SAP Fraud Management Anti-Corruption Content Rel11 SP01

Purpose of the Document
SAP Fraud Management Release 1.1 SP01

Business Content Documentation for
Corruption Detection and Investigation
PUBLIC
Document Version: November 2013 1.1
1
Copyright
Copyright 2013 SAP AG. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the
express permission of SAP AG. The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software
components of other software vendors. National product specifications may vary.
These materials are provided by SAP AG and its affiliated companies (SAP Group) for informational
purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for
errors or omissions with respect to the materials. The only warranties for SAP Group products and
services are those that are set forth in the express warranty statements accompanying such products and
services, if any. Nothing herein should be construed as constituting an additional warranty.
SAP and other SAP products and services mentioned herein as well as their respective logos are
trademarks or registered trademarks of SAP AG in Germany and other countries.
Please see http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional

trademark information and notices.
2
Icons in Body Text
Icon Meaning
Caution
Example
Note
Recommendation
Syntax
Additional icons are used in SAP Library documentation to help you identify different types of
information at a glance. For more information, see Help on Help General Information Classes and
Information Classes for Business Information Warehouse on the first page of any version of SAP Library.
Typographic Conventions
Type Style Description

Example text Words or characters quoted from the screen. These include field names, screen titles,
pushbuttons labels, menu names, menu paths, and menu options.
Cross-references to other documentation.
Example text Emphasized words or phrases in body text, graphic titles, and table titles.
EXAMPLE TEXT Technical names of system objects. These include report names, program names,
transaction codes, table names, and key concepts of a programming language when
they are surrounded by body text, for example, SELECT and INCLUDE.
Example text Output on the screen. This includes file and directory names and their paths, messages,
names of variables and parameters, source text, and names of installation, upgrade
and database tools.
Example text Exact user entry. These are words or characters that you enter in the system exactly as
they appear in the documentation.
<Example text> Variable user entry. Angle brackets indicate that you replace these words and
characters with appropriate entries to make entries in the system.
EXAMPLE TEXT Keys on the keyboard, for example, F2 or ENTER.
Version History
Version Major Changes
Release 1.1 SP01 Version 1.1 (November 19, Added section 2.8 Generating a Full-Text Index
2013)
3
Contents
SAP Fraud Management Release 1.1 SP01.............................................................................................. 1
Business Content Documentation for Corruption Detection and Investigation .................................... 1
1 Purpose of the Document ............................................................................................................... 8
2 Installing the Anti-Corruption Compliance Content ...................................................................... 11
2.1 Prerequisite: SAP Fraud Management at Release 1.1 SP01 .................................................. 12
2.2 Prerequisite: Installing the Internal Audit Content ............................................................... 12
2.3 Downloading the Anti-Corruption Files ................................................................................. 14
2.4 Installing, and Executing ABAP Program ZFRA_CREATE_SCN_TABLES ................................. 15
2.5 Downloading and Installing Customizing from BC Sets ......................................................... 16
2.6 Installing SAP HANA Views and Procedures .......................................................................... 16
2.7 Adjusting the SAP Fraud Management Customizing ............................................................. 17
2.8 Generating a Full-Text Index ................................................................................................. 18
3 Customizing Settings for the Anti-Corruption Content ................................................................. 18
3.1 Launchpad Setup ................................................................................................................... 18
3.2 Define Source Domain and Field Settings ............................................................................. 19
3.3 Investigation and Detection Object Types ............................................................................ 20
3.4 Assign Packages for Detection Method Procedures ............................................................. 20
3.5 Define Alert Field Labels ........................................................................................................ 21
3.6 Assign Navigation Targets to Navigation Groups .................................................................. 22
4 Detection Scenario: Detecting Irregularities in Accounting Documents ....................................... 22
4.1 Investigation Object Type: FRA_ACCDOC.............................................................................. 22
4.2 Detection Object Type: FRA_ACCDOC ................................................................................... 23
4.3 Detection Rule: Accounting Documents Posted on Non-Working Days ............................... 24
4.3.1 Use ................................................................................................................................. 24
4.3.2 Investigation and Detection Object Types .................................................................... 24
4.3.3 SAP HANA Procedures for Detection Methods ............................................................. 24
5 Detection Scenario: Detecting Irregularities in Purchase Orders and Purchase Order Items ...... 25
5.1 Investigation Object Type: FRA_PO ....................................................................................... 25
5.2 Detection Object Type: FRA_POHEAD................................................................................... 26
5.3 Detection Object Type: FRA_POITEM ................................................................................... 26
5.4 Detection Rule: Multiple Changes on Purchase Orders ........................................................ 27
4
5.4.1 Use ................................................................................................................................. 27

5.4.3 Tables Used ................................................................................................................... 27
5.5 Detection Rule: Address Screening for Politically Exposed Persons (PEP List) ..................... 28
5.5.1 Use ................................................................................................................................. 28
5.5.3 Tables Used ................................................................................................................... 29
5.6 Detection Rule: Purchase Order Item with Vendor from High-Risk Country ........................ 31
5.6.1 Use ................................................................................................................................. 31
5.6.3 Tables Used ................................................................................................................... 32
5.7 Detection Rule: Purchase Invoice Greater Than Goods Received......................................... 33
5.7.1 Use ................................................................................................................................. 33
5.7.3 Tables Used ................................................................................................................... 33
5.8 Detection Rule: Purchase Order Overpaid ............................................................................ 34
5.8.1 Use ................................................................................................................................. 34
5.8.3 Tables Used ................................................................................................................... 35
6 Detection Scenario: Detecting Irregularities in One-Time Vendor Accounts ................................ 35
7 Detection Scenario: Detecting Irregularities in Vendor Master Data Changes ............................. 36
7.1 Investigation Object Type: FRA_VMDCHG ............................................................................ 36
7.2 Detection Object Type: FRA_VMDCHG ................................................................................. 36
7.3 Detection Rule: Vendor Bank Data Change (Flip-Flop Vendor)............................................. 37
7.4 Detection Rule: Alternate Payee in Vendor Master Data (Flip-Flop Payee).......................... 37
7.4.1 Use ................................................................................................................................. 37
7.4.2 Alternative Payee (Flip-Flop Payee) Cross Company Code......................................... 37
7.4.3 Detection Rule: Alternative Payee (Flip-Flop Payee) Company-Code Specific ........... 38
5
8 Detection Scenario: Detecting Irregularities in Vendor Data and Transactions ........................... 39

8.1 Investigation Object Type: FRA_VENDOR ............................................................................. 40
8.2 Detection Object Type: FRA_INVOIC ..................................................................................... 40
8.3 Detection Object Type: FRA_INVOIT ..................................................................................... 41
8.4 Detection Object Type: FRA_VENDOR .................................................................................. 41
8.5 Detection Rule: Duplicate Invoice Reference Numbers ........................................................ 42
8.5.1 Use ................................................................................................................................. 42
8.5.3 Tables Used ................................................................................................................... 42
8.6 Detection Rule: Invoice Without Purchase Order Reference ................................................ 43
8.6.1 Use ................................................................................................................................. 43
8.6.3 Tables Used ................................................................................................................... 44
8.7 Detection Rule: Split Invoices Exceed Limit........................................................................... 44
8.7.1 Use ................................................................................................................................. 44
8.7.3 Tables Used ................................................................................................................... 45
8.8 Detection Rule: Suspicious Keywords in Invoice Item Texts ................................................. 46
8.8.1 Use ................................................................................................................................. 46
8.9 Detection Rule: Divergent Vendor Country and Payment Country ...................................... 47
8.9.1 Use ................................................................................................................................. 47
8.9.3 Tables Used ................................................................................................................... 47
8.10 Detection Rule: Vendor Without Bank Data ......................................................................... 47
8.10.1 Use ................................................................................................................................. 47
8.10.3 Table Used ..................................................................................................................... 47
6

8.11 Detection Rule: Employees with Same Bank Data as Vendor ............................................... 48
8.11.1 Use ................................................................................................................................. 48
8.11.3 Table Used ..................................................................................................................... 48
8.12 Detection Rules: Conflict of Interest With New Vendors ...................................................... 48
8.12.1 Use ................................................................................................................................. 48
9 Master Data: Detection Strategies and Detection Methods ......................................................... 49
10 Appendix.................................................................................................................................... 49
10.1 Availability of Detection Rules by Release ............................................................................ 49
10.2 Detection and Investigation Object Types of the Anti-Corruption Content ......................... 51
7
1 Purpose of the Document
This document describes the sample business content for SAP Fraud Management for compliance
with anti-corruption laws and regulations such as the Foreign Corrupt Practices Act of 1977 (FCPA
United States of America) as amended by the International Anti-Bribery Act of 1998, or the Bribery
Act 2010 of the United Kingdom.
This is the second edition of this document. The document describes detection technology that is
delivered via download from the SAP Community Network (SCN, http://scn.sap.com) in both Release
1.1 Support Package 00 and Release 1.1 SP01. The document details the following:
The customizing delivered with this content
The SAP HANA objects delivered with this content. The SAP HANA objects include the SAP
HANA views for investigation object types and detection object types, as well as the
procedures that implement detection methods, for finding signs of fraud.
The anti-corruption solution for SAP Fraud Management supports detection and investigation of
potential non-compliance in several different problem scenarios and therefore provides an excellent
starting point for additional content. The sample scenarios and detection methods are shown in the
following tables.
Detection Technology: Irregularities in Accounting Documents
Accounting irregularities Accounting documents posted on exceptional

dates.
Accounting staff normally work only on the
customary business workdays.
You can detect accounting documents posted
on non-working days (weekends, public holidays
and individually defined holidays) as customized
in the applicable standard SAP factory calendar.
Detection Technology: Irregularities in Purchasing Orders and Purchase Order

Items
Irregularities in purchase orders and purchase You can find the following irregularities in
order items purchasing and purchase order processing:
The invoice receipt quantity is greater than
the goods received quantity. In purchasing,
it is possible to defraud by invoicing a higher
quantity than is actually received. If, on the
other hand, the quantity of goods received is
higher than ordered, but the invoiced
quantity is correct, then this is not
considered to be fraud.
The amount paid in an invoice is greater
than the amount shown in the relevant
purchase order item.
8
Multiple changes to purchase orders

