GRC
HR
SCM
CRM
BI


Article

 

Layer Analytics on Top of SAP Tools You've Already Invested In for Efficient, Common-Sense Compliance

by Dr. Karol Bliznak | SAPinsider

July 1, 2006

SAP’s management of internal controls (MIC) tool secures the timely availability of compliance-related data, but it lacks graphical reporting capabilities for management reporting. SAP xApp Analytics extends the MIC tool to not only make it intuitive and visually appealing, but also to meet the most challenging, compliance-related activities identified by SAP customers.
 

Compliance with corporate governance mandates is essential to the well-being of companies today. As a result, managers are now adding newly emerging compliance-related tasks on top of their day-to-day duties — tasks such as different documentation, assessment, and evaluation activities; issue remediation procedures; and compliance-related project management and reporting tasks, for example. Managers struggle to balance their daily operational workload with demanding compliance requirements that, if not handled properly, could have serious regulatory consequences for their company.

To be effective in this role, managers need quick, at-a-glance access to relevant business information in the context of their processes and tasks. Businesses employing SAP's management of internal controls (MIC) tool, a component of mySAP ERP, are well on their way to an agile compliance workflow, one that allows managers to address compliance issues by exception as they arise. With the capabilities inherent in MIC — including effective workflow support for control documentation, assessment, testing, and sign-off — managers have all the relevant data they need to address and resolve internal control deficiencies within their area of responsibility and ensure compliance. But the trick is how to present this information in a graphical, intuitive way so that managers can make important business decisions in real time.

Enter SAP xApp Analytics. Enhancing existing SAP business solutions, SAP xApp Analytics provides seamless, intuitive, user-friendly access to core business applications, data, and processes. These analytic applications are built on SAP NetWeaver and snap on to backend tools and technologies that many companies already have in place. SAP xApp Analytics applications are intelligently focused on composite business processes, leveraging underlying SAP and non-SAP components and delivering on the enterprise service-oriented architecture (enterprise SOA) promise by providing flexible, reusable, role-based solutions for a wide range of users.

One of the more than 100 business scenarios supported by SAP xApp Analytics is dedicated to corporate governance. This compliance-related subset of SAP xApp Analytics sits on top of the MIC tool and shares integrated, consistent, and real-time data and metrics to drive more accurate, timely compliance decisions. These corporate governance analytic applications are a way for companies currently using MIC to present the tool's data findings in a format that's more intuitive to business users. If your company is already using MIC, you should strongly consider using SAP xApp Analytics to enhance your compliance efforts.

This article explains the specific functionality that the compliance-focused subset of SAP xApp Analytics provides for managers and demonstrates how these xApps extend MIC to facilitate compliance-related tasks. You'll also learn how analytic applications can easily snap on top of SAP tools or technologies you already have in place for diminished implementation times and quick end-user adoption.

Extend the Capabilities of Your Existing Backend Tools

The compliance-related set of composite analytic applications delivered as part of SAP xApp Analytics addresses a pain point of an otherwise very powerful backend application for internal control management. MIC secures the timely availability of Sarbanes-Oxley compliance-related data, but does not have graphical reporting capabilities for management reporting. Dedicated SAP xApp Analytics composite applications complement MIC by displaying MIC's analytic data in an intuitive, colorful, and animated manner (see Figure 1). With this at-a-glance presentation of compliance-relevant information, executives can get updates on the status of internal controls and track issue remediation within their areas of responsibility.

Figure 1
SAP xApp Analytics Displays MIC's Built-In Reporting Data in an Intuitive, At-a-Glance Format

The corporate governance subset of SAP xApp Analytics applications directly connects to MIC's backend tables. The xApps help users more efficiently control the compliance end-user process: By launching the analytic applications assigned to their portal roles, managers have access to all the information they need through the portal, shielded from the data extracting, processing, and formatting that happens in the background. No longer do managers have to switch between different MIC data tables for a comprehensive view of their compliance status.

Note that while most SAP xApp Analytics are based on analytic data coming from the Business Intelligence (BI) capability of SAP NetWeaver (formerly known as SAP Business Information Warehouse, or SAP BW), the corporate governance composite applications read the data directly from the MIC transactional system via data services. Bypassing the BI capability and its restriction of only 60 characters or less, the transfer of long texts from the back end to the composite user interface (the portal) is possible. Longer, explanatory texts — including control or issue descriptions — represent qualitative data critical for an end user in this type of compliance-related application.

A Closer Look at Compliance Analytics

The new compliance-related composite applications delivered with SAP xApp Analytics are designed to ease management reporting on MIC data. The predelivered compliance applications — six in total — are based on the most challenging compliance-related activities identified by SAP customers (see sidebar).

