zapAudit
valid as of May 23, 2022
The zapAudit web application uses more than 150 audit indicators to analyze SAP data for profitability, accounting compliance, access protection, and process standardization. It automates data collection and data processing, taking into account methods of econometrics, statistics, and process mining. The analysis includes the reconstruction and evaluation of all business processes such as purchasing, sales, asset accounting, financial accounting, access authorizations, including separation of duties (SoD)) conflicts, superuser, and much more. All results are available via the interactive front-end in the browser for analysis by any number of users (zapAudit report) or can be exported as Excel (exports zapAudit report data). It is possible to evaluate and acknowledge the results directly in the software (Professional Judgement).
zapAudit Features
- Web application
- One central installation
- Usable with any number of users
- User administration
- A role/authorization concept is integrated into the application so that access can be controlled.
- Project management
A zapAudit project analyzes exactly one company code for one fiscal year. It includes the FI data for exactly one fiscal year from one SAP company code on one SAP client. Change documents, asset data, master data, and other data from 1.5 to 2 years in the past are also taken into account for each project for the complete reconstruction of all business processes. A zapAudit project goes through the following phases:- Create master data
- In the master data, basic settings such as the name or the data source to be used for the project are defined.
- Define data scope
- SAP company code and a fiscal year for the data pull are defined here.
- The exact zapAudit data scope can be downloaded as Excel during project creation in the software (~120 SAP tables).
- Review of the pseudonymization of personal data
- Define SAP server connections
- Using the SAP connection data, zapAudit establishes a connection to the SAP server and is able to extract the relevant tables for the audit.
- Data extraction
- During data extraction, zapAudit establishes a connection to the SAP server and performs a data print. This contains the necessary data for the audit.
- Data Processing
- Data Preparation
- Financial Process Mining (reconstruction of all business processes)
- Indicators Audit (calculation of ~150 indicators)
- The currently valid list of indicators can be found at: List of all zapAudit indicators
- zapAudit Report (requires activation)
- Dashboards
- Indicator Audit
- Profile audit
- Document Audit
- Professional Judgement
- Process visualization (process mining)
- Real-Time Filter
- Excel Export
License conditions
The Response Key to be purchased are specified in the offer according to the following parameters:
Performance Period: the performance period for the use of the software starts with your acceptance of the offer (the purchase of the digital product) and ends after the term formulated in the offer. During this period, zapAudit Response Keys can be used to activate zapAudit projects.
SAP clients: If the quotation specifies a limitation of clients, this limitation applies to the specified number of clients within an SAP system.
SAP company codes: If the offer includes a limitation of company codes, this limitation applies to the specified number of company codes within an SAP client.
Fiscal years: If the offer provides for a limitation of fiscal years, this limitation applies to the named fiscal years in SAP.
Number of users: unlimited.
Number of zapAudit projects: unlimited.
Data protection
For the analysis, all required data is copied from SAP and stored locally in the installation path. The SAP data does not leave the company.
zapliance GmbH has no access to the zapAudit installation or the data of the zapAudit projects.
Requirements for the use of zapAudit
General requirements for the use of zapAudit
- Administrator rights to install zapAudit on a notebook or server
- An update of the SAP system / import of ABAP is not necessary
- No installation of a database is necessary
- All data is stored in a file database exclusively locally and remains in the company
- Data retrieval and processing can take several days, depending on the size of the data set
- The hardware used only requires a network connection to the SAP system for the duration of the data retrieval process
Additional requirements for the data migration phase
- Availability and accessibility of the following SAP function modules:
- RFC_READ_TABLE,
- BBP_RFC_READ_TABLE
- SAP user with access rights to the function modules:
- RFC_READ_TABLE,
- BBP_RFC_READ_TABLE
- DDIF_FIELDINFO_GET
- RFCPING
- RFC_GET_FUNCTION_INTERFACE
- SAP library SAP-JCO 64bit (requires SUSER in SAP Store)
- Network connection and network shares to the SAP system
- Connection data to the SAP “Application Server” or “Message Server”
- Message Server (MSHOST)
- Message server port
- SAP system name (R3NAME)
- Application server group
- SAP Router String
- Client
- SAP Application Server
- SAP system number
- SAP system name (R3NAME)
- Client
- SAP Router String
- Hardware requirements for the computer:
- Windows 64bit operating system (e.g. Windows 7, 8, 8.1, 10, 11)
- Recommended main memory (RAM)
- At least 32 GB for company codes/fiscal year up to 1 million BSEG entries
- At least 64 GB for company codes/fiscal year up to 6 million BSEG entries
- At least 128 GB for company codes/fiscal year with more than 6 million BSEG entries
- Modern multi-core processor (i7 or comparable)
- 1TB SSD hard disk (formatted with NTFS file system)
- Optional: USB 3.0 or newer (when using an external SSD hard drive)
Prerequisites for the data processing phase
- The hardware requirements differ depending on the amount of data. A high-performance system with the above hardware requirements is recommended for data extraction and processing.
