Beruflich Dokumente
Kultur Dokumente
PUBLIC
Document Version: November 2013 1.1
1
Purpose of the Document
Copyright
Copyright 2013 SAP AG. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the
express permission of SAP AG. The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software
components of other software vendors. National product specifications may vary.
These materials are provided by SAP AG and its affiliated companies (SAP Group) for informational
purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for
errors or omissions with respect to the materials. The only warranties for SAP Group products and
services are those that are set forth in the express warranty statements accompanying such products and
services, if any. Nothing herein should be construed as constituting an additional warranty.
SAP and other SAP products and services mentioned herein as well as their respective logos are
trademarks or registered trademarks of SAP AG in Germany and other countries.
2
Purpose of the Document
Icon Meaning
Caution
Example
Note
Recommendation
Syntax
Additional icons are used in SAP Library documentation to help you identify different types of
information at a glance. For more information, see Help on Help General Information Classes and
Information Classes for Business Information Warehouse on the first page of any version of SAP Library.
Typographic Conventions
EXAMPLE TEXT Technical names of system objects. These include report names, program names,
transaction codes, table names, and key concepts of a programming language when
they are surrounded by body text, for example, SELECT and INCLUDE.
Example text Output on the screen. This includes file and directory names and their paths, messages,
names of variables and parameters, source text, and names of installation, upgrade
and database tools.
Example text Exact user entry. These are words or characters that you enter in the system exactly as
they appear in the documentation.
<Example text> Variable user entry. Angle brackets indicate that you replace these words and
characters with appropriate entries to make entries in the system.
EXAMPLE TEXT Keys on the keyboard, for example, F2 or ENTER.
Version History
Release 1.1 SP01 Version 1.1 (November 19, Added section 2.8 Generating a Full-Text Index
2013)
3
Purpose of the Document
Contents
SAP Fraud Management Release 1.1 SP01.............................................................................................. 1
Business Content Documentation for Corruption Detection and Investigation .................................... 1
1 Purpose of the Document ............................................................................................................... 8
2 Installing the Anti-Corruption Compliance Content ...................................................................... 11
2.1 Prerequisite: SAP Fraud Management at Release 1.1 SP01 .................................................. 12
2.2 Prerequisite: Installing the Internal Audit Content ............................................................... 12
2.3 Downloading the Anti-Corruption Files ................................................................................. 14
2.4 Installing, and Executing ABAP Program ZFRA_CREATE_SCN_TABLES ................................. 15
2.5 Downloading and Installing Customizing from BC Sets ......................................................... 16
2.6 Installing SAP HANA Views and Procedures .......................................................................... 16
2.7 Adjusting the SAP Fraud Management Customizing ............................................................. 17
2.8 Generating a Full-Text Index ................................................................................................. 18
3 Customizing Settings for the Anti-Corruption Content ................................................................. 18
3.1 Launchpad Setup ................................................................................................................... 18
3.2 Define Source Domain and Field Settings ............................................................................. 19
3.3 Investigation and Detection Object Types ............................................................................ 20
3.4 Assign Packages for Detection Method Procedures ............................................................. 20
3.5 Define Alert Field Labels ........................................................................................................ 21
3.6 Assign Navigation Targets to Navigation Groups .................................................................. 22
4 Detection Scenario: Detecting Irregularities in Accounting Documents ....................................... 22
4.1 Investigation Object Type: FRA_ACCDOC.............................................................................. 22
4.2 Detection Object Type: FRA_ACCDOC ................................................................................... 23
4.3 Detection Rule: Accounting Documents Posted on Non-Working Days ............................... 24
4.3.1 Use ................................................................................................................................. 24
4.3.2 Investigation and Detection Object Types .................................................................... 24
4.3.3 SAP HANA Procedures for Detection Methods ............................................................. 24
5 Detection Scenario: Detecting Irregularities in Purchase Orders and Purchase Order Items ...... 25
5.1 Investigation Object Type: FRA_PO ....................................................................................... 25
5.2 Detection Object Type: FRA_POHEAD................................................................................... 26
5.3 Detection Object Type: FRA_POITEM ................................................................................... 26
5.4 Detection Rule: Multiple Changes on Purchase Orders ........................................................ 27
4
Purpose of the Document
5
Purpose of the Document
6
Purpose of the Document
7
Purpose of the Document
This document describes the sample business content for SAP Fraud Management for compliance
with anti-corruption laws and regulations such as the Foreign Corrupt Practices Act of 1977 (FCPA
United States of America) as amended by the International Anti-Bribery Act of 1998, or the Bribery
Act 2010 of the United Kingdom.
