Digitizing Governance Risk and Compliance

by Bruce McCuaig, Director, GRC Product Marketing


Most of our treasured concepts of control, and many of our accepted risk practices, will land in the digital boardroom with a thud and disappear, if they make it there at all.

The truth is, much of the information provided by GRC professionals is not digital and can’t be digitized usefully.

The outputs of most control and compliance assessments are subjective opinions on control effectiveness. Much of the output of risk professionals are informed guesses about the future. Insight is often lacking.

Why does this matter? It matters because digital Darwinism will not be kind to GRC if it does not evolve.

Understanding Control Ineffectiveness

I find it useful to step outside the business world and have a look at our practices through a real life lens. Some years ago my ophthalmologist prescribed eye drops to reduce the interocular pressure (IOP) in my eyes. He assured me the medication was “effective”. (Medical practitioners don’t make a distinction between “design” and “operating” effectiveness).

So I researched the medication and discovered the manufacturer, one of the words most distinguished pharmaceutical firms was so convinced of its “effectiveness” that in some jurisdictions they offered a money back guarantee if it did not deliver promised results.

I think in the world of GRC we would rate the design effectiveness of the eye drops as high.

Curious, I did some further research. It turns out that studies conducted by the manufacturer to secure regulatory approval revealed the following Issues:

  • Approximately 20% of patients stopped taking the medication because of its side effects.
  • Approximately 10% of patients studied forgot 20% of their doses.
  • A very small percent suffered severe and sometimes life threatening complications.

This kind of information provides insight, supports a risk acceptance decision, and should be reported in a digitized business environment.

No Control is 100% Effective all of the Time.

Control effectiveness decisions require knowledge of both a specific objective and related issues. In reality, there is no universal standard for the effectiveness of a control or for that matter a medication. The question is not “is the control effective” The question is how much risk does it leave us with and how is performance impacted?

Let’s digitize and report the data and let the effectiveness decision be made by the stakeholders.

What Does the Digital Boardroom Need to Know About Risks and Controls?

Frankly, boards are starving for useful information about GRC. Control effectiveness opinions aren’t digital, but the underlying data supporting control effectiveness and risk acceptance decisions can be digitized. Boards in my experience don’t find risk heat maps useful. They want digital data about key risk indicators, incidents, and issues.

Boards want visualization capabilities and analytical tools, and the data to feed those tools.

The Tools are Here Today

Tools exist now, and have existed for years, to digitize GRC. We have access to incredible technology that can monitor and report on almost any aspect of GRC. But, those tools are rarely used. The business case for using them, based on cost savings and extended coverage, has always been overwhelmingly compelling. Still they aren’t widely used.

The Case for Automating GRC

Here’s the real business case for automation in GRC. Automation produces digital information. Opinions must be supported by insightful data. Without the data GRC will have nothing useful to say to the digital board. Absent from the digital board room, GRC will not have a voice in performance, strategy, or resource allocation. GRC will not be managed strategically.

The real business case for digitizing GRC is survival. Fortunately, there is tremendous value to add by doing so. GRC won’t survive without digitizing.

Sorry, but Digital Darwinism is unkind.

Is GRC on your board’s agenda? What do you tell your board about GRC?

– See more at: http://blogs.sap.com/analytics/2015/11/24/grc-tuesdays-digitizing-governance-risk-and-compliance/#sthash.CqxPVVf9.dpuf

Can You Afford to Procrastinate on Adopting the New Revenue Recognition Standards?

by Pete Graham

Revenue recognition might be the most important item on your business’s financial statement – and it’s about to radically change. A newly converged standard of revenue accounting is coming at financial organizations like a freight train. IASB and FASB have merged accounting standards – detailed in 700 pages of new rules. The changes are so seismic that companies are being given a little over two years to put the rules in place.

In a recent SAP Game-Changers radiocast, panelists Chris Smith of capital markets and accounting advisory services at PwC; David Ferguson, director in the consulting technology service area at Deloitte; Pete Graham, director in finance solutions and enterprise mobility at SAP; and Julie Zielke, a partner in EY’s financial accounting advisory services practices in Chicago, discuss the potential impact of these new regulations.