- The Customer shall ensure that (network) access to the Customer’s SAP systems – or the direct use of zap Audit on the Customer’s systems – and, if applicable, on an SAP test system (with updated original data stock) is enabled for zapAudit. The customer is responsible for and will, if necessary, take appropriate measures to ensure that no damage (virus attack, system crash, etc.) occurs as a result of accessing or using the software in the customer’s systems. Within the scope of the use of the software, the Customer shall be responsible for compliance with all statutory provisions (in particular data protection and labor law provisions) as well as for the involvement of the data protection officer and the works council, if required.
- The data scope of the data print as well as the definition of which columns might contain personal data is predefined in zapAudit. The client is responsible for checking the data scope, including the columns marked for pseudonymization, and for verifying it in the software prior to the data extraction. zapAudit automatically fully pseudonymizes all columns that are defined as personal data in the preparation based on the “public key” of the asymmetric key pair that can be generated by the client. The “private key” generated by the client is not known to zapliance GmbH and is the sole responsibility of the client. De-pseudonymization of the data is not technically possible in zapAudit.
The Customer shall ensure the logical and physical security of the IT infrastructure on which the Digital Products, the data generated by the Digital Products and/or zapAudit are operated, or to which the Digital Products, the data generated by the Digital Products and/or zapAudit are transported or transferred. In addition, the client guarantees the interface security between the SAP systems, zapAudit as well as the web browser that is accessed. Subject to the provision in section 7 of the GTC, zapliance GmbH is not liable for damages due to lack of access protection, lack of security, lack of archiving, and lack of encryption of the client’s data.
zapCash
valid as of November 20, 2022
The web application zapCash detects multiple recorded liabilities within an SAP client by artificial intelligence (hereafter “AI”). In this way, double payments within a group can be analyzed, found and reclaimed even across company boundaries. With the help of zapCash, the user checks whether a double-entry liability exists and evaluates the results of the check directly in the software (hereinafter “Professional Judgement”). The AI patterns and Professional Judgements are then transmitted to zapliance without the SAP data. The AI algorithms then estimate the likelihood of two liabilities being double-entered liabilities. This result is sent to the user for import and therefore continuously ensures optimal prioritization of potential duplicate payments.
zapCash Features
- Web application
- flexible installation variants local or server-based (cloud-ready)
- User administration
- A role/authorization concept is integrated in the application so that accesses can be controlled.
- Project management
A zapCash project examines selected company codes within a specified SAP client and identifies potentially double-entered liabilities for selected fiscal years. A zapCash project goes through the following phases:
- Master data
- In the master data, basic settings such as the name, or the data source to be used for the project are defined.
- Data scope
- SAP company codes and the fiscal years to be evaluated are defined for the data deduction here.
- The exact zapCash data scope can be downloaded as Excel during project creation in the software (~58 SAP tables).
- Review of the pseudonymization of personal data
- SAP server connections
- Using the SAP connection data, zapCash connects to the SAP server and is able to extract the relevant tables for review.
- Data extraction
- During the data extraction process, zapCash connects to the SAP server and performs a data print. This contains the necessary data for the audit.