This is the second edition of this document. The document describes detection technology that is
delivered via download from the SAP Community Network (SCN, http://scn.sap.com) in both Release
1.1 Support Package 00 and Release 1.1 SP01. The document details the following:
The customizing delivered with this content
The SAP HANA objects delivered with this content. The SAP HANA objects include the SAP
HANA views for investigation object types and detection object types, as well as the
procedures that implement detection methods, for finding signs of fraud.
The anti-corruption solution for SAP Fraud Management supports detection and investigation of
potential non-compliance in several different problem scenarios and therefore provides an excellent
starting point for additional content. The sample scenarios and detection methods are shown in the
following tables.
Irregularities in purchase orders and purchase You can find the following irregularities in
order items purchasing and purchase order processing:
The invoice receipt quantity is greater than
the goods received quantity. In purchasing,
it is possible to defraud by invoicing a higher
quantity than is actually received. If, on the
other hand, the quantity of goods received is
higher than ordered, but the invoiced
quantity is correct, then this is not
considered to be fraud.
The amount paid in an invoice is greater
than the amount shown in the relevant
purchase order item.
8
Purpose of the Document
Conflicts of interest in connection with new You can identify new vendors that have the
vendors following characteristics:
Rapid growth in volume of business with
your organization: The turnover in the first
year after the first transaction exceeds a
threshold; the growth in turnover between
the first and second year after the initial
transaction exceeds a threshold
9
Purpose of the Document
Potentially suspicious activity with respect to You can identify one-time vendors (vendors that
one-time vendors are not listed as regular vendors using one-time
accounts) that have either of these
characteristics:
There are many invoices from the one-time
vendor
There postings from a regular vendor to a
one-time account.
Frequent changes in the master data of a vendor You can find vendor master data in which either
(bogus business, flip-flop payee) or both of the following has occurred within a
specified period of time:
The bank data of the vendor has been
changed and then reverted to the original
data (flip-flop bank data).
The Alternative Payee field has been
changed and then reverted to the original
state (flip-flop payee). There are variants of
this detection rule for flip-flop payees within
a company code or across company codes.
Irregularities in payments to vendors You can find the following types of irregularities
in payments to vendors:
Split payments: Many small payments to a
vendor, when the sum of the payments
would exceed a limit on such purchases.
There are invoices without corresponding
purchase orders.
Payments were made to banks in a country
other than that of the vendor in the invoice.
Vendors in high-risk countries as identified in
the lists published by Transparency
International
(http://transparency.org/cpi2012/results)
can be flagged.
An alert is raised on an order to any country
in a user-specified number of the highest
risk countries in the list.
Employees have the same bank data as
regular vendors.
Vendors for whom no banking details are
recorded in the vendor master data.
Reference Document Numbers have been
10
Installing the Anti-Corruption Compliance Content
In Release 1.1, Support Packages SP00 and SP01 of SAP Fraud Management, anti-corruption content
is not provided in the product, but rather is downloadable from the SAP Community Network
(http://wiki.scn.sap.com/wiki/display/GRC/SAP+Fraud+Management). This section explains the
procedures for installing the anti-corruption content provided for Release 1.1 SP01.
Note: If you accept the defaults recommended by SAP when you install the anti-corruption content
for SP01 and if you have not installed the content as provided for Release 1.1 SP00 then you do
not need to make any changes to any content before using the content in SAP Fraud Management.
SAP provides this content at no cost and does not provide maintenance for the content. The SAP
Fraud Management pages in the SAP Community Network (SCN) can be used to exchange
information about the content.
At the SAP Fraud Management page in SCN, you will find the following downloads and information:
11
Installing the Anti-Corruption Compliance Content
The text for ABAP Program ZFRA_CREATE_SCN_TABLES. This program creates a schema in the
SAP HANA database for anti-corruption content. It also creates certain non-replicated tables for
SAP Fraud Management. Further, it creates a mapping from the schema name that you choose to
the default schema, SAP_FRA_SCN, expected by the imported SAP HANA views and procedures.
The downloadable SAP HANA package fra-fcpascn-01 containing the SAP HANA views and
procedures required by the anti-corruption content.
Both the BC Sets and the SAP HANA package are cumulative. That is, they contain all of the anti-
corruption content delivered as of Release 1.1 SP00 as well as new content for Release SP01. You do
not need to install SP00 content and then follow that with a separate installation of SP01 content.
Similarly, this document covers all customizing and SAP HANA objects delivered as of Release 1.1
SP00.
Note: Though the downloadable content offered on this page has been thoroughly checked and
tested, it is not possible to account for all possible constellations at customer sites. SAP therefore
advises you to back up your SAP Fraud Management systems, including the NetWeaver AS ABAP
server and the SAP HANA Database, before installing any of this content. Content should first be
installed on a development or test system. The content should then be transported into production
systems from such a system in order to preclude damage to the production system through direct
uploads.
12
Installing the Anti-Corruption Compliance Content
Technical Configuration: Ensure that you have run the technical configuration task lists for
integrating Internal Audit Content into SAP Fraud Management Release 1.1 SP01, as described in
section 4.7.4 Integration of Internal Audit in the SAP Fraud Management Installation Guide for
Release 1.1 SP01. You can find the guide at the SAP Service Marketplace,
http://service.sap.com/instguides, In-Memory Computing > SAP Fraud Management.
If you have already used the Internal Audit Content with a previous version of SAP Fraud
Management, then you must with care (see the note below) repeat the activation of BC Set
FRA_INTERNAL_AUDIT (transaction SCRP20, SAP Menu > Tools > Customizing > Business
13
Installing the Anti-Corruption Compliance Content
1. Activate BC Set FRA_INTERNAL_AUDIT (transaction SCRP20 SAP Menu > Tools > Customizing
Business Configuration Sets > Activation of Business Sets). Activate the version of
FRA_INTERNAL_AUDIT installed with Release 1.1 SP01 of SAP Fraud Management.
2. Run the technical configuration task lists described in 4.7.4. Integration of Internal Audit in the
SAP Fraud Management Installation Guide at http://service.sap.com/instguides SAP In-Memory
Computing > SAP Fraud Management.
3. Execute the following two eCATTs to create detection strategies and detection methods
(transaction SECATT SAP Menu Tools ABAP Workbench Test Test Workbench Test Tools Extended
CATT ):
o FRA_CREATE_DS_IA
o FRA_CREATE_DM_IA
For more information, see the Internal Audit Content documentation. Menu path:
http://help.sap.com, SAP In-Memory Computing > Innovations for Business Suite > Applications
powered by SAP HANA > SAP Fraud Management > Configuration and Deployment Information >
Business Content Internal Audit Content for SAP Fraud Management.
14
Installing the Anti-Corruption Compliance Content
In the Schema field, the standard default schema SAP_FRA_SCN for the SAP HANA
database, or an alternative schema name of your own choosing.
The program automatically creates a schema mapping from the schema name that you
enter to the default SAP_FRA_SCN schema. SAP_FRA_SCN is set as the default schema in
the anti-corruption views and procedures in the SAP HANA database.
In the HDB field, the database connection to the SAP HANA database. This connection is
maintained in transaction DBCO. It is the same connection that is required for running
the technical configuration in the installation or upgrade procedure.
15
Installing the Anti-Corruption Compliance Content
Note: The program ensures that the SAP HANA user used by the program has the
authorizations needed for the database changes.
Then click Execute to continue running the program.
At successful completion, the program displays the message Tables successfully created. You can
continue to download and install the SAP HANA objects of the anti-corruption content.
Should the report fail, it may be necessary to drop the SAP_FRA_SCN schema and to delete the
schema mapping entry created by the program. These operations are risky and require expert
analysis of the database.
16
Installing the Anti-Corruption Compliance Content
Select the folder of your SAP Fraud Management System as the target for the upload.
17
Customizing Settings for the Anti-Corruption Content
In existing detection method definitions that use downloaded procedures, you must also change the
package specifications to the package of the new download. You can edit detection method
definitions in the SAP Fraud Management user interface.