Hands-On Customer Feedback for Analytics That Work the Same Way You Do

Extensive on-site validation and testing by end users was conducted prior to the delivery of SAP xApp Analytics, significantly contributing to the intuitive usability and rich, relevant analytic content. Sarbanes-Oxley professionals and affected managers at SAP installed-base companies were asked to define their most frequent analytic needs based on their participation in a compliance project.

SAP customers have been getting a firsthand look at SAP xApp Analytics in a pilot phase since November of 2005. Over 100 analytic applications — including the compliance-related subset highlighted in this article — will be generally available in Q3 2006, with more xApps to come in later releases.

Note:
For tailored governance support beyond the six predelivered compliance-relevant applications included in the first release, SAP xApp Analytics can also easily be modified and customized for company-specific corporate governance challenges.

Get a Quick, Intuitive Compliance Overview

To assess the most important compliance-related data at a glance, managers can view a role-based Overview application through their enterprise portal. Administrators can help managers set up their dashboards so that only the most applicable and relevant applications appear in the Overview portal. For example, the Overview dashboard shown in Figure 2 is configured to support Sarbanes-Oxley 404 "management by exception":

  • New internal controls issues resulting from internal controls assessments and tests are listed, showing managers any open issues from the last 200 days1

  • Statistical key figures indicate the scope of different internal controls tests — at varying levels of significance — based on operating effectiveness testing activities

  • The progress of control and process design assessments, control effectiveness tests, and sign-off activities are visualized as charts, enabling effective compliance project management

Figure 2
Internal Controls Overview Application: View Various Aspects of an Internal Control-Related Compliance Project Simultaneously

The following sections will examine the individual analytic applications that provide more detailed insight to the high-level statistics and alerts featured in the Overview application shown in Figure 2. Remember that this Overview application — and the detailed analytic applications that follow — can be customized based on business managers' specific compliance needs.

Prioritize Outstanding Internal Controls Issues

The Issue Analysis application indicates all internal controls issues — such as control design or operating effectiveness deficiencies (including missing or inadequate controls documentation or risks not covered by effective controls), or any business entity-level control issues — and lists associated remediation plans for correcting them (see Figure 3).

Figure 3
Issue Analysis Application: Highlight Outstanding Internal Controls Issues and Remediation Plans

In the application's interface, charts show the number, status, and priority of issues within selected business units, informing executives about the status of internal controls within their area of responsibility. By clicking on a section of a chart, users can generate a detailed issue list of the respective category below the chart. For example, a manager can request that the application show all "high priority issues" or all "issues in progress." If a manager selects an issue from the list, details including the affected control's attributes and a list of associated remediation plans are displayed.

Analyze the Progress and Results of Control Operating Design Assessments

Managers must assess key controls and determine if they are optimally designed to prevent or detect any material errors or misstatements of accounts. To help managers gauge the progress of these evaluations, a chart within the Control Design Assessment application indicates the percentage of control operating design assessments (performed at the control activity level) that are completed, in progress, or not yet performed by control assessors. Another chart displays the results of the assessment in a color-based rating scheme using green, yellow, and red controls.

Review Control Operating Design from the Business Process Perspective

Similarly, internal controls must also be evaluated in the context of business processes for compliance with regulatory mandates. The Process Design Assessment application indicates the percentage of internal control assessments at the business process level that are completed, in progress, or not yet performed. Another graphic rates the assessment; green, yellow, and red markings rate, for example, the sequence of controls within the respective business process, as well as the coverage of risks and financial statement assertions by controls, as shown in Figure 4.

Figure 4
Process Design Assessment Application: Review the Status of Internal Controls Assessments at the Process Level

Assessment details including status and results are displayed for each control in a list view that can be exported to Microsoft Excel for further evaluation. As in the Issue Analysis application, if a control is selected, details are displayed — including the control's attributes and a list of remediation plans for any associated issues.

Verify Managers' Statements of Internal Controls

The Control Effectiveness Testing analytic application shows the progress and results of testing activities in detail. This application indicates the status of testing done by the internal audit department to objectively confirm that managers' statements of internal controls are correct.

Track Sign-Off Activities

At the sign-off phase, a manager confirms that controls are accurate and up to date at that point in time, and that any outstanding issues have been resolved. The Sign-Off application helps monitor the status of sign-off activities within a manager's area of responsibility:

  • A graphic shows the percentage of subordinated business units with sign-off performed or not performed

  • Sign-off details, including who signed off on an internal control for a particular business unit and when they did so, are displayed in a list view

  • If a business unit is selected from the list, any relevant details are displayed, including the sign-off comment as submitted by the respective manager of a subordinated business unit

In turn, these management reports are aggregated and sent to C-level executives, who are obliged to send a report to the Securities and Exchange Commission (SEC).

