🔎 How SAP Detects RPT – Related-Party Transactions for Internal Audit Committees

How SAP Detects RPTs

🌍 Intro – The Hidden Deal

What are RPTs & how SAP Detects RPTs? The Internal Audit Committee of a global manufacturing giant was reviewing quarterly reports. On paper, everything looked fine — profits were steady, expenses in check, and intercompany accounts reconciled. But one forensic expert on the team noticed something odd: a small Asian subsidiary was consistently paying more for raw materials than its peers.

At first glance, it seemed like a local supplier issue. But when the team dug deeper using SAP Financial Compliance Management (FCM) and Group Reporting tools, the truth unraveled. The vendor receiving these inflated payments wasn’t just any supplier — it was secretly owned by a close relative of the subsidiary’s CFO.

This was a classic Related-Party Transaction (RPT) — hidden from disclosures, designed to move money out of the company through a shell entity.

Without SAP’s automated checks, this scheme might have stayed buried for years. But with real-time monitoring, cross-entity variance analysis, and intercompany elimination reports, the Internal Audit Committee had the evidence it needed to step in, stop the fraud, and protect shareholders.

đź“Ś Are RPTs Illegal?

Related-Party Transactions (RPTs) are not illegal by themselves—but when they are undisclosed, inflated, or hidden, they become a major fraud red flag. Regulators, investors, and boards have seen cases where RPT abuse led to corporate collapses—Enron, Satyam, and Luckin Coffee are stark reminders.

For internal audit committees, the biggest challenge is visibility:

  • Are all RPTs being reported?
  • Are transfer prices close to fair market value?
  • Are intercompany eliminations matching during consolidation?
  • Could shell entities or employees be hiding behind related vendors?

This is where SAP S/4HANA + SAP FCM (Financial Compliance Management) + SAP BIS (Business Integrity Screening) provide the fraud shield internal audit committees need.

đź›  How SAP Applications Detect RPT Red Flags

1. Master Data Linkage (SAP BIS)

  • Cross-checks vendor and customer master data with HR and related entities.
  • Flags if a “supplier” is owned by a director, or if a vendor’s bank account matches an employee’s.
  • Early alerts for ghost vendors and shell companies tied to insiders.

👉 Example: A vendor created in Europe subsidiary had its bank account tied to a board member’s cousin. BIS flagged the overlap, stopping an undisclosed RPT.

Case Example: Undisclosed RPT Caught by SAP BIS

A European subsidiary onboarded a new vendor that seemed legitimate at first glance. But SAP Business Integrity Screening (BIS) quickly raised an alert:

  • Trigger: The vendor’s bank account matched one already flagged in the system. External compliance data (via an integrated risk database) showed the account holder was connected to a cousin of a board member.
  • Cross-check: Since this relationship was not declared in the related-party register, the system flagged it as a potential undisclosed RPT.
  • Outcome: Forensic experts halted payments, and the internal audit committee discovered a hidden conflict of interest.

🔍 Why it matters: The system didn’t need to “know” family ties. By matching bank accounts, tax IDs, and enriched compliance data, BIS surfaced a red flag that manual checks would have easily missed.

2. Intercompany Elimination Reports (SAP Group Reporting + FCM)

  • When consolidating accounts, SAP automatically eliminates intercompany transactions.
  • Unmatched items show up as exceptions—possible signs of unreported RPTs.

👉 Example: Subsidiary A reports revenue from Subsidiary B, but B has no matching purchase entry. This signals inflated intercompany revenue to boost earnings.

Inflated Intercompany Revenue

Subsidiary A reports that it sold goods or services to Subsidiary B, booking revenue on its books. But when forensic experts check Subsidiary B, there’s no corresponding purchase recorded.

👉 This mismatch is a red flag: it suggests that Subsidiary A may be inflating revenue by creating fake intercompany transactions. The goal is often to boost earnings and make financial results look stronger than they really are.

SAP Group Reporting with Financial Compliance Management (FCM) automatically flags these inconsistencies through intercompany elimination reports. By comparing both sides of the transaction, auditors can quickly spot inflated revenue that doesn’t exist in reality.

3. Variance Analysis Across Entities

  • SAP FCM dashboards compare subsidiary-level P&L trends.
  • Outliers—like one subsidiary reporting abnormal margins due to transfer pricing—get flagged.