For a list of the anti-corruption investigation and detection object types that are delivered via
download from SCN, please see the Appendix.
Home
Alerts
ThingInspector Alerts
Detection Facet
Decision Facet
Timeline Facet
Network Analysis Facet
Documentation Facet
Detection Methods
Detection Strategies
Calibration
Calibration Basic
18
Customizing Settings for the Anti-Corruption Content
Navigate To
Tiles (Home Screen)
All Alerts
Tasks
My Alerts
Efficiency
Detection
Top 10 Countries by Number of Alerts
19
Customizing Settings for the Anti-Corruption Content
Notes:
All detection objects use the following calibration application alias: CALIB_BASIC
For all investigation objects, the location of the alert for mapping is determined by the
COMPANY_CODE field.
Additional investigation and detection object types used in the anti-corruption content are delivered
with the Internal Audit content for SAP Fraud Management, as part of the product. These include the
FRA_ONETIM investigation object type and detection object type, the FRA_VENDOR detection object
type, and the FRA_VMDCHG investigation and detection object types.
For more information, see the Customizing for Maintain Investigation and Detection Object Type
under SAP Customizing Implementation Guide > SAP Fraud Management > Basic Settings.
20
Customizing Settings for the Anti-Corruption Content
The SAP HANA packages shown in the table all belong to Source Domain INTERNAL. For each
detection object type, there is a SAP HANA package for selection procedures, a package for execution
procedures, and a package for additional information procedures.
For more information, see the Customizing for Assign Packages for Detection Method Procedures
under SAP Customizing Implementation Guide > SAP Fraud Management > Detection.
FRA_POITEM fcpascn-01.dt.purchaseorders.item.se
fcpascn-01.dt.purchaseorders.item.ex
fcpascn-01.dt.purchaseorders.item.ai
FRA_POHEAD fcpascn-01.dt.purchaseorders.header.ex
fcpascn-01.dt.purchaseorders.header.ai
fcpascn-01.dt.purchaseorders.header.se
FRA_VMDCHG fcpascn.01.dt.vendormasterchng.se
fcpascn-01.dt.vendormasterchng.ex
fcpascn-01.dt.vendormasterchng.ai
FRA_INVOIT fcpascn-01.dt.vendor.se
fcpascn-01.dt.vendor.ex
fcpascn-01.dt.vendor.ai
FRA_INVOIC fcpascn-01.dt.invoice.se
fcpascn-01.dt.invoice.ex
fcpascn-01.dt.invoice.ai
FRA_ACCDOC fcpascn-01.dt.accdocument.ai
fcpascn-01.dt.accdocument.ex
fcpascn-01.dt.accdocument.se
FRA_VENDOR fcpascn-01.dt.vendormaster.se
fcpascn-01.dt.vendormaster.ex
fcpascn-01.dt.vendormaster.ai
21
Detection Scenario: Detecting Irregularities in Accounting Documents
Logical Port Name Installation-specific. You must set up the logical port name
if you implement online detection. For more information,
search for Setting Up Online Detection in the SAP Fraud
Management System at the SAP Help Portal,
http://help.sap.com.
22
Detection Scenario: Detecting Irregularities in Accounting Documents
DOCUMENT_NUMBER as Key 2
FISCAL_YEAR as Key 3
23
Detection Scenario: Detecting Irregularities in Accounting Documents
MANDT (table BKPF) BUKRS (table BKPF) USNAM (table BKPF) IDENT (table TFACS)
100 1000 01
In these entries, Factory Calendar 01 is used for all users who posted documents in company code
1000, except for user ASCHMIDT. Documents posted by this user in company code 1000 are checked
against factory calendar 02.
24
Detection Scenario: Detecting Irregularities in Purchase Orders and Purchase Order Items
Additional views:
AT _C_USER_FCA: Attribute view on table FRA_C_USER_FCA
Logical Port Name Installation-specific. You must set up the logical port name if you
implement online detection.
For more information, see Setting Up Online Detection in the SAP
Fraud Management System at the SAP Help Portal,
http://help.sap.com/fra under this URL:
http://help.sap.com/saphelp_fra110/helpdata/en/54/ca6fbe239d
4bc59d3f168e8e8eba9c/content.htm?frameset=/en/63/e706ff12f
5438b85adf61c3baf580a/frameset.htm .
