Minimize the risk of non-compliance after OSS notes or system upgrades

New Automated Regression

New solution to automate regression testing, monitor finding and promptly notify errors for prompt investigations:

  • One-off definition of a snapshot for automated comparison of newly generated reports.
  • Automated scheduling of regression testing (e.g. daily).
  • Smart comparison to identify anomalies in legal files, file names, preview, validation messages and run-time app.
  • Automated notification is any failure.

Benefits

  • Increased efficiency and smoother upgrades.
  • Early detection of issues and prompt investigation without relying on sample testing only.
  • Minimized risk of non-compliance and late submissions due to technical errors.
Regression.png

Fig. 11: With the new release, you can automate regression testing, monitor finding and promptly notify errors for prompt investigations

Back to Top

For more information on SAP S/4HANA Cloud, private edition, and SAP S/4HANA | 2022, check out the following links

  • GRC Collection Blog (roadmap, release highlights, microlearnings) here
  • SAP S/4HANA release info: com/s4hana
  • SAP S/4HANA Community here
  • SAP S/4HANA PSCC Digital Enablement Wheel here
  • Inside SAP S/4HANA Podcast here
  • Join the SAP S/4HANA Movement
  • Best practices for SAP S/4HANA here
  • Help Portal Product Page here
  • Feature Scope Description here
  • What’s New here

Follow us via @SAP and #S4HANA, or myself via LinkedIn or @DeissnerKatrin


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK