Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations."— Presentation transcript:

1 1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations

2 2 Agenda Increased Focus on Security & Controls SAP R/3 Security Risks & Controls Security Management Security Compliance Tools Questions

3 3 Increased Focus on Security and Controls Fraud (Barings Bank,WorldCom, Enron,...) Security Breaches (UCs, BC, Stanford...) Regulatory Compliance Sarbanes-Oxley (SOX) Family Educational Rights and Privacy Act (FERPA) Gramm-Leach-Bliley Act (GLBA) Health Insurance Portability and Accountability Act (HIPAA)

4 4 Security Risks Access Control Do some users have too much access? Sufficient access restrictions to private information? Segregation of Duties (SoD)

5 5 Security Compliance Tools – Internal Controls “Internal Controls are processes designed by management to provide reasonable assurance that the Institute will achieve its objectives” (From MIT’s Guidelines For Financial Review and Control) Cost of implementing control should not exceed the expected benefit of the control “Security is a process not a product”

6 6 Security Compliance Tools Who has access to sensitive transactions? Are there any SoD violations? Real-Time Monitoring Remove access or assign mitigating controls Reduce time and effort when providing information to auditors Used during implementation of new modules

7 7 SoD Rules Matrix Predefined SoD Rule Set Can Add Custom Transactions to Rule Set

8 8 Virsa-Compliance Calibrator

9 9

10 10 Virsa-Compliance Calibrator Resolve SoD Issues

11 11 Security Compliance Software Vendors Virsa Approva Oversight Systems Big 4 (E&Y, PwC, KPMG, Deloitte)

12 12 Benefits of Security Compliance Tools - Summary Run with SAP R/3 Automate SoD analysis Automate monitoring of critical transactions Quick assessment of authorization compliance for business users, auditors, and IT security staff Used during development/project efforts Avoid manual analysis and false positives

13 13 Questions

Download ppt "1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations."

Similar presentations

Compliance Technology Solutions NASACT Presentation Material Robert Garagiola – AERS National Technology Practice January 31 st, 2007.

Compliance Technology Solutions NASACT Presentation Material Robert Garagiola – AERS National Technology Practice January 31 st, 2007.
OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
Improving SOX Remediation Through Automated Testing of Internal Controls November 4, 2005.

Improving SOX Remediation Through Automated Testing of Internal Controls November 4, 2005.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
Security Controls – What Works

Security Controls – What Works
The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.

The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.
E-Commerce: Legal and Practical Issues Legal Issues: Security – December 2, 2005 Stephen M. Foxman Philadelphia.

E-Commerce: Legal and Practical Issues Legal Issues: Security – December 2, 2005 Stephen M. Foxman Philadelphia.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
August 9, 2005UCCSC Converting Policy to Reality Building Campus Security Programs Karl Heins -- Director of IT Audit Services Office of the University.

August 9, 2005UCCSC Converting Policy to Reality Building Campus Security Programs Karl Heins -- Director of IT Audit Services Office of the University.
Evolution of the Siemens Experience in its Effort to Test IT Controls on a Continuous Basis Rolf Haardörfer IT Audit Professional Siemens Corporation Tenth.

Evolution of the Siemens Experience in its Effort to Test IT Controls on a Continuous Basis Rolf Haardörfer IT Audit Professional Siemens Corporation Tenth.
Managing Segregation of Duties (SOD) in R3 Session Code: 808 Donnie Looper, Eastman Chemical Company Jasvir Gill, Virsa Systems.

Managing Segregation of Duties (SOD) in R3 Session Code: 808 Donnie Looper, Eastman Chemical Company Jasvir Gill, Virsa Systems.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Shooting The Moving Target…… Internal Controls & Segregation of Duties (SOD) Session Code: 503 Jasvir Gill, Virsa Systems Donnie Looper, Eastman Chemical.

Shooting The Moving Target…… Internal Controls & Segregation of Duties (SOD) Session Code: 503 Jasvir Gill, Virsa Systems Donnie Looper, Eastman Chemical.
Brian Markham Director, DIT Compliance and Risk Services May 1, 2014

Brian Markham Director, DIT Compliance and Risk Services May 1, 2014
The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.

The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.
The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.

The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.
Best Practices for User Access Controls and Segregation of Duties Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.

Best Practices for User Access Controls and Segregation of Duties Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.

Similar presentations

Ads by Google