25
Detection Scenario: Detecting Irregularities in Purchase Orders and Purchase Order Items
26
Detection Scenario: Detecting Irregularities in Purchase Orders and Purchase Order Items
CDHDR
LFA1
Informatio NF 01.dt.purchaseorders.header.a
n i
Parameters:
THRESHOLD_NR_CHANGES: Limit on allowed number of changes (eg. 5) on a purchase order.
5.5 Detection Rule: Address Screening for Politically Exposed Persons (PEP
List)
5.5.1 Use
This rule screens the partner addresses listed in a purchase order against a PEP (Politically Exposed
Persons) list. The detection result is 100 if a hit is found against an entity in the list.
The list must be downloaded from an external data provider such as Dow Jones. It must be uploaded
to table FRA_D_SLISTS using SAP BusinessObjects Data Services.
Screening may be controlled by the following parameters:
Fuzziness: An error tolerance factor on the scale of 1 to 100. The parameter controls the
sensitivity of the match. For example: The name Torsten Holsh will not match Thorsten Hlsh
with a fuzziness of 90, but it will produce a hit if the fuzziness is set to 80. The recommended
setting is in the range of 80 to 100. A lower fuzziness factor may produce too many false
positives.
Aliases: Aliases or term mappings can be used to extend the search by adding additional search
terms. These terms must be uploaded to the table FRA_C_TERMMAPPIN before starting a PEP
search.
The fields of the table are described briefly below in Tables Used. For a detailed explanation of
term mapping, please see the documentation at the following site:
http://help.sap.com/hana/hana_dev_en.pdf
Exclusion terms: Exclusion terms or stop words are words that you wish to exclude from a
search. Certain words, such as AG, Limited, Airlines etc. are common words and do not add
any value in search. The stop word list can be defined in table FRA_C_STOPWORD.
The fields of the table are described briefly below in Tables Used. For a detailed explanation of
stop words, please see the documentation at the following site:
http://help.sap.com/hana/hana_dev_en.pdf
Initials: Activate check using initials in names. Some names may be maintained with initials only.
To find a hit against such name entries, this flag must be activated. For example: The name D. I.
Kaskar produces a hit against Dawood Ibrahim Kaskar if the Initials flag is turned on.
List ID: Different types of lists, such as a PEP list, a Sanction List etc. can be uploaded to the
system, into table FRA_D_SLISTS. Each list is identified by a List ID. You can specify the List ID
against which you would like to screen. You can create different strategies for different list types
and hence support different search setups. For example, you can use a detection strategy that
checks against a sanction list to block transactions in feeder systems. And you could use
screening against a PEP List for creation of alerts locally in the SAP Fraud Management system.
28
Detection Scenario: Detecting Irregularities in Purchase Orders and Purchase Order Items
EKPO
EKKO
LFA1
ADRC
FRA_D_SLISTS (PEP lists)
Notes:
Field LIST_ID identifies a particular PEP List and allows a list to be selected for address
screening.
Field ENTITY_ID is the sources ID of an entry in a PEP List.
Field ITEM_ID is a sequential number that identifies a PEP entry in the context of SAP Fraud
Management. ITEM_ID removes the requirement that ENTITY_ID, over which the application
has no control, must be unique to avoid key collisions.
Fields BIRTHDATE, DECEASEDATE, REGIDATE, BIRTHPLACE: These fields contain optional
information on a PEP entity of type PERSON.
Field REGIDATE is the date of registration of a company. (An entity could be a person or
company. If an entry is for a person, then the fields BIRTHDATE, DECEASEDATA, BIRTHPLACE
are filled and incase of company REGIDATE is filled).
Field ACTIVE must be set, or a PEP entry is not used in a search.
Field ENTITY_STATUS must be set to 1 (Active) or a PEP entry is not used in a search.
FRA_C_STOPWORD (Optional: Words to exclude from searches)
Certain terms are too generic like AG, Corporation, Ltd etc. which are of no significance in
address screening and shall therefore be eliminated from search. Such terms can be included in
this table.
