Shifting Controls To The Right Of Launch

Bruce McCuaig

I recently blogged about “shifting GRC to the left of launch,” focusing on the need to predict and manage extreme risks before they occur. But a strong case can be made for managing infrequent or lower-level risks in mature business processes using a “right of launch” strategy.

The current paradigm for managing controls seems to call for controls focused on prevention of risk events, even inconsequential ones. The very definition of control effectiveness seems to suggest a left of launch paradigm. I would even venture that COSO’s control frameworks* seem to be based on a left of launch control philosophy and may stifle technological innovation (but that’s another blog).

There are reasons for a left of launch control paradigm, but it’s time for a second look.

Many risk events today could be managed very effectively from the right of launch. Controls using GRC tools built into a strong digital core can be structured very differently to permit this. Let’s compare a traditional approach with a right of launch scenario.

Reimagining procure to pay

Two recent but unrelated events offered a sharp contrast in how the procure-to-pay (P2P) process is managed in different environments.

  • Traditional P2P. Recently, I messed up in hiring a vendor to provide some services for a recent SAP GRC Insider conference. The contract was for less than $2,000, but I didn’t get the proper approvals in advance and found myself dealing with three or four people in our procure-to-pay team to set things right. It took several weeks and many phone calls and e-mails.
  • P2P for merchant reimbursement for credit/debit card transactions. A few weeks ago, I received a call from my credit card provider alerting me to a purchase transaction. Someone pretending to be me and using my credentials was making a credit card purchase in a distant city. My bank correctly predicted that it was a fraudulent transaction and blocked it even before speaking with me.

Comparing “left of launch” to “right of launch” in P2P

If I had to guess, I would estimate that most P2P processes (heavily loaded with numerous documents, segregation of duties, approvals, and other controls) cost businesses about 3%-5% of the transaction value. Even more, they inhibit spending and slow down the spending process enormously. That can be a problem. Businesses spend to make money. Spending quickly should mean benefiting quickly.

But banks and credit card companies also run a P2P process for reimbursing merchants for consumer purchases. The volumes are huge in both value and transactions, but the P2P process seems much simpler. Here is a simplified comparison.

Predictive controls to enable “right of launch”

Credit card companies have placed the key controls after the purchase transaction, not before the transaction. The sheer volume of credit card and debit card transactions make SOWs, POs, and invoices impossible. Technology today allows after-the-fact predictive controls. Banks and credit card companies shift some of the risk to the merchants and perhaps a little risk to customers. But speeding transactions is critical.

Even the credit card approval process is streamlined. Cards are preapproved and customers notified.

Why is streamlining procurement important?

I believe the multiple controls, documentation, and approvals in typical P2P processes are a significant but hidden cost. But there is more to it than that.

In most companies, a substantial amount of general ledger postings are driven from the P2P process. Financial statements are driven from payment information. Delays in processing payments leads to the need for accruals and inaccurate, delayed financial reporting. Companies that know their costs and have accurate, up-to-date financial information can make better decisions.

Even worse, I believe accountability for left of launch controls is seldom with the owner of the process. I believe right of launch controls would align better with management accountability.

I know there is a fear of fraud, and certainly the merchant reimbursement process is susceptible to fraud. The difference is that instead of slowing down the process and incurring costs to prevent fraud and error, they detect them after the fact.

What technologies exist to support predictive controls?

Technology exists today to continuously monitor controls to ensure that both vendors and customers are properly authorized and configured. But what makes a right of launch approach possible are powerful tools that monitor controls, and detect anomalous patterns in high volumes of transactions along with predictive capabilities, machine learning, and audit capabilities. It is feasible to detect, assess, and stop a bad transaction before it is completed.

I walked into a store a few weeks ago and qualified for a $10,000 bank-issued credit card by showing ID and providing a phone number. I didn’t need or want the card, but it shows that by using powerful right of launch instead of left of launch tools and capabilities, merchants and credit card providers can grow their business even faster. How can we harness this capability in our businesses?

Who is doing this now?

My knowledge of P2P processes, as well as credit and debit card processing, is from a consumer perspective. I am certain others have already thought this through and have probably even tested changes in the P2P process.

