Whistleblower

Published on January 2017 | Categories: Documents | Downloads: 53 | Comments: 0 | Views: 445
of 15
Download PDF   Embed   Report

Comments

Content

Whistle Blower Complaints

Solution Management Financials SAP AG

Sarbanes-Oxley Act – Section 301
Public Company Audit Committees shall establish procedures for
„

the receipt, retention, and treatment of complaints received by the issuer regarding accounting, internal accounting controls, or auditing matters the confidential, anonymous submission by employees of the issuer of concerns regarding questionable accounting or auditing matters.

„

Activity
„ Establish procedures for “Whistleblower” process, adapted to the company „ React on anonymous complaints from employees „ Keep track of history of all complaints and reactions

© SAP AG 2003, Title of Presentation, Speaker Name / 2

Whistle Blower – Functionality
Sending Anonymous Complaints
„ Employee accesses the SAP Portal or calls a URL in the intranet „ His/her user will be mapped to a dummy user „ Customer-definable HTML layouts for entering the complaints „ Complaint # for possible follow-up by the sender „ Automatic derivation of receiver and creation of workflow item „ Complaint will be stored anonymously

Analysis of Anonymous Complaints
„ Receiver can see all complaints sent to him/her in the SAP Portal „ Receiver might have been notified by additional anonymous e-mail. „ Reporting and analysis functions on the complaints

Complaints can also be submitted with the user‘s name.
„ Both types of complaints can be used in parallel.

© SAP AG 2003, Title of Presentation, Speaker Name / 3

Whistle Blower – Sending a complaint

© SAP AG 2003, Title of Presentation, Speaker Name / 4

Whistle Blower – Complaint number

© SAP AG 2003, Title of Presentation, Speaker Name / 5

Whistle Blower – Inbox of received complaints

© SAP AG 2003, Title of Presentation, Speaker Name / 6

Whistle Blower – Inbox of workflow items

© SAP AG 2003, Title of Presentation, Speaker Name / 7

Whistle Blower – Processing the complaint

© SAP AG 2003, Title of Presentation, Speaker Name / 8

Whistle Blower – User Interface
You can integrate the Whistle Blower Complaints into your intranet and make it available to your employees via URL call. Optionally, the functionality can be used within the mySAP Enterprise Portal, as ITS-based iView, integrated in any portal role.

© SAP AG 2003, Title of Presentation, Speaker Name / 9

Whistle Blower – Protection of the Issuer
The complaint number is the only documentary evidence of the anonymous complaint. The complaint number should be written down and kept in a secure place. It might be used in order to possibly follow-up the matter or to raise a claim on whistle blower protection in case of retaliation (SOA Whistle Blower Protection Right). For future releases, it is planned to provide an additional unique identification number to the sender of the complaint.

© SAP AG 2003, Title of Presentation, Speaker Name / 10

Whistle Blower – Example Form
SAP delivers an example form with „ read-only text field with instructions from the accounting department „ A selection field with a drop-down list that helps the user to select the affected company „ A description field in which the issuer can insert the complaint. The customer „ may adjust the form „ has to decide whether to use it anonymously or with the user‘s name „ has to copy the form if both scenarios shall be supported „ has to implement the workflow

© SAP AG 2003, Title of Presentation, Speaker Name / 11

Whistle Blower – Technical Details
Technology
„

Internet Service Requests (ISR) for defining web forms, see http://service.sap.com/isr for more detail Workflow Functionality QM Notifications for storing the complaints

„ „

System Requirements
„ „ „

R/3 4.6C SP 46 or R/3 Enterprise SP 17 ITS (Internet Transaction Server) Optional: mySAP Enterprise Portal 5.0 or higher

© SAP AG 2003, Title of Presentation, Speaker Name / 12

Whistle Blower – Essentials for Anonymization
The Issue
„ „

If properly set up, SAP does not store the sender of the complaint. However, there is the issue of logging on several technical levels.

Recommendation
„ „ „ „

Enforce access through an application level anonymization proxy which does not write any access or forwarding log. Proxy should also enforce access to at least one non-sensitive, common-use scenario (e.g. internal news). Proxy access must be provided via HTTPS. It is recommended to also use Open Software anonymization software to avoid any logging.

© SAP AG 2003, Title of Presentation, Speaker Name / 13

Whistle Blower – Roadmap
R/3 4.6C
Delivery via Support Package 46 December 12, 2003

R/3 Enterprise
Delivery via Support Package 17 December 16, 2003

Functionality Sending Anonymous Complaints
ƒ Employee accesses the SAP Portal ƒ His/her user will be mapped to a dummy user ƒ Customer-definable HTML layouts for entering the complaints ƒ Complaint # for possible follow-up by the sender ƒ Automatic derivation of receiver, option for workflow ƒ Complaint will be stored anonymously

Analysis of Anonymous Complaints
ƒ Receiver can see all complaints sent to him/her in the SAP Portal ƒ Receiver might have been notified by additional anonymous e-mail ƒ Reporting and analysis functions on the complaints

© SAP AG 2003, Title of Presentation, Speaker Name / 14

Copyright 2003 SAP AG. All Rights Reserved
„ No part of this publication may be reproduced or transmitted in any form or for any purpose without the express

permission of SAP AG. The information contained herein may be changed without prior notice.
„ Some software products marketed by SAP AG and its distributors contain proprietary software components of other

software vendors.
„ Microsoft®, WINDOWS®, NT®, EXCEL®, Word®, PowerPoint® and SQL Server® are registered trademarks of

Microsoft Corporation.
„ IBM®, DB2®, DB2 Universal Database, OS/2®, Parallel Sysplex®, MVS/ESA, AIX®, S/390®, AS/400®, OS/390®,

OS/400®, iSeries, pSeries, xSeries, zSeries, z/OS, AFP, Intelligent Miner, WebSphere®, Netfinity®, Tivoli®, Informix and Informix® Dynamic ServerTM are trademarks of IBM Corporation in USA and/or other countries.
„ ORACLE® is a registered trademark of ORACLE Corporation. „ UNIX®, X/Open®, OSF/1®, and Motif® are registered trademarks of the Open Group. „ Citrix®, the Citrix logo, ICA®, Program Neighborhood®, MetaFrame®, WinFrame®, VideoFrame®, MultiWin® and

other Citrix product names referenced herein are trademarks of Citrix Systems, Inc.
„ HTML, DHTML, XML, XHTML are trademarks or registered trademarks of W3C®, World Wide Web Consortium,

Massachusetts Institute of Technology.
„ JAVA® is a registered trademark of Sun Microsystems, Inc. „ JAVASCRIPT® is a registered trademark of Sun Microsystems, Inc., used under license for technology invented

and implemented by Netscape.
„ MarketSet and Enterprise Buyer are jointly owned trademarks of SAP AG and Commerce One. „ SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver and other SAP products and services mentioned

herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves information purposes only. National product specifications may vary.

© SAP AG 2003, Title of Presentation, Speaker Name / 15

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close