- Data Processing
- Data Preparation
- Financial Processing & AI
- Reporting
- zapCash Report (requires activation)
- Candidate List
- The candidate list contains all potential double-entered liabilities
- Filter function for individual prioritization
- Overview of all ratings
- Exporting the candidate list to Excel
- Detailed analysis
- Detailed information on a potential double-entered liability
- Comment function (Professional Judgement)
- Import/export (manual interface to zapliance GmbH)
License conditions
The Response Key vouchers to be purchased are specified in the offer according to the following parameters:
Performance Period: The performance period for using the software starts with your acceptance of the offer (the purchase of the digital product) and ends after the term formulated in the offer. During this period, zapCash projects can be activated.
SAP clients: If the offer specifies a limitation of clients, this limitation applies to the specified number of clients within an SAP system.
SAP company codes: If the offer includes a limitation of company codes, this limitation is valid for the mentioned number of company codes within one SAP client.
Fiscal years: If the offer provides for a limitation of fiscal years, this limitation applies to the named fiscal years in SAP.
Number of users: unlimited.
Number of zapCash projects: unlimited.
Cooperation obligations of the customer
- The AI is to learn the company-specific patterns. For this reason, the customer evaluates at least 100 potential hits for each activated zapCash project or the complete analysis result if it shows less than 100 hits. The documentation of the Professional Judgement should be done during the review in zapCash in order to fulfill the transmission obligation of the completed project in a timely manner.
- To use the AI, the customer submits the AI export to zapliance. The export essentially contains:
- the unique document numbers of the double entry, as well as the document type
- the assessment made, including comments
- the amount
- various lists of criteria used by the AI.
- statistical evaluations about the project
- The AI data transmitted to zapliance does not contain any personal data or data that allows third parties to draw conclusions about the customer’s identity. Before sending the KI export, the customer has the possibility to take a look at the data to be transmitted. An actual AI export of an actual customer is available at the following link as an example: Example Export zapCash
- The AI learns based on the ratings. To make the quality of the ratings verifiable by an independent reviewer or zapliance, the client documents the derivation of its ratings of the selected potential matches in detail according to the minimum requirements conveyed. An example of proper documentation is available at the following link: zapCash Documentation standards
- Information on quality assurance is provided by the customer. zapliance receives a right of inspection regarding the provided documents and AI exports.
- zapliance reviews the AI export with the aim of optimizing the AI and ensuring the quality of the evaluations. zapliance is entitled to request an appropriate sample as part of the quality review. For the selected sample, the customer provides zapliance with his documentation including copies of the original documents justifying the booking. The way of accessing the documentation will be determined during the training or in the joint kick-off. If the original documents contain personal data, the customer is responsible for compliance with data protection requirements.
- In order to optimize the AI, it is necessary in rare cases for zapliance to understand the customer’s individual accounting logic and to be able to reproduce it on the basis of concrete entries. The customer agrees to support zapliance in this process, e.g. within the scope of web conferences.
Data protection
zapliance has no access to the zapCash installation or the data of the zapCash projects.
In order to obtain better results and fewer so-called false positives, the AI also analyzes text fields and business partner details, among other things. The analysis, which is run locally on the customer’s computer, is performed without pseudonymization of data fields that could contain personal data. zapliance has no access to the customer’s computer.
Requirements for the use of zapCash
General requirements for the use of zapCash
- Administrator rights to install zapCash on a notebook or server.
- An update of the SAP system / import of ABAP is not necessary
- No installation of a database necessary
- All data is stored in a file database exclusively locally and remains in the company
- Data retrieval and processing can take several days, depending on the size of the data set.
- The hardware used only requires a network connection to the SAP system for the duration of the data retrieval process.
Additional requirements for the data migration phase
- Availability and accessibility of the following SAP function modules:
- RFC_READ_TABLE,
- BBP_RFC_READ_TABLE
- SAP user with access rights to the function modules
- RFC_READ_TABLE,
- BBP_RFC_READ_TABLE
- DDIF_FIELDINFO_GET
- RFCPING
- RFC_GET_FUNCTION_INTERFACE
- SAP library SAP-JCO 64bit (requires SUSER in SAP Store)
- Network connection and network shares to the SAP system
- Connection data to the SAP “Application Server” or “Message Server”
- Message server (MSHOST)
- Message server port
- SAP system name (R3NAME)
- Application server group
- SAP Router String
- Client
- SAP application server
- SAP system number
- SAP system name (R3NAME)
- Client
- SAP Router String
- Hardware requirements for the computer:
- Windows 64bit operating system (e.g. Windows 7, 8, 8.1, 10, 11)
- At least 64GB RAM
- Modern multi-core processor (i7 or comparable)
- 1TB SSD hard drive (formatted with NTFS file system)
- Optional: USB 3.0 or newer (if using an external SSD hard drive)
Prerequisites for the data processing phase
- hardware requirements differ depending on the data volume. A high-performance system with the above-mentioned requirements is recommended for data extraction and processing.