When a purchase order is created, a limited
number of changes may be expected after
the purchase order has been saved. If
however the number of changes exceeds a
defined limit, then the legitimacy of the
changes that have been made needs to be
verified.
The detection method multiple changes on
purchase orders detects those purchase
orders in which a defined limit of changes
was exceeded.
Address screening of purchase orders using
Politically Exposed Persons (PEP) lists.
You can screen partner addresses in
purchase orders against different lists such
as the PEP (Politically exposed persons) list
or the sanctioned party list. External data
providers provide these lists, which can be
uploaded to the SAP Fraud Management
system using SAP BusinessObjects Data
Services tools.
The screening is performed using an error-
tolerant fuzzy search. The search checks
names and addresses of partners that
appear in purchase orders against a
specified list.
An alert is created when hit is found against

a list entity.
Vendor in purchase order item located in a
high-risk country. High-risk countries are
those identified in the lists published by
Transparency International (for example,
http://transparency.org/cpi2012/results).
Detection Methods: Irregularities in Vendor Data and Transactions
Conflicts of interest in connection with new You can identify new vendors that have the
vendors following characteristics:
Rapid growth in volume of business with
your organization: The turnover in the first
year after the first transaction exceeds a
threshold; the growth in turnover between
the first and second year after the initial
transaction exceeds a threshold
9
Purchasing approvals granted by a very

limited number of employees.
Potentially suspicious activity with respect to You can identify one-time vendors (vendors that
one-time vendors are not listed as regular vendors using one-time
accounts) that have either of these
characteristics:
There are many invoices from the one-time
vendor
There postings from a regular vendor to a
one-time account.
Frequent changes in the master data of a vendor You can find vendor master data in which either
(bogus business, flip-flop payee) or both of the following has occurred within a
specified period of time:
The bank data of the vendor has been
changed and then reverted to the original
data (flip-flop bank data).
The Alternative Payee field has been
changed and then reverted to the original
state (flip-flop payee). There are variants of
this detection rule for flip-flop payees within
a company code or across company codes.
Irregularities in payments to vendors You can find the following types of irregularities
in payments to vendors:
Split payments: Many small payments to a
vendor, when the sum of the payments
would exceed a limit on such purchases.
There are invoices without corresponding
purchase orders.
Payments were made to banks in a country
other than that of the vendor in the invoice.
Vendors in high-risk countries as identified in
the lists published by Transparency
International
(http://transparency.org/cpi2012/results)
can be flagged.
An alert is raised on an order to any country
in a user-specified number of the highest
risk countries in the list.
Employees have the same bank data as
regular vendors.
Vendors for whom no banking details are
recorded in the vendor master data.
Reference Document Numbers have been
10
Installing the Anti-Corruption Compliance Content
used more than once for the same vendor.

Suspicious keywords in invoice item texts.
You can automatically as part of mass
detection find important keywords (such
as the name of a vendor found to be
corrupt) in vendor invoice items using the
fuzzy search feature of the SAP HANA
database.
To search, you enter one or more strings of
up to 256 characters together with a fuzzy
factor value. The fuzzy factor value lets you
widen the search results using fuzzy search
logic.
2 Installing the Anti-Corruption Compliance Content
In Release 1.1, Support Packages SP00 and SP01 of SAP Fraud Management, anti-corruption content
is not provided in the product, but rather is downloadable from the SAP Community Network
(http://wiki.scn.sap.com/wiki/display/GRC/SAP+Fraud+Management). This section explains the
procedures for installing the anti-corruption content provided for Release 1.1 SP01.
Note: If you accept the defaults recommended by SAP when you install the anti-corruption content
for SP01 and if you have not installed the content as provided for Release 1.1 SP00 then you do
not need to make any changes to any content before using the content in SAP Fraud Management.
SAP provides this content at no cost and does not provide maintenance for the content. The SAP
Fraud Management pages in the SAP Community Network (SCN) can be used to exchange
information about the content.
At the SAP Fraud Management page in SCN, you will find the following downloads and information:
11
This document (should you need a fresh copy).
The text for ABAP Program ZFRA_CREATE_SCN_TABLES. This program creates a schema in the
SAP HANA database for anti-corruption content. It also creates certain non-replicated tables for
SAP Fraud Management. Further, it creates a mapping from the schema name that you choose to
the default schema, SAP_FRA_SCN, expected by the imported SAP HANA views and procedures.
The BC Sets FRA_SCN_FCPA-SP01 and FRA_FCPA_FIELD_CATALOGUE-SP01. These BC Sets install

Customizing tailored to the anti-corruption content. The Customizing is fully compatible with the
Claims Management and Internal Audit content provided with earlier versions of SAP Fraud
Management.
The downloadable SAP HANA package fra-fcpascn-01 containing the SAP HANA views and
procedures required by the anti-corruption content.
Both the BC Sets and the SAP HANA package are cumulative. That is, they contain all of the anti-
corruption content delivered as of Release 1.1 SP00 as well as new content for Release SP01. You do
not need to install SP00 content and then follow that with a separate installation of SP01 content.
Similarly, this document covers all customizing and SAP HANA objects delivered as of Release 1.1
SP00.
Note: Though the downloadable content offered on this page has been thoroughly checked and
tested, it is not possible to account for all possible constellations at customer sites. SAP therefore
advises you to back up your SAP Fraud Management systems, including the NetWeaver AS ABAP
server and the SAP HANA Database, before installing any of this content. Content should first be
installed on a development or test system. The content should then be transported into production
systems from such a system in order to preclude damage to the production system through direct
uploads.
2.1 Prerequisite: SAP Fraud Management at Release 1.1 SP01

Before you can install the anti-corruption content described in this document, you must ensure that
SAP Fraud Management is at level Release 1.1 SP01.
You can find the SAP Fraud Management installation guide for new installations or the upgrade guide
for upgrading SAP Fraud Management from Release 1.1 SP00 to Release 1.1 SP01 at the Service
Market Place: http://service.sap.com/instguides SAP In-Memory Computing > SAP Fraud
Management.
2.2 Prerequisite: Installing the Internal Audit Content

The anti-corruption content builds on the Internal Audit Content that was delivered with Release 1.0
SP02 and which was enhanced with SAP Fraud Management as of Release 1.1 SP00. Before you
install the anti-corruption content, you must install the Internal Audit Content or make sure that the
content is up-to-date for Release 1.1 SP01. Do this in the production client of SAP Fraud
Management in each of your SAP Fraud Management systems. Before you install the
FRA_SCN_FCPA-SP01 and FRA_FCPA_FIELD_CATALOGUE-SP01 BC sets, install BC Set
FRA_INTERNAL_AUDIT. The anti-corruption detection uses the Customizing provided with the
Internal Audit Content.
12
Technical Configuration: Ensure that you have run the technical configuration task lists for
integrating Internal Audit Content into SAP Fraud Management Release 1.1 SP01, as described in
section 4.7.4 Integration of Internal Audit in the SAP Fraud Management Installation Guide for
Release 1.1 SP01. You can find the guide at the SAP Service Marketplace,
http://service.sap.com/instguides, In-Memory Computing > SAP Fraud Management.
If you have already used the Internal Audit Content with a previous version of SAP Fraud
Management, then you must with care (see the note below) repeat the activation of BC Set
FRA_INTERNAL_AUDIT (transaction SCRP20, SAP Menu > Tools > Customizing > Business
13
Configuration Sets > Activation of Business Sets ).

Note: Activating the new BC Set may overwrite changes that you have made to the Customizing of
SAP Fraud Management. Before activating the BC Set, use the Compare with Customizing Tables
function in transaction SCPR20 to examine the changes to Customizing that will be made and to
document any changes to your Customizing, so that the Customizing can be repaired if necessary.
If you have not used the Internal Audit Content at all, then you must do the following:
1. Activate BC Set FRA_INTERNAL_AUDIT (transaction SCRP20 SAP Menu > Tools > Customizing
Business Configuration Sets > Activation of Business Sets). Activate the version of
FRA_INTERNAL_AUDIT installed with Release 1.1 SP01 of SAP Fraud Management.
2. Run the technical configuration task lists described in 4.7.4. Integration of Internal Audit in the
SAP Fraud Management Installation Guide at http://service.sap.com/instguides SAP In-Memory
Computing > SAP Fraud Management.
3. Execute the following two eCATTs to create detection strategies and detection methods
(transaction SECATT SAP Menu Tools ABAP Workbench Test Test Workbench Test Tools Extended
CATT ):
o FRA_CREATE_DS_IA
o FRA_CREATE_DM_IA
For more information, see the Internal Audit Content documentation. Menu path:
http://help.sap.com, SAP In-Memory Computing > Innovations for Business Suite > Applications
powered by SAP HANA > SAP Fraud Management > Configuration and Deployment Information >
Business Content Internal Audit Content for SAP Fraud Management.
2.3 Downloading the Anti-Corruption Files

To download the files that contain the anti-corruption content for SAP Fraud Management, do the
following:
1. Click on this link
http://wiki.scn.sap.com/wiki/display/GRC/Extended+Anti-
Corruption+Content+with+SAP+Fraud+Management+Release+1.1+SP01
to open the SAP Fraud Management wiki page for anti-corruption content. If the link does not
work on the first try, then log on to SCN and try the link again; you must be logged on to SCN to
open the page.
2. Open the Attachments display by clicking on the Attachments icon (the paperclip) at the top of
the page.
3. Click Download All on the Attachments page. The SAP Community Network packs the files into a
single zip file. Your browser downloads the zip file.
4. Use the Download functions of your browser to find the downloaded zip file.
5. Extract the files for anti-corruption content from the downloaded zip file.
The following sections explain how to install the downloaded files.
14
2.4 Installing, and Executing ABAP Program ZFRA_CREATE_SCN_TABLES

The ABAP program ZFRA_CREATE_SCN_TABLES prepares the SAP HANA database of SAP Fraud
Management for the anti-corruption content for SAP HANA. The program creates the database
schema SAP_FRA_SCN , creates new tables needed by SAP Fraud Management in this schema, and
maps the schema to the schema name with which you start the program.
You must install and execute the program before installing the new SAP HANA views and procedures.
Do the following to install and execute ABAP program ZFRA_CREATE_SCN_TABLES in each of your
SAP Fraud Management Systems (development and production):
1. Log on to each of your SAP Fraud Management systems in the production client of the
application. Use your installation or upgrade user or any other user that has the authorizations
required to carry out the Technical Configuration task list FRA_INITIAL_SETUP (transaction
FRA_TECHNICAL_CONF or transaction STC01 and the task list) and to create ABAP programs.
2. Start transaction SE38. In the Program field, enter ZFRA_CREATE_SCN_TABLES. Choose an
alternative name in your name space if necessary.
Then press Create. In the program creation dialogs, set the program Type field to Executable
program and the Status to Test program.
In the Create Object Directory Entry dialog, click Local Object to assign the program to the $TMP
package.
Your ABAP system opens the editor page with the ABAP statement REPORT
ZFRA_CREATE_SCN_TABLES.
3. Open the ZFRA_CREATE_SCN_TABLES.TXT file that you downloaded from the wiki page in a text
editor such as Windows Notepad.
In the editor, enter CTRL-A to select the entire text and CTRL-C to copy the selected text.
4. Return to the ABAP Editor and paste the copied ZFRA_CREATE_SCN_TABLES code into the editor.
Remove a duplicate REPORT statement if you did not overwrite the default contents of the ABAP
editor.
5. Click Check to run the syntax checker; no errors should be found. If there are any syntax errors,
then they are probably due to errors in copying or pasting the program code. Correct any such
errors. The SAP Community Network can be used to exchange information on problems, if
necessary.
6. Click Direct Processing to run the report. In the selection screen, enter the following:
In the Schema field, the standard default schema SAP_FRA_SCN for the SAP HANA
database, or an alternative schema name of your own choosing.
The program automatically creates a schema mapping from the schema name that you
enter to the default SAP_FRA_SCN schema. SAP_FRA_SCN is set as the default schema in
the anti-corruption views and procedures in the SAP HANA database.
In the HDB field, the database connection to the SAP HANA database. This connection is
maintained in transaction DBCO. It is the same connection that is required for running
the technical configuration in the installation or upgrade procedure.
15
Note: The program ensures that the SAP HANA user used by the program has the
authorizations needed for the database changes.
Then click Execute to continue running the program.
At successful completion, the program displays the message Tables successfully created. You can
continue to download and install the SAP HANA objects of the anti-corruption content.
Should the report fail, it may be necessary to drop the SAP_FRA_SCN schema and to delete the
schema mapping entry created by the program. These operations are risky and require expert
analysis of the database.
2.5 Downloading and Installing Customizing from BC Sets