The User-Focused Design Principles of SAP xApp Analytics

Even the most advanced technology and sophisticated applications can go unused if they aren't built with the end user in mind. To promote adoption by every business user within an enterprise, SAP xApp Analytics is built on these user-focused design principles:

1. Remember That Style Counts
SAP xApp Analytics applications present both statistical and detailed data using colorful graphics and animation through Adobe Flex technology, providing a user experience similar to that of a well-designed, intuitive Web site.

2. Avoid Feature Overload
SAP xApp Analytics belongs to a family of new, evolving solutions for business users who tend to refuse any technical features that require additional training. In productive use, managers of all levels — from local Sarbanes-Oxley champions and managing directors to executive board members including CEOs and CFOs — might be exposed to the compliance-related analytic applications delivered as part of SAP xApp Analytics. The first productive end-user experience with these new applications has been overwhelmingly positive; even high-level information consumers and decision makers in senior management confirm these applications are instantly usable.

3. Give Users Features They're Already Familiar With
Only essential, intuitive, and wanted technical features were added to the applications' analytic content, helping avoid user intimidation and confusion, and significantly increasing user acceptance. End users appreciate the export to Microsoft Excel capability of the featured list views to support further data evaluation. An entire analytic "dashboard" presented on the screen can be printed out as a graphic file (.jpg) as well. Dropdown selectors enable drilldown along the business unit hierarchy or across different control significance levels or issue types. The selectable categories of a graphic, which open details for the selected category in a details section below the graphic, are an intuitive feature end users appreciate.

4. Eliminate Learning Curves and Reduce Adoption Times
The added value of the analytic composite applications includes extremely rapid adoption times and virtually no learning curve for end users. It takes days rather than months — from concept to completion — to adopt composite analytic applications delivered as part of SAP xApp Analytics. These best-practice-based applications are model-driven and easy to change in order to address end users' needs, as they contain no programming. Customers can go live in as little as two weeks. The ultimate modeling technology behind these applications is enabled by SAP NetWeaver Visual Composer.2

The Road Ahead for Analytics

This first wave of composite analytic applications paves the way for the actionable analytic compositesthat will follow shortly in later releases of SAP xApp Analytics and allow users to take immediate action directly through the analytics interface.

Let's look at a compliance-related example of these actionable analytic applications. Consider the sign-off process: A manager responsible for two business units needs to sign off on internal controls related to those units. Through an actionable analytic composite,3this manager can review the issues and controls relevant to his teams and instantly click a button to confirm his final sign-off on these controls — all through one application interface and based on relevant analytic data.

Conclusion

If your company already uses the MIC component of mySAP ERP to manage internal controls for Sarbanes-Oxley 404 compliance or similar purposes, the corporate governance-related extension delivered as part of SAP xApp Analytics is definitely worth considering.

Using these applications, managers affected by compliance-related activities will have access to graphically presented, real-time data instead of just data tables or slides. What's more, the analytic applications work seamlessly with existing SAP tools and technology components, enabling rapid implementation and end-user adoption times for quick, intuitive regulatory compliance. To learn more about SAP xApp Analytics, please visit www.sap.com/analytics.


1 The number of days (200 in this example) can be entered as a variable; it is not a fixed value.

2 See Claus Gruenewald and April Wu's article "Put Rapid Development and Deployment of Analytics Within Users' Reach" in this issue of SAP Insider (www.SAPinsider.com) for more information about using the modeling capabilities of Visual Composer to build composite analytic applications.

3 The enterprise SOA-based Web services of mySAP Business Suite, integrated in the composite application layer, are the technical backbone behind actionable analytic composite applications. This enterprise SOA framework will enable end users to perform compliance-related activities (among other actions).


Dr. Karol Bliznak has over seven years of SAP experience in the fields of financial accounting, controlling, strategic enterprise management, business intelligence, analytics, and corporate governance. He works at SAP AG headquarters in Walldorf, Germany, as a solution manager for SAP xApp Analytics. He participated in the preparation of a business specification for MIC and in the modeling of SAP xApp Analytics composite applications. You may reach him at karol.bliznak@sap.com.

An email has been sent to:






More from SAPinsider



COMMENTS

Please log in to post a comment.

No comments have been submitted on this article. Be the first to comment!


SAPinsider
FAQ