- The customer shall ensure that (network) access to the customer’s SAP systems – or direct use of zapCash on the customer’s systems – and, if necessary, on an SAP test system (with updated original data stock) is made possible for zapCash. The customer is responsible for and will, if necessary, take appropriate measures to ensure that no damage (virus attack, system crash, etc.) occurs as a result of accessing or using the software in the customer’s systems. Within the scope of the use of the software, the Customer shall be responsible for compliance with all statutory provisions (in particular data protection and labor law provisions) as well as for the involvement of the data protection officer
- and the works council, if required.
- The data scope of the data print as well as the definition of which columns could contain personal data is predefined in zapCash. The client is responsible for checking the data scope including the columns marked for pseudonymization and for verifying it in the software prior to the data extraction. zapCash automatically fully pseudonymizes all columns that are defined as personal data in the preparation on the basis of the “public key” of the asymmetric key pair that can be generated by the client. The “private key” generated by the client is not known to zapliance GmbH and is the sole responsibility of the client.
The client ensures the logical and physical security of the IT infrastructure on which the digital products, the data generated by the digital products and/or zapCash are operated, or to which the digital products, the data generated by the digital products and/or zapCash are transported or transferred. In addition, the client guarantees the interface security between the SAP systems, zapCash as well as the web browser that is accessed. Subject to the provision in section 7 of the GTC, zapliance GmbH is not liable for damages due to lack of access protection, lack of security, lack of archiving, and lack of encryption of the client’s data.
zapContinuous
valid as of 01 February, 2023
The zapContinuous software incrementally extracts the defined data for each Continuous Control Monitoring App (CCM app), processes the CCM app and passes the results to the defined interface. zapContinuous is provided for Windows Server, can be run in the Microsoft Azure Cloud and comes with PostgreSQL as a free relational database management system.
The zapContinuous software is a Java-based application that uses a web server. Deployment of the application is possible via a container environment (e.g. Docker).
zapContinuous Features
- SAP interface
- zapContinuous has an RFC interface to SAP R/3 and S/4 HANA systems.
- An application server and a message server can be selected as the server. After all required data has been entered, the connection can be tested by clicking the Connection Test button.
- SAP query
- Which data is deducted is determined and set up by integrating one or more SAP queries. Here a specification of e.g. client(s), company code(s), fiscal year(s) and optionally month(s) is made.
- Which data is pulled is determined by the integration of the CCM apps and their data request.
- Delta Load
- A scheduled job (usually a cron job) is configured to continuously perform the data pull from SAP and the processing of the data by the integrated CCM apps. Here, a combination of hours, day and month is possible.
- During data extraction, zapContinuous connects to the SAP server and performs a data dump. This contains the necessary data scope for the execution of the CCM apps.
- Continuous Control Monitoring Apps (CCM-Apps)
- CCM apps are developed by the contractor and made available to the client for upload to zapContinuous.
- The data scope for the execution of the app is determined by the CCM apps used.
- The CCM app examines the (incremental) dataset using the defined logic.
- The CCM app writes the examination results to the zapContinuous database management system.
- Database management system
- zapContinuous contains its own database management system.
- The SAP data extracts and CCM app results are stored in the zapContinuous database management system.
- Microsoft interface
- zapContinuous has an interface to the Microsoft Azure portal.
- The CCM app analysis results can be transferred to a Microsoft list type website content.
License conditions
Use of the Continuous Control Monitoring Apps (CCM apps) require paid response key vouchers. The response key vouchers to be purchased are specified in the offer according to the following parameters:
Number of CCM apps: Quantifies the number of CCM app response key vouchers that are purchased. One CCM app response key voucher is considered for one CCM app per SAP client.
SAP company codes: If the Offer provides for a limitation on company codes, such limitation shall be considered to apply to the stated number of company codes within an SAP client.
