SAP GRC Implementation
The regulations, such as the Sarbanes-Oxley Act, require companies to document their business processes, identify risks and define controls to mitigate them, and regularly demonstrate the effectiveness of those controls.
To comply with these regulations and to protect the integrity of the business data, the organizations need to go beyond the static documentation of internal controls to actively ensuring that they are effectively guarding against fraud and errors, while streamlining business processes to reduce costs and inefficiencies.
Sarbanes–Oxley (SOX) 2002 Act History
- Known as the “Public Company Accounting Reform and Investor Protection Act”.
- Issued in as a response to a number of major corporate and accounting scandals Enron, Tyco International, WorldCom.
- Since then SOX-type laws have been subsequently enacted in Japan, Germany, France, Italy, Australia, Israel, India, South Africa, and Turkey.
- Sections 3. Corporate Responsibility (accuracy and validity of FS) and 4. Enhanced Financial Disclosures (off balance sheet) are directly related to system functions.
The most far-reaching reforms of American business practices since the time of Franklin D. Roosevelt
Signed with comments from the US president Into Law
Compliance and SOX. What’s it all about?
Expects |
|
Demands |
|
Rewards |
|
Controls Already Delivered by SAP
|
|
|
Security Controls (via SAP GRC)
|
SAP Governance, Risk, and Compliance (GRC)
SAP GRC helps organizations enhance their governance, risk and compliance (GRC) processes. The product suite contains a set of tools which allow risk and compliance teams to effectively, proactively, and pervasively manage risks and controls within a single platform.
SAP GRC is an advanced set of technology solution that enables you to turn your policies and procedures into automated processes, ensuring that policies do not simply exist on paper but are automatically implemented as part of your workflow.
- Access Control (AC)
- Process Control (PC)
- Risk Management (RM)
Are three integrated modules allowing pervasive risk management across business processes and user access activities by enhancing key automated monitoring and risk reporting capabilities.
Vinci Solutions help organizations evaluate and implement GRC solutions.
Understanding how the technology you have supports compliance will enable you to be proactive in dealing with regulatory issues.
The implementation process includes:
- Technical installation of the products;
- Configuration and deployment of the complete GRC suite, including:
- Analyze and Manage Access Risks,
- Provision and Manage Users,
- Design and Manage Roles, and
- Centralized Emergency Access;
- Workshops with key business process owners to adjust delivered Segregation of Duties (SoD) risk levels to reflect company's unique requirements;
- Adjustments of SAP transactions included in the different Segregation of Duties definitions;
- Integration custom SAP transactions into company's SoD rule set;
- Project management and coordination among executive management, IT, business teams, and auditors to obtain input on Segregation of Duties risk levels, and the workflow approval process;
- Training on SAP Governance, Risk and Compliance and Best Practices;
- Access risk mitigation across multiple ERPs;
- Performing Segregation of Duties simulations for role-level and user-level changes to determine the impact of removing sensitive or conflicting transactions.