You must load this table yourself from the SAP HANA Studio, if you wish to use it. The fields of
the table are as follows:
STOPWORD_ID: The key for an entry, a GUID
TERM_1: The string from a PEP list entry that is to be supplemented with an alias in PEP list
searches
TERM_2: The alias string with which to supplement an entry in a PEP list search
WEIGHT: A value between 0 and 1 that expresses the significance of an alias with respect to a
search term. A higher WEIGHT increases the score returned by a hit, as a percentage of the
score for a direct hit with a PEP entry.
Parameters:
FUZZINESS: Factor to control sensitivity of match (1-100, recommended 80-100, higher values
less fuzziness, a more precise search). Example: The name Torsten Holsh will not match
Thorsten Hlsh with a fuzziness of 90, but it will produce a hit if the fuzziness is set to 80. The
recommended setting is in the range of 80 to 100. A lower fuzziness factor may produce too
many false positives.
ALIASES: Activate additional terms during screening Certain persons and organizations have
multiple names or aliases. These can be defined in system and are then considered during match
process. See table FRA_C_TERMMAPPIN in Tables Used, above.
INITIALS: Activate check on Name Initials. Example: If INITIALS is activated, then the string D. H.
Lawrence in the data will trigger a hit for the PEP List entry David Herbert Lawrence.
30
Detection Scenario: Detecting Irregularities in Purchase Orders and Purchase Order Items
5.6 Detection Rule: Purchase Order Item with Vendor from High-Risk Country
5.6.1 Use
This detection rule lets you find vendors in purchase order item that are located in a high-risk
country. High-risk countries are those identified in the lists published by Transparency International
(for example, http://transparency.org/cpi2012/results). Both regular vendors with master data and
one-time vendors are evaluated by the rule.
An alert is raised on an order to any country in a user-specified number of the highest risk
countries by rank in the list. Messages providing detailed information about the purchase order item
and each suspicious vendor or partner are available in the Alert Details facet in the user interface.
The number of countries to check is specified in the RANK_LIMIT parameter of a detection method
and is evaluated as rankings of high-risk countries. Since several countries may have the same rank
(for example, at this writing, Afghanistan, North Korea, and Somalia all share the ranking 174), more
than the user-specified number of countries may actually be selected for evaluation.
To use the high-risk evaluation, you must do the following:
1. Download the spreadsheet list of high risk countries provided by Transparency International
(http://transparency.org).
2. If the spreadsheet does not include the ISO country codes, then add the two-character ISO codes
(US, DE, ) to the spreadsheet.
3. Upload the spreadsheet into table FRA_D_HR_COUNTRY in the SAP HANA database with the SAP
HANA Modeller.
Here is a sample of a finished spreadsheet:
31
Detection Scenario: Detecting Irregularities in Purchase Orders and Purchase Order Items
EKPA
EKPO
EKKO
LFA1
ADRC
TPART
FRA_D_HR_COUNTRY (List of high-risk countries; for more information, see the Use section,
above)
Parameters:
RANK_LIMIT: Number of top ranks in the Transparency International list to use in the detection
run. If more than one country has the same rank, then all countries at that rank are used in the
detection run. RANK_LIMIT 5 would select all countries in the top five ranks of the Transparency
International list.
32
Detection Scenario: Detecting Irregularities in Purchase Orders and Purchase Order Items
MSEG
RSEG
33
Detection Scenario: Detecting Irregularities in Purchase Orders and Purchase Order Items
Parameters:
THRESHOLD_QUANTITY: Indicates in percent how much higher the quantity in the invoice may be
than the quantity to which it is being compared.
The functionality is restricted to purchase order items of the category Standard (PSTYP = 0).
Amount values (e.g. purchase order item net value, invoice net value, risk value) are rounded to
two decimal places.
34
Detection Scenario: Detecting Irregularities in One-Time Vendor Accounts
EKKO
EKPO
RSEG
Parameters:
THRESHOLD_AMOUNT: Indicates how much the amount in the purchase order item may exceed
the amount to which it is compared in the invoice document. All amounts are converted into the
currency of the company code so that the amounts are compared in the same currency
35
Detection Scenario: Detecting Irregularities in Vendor Master Data Changes
Logical Port Name Installation-specific. You must set up the logical port name
if you implement online detection. For more information,
search for Setting Up Online Detection in the SAP Fraud
Management System at the SAP Help Portal,
http://help.sap.com.