But I do know a little about GRC, and I do know that control practices in businesses seem to rely heavily on preventing fraud or error. The power of GRC tools and SAP S/4HANA should allow massive streamlining and rethinking of many business processes. Preventive controls may be useful in some situations. But if it’s possible to detect and block fraud or errors after the fact at the speed of light, it makes sense to do so.

Looking forward

Today’s technology combined with a right of launch control strategy has significant implications. I would argue that embedded in the COSO internal control frameworks, and certainly in Sarbanes Oxley, is a left of launch control paradigm. That needs to change. Extreme risks need to be managed with a left of launch approach, as I described in my earlier blog. But risks and compliance in mature business processes can now be managed effectively with a right of launch strategy.

Has COSO recognized the power of technology?

*Committee of Sponsoring Organizations of the Treadway Commission, developing frameworks and guidance on enterprise risk management, internal controls, and fraud deterrence.

Learn how organizations are gaining instant financial insights and using them to make better decisions—both now and in the future. Register now for the 2017 Financial Excellence Forum, Oct. 10-11 in New York City.

This article, Shifting Controls to the Right of Launch, originally appeared in the SAP BusinessObjects Analytics blog and is republished by permission.

Follow SAP Finance online: @SAPFinance (Twitter)  | LinkedIn | FacebookYouTube


Bruce McCuaig

About Bruce McCuaig

Bruce McCuaig is director Product Marketing at SAP GRC solutions. He is responsible for development and execution of the product marketing strategy for SAP Risk Management, SAP Audit Management and SAP solutions for three lines of defense. Bruce has extensive experience in industry as a finance professional, as a chief risk officer, and as a chief audit executive. He has written and spoken extensively on GRC topics and has worked with clients around the world implementing GRC solutions and technology.

How To Mitigate Foreign Corrupt Practice Act (FCPA) Risk In A Global Business Landscape

Payton Burger

The term “bribery” often conjures up thoughts of large sums of money being used to sway powerful officials one way or another. But when it comes to the rules and regulations set forth by the Foreign Corrupt Practice Act (FCPA), the terms “bribery” and “government officials” apply to a wide spectrum of actions and personnel. How can organizations ensure that they are not unintentionally breaking any rules and putting their business at risk of an FCPA-related audit?

In today’s fast-paced world, having a global presence is essential to stay competitive, but that leaves you exposed to more regulatory risks and fraud opportunities. Below, we’ll review the processes, procedures, and tools you should have in place to help mitigate these risks and ensure compliance with FCPA guidelines.

Understanding the ambiguity

Anti-bribery provisions state that an organization cannot give “anything of value” to a foreign official to obtain or retain business in their market. While this seems straightforward, enforcement actions are often based on allegations around leisure activities such as travel, meals, gifts, and entertainment, all of which are typically legal and socially acceptable. However, what might appear to be innocent exchanges are viewed as bribery to the FCPA.

And if that is not vague enough, the definition of a “government official” goes beyond someone who works directly for the government, and includes employees of government departments or agencies, state-owned enterprises (SOES), healthcare providers, and even third-party consultants helping with the planning of a hospitality event.

So how can your organization navigate this ambiguity—especially as you grow and expand globally and domestically —and implement the right checks and balances to mitigate risk related to the FCPA?

5 steps for FCPA compliance

  1. Understand your business network. The first step in protecting against the inadvertent bribery of a government official is ensuring that the employees engaging in cross-border business dealings have a firm understanding of all points of contact they will be directly or indirectly working with. In turn, leaders need to take a step back and consider how the organization works with various points of contact during the business process so they can more easily identify situations that may put them at risk of an FCPA violation.
  1. Implement the appropriate controls. The knowledge and expertise of your organization’s finance and compliance teams is imperative to successfully mitigating FCPA risk. Configuring expense systems with the appropriate workflows, attendee and expense types, conditional and custom fields, and requiring manager approval before “anything of value” is purchased is key to catching potential FCPA violations before they occur. Having these types of checks and balances in place also creates an audit trail with documentation that proves that your organization is doing its due diligence to prevent instances of bribery.
  1. Maintain clear and correct records. The FCPA also has provisions around financial books, record-keeping, and internal controls that put even more pressure on your financial teams. When it comes to your financial books and records, you must maintain reasonable detail that accurately and fairly reflects transactions surrounding foreign officials. Anything that is falsely represented or misleading can lead to an enforcement action. In addition, internal controls must be in place, meaning that you must be able to provide reasonable assurance that the transactions are properly authorized, recorded, and accounted for.
  1. Implement a comprehensive audit process. While these provisions are broad, creating an internal system that includes effective oversight and reporting capabilities will help maintain FCPA compliance. Build an audit process that has rules to account for regulatory violations. Consider these approaches:

– Audit receipt types and itemizations

– Audit cash expenses

– Conduct random checks

– Identify location and type of expense and where

– Verify employment and look for patterns of behavior

– Use a third-party auditor to maintain credibility and help your finance teams scale

  1. Proactively educate around clear policies. While preventative measures and audits are essential, don’t underestimate the importance of proactive education. Ensure that your finance team is properly trained and has a firm understanding of what constitutes both bribery and foreign officials. In addition, build clear, easy-to-understand organization-wide policies around what is and is not permitted when it comes to working with foreign officials to ensure that everyone is on the same page and maintains compliance.

Knowledge is key

Maintaining FCPA compliance boils down to having the proper knowledge surrounding what the FCPA considers bribery to a foreign official, and building the appropriate policies to combat that. Ensuring that you have the right knowledge, systems, and tools in place gives your finance team, and organization, what they need to be successful in reducing FCPA risk.

Learn about how the Concur can help your company monitor for compliance with the FCPA and other anti-corruption legislation here.

Learn how organizations are gaining instant financial insights and using them to make better decisions—both now and in the future. Register now for 2017 Financial Excellence Forum, Oct. 10-11 in New York City.

Follow SAP Finance online: @SAPFinance (Twitter)  | LinkedIn | FacebookYouTube


Payton Burger

About Payton Burger

Payton Burger is Client Marketing Manager for Concur.

School’s Back! Do You Have The Right Skill Set For Dynamic Planning?

Brian Kalish

Part 7 in the Dynamic Planning Series

“Do I have the right skill set for FP&A in 2017 and beyond?” That is a question I am asked all the time, whether I’m in Kuala Lumpur, Montevideo, or San Francisco. The role of the modern FP&A professional has changed greatly over the past 20 years, but the change I have witnessed over the past five years has truly been amazing.

When I would add talent to my FP&A teams 10 years ago, what I wanted was a Jedi master in Excel who had a strong background in accounting. Those days are long gone, because the scope and scale of what our FP&A teams can actually accomplish, as far as planning, budgeting, and forecasting are concerned, have grown at an accelerating pace.

Due to advances that have occurred in the technology and tools available today, activities that we could only dream of accomplishing a few years ago are either possible right now or will be possible in the very near future. Gone are the days of scheduled (and instantly out-of-date) plans and static reporting. We now live in a world of dynamic planning and real-time reporting. We can incorporate our actuals, in real time, to be able to determine if we are on track to reach our goals and objectives and if not, to make changes to our activities. We now regularly incorporate integrated reporting into the normal course of our communications with our stakeholders.

Planning, budgeting, and forecasting 101: new curriculum

All of this change has created opportunities as well as challenges for today’s FP&A professional. While being able to utilize Excel is important (it’s never going away, folks), along with a strong understanding of accounting, those are merely table stakes in today’s world. The three key skill sets that today’s FP&A pro must possess are financial acumen, technology and communication fluency, and a keen insight into the business. A strong dose of curiosity is also critical to being a best-in-class FP&A professional.

Those FP&A professionals who are able to master these new technologies and tools that are coming down the pike will be the ones in the greatest demand. I hear from CFOs from around the world that they expect the amount of strategic work their FP&A teams will be doing to double over the next few years. The majority of these same CFOs believe they have the proper number of people in their FP&A teams. How do they expect to close this chasm between the expected increase in workload without a corresponding increase in headcount? The overwhelming response is technology.

The challenge for organizations will be to determine if they have the right people in place to maximize the ROI for their outlays of these new technologies and tools. Not to minimize my skill set, but you can give me the most advanced surgical devices available to mankind, and I can guarantee that you don’t want me operating on you. Similarly, for FP&A talent to succeed, they will need the flexibility and agility to learn, master, and leverage these new technologies into their organizations as they come online.

