Detection Method: Purchase Order Item with Vendor from High-Risk Country
This detection method lets you find purchase order items that have a vendor who is located in a high-risk country. A high-risk country is one that is characterized by high levels of corruption, or by risk of instability or conflict, or by regulatory or trade risk.
This method checks vendor locations against a list of high-risk countries that you specify. High-risk country lists rank countries by their risk. The lower the rank, the lower the risk.
A detection result of 100 is returned for any vendor in a high-risk country. Alert messages provide detailed information about the purchase order item and each suspicious vendor or partner. You can view these in the Alert Details
facet in the user interface.
Logic
High-risk country lists belong to technology shared among detection rules. For more information on this technology, see High-Risk Country Screening.
Investigation and Detection Object Types
Investigation object type
FRA_PO
(Purchase Order)
Detection object type
FRA_POITEM
(Purchase Order Item)
ERP Tables Used
EKPA
:Partner Roles in Purchasing
EKPO
:Purchasing Document Item
EKKO
:Purchasing Document Header
LFA1
:Vendor Master (General Section)
ADRC
:Addresses (Business Address Services)
TPART
:Business Partner Functions: Texts
For information on the high-risk country tables, see High-Risk Country List.
SAP HANA Procedures for Detection Methods
Procedure Category | Procedure Name | Procedure Type | Package |
|---|---|---|---|
Selection |
| SQLScript Procedure |
|
Execution |
| SQLScript Procedure |
|
Additional Information |
| SQLScript Procedure |
|
Detection Method Parameters
HIGH_RISK_COUNTRY_LIST
contains the ID of the high-risk country list to use.BOTTOM_N_RANKS
is filled with a numeric value and determines how many of the worst-ranked high-risk countries are to be considered in the detection process.
Example
ISO Country Code | Country Name | Rank |
|---|---|---|
DE | Germany | 12 |
IQ | Iraq | 175 |
KP | North Korea | 175 |
AF | Afghanistan | 176 |
If
BOTTOM_N_RANKS
= 1 it will return only the country AF because it occupies the single highest rank.If
BOTTOM_N_RANKS
= 2 it will return the countries AF, IQ, and KP because they populate the two highest ranks.Note how the parameter does not equal the number of returned countries.
If
BOTTOM_N_RANKS
= 3 it will return the countries AF, IQ, KP, and DE because they populate the three highest ranks.Note how the procedure ignores gaps in the numbering and includes DE although it is much less riskier than IQ.
Alert Messages
Message ID
FRA_INTERNAL_AUDIT
, message number 105,Partner &1 with role &2 is located in high-risk country &3 with rank &4
Variable role (&2) is specified in column PARVW
of table EKPA
. The partner functions are defined in table TPAR
and described in table TPART
. To ensure translatability, the procedure returns the function’s code. The field PARTNER_FUNCTION
in source domain INTERNAL_AUDIT
then applies an SAP standard conversion exit CONVERSION_EXIT_PARVW_OUTPUT
to convert the partner function code to text. The function module reads the attribute view sap.hana-app.fra.suite.fnd/AT_PARTNER_FUNCTION
to get the description in the user’s current language.
Variable country &3 provides the country in which the partner is located. To ensure translatability, the procedure provides the country’s code. The field COUNTRY_CODE
in source domain INTERNAL_AUDIT
(in the Customizing activity Define Source Domain and Field Settings
) then applies the SAP standard conversion exit CONVERSION_EXIT_CTRYC_OUTPUT
, which replaces the code with its description. The function module reads table T005T
in the SAP Fraud Management database schema to provide the description. It uses the long or short description in the user’s current language, or the long or short description in English as a fallback language, whichever is available in this order. If no description is available, then it returns the code itself.