No time like the present to plan for the future

The new revenue recognition guidelines require substantial disclosures around revenue – requiring different, enhanced preparation of computations and data, particularly for companies with long-term contracts. They’re currently set to take effect in December 2017 for U.S. public companies and January 2018 for companies that use IFRS standards.

Smith details the challenges that companies face in the area of revenue recognition:

  • Everyone in the company has an opinion about it because it drives compensation and other crucial metrics.
  • Revenue recognition touches many of the organizations outside finance, such as sales, tax, and IT. Because of the strict rules in the U.S., revenue recognition has either constrained or driven the way some businesses go to market.

Ferguson urges companies not to count on the year-long reprieve they’ve been given. He maintains that time is still of the essence. There are significant impacts within the organization to the financial statements and the tax reporting that can affect compensation, goals, and metrics within the firm.

No need to do it all at once

Because the change is so large and drastic, the experts agree that implementing the new standards and adjusting to their effects will be an iterative process. Ferguson states that the rules will likely continue to refine themselves over time. Also, many of the companies can change the way they write their contracts between today and the implementation time.

Smith details how challenging the new standards will be for U.S. companies because of the strict regulatory environment and how much importance they place on revenue recognition. American businesses are hesitant to make guesses or estimates where that number is concerned because it has a domino effect on so many other areas of the business.

So what measures should you take now to make the conversion a success later?

  1. 1.   Create a clear policy that IT can use to scale a large number of transactions.
  2. 2.   Undertake a comprehensive education program that brings the investor community up to speed on what this revenue recognition shift means to them.
  3. 3.   Participate in peer conversations and industry collaboration across companies that can help everyone adjust and thrive.


To learn more about how you can prepare for the new revenue recognition standards, listen to the full radiocast.

Can Running in Real Time Make Finance a Major Player?

by Chris Grundy, Director Product Marketing, SAP

In a constant quest for maximum efficiency, much of finance is now automated. The new challenge facing finance professionals is becoming a more valuable and essential part of proactive decision making. Many wonder if real-time processes can help expedite reporting and analysis that give innovative thinkers a competitive edge.

Panelists Celina Rogers, VP and editorial director for CFO Publishing; Tony Rogan, senior manager from Accenture; and Birgit Starmanns, senior director for product marketing with SAP discussed all this and more on a recent SAP Game-Changers radiocast.

Near-real time doesn’t cut it anymore

If you think the difference between real time and near-real time comes down to just a few seconds here and there, think again. According to Starmanns, it can actually be a matter of days, especially where batch processes are concerned. Those are run overnight and typically require adjustments – which then require another night to register.

Rogers understands the importance of real-time processes and sees data integrity as a concern directly tied to the quest for real time. She asserts that finance teams need to focus on how to interact with and use that data more analytically and wisely to make better-informed decisions.

“This sort of transition in finance technology will create a different kind of feedback. One that rewards the manipulation and analysis of data rather than the processing of data,” she concludes.

Personalization quickens and simplifies finance

What’s one of Google’s greatest features, aside from instantaneous search results? The personalization it provides. Over time, it actually knows your preferences. Rogers sees workers looking for the same convenience in their professional lives. Run in real time to drill down to:

  • Tax jurisdiction
  • Customer
  • Profit center
  • Country

You can pick and choose any combination to see or exclude. And business users can configure it all without having to rely on IT.

As Starmanns points out, “It’s not just making it faster for the sake of being faster, but being able to analyze other business scenarios. Because you’re done faster with the transactional piece, which is never going to go away for finance. But all the sudden you have this extra capacity to analyze other things that you could not analyze before.”

Even more exciting, you can run in real time with external information as well as your own internal data.

Scale and strategize in real time

Rogan highlights the importance of real-time capabilities for large projects and enterprises. For example, nuclear power plants need to run critical what-if analyses at their facilities to prepare for possible outages.

He details the types of questions his clients expect him to answer: “‘What if we start on this day? What if we add more people to it?’ That is getting much easier with the information we’re now able to get.”

The consensus is that a shift is occurring in finance – one that relies on real-time processes to push analytics to the forefront and make finance a true partner to the business. Listen to the full radiocast to find out more.