Most of the customizing that you need for using the anti-corruption content of SAP Fraud
Management is available in BC sets FRA_SCN_FCPA-SP01 and FRA_FCPA_FIELD_CATALOGUE-SP01.
To install these BC Sets, do the following:
1. Log on to the SAP Community Network
(http://wiki.scn.sap.com/wiki/display/GRC/SAP+Fraud+Management).
2. Open the child page for Release 1.1 SP01.
3. From the Download area on the SAP Fraud Management page in SCN, download the
FRA_SCN_FCPA-SP01 and FRA_FCPA_FIELD_CATALOGUE-SP01 BC sets. Since these are packed in
a zipped file, unpack the .bcs BC Set files.
4. Log on to the Customizing client in your SAP Fraud Management ABAP System.
5. Start transaction SCPR3.
6. In SCPR3, use the Upload function to upload the BC sets that you downloaded from SCN.
7. Install the BC Sets with transaction SCPR20, and add any additional Customizing that you need.
Result: You have installed the BC set Customizing that is detailed in the following sections.
To create detection methods and detection strategies to use the new content, see Master Data:
Detection Strategies and Detection Methods.
For a list of the additional tables that must be replicated to the SAP HANA database of SAP Fraud
Management for the anti-corruption content, see Tables to Replicate.
2.6 Installing SAP HANA Views and Procedures

The SAP HANA views and procedures for the anti-corruption content are provided as part of the
download that you performed. The relevant file is labeled fra-fcpascn-01.zip SAP HANA Package
fra-fcpascn-01.
Note: If you have downloaded the SP00 version of the SAP HANA views and procedures, but you
have not modified or added to them, then you can overwrite the existing views and procedures in
their current SP00 package instead of installing the new SAP HANA objects in their new package. If
you overwrite the old views and procedures, then you do not need to adjust your customizing, as
shown in the next section.
16
To install the SAP HANA objects, do the following:

1. Use the Download functions of your browser to find and open the fra-fcpascn-01.zip file that
you downloaded from the SAP Community Network.
Extract the files from the zip file, preserving the file paths.
Result: You have extracted the anti-corruption views and procedures into directory fra-fcpascn-
01 at a file location of your own choosing.
2. Start the SAP HANA Studio. The Studio must have a folder in the Project Explorer for the SAP
Fraud Management system.
Choose File Upload . Then choose SAP HANA Content Developer Mode .
3. In the following dialogs, do the following:
Select the folder of your SAP Fraud Management System as the target for the upload.
Browse to select the fra-fcpascn-01 directory for the upload.

4. In the following dialog, mark the top-most fra-fcpascn-01 entry in the source display. Then
choose Add All to select the entire file structure for upload. Click Finish to perform the import.
5. Upon completion of the upload, open the folder of your SAP Fraud Management system in the
Project Explorer. Then open the Content folder.
6. In the Content folder, put the cursor on the new fra-fcpascn-01 folder and choose Activate from
the context menu. In the following dialog, choose Add All to select all of the objects in fra-
fcpascn-01 for activation. Then click Activate to activate the views and procedures in fra-fcpascn.
Result: All of the views and procedures are activated. The log should show no activation errors. If any
error occurs, try to correct the problem. You can use the SAP Community Network for information
exchange if necessary. After successful activation, you can transport the SAP HANA package from
your development system to your production systems.
If you have already downloaded the SAP HANA content provided with SP00 and you have modified or
added to this content, then you must reconcile the changes that you have made with the new SAP
HANA views and procedures. You must also adjust the SAP Fraud Management customizing, as
described in the next section.
2.7 Adjusting the SAP Fraud Management Customizing

If the following apply to you:
You have already uploaded the fra-fcpascn package from Release 1.1 SP00, and
The new SAP HANA objects are in a different folder than the SP00 uploads
then you must adjust the SAP Fraud Management customizing.
Change the packages of SAP HANA views and procedures to the new folder in the following
customizing activities (transaction SPRO, SAP Reference IMG > SAP Fraud Management):
Maintain Investigation and Detection Object Types in Basic Settings
Assign Packages for Detection Method Procedures in Detection
17
Customizing Settings for the Anti-Corruption Content
In existing detection method definitions that use downloaded procedures, you must also change the
package specifications to the package of the new download. You can edit detection method
definitions in the SAP Fraud Management user interface.
For a list of the anti-corruption investigation and detection object types that are delivered via
download from SCN, please see the Appendix.
2.8 Generating a Full-Text Index

The detection rule Suspicious Keywords in Invoice Item Texts (procedure PR_INVOICE_ITEM_SEARCH)
requires a full-text index on the text field in the BSEG table. You must generate this index in the SAP
HANA database so that detection methods based on the rule work correctly.
The SAP HANA command to generate the index are as follows (you may need to adjust them for your
installation):
CREATE FULLTEXT INDEX "BSEG_SGTXT" on "SAP_FRA_CORE_ERP"."BSEG"("SGTXT" )SYNC FUZZY
SEARCH INDEX ON FAST PREPROCESS ON;
3 Customizing Settings for the Anti-Corruption Content
3.1 Launchpad Setup

The launchpad customizing for SAP Fraud Management is delivered with both the Internal Audit BC
Set and with the downloadable BC Set for anti-corruption compliance (see Using the Anti-Corruption
Compliance Content). If you have activated both BC sets, then the launch pad customizing is
complete.
The launchpad customizing is defined under Role HPA Instance FRA in the customizing transaction.
The following entries are defined:
Standard worksets and facets:
Home
Alerts
ThingInspector Alerts
Detection Facet
Decision Facet
Timeline Facet
Network Analysis Facet
Documentation Facet
Detection Methods
Detection Strategies
Calibration
Calibration Basic
18
Navigate To
Tiles (Home Screen)
All Alerts
Tasks
My Alerts
Efficiency
Cumulative Fraud Loss

Total Risk Value
Average Processing Time
Detection
Top 10 Countries by Number of Alerts
Top 10 Countries by Risk Value

My Recent Objects
SAP Jam
Alert Distribution
Create Manual Alert

Backend Navigation Links
External Vendor
External Vendor Changes

Purchase Order
External Vendor Account

Accounting Documents
Other facets delivered with the standard Customizing but not listed here are not relevant for the
anti-corruption content.
For more information, see the Customizing for Set Up Launchpads under SAP Customizing
Implementation Guide > SAP Fraud Management > Basic Settings.
3.2 Define Source Domain and Field Settings

The source domain INTERNAL and the fields used in the anti-corruption business content are
installed with the Internal Audit BC Set, FRA_INTERNAL_AUDIT and augmented with the
FRA_FCPA_FIELD_CATALOGUE-SP01 BC Set.
For a list of the fields, see under http://help.sap.com/fra Deployment and Configuration Information
> Business Content for SAP Fraud Management > Internal Audit Content for SAP Fraud Management.
The fields are listed in BC Sets and Customizing for Internal Auditing > Internal Audit: Source Domain
and Field Settings.
19
3.3 Investigation and Detection Object Types

The following table shows the investigation object types and detection object types that are made
available by the corruption detection content.
The corruption detection content also uses investigation object types, detection object types, and
SAP HANA objects that were delivered with the Internal Audit Content. These objects are not
described in this document. For more information on these objects, see under
http://help.sap.com/fra Deployment and Configuration Information > Business Content for SAP Fraud
Management > Internal Audit Content for SAP Fraud Management.
For a complete list of investigation and detection object types that are used in the anti-corruption
content, see the Appendix: Detection and Investigation Object Types of the Anti-Corruption Content.
Investigation Object Detection Object Type Scenario

Type
FRA_ACCDOC FRA_ACCDOC Accounting documents
FRA_PO FRA_POHEAD Purchase Order
FRA_PO FRA_POITEM Purchase Order

Irregularities
FRA_VENDOR FRA_INVOIC Invoice Irregularities
FRA_VENDOR FRA_INVOIT Invoicing Irregularities
Notes:
All detection objects use the following calibration application alias: CALIB_BASIC
For all investigation objects, the location of the alert for mapping is determined by the
COMPANY_CODE field.
Additional investigation and detection object types used in the anti-corruption content are delivered
with the Internal Audit content for SAP Fraud Management, as part of the product. These include the
FRA_ONETIM investigation object type and detection object type, the FRA_VENDOR detection object
type, and the FRA_VMDCHG investigation and detection object types.
For more information, see the Customizing for Maintain Investigation and Detection Object Type
under SAP Customizing Implementation Guide > SAP Fraud Management > Basic Settings.
3.4 Assign Packages for Detection Method Procedures

The SAP HANA procedures for corruption detection methods are delivered in the SAP HANA packages
shown in the following table. The packages are defined in the Customizing for the anti-corruption
detection and are installed in Customizing when you download and run the FRA_SCN_FCPA-01 BC-
Set. The SAP HANA views must be separately downloaded and installed. For more information, see
Installing the Anti-Corruption Compliance Content.
20
The SAP HANA packages shown in the table all belong to Source Domain INTERNAL. For each
detection object type, there is a SAP HANA package for selection procedures, a package for execution
procedures, and a package for additional information procedures.
For more information, see the Customizing for Assign Packages for Detection Method Procedures
under SAP Customizing Implementation Guide > SAP Fraud Management > Detection.
Detection object Package
FRA_POITEM fcpascn-01.dt.purchaseorders.item.se
fcpascn-01.dt.purchaseorders.item.ex
fcpascn-01.dt.purchaseorders.item.ai
FRA_POHEAD fcpascn-01.dt.purchaseorders.header.ex
fcpascn-01.dt.purchaseorders.header.ai
fcpascn-01.dt.purchaseorders.header.se
FRA_VMDCHG fcpascn.01.dt.vendormasterchng.se
fcpascn-01.dt.vendormasterchng.ex
fcpascn-01.dt.vendormasterchng.ai
FRA_INVOIT fcpascn-01.dt.vendor.se
fcpascn-01.dt.vendor.ex
fcpascn-01.dt.vendor.ai
FRA_INVOIC fcpascn-01.dt.invoice.se
fcpascn-01.dt.invoice.ex
fcpascn-01.dt.invoice.ai
FRA_ACCDOC fcpascn-01.dt.accdocument.ai
fcpascn-01.dt.accdocument.ex
fcpascn-01.dt.accdocument.se
FRA_VENDOR fcpascn-01.dt.vendormaster.se
fcpascn-01.dt.vendormaster.ex
fcpascn-01.dt.vendormaster.ai
3.5 Define Alert Field Labels