Number of data downloads: If the offer provides for a restriction on the number of data downloads, this restriction applies to the stated number of data downloads within an SAP client.
Performance Period: The performance period for the use of the software begins with the acceptance of the offer (the purchase of the digital product) and ends after the term formulated in the offer. During this period, CCM app response keys can be used to activate and use CCM apps.
Number of users: unlimited.
The Contractor reserves the right to make changes to or implement new control apps outside of intended parameterizations. The contractor is entitled to all rights of use of the control apps.
Requirements for the use of zapContinuous
Server Requirements
-
- Operating system: Windows Server 2019 or more recent
- Recommended main memory (RAM)
- At least 64 GB RAM
- Scalable to min . 256 GB RAM
- Current multi-core processor with as high a clock speed as possible
- 1TB hard disk with read and write speed of at least 300MB/second (formatted with NTFS file system)
- Administrator rights to install zapContinuous on a server.
Additional requirements for the Data Offload phase
- Availability and accessibility of the following SAP function modules:
- RFC_READ_TABLE,
- BBP_RFC_READ_TABLE
- SAP user with access rights to the function modules:
- RFC_READ_TABLE,
- BBP_RFC_READ_TABLE
- DDIF_FIELDINFO_GET
- RFCPING
- RFC_GET_FUNCTION_INTERFACE
- SAP library SAP-JCO 64bit (requires SUSER in SAP Store)
- Network connection and network shares to the SAP system
- Connection data to the SAP “Application Server” or “Message Server”
- Message Server (MSHOST)
- Message server port
- SAP system name (R3NAME)
- Application server group
- SAP Router String
- Client
- SAP Application Server
- SAP system number
- SAP system name (R3NAME)
- Client
- SAP Router String
Requirements for the data processing phase
- The hardware requirements differ depending on the amount of data. A high-performance system with the above-mentioned hardware requirements is recommended for data extraction as well as for data processing.
- The client shall ensure that (network) access to the client’s SAP systems – or direct use of zapContinuous on the client’s systems – and, if necessary, on an SAP test system (with updated original data stock) is made possible for zapContinuous. The customer shall be responsible for and, if necessary, shall take appropriate measures to ensure that no damage (virus attack, system crash, etc.) occurs as a result of access to or use of the software in the customer’s systems.
- Within the scope of the use of the software, the Customer shall be responsible for compliance with all statutory provisions (in particular data protection and labor law provisions) and for the involvement of the data protection officer and the works council, if required.
The Customer shall ensure the logical and physical security of the IT infrastructure on which the digital products, the data generated by the digital products and/or zapContinuous are operated, or to which the digital products, the data generated by the digital products and/or zapContinuous are transported or transferred. In addition, the client guarantees the interface security between the SAP systems, zapContinuous, Microsoft Azure, as well as the web browser that is accessed. Subject to the provision in section 7 of the GTC, zapliance GmbH is not liable for damages due to lack of access protection, lack of security, lack of archiving, and lack of encryption of the client’s data.
Requirements for the connection to Microsoft
- Register/configure an Application in the Microsoft Azure Active Directory
- Application permissions required Microsoft Graph application permission
- Sites.Manage.All
- Sites.ReadAll
- Application.ReadWrite.OwnedBy
Services
valid as of March 1, 2022
Customer Success
Customer Success is a mandatory service as part of a paid digital product. The service period depends on the service period of the paid digital product. Our service hours are from Monday to Friday in the time from 9:00 to 17:00 CET.
The following services are part of Customer Success:
- Customer Success Specialist
You are assigned your own individual Customer Success Specialist, who will work with you to define your goals and then provide you with ongoing support in implementing them and dealing with day-to-day challenges. The Customer Success Specialist is available during service hours for the following topics:- Development of common goals
- Status meeting 1x per quarter via web conference
- Central contact person for recording and solving customer concerns
- Information about updates and upgrades
- Onboarding
The zapliance team supports you during service hours in the setup and installation of zapliance software in your company, especially regarding the following content-related topics:- Technical preparation SAP administration
- Technical preparation IT security
- Technical preparation IT infrastructure
- Organizational preparation for data protection
- Organizational preparation works council
- Basic Training and Knowledge Base
The goal of the Basic training is to support you during the first setup of the software, especially on the following topics:- Starting and closing the software
- User creation and user authorization in the software
- Creating a project
- Activating a project
- Software features
Our Knowledge Base contains additional useful information about the use of the software as well as the interpretation of the data.