Clock in train station, Liege, Belgium

Support Finance Operations: Re-invest in Business

By Drew Hofler, Senior Director, Solutions Marketing at Ariba, an SAP Company

For quite some time, CFO Publishing has been documenting an expanding role for finance at companies around the world. Finance functions have been building a reputation as full business and strategic partners, providing insight along with information.

It is a demanding role for finance staff, but they are up to the task. At least, that’s what finance leaders think, according to a global survey conducted by CFO Research and sponsored by SAP. The survey of more than 300 finance executives found nearly nine in ten respondents expressing full confidence that their staffs embody the knowledge and expertise they need to succeed.

A number of respondents went out of their way to give their people glowing reviews. One senior vice president in the chemicals/energy sector in Australia wrote, “Finance has a can-do attitude. Their work ethic is excellent.” Another executive from the chemicals and energy industry in Singapore praised the “strong technical know-how and hardworking, capable employees” in finance operations.

However, the survey also raises the question of whether deep skills and hard work are enough. Despite their confidence in their people, four in ten respondents also believe that they are understaffed. And more than half of the respondents—58%— say that finance operations staff often are overwhelmed by the demands placed upon them. A finance manager from a technology company in Singapore says simply that finance is “unable to meet deadlines due to overload.”


Many companies apparently are falling short in the support they provide finance operations, which execute the core financial transactions and processes for a company. Processes are too complex and cumbersome, and the disparate and disconnected technology tools they currently use cannot always keep up with the demands.

The consequences can be disastrous. For example, the controller of a construction company in Asia notes that one of the most serious weaknesses at his company are “payments that lack [sufficient] detail and do not go through, which chokes up the entire system.”

In contrast, the payoffs for better supporting finance operations activities drive directly to the success of a company. A finance transformation leader in the survey points to the ability to “re-invest savings in higher-value business support and analysis activities.” And a CFO from the media/leisure sector writes, simply, “Less time chasing payables would enable more focus on the business operations.”

Read the full report “Build High Performaning Finance Functions”.


This story originally appeared on the SAP Business Trends community.





Improve Intercompany Reconciliation with People, Process and Technology

By Elizabeth Milne, Sr. Director, EPM Product Marketing

Originally posted on SAP Analytics 13 March 2015. Reposted with permission.

As part of our ongoing accounting and financial close series, today we’ll be covering how you can improve your intercompany reconciliation process thus improving your close process.

Intercompany reconciliation can be extremely time-consuming during the close process. Working with people, processes and technology can help improve upon this process. Let’s talk through three steps:

  1. What is intercompany reconciliation?
  2. Two different approaches to process
  3. SAP solutions for intercompany reconciliation 

What Is Intercompany Reconciliation?

In preparation for creating financial reports ,organizations must reconcile activity between its reporting entities. During the consolidation process these amounts must be eliminated so as not to overstate these amounts at the consolidated level.

C2D_Blog5_Image 1

If one entity reports it has a payable with another entity, that entity must record the corresponding receivables. But why, you ask, wouldn’t that be done automatically? Well, in a perfect world it would, but in many organizations it isn’t. Differences may occur for many reasons, including timing of recording transactions, currency exchange rates, or mistakes.

Intercompany Reconciliation Process – The Traditional Approach

Traditionally, corporations will wait until the close of the month when corporate headquarters will collect all intercompany data and run a reconciliation report that matches all entities intercompany activity against each other. Some organizations have consolidation tools that do this, others will do this process manually in Microsoft Excel. Usually this is done at the account level, either at the general ledger (GL) account level or at a summarized intercompany account level.

C2D_Blog5_Image 2

Once the reconciliation report is compiled, it’s then sent back to the individual entities, who then review the report and determine which other entities they don’t agree with, contact them and figure out why they don’t agree. The detail must be reviewed to determine why the discrepancies occurred. This involves going back to the transactional systems and pulling invoices to see which transactions don’t match. Individuals at each of the entities then contact each other by phone or e-mail and decide who will make the corresponding adjustment in order to correct the discrepancy.

Data is then returned back to corporate headquarters for inclusion in the consolidation process. This process is time consuming with manual escalation procedures. It creates a corporate bottleneck with inefficient vertical flow of information.