The knack to be able to explain our plans or tell a story about our budgets, forecasts, analyses, insights, and foresights to a wide array of audiences, is critical to the success of our organizations. When you enter into the world of dynamic planning, the importance of communications grows ten-fold, as organizations must be able to explain why change is necessary to achieve success.

In a future blog, I’ll expand upon my thoughts and ideas on the importance of understanding the business in order to maximize the value FP&A professionals can bring to our business partners as well as the company as a whole.

I hope to see you at the upcoming Financial Excellence Forum in New York City October 10–11. You can register here. We will be touching on these issues and much more.

To learn more about dynamic planning, read the whitepaper here.

Follow SAP Finance online: @SAPFinance (Twitter) | LinkedIn | FacebookYouTube


Brian Kalish

About Brian Kalish

Brian Kalish is founder and principal at Kalish Consulting. As a public speaker and writer addressing many of the most topical issues facing treasury and FP&A professionals today, he is passionately committed to building and connecting the global FP&A community. He hosts FP&A Roundtable meetings in North America, Europe, Asia, and South America. Brian is former executive director of the global FP&A Practice at AFP. He has over 20 years experience in finance, FP&A, treasury, and investor relations. Before joining AFP, he held a number of treasury and finance positions with the FHLB, Washington Mutual/JP Morgan, NRUCFC, Fifth Third Bank, and Fannie Mae. Brian attended Georgia Tech in Atlanta, GA for his undergraduate studies and the Pamplin College of Business at Virginia Tech for his graduate work. In 2014, Brian was awarded the Global Certified Corporate FP&A Professional designation.

Diving Deep Into Digital Experiences

Kai Goerlich


Google Cardboard VR goggles cost US$8
By 2019, immersive solutions
will be adopted in 20% of enterprise businesses
By 2025, the market for immersive hardware and software technology could be $182 billion
In 2017, Lowe’s launched
Holoroom How To VR DIY clinics

From Dipping a Toe to Fully Immersed

The first wave of virtual reality (VR) and augmented reality (AR) is here,

using smartphones, glasses, and goggles to place us in the middle of 360-degree digital environments or overlay digital artifacts on the physical world. Prototypes, pilot projects, and first movers have already emerged:

  • Guiding warehouse pickers, cargo loaders, and truck drivers with AR
  • Overlaying constantly updated blueprints, measurements, and other construction data on building sites in real time with AR
  • Building 3D machine prototypes in VR for virtual testing and maintenance planning
  • Exhibiting new appliances and fixtures in a VR mockup of the customer’s home
  • Teaching medicine with AR tools that overlay diagnostics and instructions on patients’ bodies

A Vast Sea of Possibilities

Immersive technologies leapt forward in spring 2017 with the introduction of three new products:

  • Nvidia’s Project Holodeck, which generates shared photorealistic VR environments
  • A cloud-based platform for industrial AR from Lenovo New Vision AR and Wikitude
  • A workspace and headset from Meta that lets users use their hands to interact with AR artifacts

The Truly Digital Workplace

New immersive experiences won’t simply be new tools for existing tasks. They promise to create entirely new ways of working.

VR avatars that look and sound like their owners will soon be able to meet in realistic virtual meeting spaces without requiring users to leave their desks or even their homes. With enough computing power and a smart-enough AI, we could soon let VR avatars act as our proxies while we’re doing other things—and (theoretically) do it well enough that no one can tell the difference.

We’ll need a way to signal when an avatar is being human driven in real time, when it’s on autopilot, and when it’s owned by a bot.

What Is Immersion?

A completely immersive experience that’s indistinguishable from real life is impossible given the current constraints on power, throughput, and battery life.

To make current digital experiences more convincing, we’ll need interactive sensors in objects and materials, more powerful infrastructure to create realistic images, and smarter interfaces to interpret and interact with data.

When everything around us is intelligent and interactive, every environment could have an AR overlay or VR presence, with use cases ranging from gaming to firefighting.

We could see a backlash touting the superiority of the unmediated physical world—but multisensory immersive experiences that we can navigate in 360-degree space will change what we consider “real.”

Download the executive brief Diving Deep Into Digital Experiences.

Read the full article Swimming in the Immersive Digital Experience.


