Home

About REMEDYNE
REMEDYNE Continuous Monitoring is a quick and simple solution to control data and transactions in SAP ERP and detect errors and fraud in procurement, accounting, inventory, sales and other business areas.
REMEDYNE is an SAP-certified Add-On for SAP ERP: setup in just 30 minutes, industry-leading controls immediately available.

Process Controls with REMEDYNE

See how our fully integrated Continuous Monitoring solution can help detecting errors and fraud. According to the ACFE, organizations lose 5% of revenues as a result of fraud.
Learn more


Overview

reportingAudit-ready Reporting
Built-in controls, no need to spend months configuring. Get industry-leading reporting with methodologies that the largest consulting firms rely on.
time30-Minute Setup, Free Trial
No costly implementation process, simply import into your SAP ERP system. Full access with no risk and no commitment during your free trial.

 

customizeFully Customizable
REMEDYNE has pre-built controls and case management workflows but can be customized to your specific needs.
nocloudSAP Add-On
REMEDYNE is installed inside the ERP system – no data leaves the system, no extra servers required (low TCO).

 

plansFlexible Subscription Plans
Buy the software or use it as you need it. Annual subscription plans available. Always get full support and updates, no additional implementation costs.
SAP_Silver_Partner_RSAP-certified Solution
REMEDYNE is an SAP software partner.

 


Automated Process Controls, Case Management, Easy to Use for Everyone

REMEDYNE delivers automated, continuous control of critical master data and business transactions in SAP ERP and detects fraud and errors. The software scans the business data and transactions in the SAP system’s database. Suspicious transactions and data get flagged and an alert is created. All data for this alert is stored inside the SAP ERP system. Users – managers, experts, auditors – can access the alerts in their inbox together with relevant background information (details on vendors, materials, posting documents etc.). Based on the users’ authorizations they get an overview on open alerts as well as details for each alert. They can update the alert and add comments and information directly in the application. Finally, the transaction is accepted or rejected, depending on the result of the investigation. All alert and case data is archived for reporting and review.
REMEDYNE is an continuous audit or continuous monitoring system: both users in the business and audit can use the tool in parallel.
Automation of controls and the use of a joint platform for all controls across the enterprise lead to cost savings and improve the audit quality.



Recent Posts

Access Violation Management in REMEDYNE: An Introduction

When setting up your SAP authorization concept you follow 2 rules:

  1. minimize access (in particular to very risky transactions/data)
  2. avoid combinations of access authorizations that are risky, like creating a vendor and posting an invoice for the same vendor.

REMEDYNE has built-in controls for several SOD use cases, like SOD risks that you will find in the SOD matrix of SAP GRC Access Controls. But you can set up your own, new rules very easily. Here we explain a few basics that you should understand when you start your journey.

Where does SAP save information about who created or changed an SAP Business Object?

When a user creates a vendor in the SAP system, the username is saved together with the vendor master data in table LFA1. The fields is LFA1:ERNAM (created by).
Now when some user changes data for the vendor, changes are logged in SAP change documents: change documents exist for >1500 business objects in SAP ERP or S/4HANA, and also customers can create their own change document types. Basically a change document is a simple set of data that only has information about which object was changed, by whom (username), when, and the change details (old value/new value). All change documents are saved in tables CDHDR and CDPOS.

How can you make use of the data?

We use the example above about creating or changing a vendor, and posting/changing an invoice: there are 4 possible SOD combinations that you need to check if you want to cover 100% of risks in the scenarios:

  1. user creates vendor and posts invoice
  2. user creates vendor add changes invoice
  3. user changes vendor and posts invoice
  4. user changes vendor and changes invoice

In all cases, the user might try to set up a bogus vendor/invoice or change bank details and divert a payment.

So in order to cover all 4 scenarios, you need to have 4 queries getting data from different sources and compare the usernames and make sure the invoice is from the same vendor:

  1. user creates vendor and posts invoice: table – table
  2. user creates vendor add changes invoice: table – change document (type BELEG _or_ INCOMINGINVOICE)
  3. user changes vendor and posts invoice: change document – table
  4. user changes vendor and changes invoice: change document – change document

The tables involved are LFA1 and BKPF for vendor and invoice respectively, and the change document types are KRED (for the vendor), and BELEG (accounting document) or INCOMINGINVOICE (for MM invoices).

In this simple example, there are 6(!) combinations that need to be covered in order to detect all possible scenarios.

Because reading data from a table and accessing data in a change document works somehow differently, different ways and tools are required.

How REMEDYNE helps to access and correlate the data

We have developed 3 tools that make life easier and allow to detect all those transactions where a user executes a high risk transaction and changes data, or excuses a high risk combination of transactions/changes a combination of data.
For single transaction that are considered high risk, you can use the Single Action Tool: this allows to define which business object and change document you want to monitor, and even which field you consider as critical, e.g. monitor only changes to vendor bank details.
For combinations of transactions, you can use the SOD Tool and/or the SQVI Query Viewer together with our mapping tool. The SOD tool gives access to data in change documents, and automatically correlates only change documents that “belong together”, like invoices that come the same vendor that was changed. The SAP standard SQVI transactions enables you to create and run analysis for data in tables.

These 3 tools are our framework for Access Violation Management and can be set up by users without coding.

We have examples in our Knowledge Base on how to set up SOD controls using these tools.

From risk to mitigation

Access risks such as from the SAP GRC Access Controls SOD matrix can be avoided in some cases by changing SAP authorization roles, or assigning different roles to users when re-organizing work and processes. But in many cases, organizations cannot avoid to grant high risk combinations of authorizations to users, simply because there are not so many users. In that case, you find residual risks in SAP GRC Access Controls and you accept them. REMEDYNE’s Access Violation Management allows you to set up controls for each residual risk that you have in SAP GRC, and monitor all activities related to them. You then can review activities and have compensating controls for those risks.

  1. Easy SoD — Segregation of Duties Rules in SAP ERP Leave a reply
  2. Time for an Update – Many Changes in recent Releases Leave a reply
  3. Support for SAP Business Suite and S/4HANA Leave a reply
  4. Sanctioned Party List Screening: Ensure Compliance in Trade Leave a reply
  5. Privacy Compliant Continuous Monitoring Leave a reply
  6. New Features in REMEDYNE Fraud Prevention Leave a reply
  7. REMEDYNE Fraud Prevention now SAP Certified Leave a reply
  8. REMEDYNE – Fraud Prevention Leave a reply
  9. Configuration Validation Leave a reply