The Customizing of the anti-corruption content defines labels for the technical alert fields shown in
the following table. The labels appear in the user interface where the technical field contents are
shown. For more information, see the Customizing for Define Alert Field Labels under SAP
Customizing Implementation Guide > SAP Fraud Management > Investigation.
21
Detection Scenario: Detecting Irregularities in Accounting Documents
Technical Service Entity Property Field Label

Name Type
FRA_ALERT_SRV Alert AlertID Alert
FRA_ALERT_SRV Alert DueDateTimeFormatted Due Date
FRA_ALERT_SRV Alert ResponsiblePersonFullName Investigator
FRA_ALERT_SRV Alert RiskRating Rating
FRA_ALERT_SRV Alert RiskValue Risk Value

unsorted
3.6 Assign Navigation Targets to Navigation Groups

The anti-corruption content uses navigation settings from the Internal Audit content and adds the
navigation settings shown in the table below. The navigation settings make it possible to jump to the
source of a purchase order or other document in a backend system.
Group Application alias Navigation Description
FRA_PO ExternalPurchaseOrder Purchase order
FRA_VENDOR ExternalVendorMasterData Vendor Master Data
FRA_VENDOR ExternalVendorAccount Vendor Account
FRA_ACCDOC ExternalAccountingDocument Accounting Document
FRA_VMDCHG ExternalVendorChanges Vendor Master Data Changes
FRA_VMDCHG ExternalVendorMasterData Vendor Master Data
4 Detection Scenario: Detecting Irregularities in Accounting Documents
4.1 Investigation Object Type: FRA_ACCDOC

Investigation Object: FRA_ACCDOC (accounting documents)
Source Domain INTERNAL
Logical Port Name Installation-specific. You must set up the logical port name
if you implement online detection. For more information,
search for Setting Up Online Detection in the SAP Fraud
Management System at the SAP Help Portal,
http://help.sap.com.
22
SAP HANA Package Name of the Fcpascn-01.dt.accdocument

Enrichment View
SAP HANA Enrichment View Name CA_ACC_DOCUMENTS_INV_OBJ:

This view provides the following data enrichment fields:
COMPANY _CODE as Key 1 (BKPF-BUKRS)
DOCUMENT_NUMBER as Key 2 (BKPF-BELNR)

FISCAL _YEAR as Key 3 (BKPF-GJAHR)
DOCUMENT_ENTRY_DATE as the Additional Date field
in alerts (BKPF-CPUDT).
4.2 Detection Object Type: FRA_ACCDOC

Detection object: FRA_ACCDOC (accounting documents)
Associated Investigation Object Type FRA_ACCDOC
SAP HANA Package for Selection and fcpascn-01.dt.accdocument

Association Views
SAP HANA Selection View CA_INVOICE_DET_OBJ: View on invoices (from records

generated by the de-clustering of tables BKPF and BSEG,
where VBUND = and KOART = K) to be used as detection
objects.
The view offers the following selection parameters:
COMPANY_CODE as Key 1 and as a selection parameter
for use in maintenance and calibration
DOCUMENT_NUMBER as Key 2
FISCAL_YEAR as Key 3
DOCUMENT_ENTRY_DATE as the parameter for

temporal selection.
SAP HANA Association View CA_ACC_DOCUMENTS_ASSOCIATION: Select the fields

BUKRS as COMPANY_CODE, BELNR as
DOCUMENT_NUMBER, GJAHR as FISCAL_YEAR, BUDAT as
CREATION_DATE and LIFNR as VENDOR from an inner join
of BSEG and BKPF where the account type equals K, the
client equals the session client and VBUND equals (empty
value) or NULL.
23
4.3 Detection Rule: Accounting Documents Posted on Non-Working Days

4.3.1 Use
With this method, you can find accounting documents that were posted on non-working days. You
can specify the factory calendar to use for checking posting dates. The calendar can either be
specified for all documents of a company code or for particular users in company codes.
The rule compares the accounting document entry date (field: CPUDT in table BKPF) with the dates in
the factory calendar (table TFACS), and recognizes those accounting documents which were posted
on non-working days.
To establish which factory calendar is valid, a customizing table FRA_C_USER_FCA was specially
designed for this rule only. It needs to be maintained manually and is the prerequisite for this rule to
work successfully. The data entered into the customizing table is used to check the validity of entries
in the replicated tables BKPF, TFACS, and T001. Tables TFACT, TFACD, ADRP and USR21 and T001 are
used for the value help (F4) for input data.
The fields BUKRS, USNAM and IDENT for table FRA_C_USER_FCA / view FRA_V_USER_FCA should be
maintained with transaction SM30, DISPLAY/CHANGE, New Entries. If the user is not maintained, the
factory calendar ID will be identified according to the fields MANDT and BUKRS only and applies to all
users in the company code. Below are sample entries from table FRA_C_USER_FCA.
Table: FRA_C_USER_FCA
Client Company Code User Factory Cal. ID
MANDT (table BKPF) BUKRS (table BKPF) USNAM (table BKPF) IDENT (table TFACS)
100 1000 aschmidt 02
100 1000 01
In these entries, Factory Calendar 01 is used for all users who posted documents in company code
1000, except for user ASCHMIDT. Documents posted by this user in company code 1000 are checked
against factory calendar 02.
4.3.2 Investigation and Detection Object Types

Rule Accounting Documents Posted on Non-Working Days is typed for detection strategies and
methods by the following:
Investigation object type FRA_ACCDOC
Detection object type FRA_ACCDOC
4.3.3 SAP HANA Procedures for Detection Methods

Procedure Procedure Name Package
Category
Selection PR_ACCDOC_EXCEPTIONAL_DATES_SELE fcpascn-01.dt.accdocument.se
24
Detection Scenario: Detecting Irregularities in Purchase Orders and Purchase Order Items
Execution PR_ACCDOC_EXCEPTIONAL_DATES_EXEC fcpascn-01.dt. accdocument.ex
Additional PR_ACCDOC_EXCEIONAL_DATES_ADDINF fcpascn-01.dt. accdocument.ai

Information
Additional views:
AT _C_USER_FCA: Attribute view on table FRA_C_USER_FCA
5 Detection Scenario: Detecting Irregularities in Purchase Orders and

Purchase Order Items
5.1 Investigation Object Type: FRA_PO

Investigation Object: FRA_PO (Purchasing Order)
Logical Port Name Installation-specific. You must set up the logical port name if you
implement online detection.
For more information, see Setting Up Online Detection in the SAP
Fraud Management System at the SAP Help Portal,
http://help.sap.com/fra under this URL:
http://help.sap.com/saphelp_fra110/helpdata/en/54/ca6fbe239d
4bc59d3f168e8e8eba9c/content.htm?frameset=/en/63/e706ff12f
5438b85adf61c3baf580a/frameset.htm .
SAP HANA Package Name of fcpascn-01.dt.purchaseorders

the Enrichment View
SAP HANA Enrichment View CA_PURCHASE_ORDER_INV_OBJ

Name
This view on purchase orders (table EKKO) provides the following
Additional ID fields, where client is the session client and LOEKZ
(deletion indicator) is empty:
PO for Key 1 (EKKO-EBELN)
COMPANY_CODE for information in alerts (Additional ID 1,
Location fields) (EKKO-BUKRS)
PURCHASING_ORG for information in alerts (Additional ID 2 in

alerts & authorizing access to alerts) (EKKO-EKORG)
PO_DOC_DATE as the Additional Date field (EKKO-BEDAT)
VENDOR as the Additional ID 3 field in alerts (EKKO-LIFNR)

VENDOR_NAME1 as the Additional ID 4 field in alerts.
25
5.2 Detection Object Type: FRA_POHEAD

Detection object: FRA_POHEAD (Purchase Order Header)
Associated Investigation Object Type FRA_PO
SAP HANA Package for Selection and fcpascn-01.dt.purchaseorders.header

Association Views
SAP HANA Selection View CA_PURCHASE_ORDER_HEADER_DET_OBJ

The view offers the following selection parameters, where
EKPO-BSTYP is F (Purchase Order) and LOEKZ (Deletion
Indicator) is empty:
PO for Key 1 (EKKO-EBELN)
COMPANY_CODE as a selection parameter for use in

maintenance and calibration (EKKO-BUKRS)
PURCHASING_ORG as a selection parameter for use in

maintenance and calibration (EKKO-EKORG)
PO_DOC_DATE as the temporal selection parameter
(EKKO-BEDAT)
VENDOR as selection parameter in maintenance and
calibration.
SAP HANA Association View CA_PURCHASE_ORDER_HEADER_ASSOCIATION: Finds the

parent purchase order of a purchase order header.
5.3 Detection Object Type: FRA_POITEM

Detection object: FRA_POITEM (Purchase Order Item)
Associated Investigation Object Type FRA_PO
SAP HANA Package for Selection and fcpascn-01.dt.purchaseorders.item

Association Views
SAP HANA Selection View CA_PURCHASE_ORDER_DET_OBJ: Selects the working set

of purchase order items for a detection strategy. Only
purchase order items of type purchase order (BSTYP is F)
are considered.
The view offers the following selection parameters for
tables EKKO and EKPO:
PO for Key 1
PO_ITEM for Key 2
COMPANY_CODE as a selection parameter for use in

maintenance and calibration
26
PURCHASING_ORG as a selection parameter for use in

maintenance and calibration
PO_DOC_DATE as the temporal selection parameter.
SAP HANA Association View CA_PURCHASE_ORDER_ITEM_ASSOCIATION: Finds the

parent purchase order (table EKKO) of a purchase order
item (table EKPO).
5.4 Detection Rule: Multiple Changes on Purchase Orders

5.4.1 Use
You can use this detection rule to create detection methods for finding purchase orders to which an
excessive number of changes have been made.
When a purchase order is created, a limited number of changes may be expected after the purchase
order has been saved. If however the number of changes exceeds a defined limit, then the legitimacy
of the changes that have been made needs to be verified.
The detection method Multiple Changes on Purchase Orders detects those purchase orders in which
a defined limit of changes was exceeded.