Kai Goerlich

About Kai Goerlich

Kai Goerlich is the Chief Futurist at SAP Innovation Center network His specialties include Competitive Intelligence, Market Intelligence, Corporate Foresight, Trends, Futuring and ideation. Share your thoughts with Kai on Twitter @KaiGoe.heif Futu


Why Artificial Intelligence Is Not Really Artificial – It Is Very Tangible

Sven Denecken

The topic of artificial intelligence (AI) is buzzing through academic conferences, dominating business strategy sessions, and making waves in the public discussion. Every presentation I see includes it, even if it’s only used as a buzzword – its frequency is rivaling the use of “Uber for X” that’s been so popular in recent years.

While AI is a trending topic, it’s not mere buzz. It is already deeply ingrained into the strategy and design of our products – well beyond a mere shout-out in presentations. As we strive to optimize our products to better serve our customers and partners, it is worth taking AI seriously because of its unique role in product innovation.

AI will be inherently disruptive. Now that it has left the realm of academic projects and theoretical discussion – now that it is directly driving speed and hyper-automation in the business world – it is important to start with a review that de-mystifies the serious decisions facing business leaders and clarifies the value for users, customers, and partners. I’ll also share some experiences on how AI is contributing to solutions that run business today.

Let’s first start with the basics: the difference between AI, machine learning, and deep learning.

  • Artificial intelligence (AI) is broadly defined to include any simulation of human intelligence exhibited by machines. This is a growth area that is branching into multiple areas of research, development, and investment. Examples of AI include autonomous robotics, rule-based reasoning, natural language processing (NLP), knowledge representation techniques (knowledge graphs), and more.
  • Machine learning (ML) is a subfield of AI that aims to teach computers how to accomplish tasks using data inputs, but without explicit rule-based programming. In enterprise software, ML is currently the best method to approach the goals of AI.
  • Deep learning (DL) is a subfield of ML describing the application of (typically multilayer) artificial neural networks. Neural networks take inspiration from the human brain, with processors consisting of small neuron-like computing units connected in ways that resemble biological structures. These networks can learn complex, non-linear problems from input data. The layering of the networks allows cascaded learning and abstraction levels. This can accomplish tasks like: starting with line recognition, progressing to identifications of shapes, then objects, then full scene. In recent years, DL has led to breakthroughs in a series of AI tasks including speech, vision, and language processing.

AI applications for cloud ERP solutions

Industry 4.0 describes the trend of automation and data exchange in manufacturing. This comprises cyber-physical systems, the Internet of Things (IoT), cloud computing, and cognitive computing – everything that adds up to create a “smart factory.” There is a parallel in the world beyond manufacturing, where data- and service-based sectors need to capture and analyze more data quickly and act on that information for competitive advantage.

By serving as the digital core of the organization, enterprise resource planning (ERP) solutions play a key role in business transformation for companies adapting to the emerging reality of Industry 4.0. AI solutions powered by ML will be a broad, high-impact class of technologies that serve as a key pillar of more responsive business capabilities – both in manufacturing and all the sectors beyond. As such, ERP must embrace AI to deliver the vision for the future: smarter, more efficient, more flexible, more automated operations.

Enterprise applications powered by AI and ML will drive massive productivity gains via automation. This is not automation in the sense of repetitive, preprogrammed processes, but rather capabilities for software to handle administrative tasks and learn from user behavior to anticipate what every individual in the company might need next.

Cloud-based ERP is ideal for companies looking to accelerate transformation with AI and ML because it delivers innovation faster and more reliably than any onsite deployment. Users can take advantage of rapid iterations and optimize their processes around outcomes rather than upkeep.

Case in point: intelligent ERP applications need to include a digital assistant. This should be context-aware, designed to make business processes more efficient and automated. By providing information or suggestions based on the business context of the user and the situation, the digital assistant will allow every user to spend more time to concentrate on higher-value thinking instead of on repetitive tasks. Combined with built-in collaboration tools, this upgrade will speed reaction to changing conditions and create more time for innovation.

Imagine a system that, like a highly capable assistant, can greet you in the morning with a helpful insight: “Hello Sven, I have assessed your situation and the most recent data – here are the areas you should focus on first.” This approach to contextualized analysis of real-time data is far more effective than a hard-programmed workflow or dump of information that leaves you to sort through outdated information.

