How top-enterprise finance teams
uncover risks by leveraging technology to mine SAP data

Everyone knows that CFOs carry a lot of weight on their shoulders. They are personally responsible for any violations, problems, or risks created by the internal processes that govern their respective company’s financial operations. It’s their career that’s on the line if any concerns are raised regarding the business’s true health, recent investments, debt covenants, and other issues.
A KPMG survey showed that ICFR (Internal Control over Financial Reporting) is the #1 issue keeping most financial executives up at night. Many are worried that their financial reports do not necessarily have the appropriate mechanisms to ensure reliability and accuracy. 

Source: KPMG

The Obstacles to Uncovering Hidden Risks

Audits are not performed just to detect or prevent fraud. Audits are performed to increase the value and credibility of financial statements by providing an objective, independent review that ensures that they are a fair and accurate reflection of the transactions they represent. In fact, today, the most common way of detecting fraud is by receiving “tips” – usually from employees, vendors, or customers… Organized methodologies for detecting and averting internal fraud and providing organizations with the reassurances they need are not prevalent in the current business landscape.

Take a look at the image below: According to ACFE’s 2020 global study on occupational fraud and abuse, Report to the Nations, 40% of known fraud cases were detected by tips from whistleblowers, while only 15% were uncovered by internal audit methodologies (!!). All of this means that a fundamental shift needs to take place in traditional audit mechanisms, as they are not capable — nor were they designed to — efficiently uncover fraud

Source: Report To The Nation

The Way Forward

As the saying goes, ‘necessity is the mother of invention,’ and there’s absolutely no doubt that the complex situation described above demands great innovation to move forward. With digital technologies transforming the face of traditional industries and businesses, it’s clear that the enterprise finance department is no different. 

PWC claims that digital technologies are changing common control procedures and the overall control environment, risk management, and audit. Automated Risk Mining is one such technology. This innovative approach to internal auditing unravels complex financial procedures by mining data from an enterprise’s SAP platform to extract and map hidden processes and to uncover loopholes, vulnerabilities, and risks. 

I am biased, true, but the story of Datricks is a good demonstration. Datricks enables teams in SAP-driven organizations to gain complete visibility over their internal processes and gain specific insights and alerts. An easy-to-use, fully automated platform leverages advanced risk mining and AI technologies to analyze an organization’s SAP data and empower fast, accurate, real-time risk mitigation and continuous process control. Primary benefits include:

• Data-driven analysis: Unbiased, real-time data-driven insights are derived from a wide range of data, enabling a holistic view of risks alongside other advanced business intelligence capabilities.
• Fully automated process: Eliminates manual processes and automatically discovers procedures and the relationships between them, so that auditors can focus on key business metrics and other areas that call for professional judgment.
• Risk-mining insights: Focuses on data in the audit cycle to highlight how processes are really performing, so that auditors can be quicker to detect risks and potential control failures and inefficiencies.
• Advanced AI and machine learning: Enables a significant increase in testing cover, accuracy, and efficiency while providing real-time analysis of complex procedures.

SAP-driven enterprises implement this solution to gain full visibility into their internal processes and gain numerous benefits, without a complex IT implementation or the need to use manual, labor-intensive risk-mining tactics. 

For example, Segregation of Duties (SoD) ensures that different individuals handle different procurement process stages. SoD conflicts in the digitized world are often translated into account access permissions. Solutions like Datricks solve this issue in an elegant way by automating manual procedures such as reviewing roles and processes and flagging actual SoD violations in real-time, ensuring that SAP access controls and transaction permissions match standard SoD requirements. 

Another pressing issue solved by technology is finding duplicate invoices payments, often caused by poor master data management and error-prone manual invoice management procedures. Duplicate invoices can cause organizations to pay for the same service/product twice and spend resources trying to rectify the mistake. 

Datricks can eliminate duplicate invoices via continuous monitoring, including invoice control and alerts on suspected duplicates. Risk mitigation by using technology to minimize risks is a cornerstone of sound financial operations. 

In an SAP system, these risks can include internal issues like compliance and external threats from hackers seeking to exploit vulnerabilities. These vulnerabilities are often caused by ineffective custom object controls, misaligned application controls, improper SoD, poor contractor/vendor management and processes, and more. Datricks enables organizations to perform ongoing audits where any deviation from baseline system behavior is immediately detected and alerted upon. Any anomaly or improper conduct is instantly reported to the organization to address the issue quickly.

Summary

Today’s financial executives’ biggest concern has to do with internal compliance issues that often lead to fraud. Internal audits simply weren’t designed to contend with fraud detection and offer limited, ineffective fraud prevention measures. In fact, and as mentioned above, the overwhelming majority of known fraud cases are detected via tips from whistleblowers.

 Advanced process-mining technologies enable organizations using SAP systems to perform automated, unbiased, ever-lasting analyses of their internal processes and controls, and in real-time. Using AI and machine learning, problematic processes are identified, and alerts are created, helping organizations deal with issues ranging from duplicate invoices to risk mitigation and SoD conflicts. Not less important, technology helps CFOs sleep better at night.risk