Whistleblower Complaints

Purpose

This scenario assists you in complying with the Sarbanes-Oxley Act of 2002 (SOA), section 301.  The Sarbanes-Oxley Act applies to all companies whose stocks are traded in the USA. SOA establishes heightened requirements in the areas of corporate governance, financial disclosures, and accountability for fraud. Section 301 requires companies to provide their employees with a means of filing whistleblower complaints anonymously and confidentially in connection with potentially fraudulent accounting and auditing practices.

Special Features

The whistleblower complaint can be created anonymously or with the user name.

The form for the whistleblower complaint is divided into three sections:

...

       1.      A text field locked against input by the person filing the complaint. This field contains general information and legal background information. This information can be adapted to the requirements of the company.

       2.      An entry field with a dropdown box containing all available company codes.

       3.      An entry field in which the text of the whistleblower complaint can be entered.

Prerequisites

SAP R/3 Release 4.6C SP 46 or higher

Internet Transaction Server (ITS)

If the whistleblower complaint is to be integrated in the portal, then the following prerequisites also apply:

·        mySAP Enterprise Portal 5.0 or higher

·        Integration as ITS-based iView

To enable the whistleblower complaint to be created anonymously, an anonymous user must be specified in the customizing settings of the internal service request for this scenario (SR71) in the assigned Internet service for the ~LOGIN parameter. A password for the anonymous user must be specified for the ~PASSWORD parameter. If both options are to be made available, two scenarios must be defined, each with their own Internet service: one with user name and password, one without.

The form for the whistleblower complaint is accessed by hyperlink or as an iView.

To determine the URL of the scenario, you can test the Internet service.

A sufficiently high level of anonymity can only be guaranteed if the whistleblower complaint is created using the Intranet and if this occurs using an anonymity proxy. Such a proxy does not log occasions when the whistleblower complaint form is accessed or forwarded. To prevent connections being made between the proxy being accessed and the whistleblower complaint form being used, this proxy should also be used for accessing at least one noncritical and frequently used service (such as the canteen menu or internal messages). HTTPS should be used as the log.

Process Flow

You can call up the form for filing whistleblower complaints via a hyperlink in your Intranet or as an ITS-based iView in the mySAP Enterprise Portal:

·        If you want to create the whistleblower complaint with your user name, you have to logon to the SAP System. The advantage of this is that you can also change or delete the complaint after it has been submitted. Furthermore, the complaint appears in your personal outbox. This makes it easier to trace the complaint.

·        If you want to create the whistleblower complaint anonymously, you do not need to logon to the SAP System using your own user name. Instead, the complaint is created automatically using an anonymous user name. With this user, however, you cannot change or delete the complaint once you have submitted it. Furthermore, the complaint does not appear in your personal outbox. You should opt for this method if you want to ensure that no connection can be made between the complaint filed and your user name.

Once you have submitted the complaint, you receive a success message containing the number of the whistleblower complaint.

If you created the complaint anonymously, you need to make a note of this number and keep it in a secure place. You will only be able to trace the complaint with this number.

If, after submitting a complaint, you feel that you are suddenly being discriminated against for no apparent reason and you suspect that this could be due to a complaint you filed, your rights are protected by section 806 of the SOA, Protection for Employees of Publicly Traded Companies Who Provide Evidence of Fraud. You can use the complaint number as proof that you filed the complaint.

Submitting the complaint starts the workflow: The complaint is sent to the processor assigned in the workflow customizing. For more information, see The Business Workplace.