The SAP GRC Products pallet is designed to function as an integrated solution, but at times, its not a simple task to locate the right tool for a specific business process or function. Additionally, some enterprises may own applications licenses which “lying on the shelf”. An example of this is the integration capabilities between SAP Process Control (PC) and SAP Business Integrity Screening (BIS), where both tools can complement each other's strengths, allowing for a healthier control management process.
The integration of SAP Process Control (PC) and SAP Business Integrity Screening (BIS) provides following opportunities. While SAP PC is widely used for managing Internal Controls Framework, it can be extended with the automation capabilities of SAP BIS. For instance, BIS, with its HANA DB based detection system, can efficiently identify anomalies and irregularities, effectively functioning as a screening tool to detect fraudulent activities or system misuse by users. Furthermore, the integration allows seamless automation of controls, significantly reducing overload of manual validation and sampling approaches.
Let’s dive a bit deeper into both tools and review the case with example of control for duplicated invoices. This control is a crucial aspect of cash flow for most organizations, but the high volume of invoices received per month can lead to gaps in manual validation.
I also chose the example of duplicated invoices control because it is part of the business content package delivered by SAP, offering a predefined set of controls for organizations. To identify duplicated invoices from vendors, a combination of suggested indicators is used for validation:
SAP Business Integrity Screening (BIS) constantly monitors invoices from source systems, including both SAP and non-SAP applications. When potential duplicates are detected, an alert is generated. The alert is then thoroughly investigated and assigned one of the following statuses: Confirmed (indicating a genuine duplicated invoice) or False Alarm (indicating that the flagged invoice is not a duplicate).
By incorporating these indicators and integrating BIS with PC, organizations can significantly improve their ability to detect and manage duplicated invoices, reducing the risk of financial loss and ensuring more robust control over financial processes.
Integration.
The integration process between SAP Process Control (PC) and SAP Business Integrity Screening (BIS) involves the following steps:
Alert in BIS with “Confirmed” status:
Issue in PC:
Summary.
In summary, the integration of SAP Process Control (PC) and SAP Business Integrity Screening (BIS) empowers organizations using SAP to effectively manage high amounts of data, ensuring swift and accurate processing. SAP PC cannot be replaced in master data management, while BIS offers a data processing engine with HANA DB tools like "fuzzy search" and "predictive analytics." By combining these applications, organizations can implement the best of both worlds, achieving comprehensive controls management and leveraging BIS's powerful capabilities to detect anomalies and irregularities across SAP and non-SAP applications.
The integration of SAP Process Control (PC) and SAP Business Integrity Screening (BIS) provides following opportunities. While SAP PC is widely used for managing Internal Controls Framework, it can be extended with the automation capabilities of SAP BIS. For instance, BIS, with its HANA DB based detection system, can efficiently identify anomalies and irregularities, effectively functioning as a screening tool to detect fraudulent activities or system misuse by users. Furthermore, the integration allows seamless automation of controls, significantly reducing overload of manual validation and sampling approaches.
Let’s dive a bit deeper into both tools and review the case with example of control for duplicated invoices. This control is a crucial aspect of cash flow for most organizations, but the high volume of invoices received per month can lead to gaps in manual validation.
I also chose the example of duplicated invoices control because it is part of the business content package delivered by SAP, offering a predefined set of controls for organizations. To identify duplicated invoices from vendors, a combination of suggested indicators is used for validation:
- Fuzzy Search: The system employs fuzzy search algorithms to find similar reference numbers across different invoices, helping to identify potential duplicates.
- Similar Amounts: By checking for similar amounts based on a percentage range, the system can flag invoices that bear striking resemblances, indicating potential duplicates.
- Payment Bank Details: Even if vendors are different, the system examines whether the payment bank details are the same, which can reveal fraudulent activities or irregularities.
- Vendor Name Comparison: Comparing vendor names on different invoices aids in detecting potential duplicate transactions involving the same vendor.
- Exclude Reversed Bookings: Documents with reversed bookings are excluded from the analysis, ensuring a more accurate identification of potential duplicate invoices.
SAP Business Integrity Screening (BIS) constantly monitors invoices from source systems, including both SAP and non-SAP applications. When potential duplicates are detected, an alert is generated. The alert is then thoroughly investigated and assigned one of the following statuses: Confirmed (indicating a genuine duplicated invoice) or False Alarm (indicating that the flagged invoice is not a duplicate).
By incorporating these indicators and integrating BIS with PC, organizations can significantly improve their ability to detect and manage duplicated invoices, reducing the risk of financial loss and ensuring more robust control over financial processes.
Integration.
The integration process between SAP Process Control (PC) and SAP Business Integrity Screening (BIS) involves the following steps:
WorkFlow
- All master data related to control is maintained in PC
- Control is linked to “Business rule” that reads confirmed alerts from BIS
- When a confirmed duplicate invoice is detected by BIS, an issue is automatically created in PC and sent to the control owner's work inbox.
Alert in BIS with “Confirmed” status:
Confirmed alert
Issue in PC:
Issue
- The control owner creates a remediation plan and assigns it to the responsible individual (e.g., Financial Analyst).
- The Financial Analyst performs the necessary steps following the remediation plan.
- Once the remediation is completed, the Financial Analyst submits the issue back to the control owner for validation and closure.
Summary.
In summary, the integration of SAP Process Control (PC) and SAP Business Integrity Screening (BIS) empowers organizations using SAP to effectively manage high amounts of data, ensuring swift and accurate processing. SAP PC cannot be replaced in master data management, while BIS offers a data processing engine with HANA DB tools like "fuzzy search" and "predictive analytics." By combining these applications, organizations can implement the best of both worlds, achieving comprehensive controls management and leveraging BIS's powerful capabilities to detect anomalies and irregularities across SAP and non-SAP applications.
- SAP Managed Tags:
1 Comment
