Escolar Documentos
Profissional Documentos
Cultura Documentos
Table of Content
Executive Summary
Introduction
Implementation Methodology
10
11
12
ANNEXURE 4: Challenges
12
13
2-13
Executive Summary
In the era of stringent corporate governance new regulatory requirements have made tighter internal control as
standard compliance across the globe.
All organization irrespective of size are struggling to comply with these regulations and managing the risk.The cost and
effort to establish, maintain and prove compliance demand both money and time which can be invested for more value
addition rather than value protection.
For many organization the technology solutions is to try automation using standard office tools such as spreadsheet
which in spite of its low cost advantage may become a part of problem rather than a compliance solution.
Fortunately newly available software platform that have become known as the GRC technology can help streamline the
automation.This white paper pertains to one of the most accountable control automation tool: SAP Access Control and
details its implementation methodology.
3-13
Introduction
Sarbanes Oxley Compliance was a result of such
Scandals.Also known as the Public Company Accounting
Reform and Investor Protection Act of 2002 and
commonly called SOX, it is a controversial United States
federal law passed in response to a number of major
corporate and accounting scandals.
Signed by Congress on July 30, 2002 its overall purpose is
to protect investors by improving the accuracy and
reliability of corporate disclosures made pursuant to the
securities laws.
roles/responsibilities.
any function.
SoD
roles/responsibilities
may be incorrect
users.
Implementation Methodology
based on SAP Best Practice
Role Management
7-13
Control Tools.
Implementation Readiness
or Installation Number.
following tools:
Preparation of Implementation
Preparation Includes:
Compliance Calibrator.
Resource Identification
areas:
duties
Suite
Streamline Approvals
using Firefighter
Enterprise Role Management
Separate
Auditable reporting
naming conventions.
auditors as well.
Enterprise
9-13
Activities Involved
Person Involved
Duration/Days
Implementation
Readiness
Hardware/Software requirement
analysis
Software Installation
NetWeaver Environment Validation
Basis/Security
Consultant
GRC AC Tool Consultant
17
15
26
Compliance User
Provisioning
20
Enterprise Role
Management
15
10-13
Number
Group
Responsibility
Basis/Security
Consultant
HCL GRC
GRC AC Tool
Consultant
HCL GRC
SOX Domain
Consultant
HCL GRC
Risk identification
Creation of Mitigation Controls
Approve or Reject already created Risks and Mitigation
Controls
Scenario Analysis and Identification of Format & Content of
Reports
GRC Business
Process Analyst
HCL GRC
Client Technical
Team
To be
decided
Client
Client Business
Team
To be
decided
Client
Client Project
Manager/
Coordinator
To be
decided
Client
Client Audit /
Internal Control
Team
To be
decided
Client
11-13
Duration/Days
2
5
10
17
26
4
15
20
10
Note: * These activities are performed simultaneously.The total implementation time is 56 calendar days.
ANNEXURE 4: Challenges
Challenges
Solution
Alert Generation and its notification through e-mail was configured not
only for mitigating controls but also for risk execution and critical
transaction execution
Integrating workflows in
Compliance Calibrator
for various processes
Designing user-provisioning
workflows and proper
initiators to trigger them
Cross-application
implementation
The system includes rules at both the transaction and object level that
address the SAP applications for APO, Basis, CRM, EBP, SRM, FI/CO, HR /
Payroll, Procure to Pay, MM/QM, Order to Cash, and Portals.
Cross-system
implementation
Cross-geo implementation
ANNEXURE: 5
SAP GRC Business Benefits:
SAP helps organizations build an integrated GRC approach in a step-by-step approach. SAP solutions for governance,
risk, and compliance help you leverage your SAP and non-SAP IT investments, and deliver the following business benefits:
Increased shareholder value Good corporate governance is reflected in many intangibles, including brand and
reputation and it translates directly into share price premiums.
Optimized risk/return portfolios Greater transparency and insight enables your decision makers to select or
reject projects based on risk impact and probability relative to potential return.
Reduced GRC costs Integrated corporate governance significantly reduces the number of people and time
required to ensure and manage compliance and risk management.
Improved business performance and predictability SAP solutions for governance, risk, and compliance deliver
enterprise wide transparency, a systematic process for anticipating risks, and the tools to proactively determine proper
actions.
Business sustainability Using solutions delivered through automation, analytics, and alerts, businesses can more
effectively mitigate risks stemming from myriads of legislations.
1.
Minimum Net Weaver support Pack is already installed and validated on identified systems.
2.
All the database and memory requirements for installation of Access Control Tools are met.
3.
4.
Organization already possesses the license for all required Access Control Tool.
5.
Person efforts and time would go on reducing in subsequent implementation in different geographies
6.
The company would go for addressing compliance management issues subsequently across different locations.
13-13