Rule Multiple Changes to Purchase Orders is typed for detection strategies and methods by the
following:
Investigation object type FRA_PO
Detection object type FRA_POHEAD
5.4.3 Tables Used

The rule uses these tables in the SAP HANA database:
EKKO
CDHDR
LFA1

Category
Selection PR_PURCHASE_ORDER_MULTIPLE_CHANGES_SELE fcpascn-

01.dt.purchaseorders.header.s
e
Execution PR_PURCHASE_ORDER_MULTIPLE_CHANGES_EXEC fcpascn-

01.dt.purchaseorders.header.e
x
Additional PR_PURCHASE_ORDER_MULTIPLE_CHANGES_ADDI fcpascn-

27
Informatio NF 01.dt.purchaseorders.header.a
n i
Parameters:
THRESHOLD_NR_CHANGES: Limit on allowed number of changes (eg. 5) on a purchase order.
5.5 Detection Rule: Address Screening for Politically Exposed Persons (PEP
List)
5.5.1 Use
This rule screens the partner addresses listed in a purchase order against a PEP (Politically Exposed
Persons) list. The detection result is 100 if a hit is found against an entity in the list.
The list must be downloaded from an external data provider such as Dow Jones. It must be uploaded
to table FRA_D_SLISTS using SAP BusinessObjects Data Services.
Screening may be controlled by the following parameters:
Fuzziness: An error tolerance factor on the scale of 1 to 100. The parameter controls the
sensitivity of the match. For example: The name Torsten Holsh will not match Thorsten Hlsh
with a fuzziness of 90, but it will produce a hit if the fuzziness is set to 80. The recommended
setting is in the range of 80 to 100. A lower fuzziness factor may produce too many false
positives.
Aliases: Aliases or term mappings can be used to extend the search by adding additional search
terms. These terms must be uploaded to the table FRA_C_TERMMAPPIN before starting a PEP
search.
The fields of the table are described briefly below in Tables Used. For a detailed explanation of
term mapping, please see the documentation at the following site:
http://help.sap.com/hana/hana_dev_en.pdf
Exclusion terms: Exclusion terms or stop words are words that you wish to exclude from a
search. Certain words, such as AG, Limited, Airlines etc. are common words and do not add
any value in search. The stop word list can be defined in table FRA_C_STOPWORD.
The fields of the table are described briefly below in Tables Used. For a detailed explanation of
stop words, please see the documentation at the following site:
http://help.sap.com/hana/hana_dev_en.pdf
Initials: Activate check using initials in names. Some names may be maintained with initials only.
To find a hit against such name entries, this flag must be activated. For example: The name D. I.
Kaskar produces a hit against Dawood Ibrahim Kaskar if the Initials flag is turned on.
List ID: Different types of lists, such as a PEP list, a Sanction List etc. can be uploaded to the
system, into table FRA_D_SLISTS. Each list is identified by a List ID. You can specify the List ID
against which you would like to screen. You can create different strategies for different list types
and hence support different search setups. For example, you can use a detection strategy that
checks against a sanction list to block transactions in feeder systems. And you could use
screening against a PEP List for creation of alerts locally in the SAP Fraud Management system.
28

This rule is typed for detection strategies and detection methods as follows:
Investigation object type FRA_PO (Purchase Order)

Detection object type FRA_POITEM (Purchase Order Item)
5.5.3 Tables Used

EKPA
EKPO
EKKO
LFA1
ADRC
FRA_D_SLISTS (PEP lists)
Notes:
Field LIST_ID identifies a particular PEP List and allows a list to be selected for address
screening.
Field ENTITY_ID is the sources ID of an entry in a PEP List.
Field ITEM_ID is a sequential number that identifies a PEP entry in the context of SAP Fraud
Management. ITEM_ID removes the requirement that ENTITY_ID, over which the application
has no control, must be unique to avoid key collisions.
Fields BIRTHDATE, DECEASEDATE, REGIDATE, BIRTHPLACE: These fields contain optional
information on a PEP entity of type PERSON.
Field REGIDATE is the date of registration of a company. (An entity could be a person or
company. If an entry is for a person, then the fields BIRTHDATE, DECEASEDATA, BIRTHPLACE
are filled and incase of company REGIDATE is filled).
Field ACTIVE must be set, or a PEP entry is not used in a search.
Field ENTITY_STATUS must be set to 1 (Active) or a PEP entry is not used in a search.
FRA_C_STOPWORD (Optional: Words to exclude from searches)
Certain terms are too generic like AG, Corporation, Ltd etc. which are of no significance in
address screening and shall therefore be eliminated from search. Such terms can be included in
this table.
You must load this table yourself from the SAP HANA Studio, if you wish to use it. The fields of
the table are as follows:
STOPWORD_ID: The key for an entry, a GUID
LIST_ID: A key for the list of aliases to use
LANGUAGE_CODE: The language in which a stop word is valid

29
TERM: The stop word that is to be excluded from searches.
FRA_C_TERMMAPPIN (Optional: Aliases as extensions of FRA_D_SLISTS entries)

This table lets you specify aliases for names in a PEP list. If you use aliases, then the search for a
PEP list entry is supplemented with searches for aliases that exist for the PEP entry.
You must load the table yourself from the SAP HANA Studio if you wish to use it. The fields of the
table are as follows:
MAPPING_ID: The key for an entry, a GUID
LIST_ID: A key for the list of aliases to use
LANGUAGE_CODE: The ISO language key for entry, if applicable
TERM_1: The string from a PEP list entry that is to be supplemented with an alias in PEP list
searches
TERM_2: The alias string with which to supplement an entry in a PEP list search
WEIGHT: A value between 0 and 1 that expresses the significance of an alias with respect to a
search term. A higher WEIGHT increases the score returned by a hit, as a percentage of the
score for a direct hit with a PEP entry.

Category
Selection PR_PURCHASE_ORDER_PARTNER_SELE fcpascn-01.dt.purchaseorders.item.se
Execution PR_PURCHASE_ORDER_PARTNER_EXEC fcpascn-01.dt.purchaseorders.item.ex
Additional PR_PURCHASE_ORDER_PARTNER_ADDINF fcpascn-01.dt.purchaseorders.item.ai

Information
Parameters:
FUZZINESS: Factor to control sensitivity of match (1-100, recommended 80-100, higher values
less fuzziness, a more precise search). Example: The name Torsten Holsh will not match
Thorsten Hlsh with a fuzziness of 90, but it will produce a hit if the fuzziness is set to 80. The
recommended setting is in the range of 80 to 100. A lower fuzziness factor may produce too
many false positives.
ALIASES: Activate additional terms during screening Certain persons and organizations have
multiple names or aliases. These can be defined in system and are then considered during match
process. See table FRA_C_TERMMAPPIN in Tables Used, above.
INITIALS: Activate check on Name Initials. Example: If INITIALS is activated, then the string D. H.
Lawrence in the data will trigger a hit for the PEP List entry David Herbert Lawrence.
EXCLUSION_TERMS: Activate stop words during screening. See table FRA_C_STOPWORDS in

Tables Used, above.
LIST_ID: List ID (PEP list ID from table FRA_D_SLISTS) against which to screen.
30
5.6 Detection Rule: Purchase Order Item with Vendor from High-Risk Country
5.6.1 Use
This detection rule lets you find vendors in purchase order item that are located in a high-risk
country. High-risk countries are those identified in the lists published by Transparency International
(for example, http://transparency.org/cpi2012/results). Both regular vendors with master data and
one-time vendors are evaluated by the rule.
An alert is raised on an order to any country in a user-specified number of the highest risk
countries by rank in the list. Messages providing detailed information about the purchase order item
and each suspicious vendor or partner are available in the Alert Details facet in the user interface.
The number of countries to check is specified in the RANK_LIMIT parameter of a detection method
and is evaluated as rankings of high-risk countries. Since several countries may have the same rank
(for example, at this writing, Afghanistan, North Korea, and Somalia all share the ranking 174), more
than the user-specified number of countries may actually be selected for evaluation.
To use the high-risk evaluation, you must do the following:
1. Download the spreadsheet list of high risk countries provided by Transparency International
(http://transparency.org).
2. If the spreadsheet does not include the ISO country codes, then add the two-character ISO codes
(US, DE, ) to the spreadsheet.
3. Upload the spreadsheet into table FRA_D_HR_COUNTRY in the SAP HANA database with the SAP
HANA Modeller.
Here is a sample of a finished spreadsheet:
The corresponding table FRA_D_HR_COUNTRY looks like this:
31

Rule Purchase Order Item with Vendor from High-Risk Country is typed for detection strategies and
methods by the following:
Investigation object FRA_PO (Purchase Order)
Detection object FRA_POITEM (Purchase Order Item)
5.6.3 Tables Used

EKPA
EKPO
EKKO
LFA1
ADRC
TPART
FRA_D_HR_COUNTRY (List of high-risk countries; for more information, see the Use section,
above)

Category
Selection PR_PURCHASE_ORDER_PARTNER_SELE fcpascn-

01.dt.purchaseorders.item.s
e
Execution PR_PURCHASE_ORDER_PARTNER_RISK_COUNTRY_EX fcpascn-

EC 01.dt.purchaseorders.item.e
x
Additional PR_PURCHASE_ORDER_PARTNER_RISK_COUNTRY_ fcpascn-

Informatio ADDINF 01.dt.purchaseorders.item.a
n i
Parameters:
RANK_LIMIT: Number of top ranks in the Transparency International list to use in the detection
run. If more than one country has the same rank, then all countries at that rank are used in the
detection run. RANK_LIMIT 5 would select all countries in the top five ranks of the Transparency
International list.
32
5.7 Detection Rule: Purchase Invoice Greater Than Goods Received

5.7.1 Use
This detection rule lets you find cases in which the invoice receipt quantity is greater than the goods
received quantity. In purchasing, it is possible to defraud by invoicing a higher quantity than is
actually received. If, on the other hand, the quantity of goods received is higher than ordered, but
the invoiced quantity is correct, then this is not considered to be fraud.
The rule compares the quantity received in the goods receipt with the quantity in the invoice. Both
documents refer to a foregoing purchase order. If the invoiced quantity is higher than the received
one, then the purchase order item is suspicious. If the quantities in the goods receipt and in the
invoice are the same but nevertheless higher than in the purchase order, then the purchase order
item is again suspicious.
For the comparison, the quantities in the goods receipt and in the invoice are aggregated on their
debit/credit flag per purchase order item. Afterwards the credit is subtracted from the debit and the
real quantity per purchase order item is determined.
The user can also define a threshold in percent that indicates how much the quantity in the invoice
may exceed the quantity to which it is being compared.
The calculation of the risk value in the additional information procedure is determined in the
following way:
If the quantity delivered is smaller than the quantity ordered, then the net price of the
purchasing document (field NETPR of table EKPO) is multiplied by the difference between
invoiced and delivered quantity.
If the delivered quantity is greater than or equal to the ordered quantity (but fraud is assumed),
then the risk value is calculated by multiplying the net price by the difference between the
quantity invoiced and the quantity ordered.
This calculation ensures that the largest difference - between invoiced and ordered or invoiced and
received quantity - is multiplied by the net price and returned as the risk value.