Our software is under continuous development. During the service period, all product updates as well as product upgrades are included. Your Customer Success Specialist as well as our support will assist you with the installation of the new software version upon request.
- End-to-End Support
Our support includes assistance by phone, email, or remotely via web conferencing (Microsoft Teams or Zoom). The number of support requests is unlimited in the service period and includes, if necessary, the involvement of developers and our data scientists. A web conference is limited to one hour per month. Sending log files is mandatory for technical support cases. The customer agrees to send them to zapliance Support if necessary. Our support is available within the service hours for the following topics.- IT setup (hardware, infrastructure, installation)
- Setting up the SAP user and connecting to the SAP system
- Execution and monitoring of data extraction and data processing
- Software operation and patch management
- Support and resolution of any errors that may occur
The Customer Success offer does not include content-related questions, questions about indicators, the test procedure and embedding the software in the company processes. These company- and project-specific issues are addressed in the workshops.
Collective AI Assurance
Digital products that are AI-enabled receive regular AI updates through Collective AI Assurance, which is not only trained based on zapliance’s own data, but additionally includes the experience of all zapliance customers.
zapliance’s internal quality controls ensure that the AI algorithms are trained as heterogeneously as possible and that the evaluations given by the customer are plausible and comprehensible. zapliance checks the quality of the AI and makes recommendations on how to proceed.
zapliance checks the quality of the professional judgements and reviews the underlying documentation after the AI update. The quality review takes place no more than once per month.
Number of AI updates: Within the performance period, zapliance provides an unlimited number of AI updates.
Number of quality reviews: Quality reviews are performed after each AI update. If the AI updates are more frequently utilized than once per month, the quality review will take place once per month.
Service period: The service period for using Collective AI Assurance begins with your acceptance of the offer (the purchase of the digital product) and ends after the term defined in the offer.
Workshops
zapliance conducts workshops in cooperation with the customer to teach the technical basics and methods of the products based on the customer-specific data analysis results.
The requirements for conducting a workshop are:
- the purchase of a digital product for which a fee is charged,
- the successful activation of the data sets to be analyzed,
- the accessibility of the data analysis results, e.g. the zapAudit export or the zapCash AI export.
The service provision of the workshop is specified in the offer based on the following parameters:
Service period: The service period for the execution of the workshop begins with your acceptance of the offer (the purchase of the digital product including the booking of the service) and ends after the term formulated in the offer.
Scope of service: The scope of service defines the number and duration of the dates. zapliance reserves the right to change the date or time of the workshop at any time prior to the start of the workshop.
The documentation and evaluation of the recommendations made by zapliance during the workshop and their possible implementation is explicitly the responsibility of the customer. zapliance is not responsible for the implementation or elimination of any identified risks, control weaknesses, or errors.
Location of Service: The workshops offered can be provided either via web conference or face-to-face.
Number of Participants: The number of participants determines the client’s maximum number of participants.
SAP posting groups: If the offer specifies a limitation of company codes, this limitation applies to the specified number of company codes.
Number of fiscal years: If the offer provides for a limitation of fiscal years, this limitation applies to the named fiscal years in SAP.
The workshop language is German or English. zapliance is entitled to subcontract the service after prior information of the customer.
All confidential, company-related information exchanged during the workshop is subject to confidentiality, regardless of the form in which it was transmitted. The Information recipient shall protect the confidential information using security measures at least equal to the measures the information recipient takes to protect its own similarly confidential information, but at least equal to those reasonably necessary for safekeeping, and shall use it only for the purposes set forth in this agreement. The parties shall be entitled to disclose the confidential information to their employees, agents, contractors and consultants on a “need to know” basis, provided that the relevant party disclosing confidential information has entered into a non-disclosure agreement with the aforementioned parties, the terms of which are equivalent to those of this agreement, and provided that the party disclosing the information can demonstrate the existence of such an agreement, should this be requested by the other party.
The product descriptions valid until 28.02.2022 can be provided on request.