Intercompany Reconciliation Process – The Peer-To-Peer Approach

This process allows for entities to deal directly with one another in a peer-to-peer fashion. The first key difference is a change in process, with the traditional approach corporate waits until the day of the close (Day 0) to run reconciliation reports to identify discrepancies. With a peer-to-peer approach, entities can start reconciling intercompany balances a week before the close, for example. This shift in the time line removes the reconciliation process from the close’s critical path.

C2D_Blog5_Image 3

In order to facilitate such peer-to-peer interaction, a tool is required to let them share intercompany data. Ideally, such a tool would include the transactional data so that the entities don’t need to go back to the source systems, but can review the detailed level data in a sharing tool. A more manual solution would involve creating a shared server spot where entities could load their data to reconcile; alternatively, there are software solutions available to address such requirements. This new process involves people, process, and technology. Each aspect of the change must be addressed in order to be successful. A new process must be defined, and then shared with the individuals at each entity who oversee intercompany reconciliation. Those people need to embrace the process and execute accordingly. Technology needs to be leveraged to identify the most efficient way to share data.

A peer-to-peer process removes corporate as an obstacle and frees time for central finance staff, allowing for more value-added activities.

SAP Solutions for Intercompany Reconciliation

SAP offers two main solutions:

  1. Intercompany Reconciliation in SAP ERP. This solution is part of the SAP ERP Central Component and thus included in the ERP license.
  2. SAP Intercompany. This solution is part of the SAP Enterprise Performance Management suite. It is included with the license of SAP Financial Consolidation, SAP Business Planning and Consolidation, and the SAP Accounting and Financial Close Bundles.

C2D_Blog5_Image 4

Both solutions can facilitate a peer-to-peer intercompany process that will help provide these benefits:

  • Reliable data – Perform large volumes of balance and invoice matching
  • Faster reporting cycles – Eliminates bottleneck at corporate finance by providing tools to enable business units to resolve differences earlier in the financial close process. The value increases with the number of entities to reconcile.
  • Greater productivity – Resulting in more time for more valuable activities, such as analyzing data and measuring and improving performance

People, processes and technology are all key factors when considering improvement in the close process. All need to be considered dependently to identify the most effective path to success.

Read the other blogs in the accounting and financial close series:

  1. You Want to Improve Your Financial Close Process – Where Do You Start?
  2. The Financial Close and Simple Finance – How Fast Is Fast Enough?
  3. 5 Things to Look for in Lease Accounting Software in Light of New Regulations
  4. 5 Steps to Help Your Organization Prepare for the New Revenue Recognition Standards


Design Symphony: Developing cloud-based planning software around the user experience

By Nico Licht, UX Lead, SAP Cloud for Planning

When designing SAP Cloud for Planning we embraced some basic design principles. In this blog I’d like to share the principles we challenged our global management team with:

It’s not just about function but also DESIGN. About ten years ago Apple published a set of user experience guidelines for their developers. For me, four basic design principles stood out: simplicity, availability, familiarity and forgiveness. Focus on the main use case and have additional features, like previews or preferences, just one click away. Meet the users’ expectations and mental models and allow them to make mistakes without losing data or breaking the system. The designer, Frank Chimero, summarized these basic UX rules quite nicely “People ignore design that ignores people.”


Focus on the users’ job to be done! When I would argue about what development wants, my first UX manager at SAP told me I should always ask “Why is this feature important for the user?” and he added “No use case, no design.” We need to know the job to be done behind a feature request in order to create meaningful mock-ups, screen designs, or code. Ease of use is also a flavour of simplicity. Think of keyboard navigation or a quicker way to maintain access rights. However, simplicity does not mean trivial. Some systems are complex but no system has to be complicated.


Have every additional feature just one click away, and make it easy for the user to determine the location of the next click. For example: the breadcrumb navigation on top, the preferences dialog in the tab bar, or the context sensitive help button we’ll add to the shell. Meaningful titles and labels provide additional orientation and should always appear in the same place. Don’t hide additional features and preferences in unexpected screen areas.