👉 Example: An Asian subsidiary showed 45% margins vs. group average of 12%. Investigation revealed transfer prices set to shift profits and reduce tax.

Abnormal Margins from Transfer Pricing

An Asian subsidiary reported 45% profit margins, far above the group average of 12%. At first glance, this looked like strong performance, but forensic review flagged it as an outlier.

👉 Investigation revealed that the subsidiary was using manipulated transfer prices—charging unusually high prices for goods/services to related entities. This artificially shifted profits into the Asian subsidiary, where taxes were lower, and reduced taxable income elsewhere in the group.

SAP’s Variance Analysis and Transfer Pricing Reports in FCM automatically highlight such anomalies. By comparing margins across entities and against benchmarks, auditors can detect when transfer pricing is abused to shift profits or disguise related-party transactions.

4. Top-Side Adjustments Tracking (SAP FCM)

  • Manual journal entries made at group close are tracked.
  • Forensic experts can see who made adjustments, when, and why.
  • Sudden “plug” entries may indicate earnings manipulation through RPT adjustments.

👉 Example: A CFO posted late-night adjustments moving expenses from one related subsidiary to another to window-dress results.

Suspicious Late-Night Adjustments

A CFO repeatedly posted manual journal entries late at night, shifting expenses from one subsidiary to another. This made one entity’s results look stronger while hiding losses in another—classic window dressing.

👉 SAP Top-Side Adjustments Tracking in FCM flagged these after-hours postings and unusual manual overrides. Forensic experts reviewed the audit trail, confirming that the adjustments lacked supporting documents and were designed to mislead stakeholders.

Outcome: The scheme was uncovered early, preventing manipulated results from reaching investors and the audit committee.

5. Automated Controls for SOX & Compliance

  • SAP FCM comes with pre-delivered SOX controls, many designed for related-party detection.
  • These controls check for approval workflows, segregation of duties, and unusual manual overrides.

👉 Example: A director attempted to approve transactions with a related vendor. Pre-configured controls stopped the posting until disclosed to the audit committee.

Blocked Related-Party Transaction

A director tried to approve payments to a vendor connected to his family business. Since this was an undisclosed related-party transaction (RPT), SAP Financial Compliance Management (FCM) flagged it using pre-configured SOX and RPT controls.

👉 The system automatically blocked the posting and triggered a workflow requiring disclosure to the audit committee before any approval could proceed.

Outcome: The hidden conflict of interest was caught early, ensuring transparency and protecting the company from reputational and regulatory risk.

🏢 Group-Level Detection of RPT Abuse

Internal audit committees often struggle with siloed ERP data across multiple subsidiaries.

SAP solves this with:

  • Centralized monitoring (FCM on BTP) → connects multiple group entities.
  • Entity + Group fraud lens → one suspicious vendor across subsidiaries is quickly identified.
  • Automated consolidation analytics → highlights mismatches in intercompany balances.

👉 Shell Company Example:

  • Vendor created in Asia subsidiary.
  • Same vendor paid by Europe and Middle East subsidiaries.
  • SAP FCM detected the common bank account during group reporting—flagging it as an undisclosed RPT collusion.

🔎 How SAP FCM Detects Undisclosed Related-Party Transactions (RPT) at Group Level

  1. Disclosed RPT Repository
    • FCM maintains (or integrates with) the central registry of disclosed related parties & approved RPTs.
    • This is usually sourced from:
      • Statutory disclosures (annual reports, Form 3CD, SOX reports, etc.)
      • Master data governance (MDG) records
      • Declarations from directors & KMPs (uploaded periodically).
  2. Transaction Monitoring Across Entities
    • FCM monitors all transactions across subsidiaries and group companies (e.g., sales, purchases, loans, guarantees, expense transfers).
    • Each transaction counterparty is checked against the disclosed RPT repository.
  3. Undisclosed RPT Red-Flag
    • If a vendor, customer, or counterparty is not present in the disclosed RPT list, but:
      • has a relationship overlap (detected via BIS, HR data, director disclosures, or beneficial ownership screening), or
      • shows suspicious intercompany flows (revenue in one entity but no matching expense in another),
        → FCM flags it as potential undisclosed RPT.
  4. Audit Trail & Workflow
    • The flagged transaction is routed to internal audit or the audit committee for review.
    • This creates a traceable workflow ensuring management can’t quietly bury or bypass it.