Rule Purchase Invoice Greater Than Goods Received is typed for detection strategies and methods as
follows:

5.7.3 Tables Used

EKKO
EKPO
MSEG
RSEG
33

Category
Selection PR_PURCHASE_ORDER_QUANTITY_SELE fcpascn-01.dt.purchaseorders.item.se
Execution PR_PURCHASE_ORDER_QUANTITY_EXEC fcpascn-01.dt.purchaseorders.item.ex
Additional PR_PURCHASE_ORDER_QUANTITY_ADDINF fcpascn-01.dt.purchaseorders.item.ai

Information
Parameters:
THRESHOLD_QUANTITY: Indicates in percent how much higher the quantity in the invoice may be
than the quantity to which it is being compared.
5.8 Detection Rule: Purchase Order Overpaid

5.8.1 Use
This detection rule lets you find cases in which the amount paid in an invoice is greater than the
amount shown in the relevant purchase order item.
The rule compares the amount in the purchase order item with the amount in the invoice. If the
invoiced amount is higher than the amount in the purchase order item, then the purchase order item
is suspicious.
For the comparison, the amounts in the purchase order item and the invoice recipient are converted
into the currency of the company code. The net values of the invoice recipient are then added up
according to the debit/credit sign in the record. Any credit is subtracted from the debit, and the real
amount in the invoice document is determined.
Similarly, the net value of the purchase order item is calculated with respect to the invoiced quantity,
so that the amounts are compared using the same quantity (here, the quantity in the invoice). The
net values are then aggregated per purchase order item. The amounts are then compared and the
result is evaluated against the threshold amount/currency and threshold percent (defined by the
user) that indicate how much the amount in the invoice may exceed the amount in the purchase
order item to which it is being compared. The risk amount is then the difference between the
invoice amount and the purchase order amount.
Supplementary notes:
The currency conversion uses the standard conversion at average type of type M and the
business document dates of the purchase order and invoice.
The functionality is restricted to purchase order items of the category Standard (PSTYP = 0).
Amount values (e.g. purchase order item net value, invoice net value, risk value) are rounded to
two decimal places.

Rule Purchase Order Overpaid is typed for detection strategies and methods by the following:
34
Detection Scenario: Detecting Irregularities in One-Time Vendor Accounts
5.8.3 Tables Used

EKKO
EKPO
RSEG
T001 Tables for the currency conversion (TCUR)

Category
Selection PR_PURCHASE_ORDER_AMOUNT_SELE fcpascn-01.dt.purchaseorders.item.se
Execution PR_PURCHASE_ORDER_ fcpascn-01.dt.purchaseorders.item.ex

AMOUNT_EXEC
Additional PR_PURCHASE_ORDER_ fcpascn-01.dt.purchaseorders.item.ai

Information AMOUNT_ADDINF
Parameters:
THRESHOLD_AMOUNT: Indicates how much the amount in the purchase order item may exceed
the amount to which it is compared in the invoice document. All amounts are converted into the
currency of the company code so that the amounts are compared in the same currency
THRESHOLD_CURRENCY: Is the currency of the threshold amount

THRESHOLD_PERCENTAGE: Indicates the percentage by which the amount in the invoice may
exceed the amount in the purchase order item to which it is compared (see above).
6 Detection Scenario: Detecting Irregularities in One-Time Vendor

Accounts
The detection technology for misuse of one-time vendor accounts allows you to detect the following:
Multiple postings to a single one-time account
Postings from a regular vendor to a one-time account.

Detection of possible misuse of one-time vendor accounts was released as part of the SAP Fraud
Management product with Release 1.1 SP02. For more information, see SAP HANA Content for
Internal Auditing (http://help.sap.com/fra Configuration and Deployment Information > Business
Content > Internal Audit Content for SAP Fraud Management.)
35
Detection Scenario: Detecting Irregularities in Vendor Master Data Changes
7 Detection Scenario: Detecting Irregularities in Vendor Master Data

Changes
7.1 Investigation Object Type: FRA_VMDCHG
SAP HANA Package Name of the sap.hana-app.fra.suite.pur.dt.vendormasterchng

Enrichment View
SAP HANA Enrichment View Name CA_VENDORMDCHANGE_INV_OBJ: View on changes to

vendor master data (table CDHDR) to be used as
investigation objects.
Selects all the changes of vendor master data by collecting
OBJECTID as VENDOR, UDATE as CHANGE_DATE and UTIME
as CHANGE_TIME and USERNAME as CHANGE_USER from
the table CDHDR where OBJECTCLAS equals KRED
This view provides the following Additional ID fields where
OBJECTCLAS is KRED:
VENDOR as Key 1 (CDHDR-OBJECTID)
CHANGE_DATE as Key 2 (CDHDR-UDATE)
CHANGE_TIME as Key 3 (CDHDR-UTIME)
CHANGE_USER as Additional ID 3 for information in
alerts (CDHDR-CHANGE_USER)
7.2 Detection Object Type: FRA_VMDCHG
Associated Investigation Object Type FRA_VMDCHG
SAP HANA Package for Selection and fcpascn-01.dt.purchaseorders

Association Views
SAP HANA Selection View CA_VENDORMDCHANGE_DET_OBJ: View on changes (table

CHDR) to vendor master data by company code (table
LFB1) to be used as detection objects.
Selects all the changes of vendor master data per company
code by collecting BUKRS as COMPANY_CODE, LIFNR as
VENDOR, UDATE as CHANGE_DATE, UTIME as
CHANGE_TIME and USERNAME as CHANGE_USER from a
join of the table LFB1 with the table CDHDR where
36
OBJECTCLAS equals KRED.

COMPANY_CODE as Key 1
VENDOR as Key 2
CHANGE_DATE as Key 3 and field for temporal

selection
CHANGE_TIME as Key 4
SAP HANA Association View CA_VENDORMDCHANGE_ASSOCIATION: Association view

on changes (table CDHDR) on vendor master data per
company code (table LFB1). The view allows navigation
from the detection object in table LFB1 to the investigation
object in table CDHDR.
7.3 Detection Rule: Vendor Bank Data Change (Flip-Flop Vendor)

This detection rule lets you find vendors for which the master data especially bank account
information has changed often within a specified period of time.
This rule was delivered with the Internal Audit Content for SAP Fraud Management as part of the
product with Release 1.0 SP02. For more information on the rule, please see Internal Audit Content
for SAP Fraud Management (http://help.sap.com/fra Configuration and Deployment Information >
Business Content > Internal Audit Content for SAP Fraud Management).
7.4 Detection Rule: Alternate Payee in Vendor Master Data (Flip-Flop Payee)
7.4.1 Use
This check belongs to the detection object type FRA_VMDCHG (Vendor Master Data Change), as
delivered with SAP Fraud Management 1.0 SP01. The calculation views of that detection object type
are used. The anti-corruption content also reuses the detection method and associated SAP HANA
procedures for detecting changes to vendor master data, for example, for detecting changes to the
bank data of a vendor (flip-flop bank data). For more information on the Internal Audit content, see
the SAP Help Portal (http://help.sap.com/fra) under Configuration and Deployment Information >
Business Content > Internal Audit Content for SAP Fraud Management.
The detection rule comes in company-code specific and cross company code variants.
7.4.2 Alternative Payee (Flip-Flop Payee) Cross Company Code
7.4.2.1 Use
The detection rule reads the master data changes of vendors and checks whether, within a given
period of time:
A previous change of the field Alternative Payee exists for the same vendor, and
Whether this change has been reversed by the current change (cross company code wide).
These checks are made across the company codes of an enterprise.
37
If these conditions apply, then the rule checks whether any invoices have been paid during the
period of time in which the alternative payee was changed. The detection result is 50 for changes
without payments and 100 for changes with payments. The risk value is the aggregated payment
amount in the investigation currency.
7.4.2.2 Investigation and Detection Objects

The rule is typed for detection strategies and methods as follows:
Investigation object type FRA_VMDCHG (Vendor Master Data Change)
Detection object type FRA_VMDCHG (Vendor Master Data Change).
7.4.2.3 Tables Used in the SAP HANA Database

The rule uses these tables:
CDHDR
CDPOS
BKPF
BSEG
T001
7.4.2.4 SAP HANA Procedures for Detection Methods

Category
Selection PR_VENDOR_PAYEE_DATA_CHANGED_ fcpascn-01.dt.vendormasterchng.se

SELE
Execution PR_VENDOR_PAYEE_DATA_CHANGED_ fcpascn-01.dt.vendormasterchng.ex

EXEC
Additional PR_VENDOR_PAYEE_DATA_CHANGED_ fcpascn-01.dt.vendormasterchng.ai

Information ADDINF
Parameters:
REVIEW_PERIOD_IN_DAYS: Period in days in which changes to previous changes to the
alternative payee are to be sought.
7.4.3 Detection Rule: Alternative Payee (Flip-Flop Payee) Company-Code Specific
7.4.3.1 Use
The detection rule reads the master data changes of vendors and checks whether, within a given
period of time:
A previous change of the field Alternative Payee exists for the same vendor, and
Whether this change has been reversed by the current change (cross company code wide).
These checks are made within a single company code.
38
Detection Scenario: Detecting Irregularities in Vendor Data and Transactions
If these conditions apply, then the rule checks whether any invoices have been paid during the
period of time in which the alternative payee was changed. The detection result is 50 for changes
without payments and 100 for changes with payments. The risk value is the aggregated payment
amount in the investigation currency.
7.4.3.2 Investigation and Detection Objects

The rule is typed for detection strategies and methods as follows:
Investigation object type FRA_VMDCHG (Vendor Master Data Change)
Detection object type FRA_VMDCHG (Vendor Master Data Change).
7.4.3.3 Tables Used in the SAP HANA Database

The rule uses these tables:
CDHDR
CDPOS
BKPF
BSEG
T001
7.4.3.4 SAP HANA Procedures for Detection Methods

Category
Selection PR_VENDOR_PAYEE_DATA_CHANGED_CO fcpascn-01.dt.vendormasterchng.se

MP_CODE_SELE
Execution PR_VENDOR_PAYEE_DATA_CHANGED_CO fcpascn-01.dt.vendormasterchng.ex

MP_CODE _EXEC
Additional PR_VENDOR_PAYEE_DATA_CHANGED_AD fcpascn-01.dt.vendormasterchng.ai

Information DINF
Parameters:
REVIEW_PERIOD_IN_DAYS: Period in days in which changes to the alternative payee are to be
sought.
8 Detection Scenario: Detecting Irregularities in Vendor Data and

Transactions
The investigation object type and associated SAP HANA views and procedures for this scenario are
provided with the Internal Audit Content of SAP Fraud Management, delivered as part of the product
with Release 1.0 SP02. Additional rules for detection object FRA_VENDOR as well as new detection
object types and detection rules have been added with the downloadable anti-corruption content.
39
8.1 Investigation Object Type: FRA_VENDOR

Investigation Object: FRA_VENDOR (Vendor)
SAP HANA Package Name of the sap.hana-app.fra.suite.pur.dt.newvendors

