Date post: | 05-Dec-2014 |
Category: |
Documents |
Upload: | ravi-karamchandani |
View: | 21 times |
Download: | 4 times |
© SAP AG 2003, Title of Presentation, Speaker Name / 2
Sarbanes-Oxley Act – Section 301
Public Company Audit Committees shall establish procedures for
the receipt, retention, and treatment of complaints received by the issuer regarding accounting, internal accounting controls, or auditing matters
the confidential, anonymous submission by employees of the issuer of concerns regarding questionable accounting or auditing matters.
Activity
Establish procedures for “Whistleblower” process, adapted to the company
React on anonymous complaints from employees
Keep track of history of all complaints and reactions
© SAP AG 2003, Title of Presentation, Speaker Name / 3
Whistle Blower – Functionality
Sending Anonymous ComplaintsEmployee accesses the SAP Portal or calls a URL in the intranetHis/her user will be mapped to a dummy userCustomer-definable HTML layouts for entering the complaintsComplaint # for possible follow-up by the senderAutomatic derivation of receiver and creation of workflow itemComplaint will be stored anonymously
Analysis of Anonymous ComplaintsReceiver can see all complaints sent to him/her in the SAP PortalReceiver might have been notified by additional anonymous e-mail.Reporting and analysis functions on the complaints
Complaints can also be submitted with the user‘s name.Both types of complaints can be used in parallel.
© SAP AG 2003, Title of Presentation, Speaker Name / 6
Whistle Blower – Inbox of received complaints
© SAP AG 2003, Title of Presentation, Speaker Name / 9
Whistle Blower – User Interface
You can integrate the Whistle Blower Complaints into yourintranet and make it available to your employees via URL call.
Optionally, the functionality can be used within the mySAPEnterprise Portal, as ITS-based iView, integrated in any portalrole.
© SAP AG 2003, Title of Presentation, Speaker Name / 10
Whistle Blower – Protection of the Issuer
The complaint number is the only documentary evidence of theanonymous complaint.
The complaint number should be written down and kept in a secure place.
It might be used in order to possibly follow-up the matter or to raise a claim on whistle blower protection in case of retaliation(SOA Whistle Blower Protection Right).
For future releases, it is planned to provide an additional uniqueidentification number to the sender of the complaint.
© SAP AG 2003, Title of Presentation, Speaker Name / 11
Whistle Blower – Example Form
SAP delivers an example form with
read-only text field with instructions from the accounting department
A selection field with a drop-down list that helps the user to select theaffected company
A description field in which the issuer can insert the complaint.
The customer
may adjust the form
has to decide whether to use it anonymously or with theuser‘s name
has to copy the form if both scenarios shall be supported
has to implement the workflow
© SAP AG 2003, Title of Presentation, Speaker Name / 12
Whistle Blower – Technical Details
TechnologyInternet Service Requests (ISR) for defining web forms, see http://service.sap.com/isr for more detailWorkflow FunctionalityQM Notifications for storing the complaints
System RequirementsR/3 4.6C SP 46 or R/3 Enterprise SP 17ITS (Internet Transaction Server)Optional: mySAP Enterprise Portal 5.0 or higher
© SAP AG 2003, Title of Presentation, Speaker Name / 13
Whistle Blower – Essentials for Anonymization
The IssueIf properly set up, SAP does not store the sender of the complaint.However, there is the issue of logging on several technical levels.
RecommendationEnforce access through an application level anonymization proxywhich does not write any access or forwarding log.Proxy should also enforce access to at least one non-sensitive, common-use scenario (e.g. internal news).Proxy access must be provided via HTTPS. It is recommended to also use Open Software anonymizationsoftware to avoid any logging.
© SAP AG 2003, Title of Presentation, Speaker Name / 14
Whistle Blower – Roadmap
R/3 4.6CDelivery via Support Package 46
December 12, 2003R/3 Enterprise
Delivery via Support Package 17
December 16, 2003
Sending Anonymous ComplaintsEmployee accesses the SAP PortalHis/her user will be mapped to a dummy userCustomer-definable HTML layouts for entering the complaintsComplaint # for possible follow-up by the senderAutomatic derivation of receiver, option for workflowComplaint will be stored anonymously
Analysis of Anonymous ComplaintsReceiver can see all complaints sent to him/her in the SAP PortalReceiver might have been notified by additional anonymous e-mailReporting and analysis functions on the complaints
Functionality
© SAP AG 2003, Title of Presentation, Speaker Name / 15
Copyright 2003 SAP AG. All Rights Reserved
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.
Microsoft®, WINDOWS®, NT®, EXCEL®, Word®, PowerPoint® and SQL Server® are registered trademarks of Microsoft Corporation.
IBM®, DB2®, DB2 Universal Database, OS/2®, Parallel Sysplex®, MVS/ESA, AIX®, S/390®, AS/400®, OS/390®, OS/400®, iSeries, pSeries, xSeries, zSeries, z/OS, AFP, Intelligent Miner, WebSphere®, Netfinity®, Tivoli®, Informix and Informix® Dynamic ServerTM are trademarks of IBM Corporation in USA and/or other countries.
ORACLE® is a registered trademark of ORACLE Corporation.
UNIX®, X/Open®, OSF/1®, and Motif® are registered trademarks of the Open Group.
Citrix®, the Citrix logo, ICA®, Program Neighborhood®, MetaFrame®, WinFrame®, VideoFrame®, MultiWin® and other Citrix product names referenced herein are trademarks of Citrix Systems, Inc.
HTML, DHTML, XML, XHTML are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology.
JAVA® is a registered trademark of Sun Microsystems, Inc.
JAVASCRIPT® is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape.
MarketSet and Enterprise Buyer are jointly owned trademarks of SAP AG and Commerce One.
SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves information purposes only. National product specifications may vary.