1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.

Slides:



Advertisements
Similar presentations
Compliance Technology Solutions NASACT Presentation Material Robert Garagiola – AERS National Technology Practice January 31 st, 2007.
Advertisements

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
Improving SOX Remediation Through Automated Testing of Internal Controls November 4, 2005.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems
Security Controls – What Works
The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.
E-Commerce: Legal and Practical Issues Legal Issues: Security – December 2, 2005 Stephen M. Foxman Philadelphia.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
August 9, 2005UCCSC Converting Policy to Reality Building Campus Security Programs Karl Heins -- Director of IT Audit Services Office of the University.
Evolution of the Siemens Experience in its Effort to Test IT Controls on a Continuous Basis Rolf Haardörfer IT Audit Professional Siemens Corporation Tenth.
Managing Segregation of Duties (SOD) in R3 Session Code: 808 Donnie Looper, Eastman Chemical Company Jasvir Gill, Virsa Systems.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Shooting The Moving Target…… Internal Controls & Segregation of Duties (SOD) Session Code: 503 Jasvir Gill, Virsa Systems Donnie Looper, Eastman Chemical.
Brian Markham Director, DIT Compliance and Risk Services May 1, 2014
The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.
The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.
Best Practices for User Access Controls and Segregation of Duties Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
A Comprehensive Solution Team Mag 5 Valerie B., Derek C., Jimmy C., Julia M., Mark Z.
Compliance: A Traditional Risk-Based Audit Approach GR-ISSA Lloyd Guyot, MCS GSEC Sarbanes-Oxley USA PATRIOT Act Gramm-Leach-Bliley … more November, 2005.
Integrated Security Solutions © 2006 TK Consulting, LP realtime Confidential March 11, 2007 APM Demo.
INFORMATION SECURITY REGULATION COMPLIANCE By Insert name dd/mm/yyyy senior leadership training on the primary regulatory requirements,
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
SAP GRC access ULg Pierre Blauwart – Project Manager HERUG BvD-it Confidential.
1 General Awareness Training Security Awareness Module 1 Overview and Requirements.
Practical Implementation of Automated Assessment Tools for the IT Auditor John A. Otte, CISSP, CISA, CFE, EnCE, MSIA Director, Strategic Services FishNet.
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
Continuous Monitoring for Enterprise Applications: Real Needs, Real Solutions. November 22, th Continuous Assurance and Auditing Symposium Newark,
Segregation of Duties for Infor-Lawson Software 1.
Implementation Issues of Sarbanes-Oxley CASE Presentation September 23, 2004 By Denise Farnan.
Overview:  Different controls in an organization  Relationship between IT controls & financial controls  The Mega Process Leads  Application of COBIT.
1 Copyright © 2014 M. E. Kabay. All rights reserved. CSH5 Chapter 67 “Developing Classification Policies for Data” Karthik Raman & Kevin Beets Classification.
Chapter 7 Control and AIS. Threats to AIS Natural disasters –DSM flood (p. 249) Political disasters –Terrorism Cyber crime (as opposed to general terrorism)
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
Best Practices for Implementing Third Party Software to Monitor SOD and User Access Controls Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.
Auditing Information Systems (AIS)
Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.
New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.
The Audit as a Management Tool Vermont State Auditor’s Office – April 2009.
Fundamentals I: Accounting Information Systems McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.
© 2007 Approva Corporation. All rights reserved. Continuous Monitoring & Audit Taj Chadha Senior Director, Integration Solutions Practice.
CIBC Global Services © 2006, Echoworx Corporation Ubiquity of Security Compliance and Content Management Stephen Dodd Director – Enterprise Accounts.
B-I-C-T Security Strategy Introducing a new framework November 19, 2015 Aman Raheja
Compliance is Pretty Important, I Guess Florida Gulf Coast ARMA Meeting.
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
Internal Controls For Municipalities Vermont State Auditor’s Office – August 2008.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.
Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with written approval from Gartner. Such approvals.
Security. Audit. Compliance.
Collaboration Process 1. IC Objectives and Risk Tolerances Define, document, and implement top-down internal control objectives and risk tolerances: 
Building a Sound Security and Compliance Environment for Dynamics AX Frank Vukovits Dennis Christiansen Fastpath, Inc.
Contingency Management Indiana University of Pennsylvania John P. Draganosky.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Andy Snook Fastpath gives you insights on your CRM data that would make the NSA jealous Andy.
Jabil Circuit: Monitoring Users with 95% Less Data Review with SAP® Access Violation Management by Greenlight Objectives Monitor segregation-of-duty (SoD)
Security. Audit. Compliance.
Citrix: Proactively Addressing Enterprise Wide Access Compliance with SAP® Access Violation Management Company Citrix Systems Inc. Headquarters Ft. Lauderdale,
Regulatory Compliance
IS4680 Security Auditing for Compliance
Very Simple SoD & Audit Reporting Oracle ERP Cloud & EBS
IS4550 Security Policies and Implementation Unit 5 User Policies
به نام خداوند بخشنده و مهربان.
Securing Your Web Application and Database
Presentation transcript:

1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations

2 Agenda Increased Focus on Security & Controls SAP R/3 Security Risks & Controls Security Management Security Compliance Tools Questions

3 Increased Focus on Security and Controls Fraud (Barings Bank,WorldCom, Enron,...) Security Breaches (UCs, BC, Stanford...) Regulatory Compliance Sarbanes-Oxley (SOX) Family Educational Rights and Privacy Act (FERPA) Gramm-Leach-Bliley Act (GLBA) Health Insurance Portability and Accountability Act (HIPAA)

4 Security Risks Access Control Do some users have too much access? Sufficient access restrictions to private information? Segregation of Duties (SoD)

5 Security Compliance Tools – Internal Controls “Internal Controls are processes designed by management to provide reasonable assurance that the Institute will achieve its objectives” (From MIT’s Guidelines For Financial Review and Control) Cost of implementing control should not exceed the expected benefit of the control “Security is a process not a product”

6 Security Compliance Tools Who has access to sensitive transactions? Are there any SoD violations? Real-Time Monitoring Remove access or assign mitigating controls Reduce time and effort when providing information to auditors Used during implementation of new modules

7 SoD Rules Matrix Predefined SoD Rule Set Can Add Custom Transactions to Rule Set

8 Virsa-Compliance Calibrator

9

10 Virsa-Compliance Calibrator Resolve SoD Issues

11 Security Compliance Software Vendors Virsa Approva Oversight Systems Big 4 (E&Y, PwC, KPMG, Deloitte)

12 Benefits of Security Compliance Tools - Summary Run with SAP R/3 Automate SoD analysis Automate monitoring of critical transactions Quick assessment of authorization compliance for business users, auditors, and IT security staff Used during development/project efforts Avoid manual analysis and false positives

13 Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.