Many concepts in our application are universal. Discussions, spreadsheets, icons, dialogs, and so on are all common UI elements. Ensure that these pieces always look and behave the same and meet the mental model of our users. Everything that looks or feels strange contradicts with the concept of familiarity. I really like the term floor plan. When your house is on fire you need to get out quickly. A good floor plan reveals the quickest way to the next exit. A good application floor plan allows the user to always find the missing features in the expected place. Furthermore, customization features like changing user and background pictures, increase the personal touch. A system showing my data, my company logo, and colleagues’ pictures, already looks more familiar.


Allow the user to make mistakes and try things out without breaking the system or losing data. Let’s enable our users to perform a serious task but with a playful approach. Oscar Wilde said once “Life is too important to be taken seriously.” Sure, we can’t always take responsibility for the users actions. But if we can’t be smart enough to prevent user errors we should provide as much information as possible (e.g. meaningful warnings and system notifications). Our system should be tolerant not ignorant.

It’s not just about focus, it’s about DESIGN SYMPHONY. In his book, A Whole New Mind, Dan Pink refers to a globally spread workforce that “requires focus and specialization”. It’s the same thing in our development organization. We have specialized experts in each and every work stream; all of them doing a great job like the musicians in an orchestra. Everybody is an artist with their own instrument but they need a composed score so that they can play together nicely. However, looking at the ratio of developers and designers in our organization, this is something we only can achieve as a team. Everybody should be concerned about design. This is the guideline that is the score for our symphony, the glue that ties all work streams together. Let’s create beautiful user interfaces, with meaningful functionality that people cannot ignore.

C4P Image

After a relatively short but intensive development process we released SAP Cloud for Planning. And I can truly say I am very proud of the whole team and the design-driven culture that we’ve established. Not every detail is perfectly arranged just yet and we will continue the hard work to enhance the user experience. Nevertheless I believe we’ve delivered an extraordinary application. I’m looking forward to the many exciting conversations to come with users and customers.



Audit and Risk Management – a Winning Combination?

Coffee-break with GameChangers

Don’t stick your nose in someone else’s role – that’s one of the first rules of corporate etiquette. And if you do, be prepared to step up to the plate and take on some of the workload. This is the position internal audit finds itself in as it becomes embedded in enterprise risk management processes. Hear Robert D. Gould, internal audit at Harley Davidson; Thomas Bamberger, chief audit executive at SAP; and Bruce McCuaig, governance, risk, and compliance solutions at SAP, discuss the implications for internal audit’s new role during a recent SAP Game-Changers radiocast.

Allow the role of audit to evolve

Gould makes the case for audit’s evolving position, saying, “Audit can drive heck a lot of value because of our unique insight and role that we play in the voice that we have at the board level.”

Bamberger expands on the change, calling it a natural shift since “Information exchange between the three departments – risk, compliance, and audit – it’s of the utmost imperative to do this on a regular basis. That means the entire audit team is working.” He says they need this symbiotic exchange of information to:

  • Assess early-risk indicators
  • Improve decision preparation
  • Uncover synergy potential
  • Use all these benefits as a method to increase transparency

He goes on to mention new challenges such as cyber security and mergers and acquisitions that challenge the operations and risk management departments.

McCuaig asserts that this is where audit can make the biggest impact – and why this function can’t afford to wait for its invitation to a seat at the table.

Treat audit as a strategic advisor

Changing company culture is no small task – it requires a level of acceptance that starts at the top. Auditors need to bring a high degree of critical and strategic thinking to the role.

McCuaig agrees. “The role of internal audit in risk management is not to just deal with day-to-day operational things. You have to look at the impact on the organization of environmental risk – future risks. I think the role of audit department is to make sure that those emerging external kinds of risks are recognized.”

Gould expands on this point. “I think a critical role we play is to the whole educational awareness side. Management is busy running the business – they don’t have the luxury of stepping back and necessarily seeing the whole process from end to end, and I think that’s a really big value that we can provide from an unbiased perspective.”

In order to understand your business, it is imperative to understand your level of risk. According to McCuaig, “The role of audit in risk management is to identify those events and conditions that can put you out of business slowly.”

The point of this new role for audit is to have the department helping the first line of defense. As this shift takes effect, there is going to be increased demand for advisory services. Companies will see the benefits of assessing risk proactively and bringing insights to help drive change before issues are already there.

Is your business ready to welcome audit into a more strategic role? Listen to the full radiocast to learn more.