Risk prevention in SAP and why this is something you should focus on


As a company that works with risk management and compliance operations, we know that it is often difficult to really argue why you should focus on risk prevention, especially as it is often intangible. Furthermore, it can be difficult for employees to approach their leadership to explain why they should invest in risk management tools. Because while risk management tools ideally should result in preventing malicious things from happening, it also means that a good and well-functioning risk management tool actually ends up being less visible in the organization. In other terms, it does a lot of important work without showing off, meaning that it often does not get the credit that it warrants.

Does this mean that it is completely intangible? Absolutely not. At ComplianceNow we have always looked at good risk management tools and processes as a form of insurance – meaning that they are necessary to have but difficult to place a value on. However, let’s take some evidence and statistics from different fraud cases, and maybe this can help contextualize what you are trying to prevent with SAP risk management tools and place a tangible value on the tools. 

Statistical background

The ACFE compiled an interesting report in 2020 wherein they presented a study based on 2504 fraud cases. They found that these cases alone represented a loss of 3.6 billion USD, and it is estimated that more than 4.5 trillion USD is lost to fraud each year – in percentages that translate to organizations losing an estimated 5% of revenue to fraud each year on average. The same statistic tells us that this equals an average loss of 1.5 million USD per fraud case. In the investigated cases, this was the average loss, while the median loss was 125.000 USD. This is certainly something that most companies would like to avoid. However, the most interesting part in relation to SAP risk management processes lies in the types of fraud and how fraud is usually discovered (or not discovered) 

risk prevention SAP

Asset misappropriation is the most frequent type of fraud and represents 86% of occupational fraud cases            – ranging from skimming to billing fraud. Especially risky asset misappropriation is check and payment tampering and billing fraud. Furthermore, the perpetrators attempt to conceal the fraud by altering electronic documents (27 % of the cases) or by creating fraudulent electronic documents (26 % of the cases). In other words, something that could be prevented with segregation of duties and internal controls – or at the very least could be easily tracked and discovered.  

It is additionally very interesting, that most fraud cases are discovered by leadership being tipped, and very little is discovered by internal controls due to a lack of implemented internal controls in the organization. A lack of internal controls contributed to nearly 1 out of every 3 fraud cases!

Our beliefs and values

We in ComplianceNow believe that having good and efficient risk management processes starts by having the right tools. Tools are necessary, as business landscapes are more and more complex. You simply cannot have a compliant, risk free and transparent organization without the right tools. As this blog has documented, having segregation of duties and internal controls are a very necessary part to prevent fraud and staying compliant. Remember that segregation of duties tools and internal control are not limited to only help with fraud cases, but as demonstrated, if we only look at fraud, these tools already have a great business case in most organizations. In addition to preventing fraud, the tools also help you with reducing costly human error, general overview of documentation, paper trails for auditing and more effective and less costly auditing processes. In fact, all major auditing houses recommend implementing a segregation of duties tool in your organization.

If you are interested in hearing more about CN: Access Control or CN: Internal Control, then contact us for a free 1-hour demo

Follow us on LinkedIn and get instant access to our latest articles and posts on SAP and compliance.

Segregation of Duties

Contact us!

    I hereby consent to my personal data being collected, processed, and used for the purpose of processing my inquiry. I may revoke my consent anytime without stating my reasons for doing so. More information can be found in our privacy policy.

    Rufen Sie uns an
    +49 6173 3363 000

    Schreiben Sie uns


    Find your way to our office in Denmark

    Google Maps

    Mit dem Laden der Karte akzeptieren Sie die Datenschutzerklärung von Google.
    Mehr erfahren

    Karte laden

    Meet the Team