36
Detection Scenario: Detecting Irregularities in Vendor Master Data Changes
7.4 Detection Rule: Alternate Payee in Vendor Master Data (Flip-Flop Payee)
7.4.1 Use
This check belongs to the detection object type FRA_VMDCHG (Vendor Master Data Change), as
delivered with SAP Fraud Management 1.0 SP01. The calculation views of that detection object type
are used. The anti-corruption content also reuses the detection method and associated SAP HANA
procedures for detecting changes to vendor master data, for example, for detecting changes to the
bank data of a vendor (flip-flop bank data). For more information on the Internal Audit content, see
the SAP Help Portal (http://help.sap.com/fra) under Configuration and Deployment Information >
Business Content > Internal Audit Content for SAP Fraud Management.
The detection rule comes in company-code specific and cross company code variants.
7.4.2.1 Use
The detection rule reads the master data changes of vendors and checks whether, within a given
period of time:
A previous change of the field Alternative Payee exists for the same vendor, and
Whether this change has been reversed by the current change (cross company code wide).
These checks are made across the company codes of an enterprise.
37
Detection Scenario: Detecting Irregularities in Vendor Master Data Changes
If these conditions apply, then the rule checks whether any invoices have been paid during the
period of time in which the alternative payee was changed. The detection result is 50 for changes
without payments and 100 for changes with payments. The risk value is the aggregated payment
amount in the investigation currency.
Parameters:
REVIEW_PERIOD_IN_DAYS: Period in days in which changes to previous changes to the
alternative payee are to be sought.
7.4.3.1 Use
The detection rule reads the master data changes of vendors and checks whether, within a given
period of time:
A previous change of the field Alternative Payee exists for the same vendor, and
Whether this change has been reversed by the current change (cross company code wide).
These checks are made within a single company code.
38
Detection Scenario: Detecting Irregularities in Vendor Data and Transactions
If these conditions apply, then the rule checks whether any invoices have been paid during the
period of time in which the alternative payee was changed. The detection result is 50 for changes
without payments and 100 for changes with payments. The risk value is the aggregated payment
amount in the investigation currency.
Parameters:
REVIEW_PERIOD_IN_DAYS: Period in days in which changes to the alternative payee are to be
sought.
The investigation object type and associated SAP HANA views and procedures for this scenario are
provided with the Internal Audit Content of SAP Fraud Management, delivered as part of the product
with Release 1.0 SP02. Additional rules for detection object FRA_VENDOR as well as new detection
object types and detection rules have been added with the downloadable anti-corruption content.
39
Detection Scenario: Detecting Irregularities in Vendor Data and Transactions
Logical Port Name Installation-specific. You must set up the logical port name
if you implement online detection. For more information,
search for Setting Up Online Detection in the SAP Fraud
Management System at the SAP Help Portal,
http://help.sap.com.
SAP HANA Enrichment View Name CA_VENDOR_INV_OBJ: View to select vendors across all
company codes (from table LFA1) to be used as
investigation objects. Uses additional information from the
company code table (T001).
The creation date per vendor is computed as the earliest
date in the first calendar period that the vendor has
turnover (in table LFC1) in any company code. This
algorithm ensures that the creation date does not
correspond to the creation date in LFA1, but to the date on
which the vendor first has turnover.
This view provides the following Additional ID fields:
VENDOR as Key 1
VENDOR_AUTH_GROUP for authorizing access to alerts
VENDOR_NAME1 as Additional ID 1 in alerts
COUNTRY_CODE as Additional ID 2 in alerts
CREATION_DATE as the Additional Date field in alerts
COMPANY_CODE as the Location field for geo-mapping
40
Detection Scenario: Detecting Irregularities in Vendor Data and Transactions
DOCUMENT_NUMBER as Key 2
FISCAL_YEAR as Key 3
DOCUMENT_NUMBER as Key 2
FISCAL_YEAR as Key 3
ITEM_NUMBER as Key 4
CREATING_DATE as the parameter for temporal
selection
41
Detection Scenario: Detecting Irregularities in Vendor Data and Transactions
SAP HANA Selection View CA_VENDOR_DET_OBJ: View on vendors per company code
(table LFB1) to be used as detection objects, using
additional information from the vendor table (table LFA1).
