A change in mindset is needed among decision-makers in risk and compliance management. In today’s intelligent financial management, more and more processes are running automatically in the background, which makes risks and instances of fraud and corruption difficult to expose using manual methods.
Luckily, automated, integrated controls offer key support in meeting such challenges.
“Almost every company is advancing its digital transformation at the moment,” reports Stefan Schaffer, a partner in the areas of business integrity and compliance management at EY. “Meanwhile, entire industries are switching to product-as-a-service strategies, which is leading to faster transactions that are more compartmentalized.”
Automotive companies, for instance, won’t simply sell cars in the future; they will offer service packages consisting of mobility, entertainment, fuel, parking, and safety. Instead of transactions involving €30,000 for each product, the amounts due will be broken down to €15 to 30.
This has profound ramifications for risk and compliance management, where conventional mechanisms like spot-checking and the principle of dual control are no longer sufficient. Given these circumstances, how can companies continue to fulfill their monitoring obligations?
Use Cases for Embedded Controls
“Embedded controls are those that integrate directly into IT landscapes and detect anomalies in data patterns not only immediately, but in a fully automated way,” explains Martin Stecher, senior GRC solution expert at SAP. Based on SAP HANA, SAP Business Integrity Screening makes analyses like these possible, even in heterogeneous landscapes with any number of systems.
Christian Eichhorn, a senior account executive for finance solutions at SAP, highlights some of the advantages. “This application constantly checks all the data at hand, which makes random testing a thing of the past,” he says. “Thanks to machine learning, it also never stops fine-tuning itself.”
This foundation opens the door to a great many exciting scenarios.
Scenario 1: Intelligent Purchasing
The more ERP systems a company uses, the more valuable central monitoring becomes for all of its purchasing processes. Errors are more or less bound to occur, after all, particularly at corporations with heterogeneous landscapes. An order placed can deviate from what was actually approved, for example.
It’s also common for invoices to be paid twice due to typos or mistakes in the scanning or sending of documents. Getting to the bottom of such issues can be an arduous process: Is the order number wrong? Or is it the date?
Algorithms can examine all these dimensions simultaneously and identify not only identical documents, but also those that are semantically similar. This turns up a surprising number of duplicate payments. Depending on their size, companies can thereby reduce their expenses by five- or even six-digit sums.
Scenario 2: More Efficient Processes
Controls do more than offer protection against fraud. They also enable companies to make their internal processes significantly more efficient. When certain organizations are on sanctioned-party lists, for example, which makes doing business with them punishable by law, employees automatically receive notifications that enable them to take action with the necessary speed.
Scenario 3: Dealing with Bribery and Other Forms Of Corruption
Just as valuable — though also more complex — is the automatic search function SAP Business Integrity Screening offers for less obvious signs of atypical data patterns that often point toward fraud or corruption. The application provides those responsible for internal auditing with precise recommendations on where they should take a closer look.
Scenario 4: Value-Added Tax Compliance
Meanwhile, the application’s constant checking of all accounting documents ensures that all the transactions in question — and with them, the corresponding tax payments — are correct. It can automatically determine whether the correct tax ID numbers have been entered on vendor documents, for instance.
Finding errors is one thing; the process that follows is another. What should be done with these “hits”? Which processor will handle the reversals or adjustment documents required? And how can a company produce airtight proof that it has done its due diligence?
Tools like SAP Tax Compliance make sure everything is handled in an orderly fashion across all the relevant departments. It also makes correcting invoices and master data quick and easy. As a result, companies can file their tax returns with confidence, knowing that they can trust their monitoring system of choice.
Embedded Controls Are Here to Stay
Intelligent enterprises of the future will be based in no small part on process controls that fit into a larger holistic financial and risk management strategy. This means that embedded controls will be more or less a must going forward.
“Companies would be well advised to develop an understanding of this topic during the process of digital transformation,” says Schaffer from EY. “Those who take risk assessment into account from the very beginning will save themselves the trouble of making adjustments when they eventually become necessary.”
In addition, SAP Process Control can perform regular checks to determine whether the controls in place are effective enough to facilitate internal and external auditing.