Enrichment View
SAP HANA Enrichment View Name CA_VENDOR_INV_OBJ: View to select vendors across all
company codes (from table LFA1) to be used as
investigation objects. Uses additional information from the
company code table (T001).
The creation date per vendor is computed as the earliest
date in the first calendar period that the vendor has
turnover (in table LFC1) in any company code. This
algorithm ensures that the creation date does not
correspond to the creation date in LFA1, but to the date on
which the vendor first has turnover.
This view provides the following Additional ID fields:
VENDOR as Key 1
VENDOR_AUTH_GROUP for authorizing access to alerts
VENDOR_NAME1 as Additional ID 1 in alerts
COUNTRY_CODE as Additional ID 2 in alerts
CREATION_DATE as the Additional Date field in alerts
COMPANY_CODE as the Location field for geo-mapping
8.2 Detection Object Type: FRA_INVOIC

Detection object: FRA_INVOICE (Invoice)
Associated Investigation Object Type FRA_VENDOR
SAP HANA Package for Selection and fcpascn-01.dt.invoice

Association Views
SAP HANA Selection View CA_INVOICE_DET_OBJ: View on vendor invoices using

tables BSEG and BKPF where the account type is K, the
client is the session client, and VBUND is initial or NULL.
40

CREATION_DATE as the parameter for temporal

selection
VENDOR as a selection parameter
SAP HANA Association View CA_VENDOR_INVOICE_ASSOCIATION
8.3 Detection Object Type: FRA_INVOIT

Detection object: FRA_INVOIT (Invoice Item)
SAP HANA Package for Selection and fcpascn-01.dt.vendor

Association Views
SAP HANA Selection View CA_INV_IT_DET_OBJ: View on vendors (table LFA1) to be

used as investigation objects. Uses additional information
of the company code table (T001).
The creation date per vendor is computed as the minimum
date of the first period that the vendor has a turnover (in
table LFC1) in any company code. This way the creation
date does not correspond to the creation date in LFA1, but
to the date the vendor has the first turnover.
ITEM_NUMBER as Key 4
CREATING_DATE as the parameter for temporal
selection
SAP HANA Association View CA_VENDOR_INV_IT_ASSOCIATION: Associate vendor

document with vendor master data.
8.4 Detection Object Type: FRA_VENDOR

Detection object: FRA_VENDOR (Vendor)
41
SAP HANA Package for Selection and sap.hana-app.fra.suite.pur.dt.newvendors

Association Views
SAP HANA Selection View CA_VENDOR_DET_OBJ: View on vendors per company code
(table LFB1) to be used as detection objects, using
additional information from the vendor table (table LFA1).
The creation date per vendor and company code is
computed as the minimum date of the first period that the
vendor has a turnover (in table LFC1). This way the creation
date does not correspond to the creation date in
LFA1/LFB1, but to the date the vendor has the first
turnover in the company code.
VENDOR as Key 2
INTERCOMPANY Company ID of trading partner taken
from LFA1 (VBUND)
CREATION_DATE as the parameter for temporal

selection
SAP HANA Association View CA_VENDOR_ASSOCIATION: Association view on vendors

per company code (table LFB1).
8.5 Detection Rule: Duplicate Invoice Reference Numbers

8.5.1 Use
This detection rule lets you find duplicate invoice reference numbers for a single vendor.
The rule examines invoices and determines whether a document reference number (external invoice
id) has been used more than once for the same vendor. In addition, the rule checks whether invoices
with duplicate document references have been approved by the same person. If suspicious invoices
have been approved by the same person, then the finding is scored with 100 points, otherwise a
score of 50 points is given.

Rule Duplicate Invoice Reference Numbers is typed for detection strategies and methods as follows:
Investigation object type FRA_VENDOR (Vendor)

Detection object type FRA_INVOIC (Fraud Management Invoice)
8.5.3 Tables Used

42
BKPF
BSEG
SWOTIP
SWW_WI2OBJ
SWWWIHEAD
T001

Category
Selection PR_INVOICE_REF_DOUBLES_SELE fcpascn-01.dt.invoice.se
Execution PR_INVOICE_REF_DOUBLES _ EXEC fcpascn-01.dt.invoice.ex
Additional PR_INVOICE_REF_DOUBLES _ADDINF fcpascn-01.dt.invoice.ai

Information
8.6 Detection Rule: Invoice Without Purchase Order Reference

8.6.1 Use
This detection rule lets you find invoices that do not reference any purchase order.
The rule examines the invoice items of a vendor to verify that all invoices whose amount exceeds a
user-specified threshold reference a purchase order. If an invoice item has no reference to a
purchase order, then this invoice item of the vendor is suspicious.
To allow comparisons, the amount of the threshold is converted to the currency of the company
code. For amounts on invoice items, the amount in the currency of the company code currency of
the invoice is used.
The risk amount of a resulting alert is defined as the sum of the amounts of the invoice items of the
vendor that are found to be suspicious.
The currency conversion uses the standard conversion at average type of type M and the
business posting dates of the invoice.
The functionality is restricted to invoice items that have the posting keys Invoice, Reverse Credit
Memo ('31' OR '32'), which are not intercompany, Account Type Vendor, and with
Debit/Credit Indicator Credit.

Rule Invoice Without Purchase Order Reference is typed for detection strategies and detection
methods as follows:
43
Detection object type FRA_INVOIT (Invoice Item)
8.6.3 Tables Used

BKPF
BSEG
RSEG
RBKP
Tables for the currency conversion (TCUR)

Category
Selection PR_INV_WO_PO_REF_SELE fcpascn-01.dt.vendor.se
Execution PR_ INV_WO_PO_REF_EXEC fcpascn-01.dt.vendor.ex
Additional PR_ INV_WO_PO_REF_ADDINF fcpascn-01.dt.vendor.ai

Information
Parameters:
THRESHOLD_AMOUNT: Indicates the minimum amount of an invoice item which will be
investigated. If the invoice item amount is smaller than the threshold amount, then the invoice is
ignored. The threshold amount is converted into the currency of the posting area defined by the
company code in order to compare the amounts in the same currency.
THRESHOLD_CURRENCY: Sets the currency of the threshold amount.
8.7 Detection Rule: Split Invoices Exceed Limit

8.7.1 Use
This detection rule examines the invoice items related to a vendor to check that payments are not
being split into many small payments instead of one bigger payment that is greater than a
permitted level. If split payments that exceed the permitted level are present, then the invoice items
of the vendor are suspicious.
To allow comparisons, the amounts of thresholds are converted to the currency of the company
code. For the invoice item, the amount in company code currency from the invoice is used.
The invoice items are summed in accordance with the debit/credit sign of the record. The debit sum
is subtracted from the credit sum and the real amount of the invoices is determined. If the amount of
a single invoice item is smaller than the threshold for a single invoice (defined by the user), then the
invoice amounts are aggregated by vendor and company code. If the sum of all invoices related to
this vendor is greater than the threshold for the sum of the invoices (defined by the user), then the
invoice items of the vendor are suspicious.
44
The risk amount is defined as the sum of the amounts of the selected invoice items of the vendor.
The currency conversion uses the standard conversion at average type of type M.
The functionality is restricted to invoice items with posting keys Reverse Invoice, Credit Invoice,
Invoice, Reverse Credit Memo ('21' OR '22' OR '31' OR '32') that are not intracompany,
and Account Type Vendor.
Alerts are created only for invoice items with posting key Invoice and Reverse Credit Memo.

The rule Split Invoices Exceed Limit is typed for detection strategies and detection methods as
follows:

8.7.3 Tables Used

BKPF
BSEG
T001
TCUR tables for currency conversion

Category
Selection PR_INVOICE_ITEM_SELE fcpascn-01.dt.vendor.se
Execution PR_SPLIT_INVOICES_ EXEC fcpascn-01.dt.vendor.ex
Additional PR_SPLIT_INVOICES_ADDINF fcpascn-01.dt.vendor.ai

Information
Parameters:
THRESHOLD_SINGLE: The maximum amount of an invoice item that is investigated. If the invoice
item amount exceeds this threshold, then the invoice item is ignored for detection purposes. All
amounts (threshold and invoice item amounts) are converted into the currency of the company
code in order to compare the amounts in the same currency.
THRESHOLD_SINGLE_CURRENCY: The currency of the threshold single amount.
THRESHOLD_SUM: The amount that the sum of the invoice items of a vendor must exceed to
indicate suspicion of split invoices. If the sum of the invoice item amounts for the vendor is lower
than this threshold, then the invoice items are deemed to be not suspicious. All amounts are
45
converted into the currency of the company code in order to compare the amounts in the same
currency.
THRESHOLD_SUM_CURRENCY: Sets the currency of the threshold sum amount.
8.8 Detection Rule: Suspicious Keywords in Invoice Item Texts

8.8.1 Use
This rule lets you find suspicious keywords in invoice item texts. You can automatically as part of
mass detection find important keywords (such as the name of a vendor found to be corrupt) in
vendor invoice items using the fuzzy search feature of the SAP HANA database.
The rule looks for keywords in the SGTXT field of selected invoice items. You must create an index on
on column SGTXT of table BSEG with parameters SYNC and FUZZY SEARCH INDEX in order for the
search to work correctly while using SAP HANA fuzzy search logic.
Search keywords may be up to 250 characters in length and must be uploaded into table
FRA_D_KEY_WORDS from the SAP HANA Modeler. Search keywords are client-specific. All keywords
are used in any keyword search.
To search, you enter one or more strings of up to 256 characters together with a fuzzy factor value
into FRA_D_KEY_WORDS. The fuzzy factor value lets you widen the search results using fuzzy search
logic.

The rule Suspicious Keywords in Invoice Item Texts is typed for detection strategies and detection
methods as follows:


Category
Selection PR_INVOICE_ITEM_SELE fcpascn-01.dt.vendor.se
Execution PR_INVOICE_ITEM_KEYWORDS fcpascn-01.dt.vendor.ex
Additional PR_INVOICE_ITEM_KEY_WORD_SEARCH_ADDINF fcpascn-01.dt.vendor.ai

Information
Parameters:
FUZZINESS: Factor to control sensitivity of match (1-100, recommended 80-100, higher values
less fuzziness, a more precise search). Example: The name Torsten Holsh will not match
Thorsten Hlsh with a fuzziness of 90, but it will produce a hit if the fuzziness is set to 80. The
recommended setting is in the range of 80 to 100. A lower fuzziness factor may produce too
many false positives.
46
8.9 Detection Rule: Divergent Vendor Country and Payment Country

8.9.1 Use
Use this rule to find cases in which the payment for an invoice was transferred to a country that
differs from the vendors home country.