Personal assistants have been around in the consumer space for some time now, but it takes an ML-based approach to bring that experience, and all its benefits, to the enterprise. Based on the pace of change in ML, a cloud-based ERP can best deliver the latest innovations to users in a form that has immediate business applications.

An early application of ML in the enterprise will be intelligence derived from past patterns. The system will capture much richer detail of customer- and use-case-specific behavior, without the costs of manually defining hard rule sets. ML can apply predictive detection methods, which are trained to support specific business use cases. And unlike pre-programmed rules, ML updates regularly as strategies – not monthly or weekly – but by the day, hour, and minute.

How ML and AI are making cloud ERP increasingly more intelligent

Digital has disrupted the world and changed the way businesses operate, creating a new level of complexity and speed. To stay competitive, businesses must transform to achieve a new level of agility. At the same time, advances in consumer technology (Siri, Alexa, and Google Now in the personal assistant space, and countless mobile apps beyond that) have created a desire and need for intuitive user interfaces that anticipate the user’s needs. Building powerful tools that are easy to interact with will rely on ML and predictive analytics solutions – all of which are uniquely suited to cloud deployment.

The next wave of innovation in enterprise solutions will integrate IoT, ML, and AI into daily operations. The tools will operate on every type of device and will apply native-device capabilities, especially around natural language processing and natural language interfaces. Augment this interface with machine learning, and you’ll see a system that deeply understands users and supports them with incredible speed.

What are some use cases for this intelligent ERP?

Digital assistants already help users keep better notes and take intelligent screenshots. They also link notes to the apps users were working on when they were created. Intelligent screenshots allow users to navigate to the app where the screenshot was taken and apply the same filter parameters. They recognize business objects within the application context and allow you to add them to your collection of notes and screenshots. Users can chat right from the business application without entering a separate collaboration room. Because the digital assistants are powered by ML, they help you move faster the more you use them.

In the future, intelligent cloud ERP with ML will deliver value in many ways. To name just a few examples (just scratching the surface):

  1. Finance accruals. Finance teams use a highly manual and speculative process to determine bonus accruals. Applying ML to these calculations could instead generate a set of unbiased accrual figures, so finance teams have more time during closing periods for activities that require review and judgment.
  1. Project bidding. Companies rely heavily on personal experience when deciding to bid for commercial projects. ML would give sales and project teams access to decades-worth of projects from around the world at the touch of a button. This capability would help firms decide whether to bid, how much to bid, and how to plan projects for greatest profitability.
  1. Procurement negotiation. Procurement involves a wide range of information and continuous supplier communication. Because costs go directly to the bottom line, anything that improves efficiencies and reduces inventory will make a real difference. ML can mine historical data to predict contract lifecycles and forecast when a purchasing contract is expected so that you can renegotiate to suit actual needs, rather than basing decisions on a hunch.

What does the near future hold?

An intelligent ERP puts the customer at the center of the solution. It delivers flexible automation using AI, ML, IoT, and predictive analytics to drive digital transformation of the business. It delivers a better experience for end users by providing live information in context and learning what the user needs in every scenario. It eliminates decisions made on incomplete or outdated reports.

Digitization continues to disrupt the world and change the way businesses operate, creating a new level of complexity and speed that companies must navigate to stay competitive. Powering business innovation in the digital age will be possible by building and deploying the latest in AI-powered capabilities. We intend to stay deeply engaged with our most innovative partners, our trusted customers, and end users to achieve the promises of the digital age – and we will judge our success by the extent to which everyone who uses our system can drive innovation.

Learn how SAP is helping customers deploy new capabilities based on AI, ML, and IoT to deliver the latest technology seamlessly within their systems


Sven Denecken

About Sven Denecken

Sven Denecken is Senior Vice President, Product Management and Co-Innovation of SAP S/4HANA, at SAP. His experience working with customers and partners for decades and networking with the SAP field organization and industry analysts allows him to bring client issues and challenges directly into the solution development process, ensuring that next-generation software solutions address customer requirements to focus on business outcome and help customers gain competitive advantage. Connect with Sven on Twitter @SDenecken or e-mail at