Financial Management Blogs by SAP
Get financial management insights from blog posts by SAP experts. Find and share tips on how to increase efficiency, reduce risk, and optimize working capital.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Financial Compliance / Risk and Assurance Management covers much more than Finance

neil_patrick
Advisor
Advisor
‎01-30-2024 10:14 AM

Reset your Perception!

First thing is to say is that SAP Financial Compliance Management has changed names to SAP Risk and Assurance Management (as of end February 2024). I'll use the new name in the rest of the blog.

But a new name isn’t going to be the thing that changes how the software can be used. That is determined by what the solution can do. This blog is aiming to reset your perception, and expectations, as to what RAM can already do.

 

neil_patrick_0-1706608189388.jpeg

RAM is now a strong generic internal controls solution. I have to say has grown leaps and bounds since it was first released to customers almost 3 years ago. I bring this up because:

  • With the rise in importance of the office of the CFO to business performance but also business advice and stakeholder management, finance is a very important topic for any business. It spans operations, planning and forecasting. It covers core finance but also for example IT and digital transformation.
  • While launched with the name SAP Financial Compliance Management, it was actually the baseline content SAP provided that focused on financial processes. It’s not a software design constraint.
  • And while it was called SAP Financial Compliance Management, since December 2023 it can also perform simple risk management, and crucially, link documented control performance to enable stakeholders to produce a more accurate and complete risk assessment.

So the software itself is more generic. And if one applies other LOB content/use cases, the software can do more. Hence the new name SAP Risk and Assurance Management. I hope to make that clear in this blog.

What RAM can do already

One of the interesting but subtle points to note is that RAM covers both first line and/or second line controls in the same solution. And I know as I typed the word control I am using it a bit loosely to also include what some people might call an exception report, rather than a control.

For example RAM can already:

  • Run one of its baseline content automated procedures as a first line business check. For example, checking if journal entries have been posted in a previously closed fiscal period: this could impact how quickly month end / quarter end / annual accounts can be closed. Or looking for blocked suppliers with open items: this could reduce production and/or revenue, or negatively impact supplier relationship.
  • Run one of S/4HANA’s control exception reports automatically and put it under a ‘governance process’ (assign an owner, raise issues if anything untoward is found, document remediation if required, make all this transparent for audit). This could be an exception report, or a control, or both!
  • Dive into the topic of tax compliance to help companies with their prefiling accuracy by automating tax compliance checks.
  • On top of this also perform second line activities for example test of effectiveness and test of design over the above examples.
  • Perform a survey / questionnaire / mixed format assessment.
  • Integrate automatically with Signavio Process Manager.

neil_patrick_1-1706608189438.png

 

What will be available soon

We also have some exciting content updates, to further reinforce the additional breadth of RAM:

  • There are 8x latent IT controls SAP produced, which are deployed in S/4HANA, that RAM can make use of. They focus on S/4HANA user management (e.g. detect users that never logged in, detect expired and locked users that should be deleted). We will formally roll them into RAM baseline content as part of the S/4HANA 2408 release, but can already be used.
  • Next month as part of our S/4HNA 2402 release we will add to our baseline content with ESG, human rights due diligence and Fraud use cases. To show what is possible. We also plan to release a GDPR certification content pack.
  • Key to the RAM strategy is the ready to use content for S/4HANA. And our partners see this too. Across our energetic and innovative partner ecosystem there will soon be (weeks) content covering ESG as a more comprehensive stand-alone topic plus industry-specific content packs covering 12x industry verticals from Winterhawk. Turnkey have starter packs for RAM . There are a large library of tax compliance rules amongst the Big-4.

In terms of functional enhancements:

  • We will be adding an Asset object to RAM in the first half or 2024, thus extending the IT control (and risk) management capabilities. But of course this is a generic object that I expect can also be used for ESG-relevant assets, finance assets, data assets, and other physical assets (water and energy utilities, oil and gas, transportation etc.)
  • We will build an integration to SAP Document and Reporting Compliance during 2024.
  • We will build an integration to SAP Sustainability Control Tower during 2024.
  • We will add AI use cases.

 

Move up the Performance, Control, and Risk Maturity Curve

There are obviously financial and rollout benefits of being able to cover more LOB use cases in a single solution.

But I also want to highlight what this can enable for the ‘digital first’ customers - those who are transitioning to a posture where internal information, processes, and customer experience is digitised and virtualised.

To drive performance (financial, operational, non-financial, legal etc.) with intentionality, processes, risks and controls if well managed will enable the business to catch and prevent any downstream impact to the organization or an end customer. Which is a true value add.

3 levels.jpg

RAM can help the first line owning and managing risk via understanding and analysing the processes of the business, and ensuring adequate internal controls over [insert an LOB here] reporting. Supporting first line activities also helps the business grow and by nature is more forward-looking.

This is in addition to value protect activities such as compliance.

 

Summary

With one single low TCO, short time to operationalize, easy to use public cloud solution RAM:

  • Can already technically cover finance, tax, IT, ESG, HRDD, fraud and data privacy
  • Will soon expand this to broad, and deep, content packs from our partner ecosystem
  • Can cover control and risk in the same solution, and automate controls
  • Provides transparency into the business
  • Helps the business improve performance, and provides real value add

That’s what I would consider a good return on investment.

neil_patrick_3-1706608189479.png

 

Popular Blog Posts