The rule Divergent Vendor Country and Payment Country is typed for detection strategies and
detection methods as follows:
8.9.3 Tables Used

This rule uses the following tables in the SAP HANA database:
REGUH
REGUP
LFA1

Category
Selection PR_INVOICE_ITEM_SUSP_PAYMNT_COUNTRY_SELE fcpascn-01.dt.vendor.se
Execution PR_INVOICE_ITEM_SUSP_PAYMNT_COUNTRY_EXEC fcpascn-01.dt.vendor.ex
Additional PR_INVOICE_ITEM_SUSP_PAYMNT_COUNTRY_ADDINF fcpascn-01.dt.vendor.ai

Information
8.10 Detection Rule: Vendor Without Bank Data

8.10.1 Use
Use this rule to find vendors for whom no bank data for payments has been recorded.

The rule Vendor Without Bank Data is typed for detection strategies and detection methods as
follows:

Detection object type FRA_VENDOR (Vendor)
8.10.3 Table Used

This rule uses table LFBK in the SAP HANA database.
47

Category
Selection PR_VENDOR_WO_BANK_DATA_SELE fcpascn-01.dt.vendormaster.se
Execution PR_VENDOR_WO_BANK_DATA_EX fcpascn-01.dt.vendormaster.ex
Additional PR_VENDOR_WO_BANK_DATA_ADDINF fcpascn-01.dt.vendormaster.ai

Information
8.11 Detection Rule: Employees with Same Bank Data as Vendor

8.11.1 Use
In order to pay out travel expenses, affected employees are also set up as vendors in the system. This
detection method checks if any of these employees has the same bank account data as a regular
vendor in the system. If an employee uses the same bank account data as a vendor, then this
employee master data record is considered to be potentially fraudulent.
Employees can be identified in the vendor master by their Vendor Account Group. In the standard
delivery, the Vendor Account Group is HRTP for reimbursing travel expenses to employees. This
value is hard coded in the selection and execution procedures. If a different vendor account group
must be used, then this value also must be added to the coding of these procedures.

The rule Employees with Same Bank Data as Vendor is typed for detection strategies and detection
methods as follows:
Detection object type FRA_VENDOR (Vendor)
8.11.3 Table Used

This rule uses table LFBK in the SAP HANA database.

Category
Selection PR_VENDOR_BANK_DATA_DOUBLES_SELE fcpascn-01.dt.vendormaster.se
Execution PR_VENDOR_BANK_DATA_DOUBLES_EXEC fcpascn-01.dt.vendormaster.ex
8.12 Detection Rules: Conflict of Interest With New Vendors

8.12.1 Use
These detection rules for detecting irregularities with one-time vendors:
Turnover in first year after first transaction with a new vendor exceeds a threshold
48
Master Data: Detection Strategies and Detection Methods
Growth in purchasing volume between first and second year after the first transaction with a
new vendor exceeds threshold
Percentage of business with a new vendor by a single employee exceeds threshold

are part of the content for SAP Fraud Management for Internal Audit. They were delivered with
Release 1.0 SP02, but are part of the anti-corruption content.
9 Master Data: Detection Strategies and Detection Methods

Detection strategies and detection methods application objects in SAP Fraud Management for
corruption detection must be created by hand. The maintenance interfaces are part of the
application.
As guidelines, consider the following:
Create at least one detection strategy per detection object type.

Create one detection method definition for each of the detection rules described in the previous
sections.
A detection strategy may contain only detection methods that process the detection object type
of the detection strategy.
For more information, search for About Detection Strategies, Creating Detection Strategies, and
Creating and Displaying Detection Methods in the SAP Help Portal (http://help.sap.com).
10 Appendix
10.1 Availability of Detection Rules by Release

Four new detection rules are released with this download for SAP Fraud Management Release 1.1
SP01:
Accounting document posted on non-working day
Multiple changes to a purchase order
More than one use of a document reference number for the same vendor
Vendor without bank details.
The following table shows when each of the detection rules in the anti-corruption content for SAP
Fraud Management has become available.
Scenario Detection Rule Availability
Irregularities in Accounting Documents posted on non- Release 1.1 SP01 as download

working days from the SAP Community
Network (SCN)
Irregularities in Purchasing Amount paid in an invoice is Release 1.1 SP00 as download

greater than the amount in the
49
Appendix
relevant from SCN
PEP address screening of Release 1.1 SP00 as download

purchase orders from SCN
Vendor in purchase order item Release 1.1 SP00 as download

located in a high-risk country from SCN
The invoice receipt quantity is Release 1.1 SP00 as download

greater than the goods from SCN
received quantity
Multiple changes on purchase Release 1.1 SP01 as download

orders purchase order item from SCN
One-Time Vendors Multiple postings to the same Release 1.0 SP02 as part of the
one-time account product Business Content for
Internal Audit
Postings of payments to a Release 1.0 SP02 as part of the

regular vendor to a one-time product Business Content for
account Internal Audit
Vendor irregularities Vendor located in a high-risk Release 1.1 SP00 as download

country from SCN
Invoice without purchase order Release 1.1 SP00 as download

reference from SCN
Split invoices exceed limit Release 1.1 SP00 as download

from SCN
Suspicious keywords in invoice Release 1.1 SP00 as download

item texts from SCN
Bank of vendor located in a Release 1.1 SP00 as download

different country than the from SCN
vendor
Employee with same bank data Release 1.1 SP00 as download

as vendor from SCN
Vendor without bank details Release 1.1 SP01 as download

from SCN
More than one use of an Release 1.1 SP01 as download

invoice reference number from SCN
Irregularities with New Vendors Volume of business in first year Release 1.0 SP02 as part of the
after initial transaction exceeds product Business Content for
threshold Internal Audit
Volume of business between Release 1.0 SP02 as part of the
50
Appendix
first and second years after product Business Content for

initial transaction exceeds Internal Audit
threshold
Volume of business approved Release 1.0 SP02 as part of the

by single person exceeds product Business Content for
threshold Internal Audit
Irregularities in vendor master Flip-flop bank data in vendor Release 1.0 SP02 as part of the
data master record changes to product Business Content for
bank data in record Internal Audit
Flip-flop payee in vendor Release 1.1 SP00 as download

master record changes to from SCN
payment recipient variants
for cross-company code and
within a single company code
10.2 Detection and Investigation Object Types of the Anti-Corruption

Content
The following table shows the investigation and detection object types that are used in the anti-
corruption content for SAP Fraud Management. You may need to adjust the customizing and the
detection method definitions of those objects that were delivered with SAP Fraud Management
Release 1.1 SP00. For more information, see Adjusting the SAP Fraud Management Customizing.
Investigation Object Description Availability with Downloaded from SCN

Type Release
FRA_ACCDOC Accounting Document Release 1.1 SP01 Yes
FRA_ONETIM One-Time Vendors Release 1.0 SP02 No, part of product
FRA_PO Purchase Order Release 1.1 SP00 Yes
FRA_VENDOR Vendor Release 1.0 SP02 No, part of product
FRA_VMDCHG Vendor Master Data Release 1.0 SP02 No, part of product
Change
Detection Object Description Investigation Availability with Downloaded

Type Object Type Release from SCN
FRA_ACCDOC Accounting FRA_ACCDOC Release 1.1 Yes

Document SP01
FRA_ONETIM One Time FRA_ONETIM Release 1.0 No, part of

Vendor Invoices SP02 product
51
Appendix
FRA_POHEAD Purchase Order FRA_PO Release 1.1 Yes

Header SP01
FRA_POITEM Purchase Order FRA_PO Release 1.1 Yes

Item SP00
FRA_INVOICE Fraud FRA_VENDOR Release 1.1 Yes

Management SP01
Invoice
FRA_INVOIT Fraud FRA_VENDOR Release 1.1 Yes

Management SP00
Invoice Item
FRA_VENDOR Vendor FRA_VENDOR Release 1.0 No, part of

SP02 product
52

SAP Fraud Management Anti-Corruption Content Rel11 SP01

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

SAP Fraud Management Anti-Corruption Content Rel11 SP01

Caricato da

Copyright:

Formati disponibili

Purpose of the Document

SAP Fraud Management Release 1.1 SP01

Please see http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional

Icons in Body Text

Type Style Description

Version Major Changes

5.4.1 Use ................................................................................................................................. 27

8 Detection Scenario: Detecting Irregularities in Vendor Data and Transactions ........................... 39

8.10.4 SAP HANA Procedures for Detection Methods ............................................................. 48

1 Purpose of the Document

Detection Technology: Irregularities in Accounting Documents

Accounting irregularities Accounting documents posted on exceptional

Detection Technology: Irregularities in Purchasing Orders and Purchase Order

Multiple changes to purchase orders

An alert is created when hit is found against

Detection Methods: Irregularities in Vendor Data and Transactions

Purchasing approvals granted by a very

used more than once for the same vendor.

2 Installing the Anti-Corruption Compliance Content

This document (should you need a fresh copy).

The BC Sets FRA_SCN_FCPA-SP01 and FRA_FCPA_FIELD_CATALOGUE-SP01. These BC Sets install

2.1 Prerequisite: SAP Fraud Management at Release 1.1 SP01

2.2 Prerequisite: Installing the Internal Audit Content

Configuration Sets > Activation of Business Sets ).

2.3 Downloading the Anti-Corruption Files

2.4 Installing, and Executing ABAP Program ZFRA_CREATE_SCN_TABLES

2.5 Downloading and Installing Customizing from BC Sets

2.6 Installing SAP HANA Views and Procedures

To install the SAP HANA objects, do the following:

Browse to select the fra-fcpascn-01 directory for the upload.

2.7 Adjusting the SAP Fraud Management Customizing

2.8 Generating a Full-Text Index

3 Customizing Settings for the Anti-Corruption Content

3.1 Launchpad Setup

Cumulative Fraud Loss

Average Processing Time

Top 10 Countries by Risk Value

Create Manual Alert

External Vendor Changes

External Vendor Account

3.2 Define Source Domain and Field Settings

3.3 Investigation and Detection Object Types

Investigation Object Detection Object Type Scenario

FRA_ACCDOC FRA_ACCDOC Accounting documents

FRA_PO FRA_POHEAD Purchase Order

FRA_PO FRA_POITEM Purchase Order

FRA_VENDOR FRA_INVOIC Invoice Irregularities

FRA_VENDOR FRA_INVOIT Invoicing Irregularities

3.4 Assign Packages for Detection Method Procedures

Detection object Package

3.5 Define Alert Field Labels

Technical Service Entity Property Field Label

FRA_ALERT_SRV Alert AlertID Alert

FRA_ALERT_SRV Alert DueDateTimeFormatted Due Date

FRA_ALERT_SRV Alert ResponsiblePersonFullName Investigator

FRA_ALERT_SRV Alert RiskRating Rating

FRA_ALERT_SRV Alert RiskValue Risk Value

3.6 Assign Navigation Targets to Navigation Groups

Group Application alias Navigation Description

FRA_PO ExternalPurchaseOrder Purchase order

FRA_VENDOR ExternalVendorMasterData Vendor Master Data

FRA_VENDOR ExternalVendorAccount Vendor Account

FRA_ACCDOC ExternalAccountingDocument Accounting Document

FRA_VMDCHG ExternalVendorChanges Vendor Master Data Changes