The creation date per vendor and company code is
computed as the minimum date of the first period that the
vendor has a turnover (in table LFC1). This way the creation
date does not correspond to the creation date in
LFA1/LFB1, but to the date the vendor has the first
turnover in the company code.
The view offers the following selection parameters:
COMPANY_CODE as Key 1 and as a selection parameter
for use in maintenance and calibration
VENDOR as Key 2
INTERCOMPANY Company ID of trading partner taken
from LFA1 (VBUND)
42
Detection Scenario: Detecting Irregularities in Vendor Data and Transactions
BKPF
BSEG
SWOTIP
SWW_WI2OBJ
SWWWIHEAD
T001
The currency conversion uses the standard conversion at average type of type M and the
business posting dates of the invoice.
The functionality is restricted to invoice items that have the posting keys Invoice, Reverse Credit
Memo ('31' OR '32'), which are not intercompany, Account Type Vendor, and with
Debit/Credit Indicator Credit.
43
Detection Scenario: Detecting Irregularities in Vendor Data and Transactions
Parameters:
THRESHOLD_AMOUNT: Indicates the minimum amount of an invoice item which will be
investigated. If the invoice item amount is smaller than the threshold amount, then the invoice is
ignored. The threshold amount is converted into the currency of the posting area defined by the
company code in order to compare the amounts in the same currency.
44
Detection Scenario: Detecting Irregularities in Vendor Data and Transactions
The risk amount is defined as the sum of the amounts of the selected invoice items of the vendor.
Supplementary notes:
The currency conversion uses the standard conversion at average type of type M.
The functionality is restricted to invoice items with posting keys Reverse Invoice, Credit Invoice,
Invoice, Reverse Credit Memo ('21' OR '22' OR '31' OR '32') that are not intracompany,
and Account Type Vendor.
Alerts are created only for invoice items with posting key Invoice and Reverse Credit Memo.
T001
TCUR tables for currency conversion
Parameters:
THRESHOLD_SINGLE: The maximum amount of an invoice item that is investigated. If the invoice
item amount exceeds this threshold, then the invoice item is ignored for detection purposes. All
amounts (threshold and invoice item amounts) are converted into the currency of the company
code in order to compare the amounts in the same currency.
THRESHOLD_SINGLE_CURRENCY: The currency of the threshold single amount.
THRESHOLD_SUM: The amount that the sum of the invoice items of a vendor must exceed to
indicate suspicion of split invoices. If the sum of the invoice item amounts for the vendor is lower
than this threshold, then the invoice items are deemed to be not suspicious. All amounts are
45
Detection Scenario: Detecting Irregularities in Vendor Data and Transactions
converted into the currency of the company code in order to compare the amounts in the same
currency.
THRESHOLD_SUM_CURRENCY: Sets the currency of the threshold sum amount.
Parameters:
FUZZINESS: Factor to control sensitivity of match (1-100, recommended 80-100, higher values
less fuzziness, a more precise search). Example: The name Torsten Holsh will not match
Thorsten Hlsh with a fuzziness of 90, but it will produce a hit if the fuzziness is set to 80. The
recommended setting is in the range of 80 to 100. A lower fuzziness factor may produce too
many false positives.
46
Detection Scenario: Detecting Irregularities in Vendor Data and Transactions
47
Detection Scenario: Detecting Irregularities in Vendor Data and Transactions
Turnover in first year after first transaction with a new vendor exceeds a threshold
48
Master Data: Detection Strategies and Detection Methods
Growth in purchasing volume between first and second year after the first transaction with a
new vendor exceeds threshold
10 Appendix
More than one use of a document reference number for the same vendor
Vendor without bank details.
The following table shows when each of the detection rules in the anti-corruption content for SAP
Fraud Management has become available.
49
Appendix
One-Time Vendors Multiple postings to the same Release 1.0 SP02 as part of the
one-time account product Business Content for
Internal Audit
Irregularities with New Vendors Volume of business in first year Release 1.0 SP02 as part of the
after initial transaction exceeds product Business Content for
threshold Internal Audit
50
Appendix
Irregularities in vendor master Flip-flop bank data in vendor Release 1.0 SP02 as part of the
data master record changes to product Business Content for
bank data in record Internal Audit
FRA_VMDCHG Vendor Master Data Release 1.0 SP02 No, part of product
Change
51
Appendix
52