🎯 Why This Matters for Internal Audit Committees

  • Regulatory Pressure: Regulators (SEBI, SEC, PCAOB) demand transparency on RPTs.
  • Investor Confidence: Hidden RPTs erode shareholder trust.
  • Board Oversight: Audit committees are accountable for approving RPTs.

With SAP’s applications, committees get:

  • Early Detection → catching RPT abuse before financial close.
  • Transparency → dashboards showing all related-party flows.
  • Audit Trail → automated logs for investigation & reporting.

âś… Conclusion

RPTs are a double-edged sword: essential in global groups, but easily misused for fraud. Forensic experts and internal audit committees can’t rely only on manual reviews or disclosures.

With SAP S/4HANA, FCM, and BIS, organizations gain a 3-layer fraud shield that:

  • Detects hidden connections,
  • Flags unusual transactions, and
  • Ensures group-level transparency.

👉 The result: Audit committees can confidently certify compliance, strengthen governance, and prevent RPT abuse before it damages reputation.

🕵️‍♂️ Case Example: Unreported RPT at a Global Subsidiary

A multinational manufacturing company had subsidiaries across Asia, Europe, and the U.S.

🔎 Trigger in SAP FCM (Financial Compliance Management):
Variance analysis at the group level flagged one Asian subsidiary showing unusually high raw material purchase costs compared to benchmarks.

đź”— Cross-Check via Intercompany Elimination Reports in Group Reporting:
System detected repeated transactions with a vendor registered in Singapore. However, these transactions were not disclosed as RPTs in statutory filings.

đź’ˇ Deep Dive with SAP BIS (Business Integrity Screening):
BIS matched the vendor’s ultimate beneficial ownership to a family member of the subsidiary’s CFO — classic case of a shell company created to siphon profits.

đź“Š Outcome for the Internal Audit Committee:
The automated detection allowed the Audit Committee to:

  • Flag the transactions as unreported RPTs.
  • Prevent further payments.
  • Initiate disciplinary proceedings against the management of the subsidiary.
  • Strengthen compliance with SOX Section 402 and local corporate governance laws.

âś… Lesson:
Without SAP’s automated RPT detection at group level, this would have slipped through manual audits. With FCM + BIS integration, the internal audit committee had clear evidence of collusion, enabling swift corrective action.

Call to Action

🔹 For Internal Audit Committees

Your role is to safeguard transparency and protect shareholder trust. Undisclosed RPTs and group-level manipulations are among the biggest governance risks—manual reviews often miss them.
âś… With SAP FCM, you gain real-time monitoring of internal controls.
âś… With SAP BIS, you detect suspicious vendors, shell companies, and laundering attempts.
âś… With S/4HANA Group Reporting, you reconcile intercompany mismatches and spot anomalies across subsidiaries.

👉 Act now: Strengthen your audit charter with an integrated fraud shield that combines BIS + FCM + Group Reporting, ensuring airtight compliance with SOX, SEBI, and global governance standards.

🔹 For Forensic Experts

Your mission is to uncover what others miss. But ghost vendors, shell companies, and inflated intercompany revenues often slip through in complex group structures.
đź’ˇ SAP BIS scans patterns to surface high-risk vendors and abnormal payments.
đź’ˇ SAP FCM enforces pre-delivered controls, automates risk checks, and blocks unauthorized postings.
đź’ˇ Group Reporting in S/4HANA highlights unmatched transactions and margin outliers at the group level.

👉 Act now: Go beyond reactive investigations—use BIS + FCM + Group Reporting to proactively prevent fraud before it touches the financial statements.

Read our blogs on Corporate Governance here.

Here’s an official SAP reference you can cite to support how related-party master data and integrated screening tools like BIS and FCM work to detect undisclosed RPTs:

  • SAP Business Integrity Screening (BIS) – A fraud detection and compliance solution designed to screen business partners and uncover anomalous patterns, including undisclosed related-party relationships through master data and external risk data integration SAP.

This reference highlights BIS’s capabilities in real-time rule-based screening, which helps identify irregularities in vendor master data—such as shared bank accounts or identifiers—that can indicate potential undisclosed Related Party Transactions.