Skip to Content
Over the past few years due to changes exposed to the Business Strategies  board members and senior managers have been required to deal more consistently and more carefully than ever before with matters of governance, risk management, and compliance.   It also includes private companies seeking debt financing as well as non-profit organizations seeking foundation support. Boards and management of any kind of organization, of almost any size, must be able to make the case that they are driving the car, know where it is going, and can keep it on the road more like setting the processes and closely monitoring the process.   “In simple terms Governance is the Set of Processes that keeps the organization alive, and regulating the internal information flows and decision processes that ensure that its responses are timely and appropriate”.  Risk management means different things in different contexts. It can mean hedging investments, buying insurance, quality control, and more. Common to all these definitions is the notion that risk management is part of the process of making decisions. Ultimately, risk management supports risk taking and the organization’s ability to compete.  Now an organization can have risk in many terms some can be mitigated and some can be eliminated. Risk management is how you deal with these risks which can arise any time during the execution and what steps are to be taken for mitigation of those risks.  Risk is the degree of uncertainty accompanying a given course of action. Prudent managements will do what they can to manage that risk to tolerable levels. In the end, however, management must be willing to accept the possibility that what it intends in the way of results may not be achieved. Willing and knowledgeable risk acceptance is what risk taking is all about Risk management enables knowledgeable risk acceptance.  Compliance is the mechanism that makes governance work. It is compliance with the organizations own required procedures that enables management of the risks that endanger the entity. Monitoring and supporting compliance is not just a matter of keeping the regulators happy; it is the way that the organization monitors and maintains its health.  For all the Business needs mentioned avobe SAP has come with Access Controls Which Inculdes: 1. SAP GRC Access Enforcer2. SAP GRC Compliance Calibrator3. SAP GRC Role Expert SAP Compliance Calibrator is a fully automated SAP Security Audit and Segregation of Duties (SoD) Analysis Tool, designed to identify, analyze and resolve all SoD and audit issues.  Compliance Calibrator helps all key stakeholders in SAP Security to work in a collaborative manner to achieve ongoing SoD and audit compliance at all levels, including User, Role, Profile, and HR Object levels.   It empowers SAP Security Administrators, Business Process Owners and Internal Auditors to prepare their SAP systems for an audit. User Administrators can use Compliance Calibrator to identify potential SoD issues before assigning a new Role to a User.  SoDs are a primary internal control intended to prevent, or decrease the risk of errors or irregularities, identify problems, and ensure corrective action is taken.   In an ideal system, no employee has control of two or more key responsibilities specially when dealing with cash, negotiable checks and inventories.  There are business areas where SoDs are extremely important. For example,Cash Handling, because cash is a highly liquid asset. This means it is easy to take money and spend it without leaving a trail of where it went.  SoDs can be quite challenging to achieve in a small operation, as it is not always possible to have enough staff to properly segregate duties. In those cases, Management may need to take a more active Role to achieve separation of duties, by checking the work done by others or using other Mitigating Controls.          “Compliance Calibrator helps automate all SoD-related activities”. Provisioning access to users, in the traditional manner, involves the user completing paper forms that request access to SAP backend systems or business applications. Those forms are then submitted to the first line manager who reviews, approves, and forward them for second line approvers who are IT security or the request can be automatically provisioned by the administrator of the target system.   Usually, during the approval process, the managers who review access requests are expected to research and identify any potential conflicts of interest between roles that the requestor currently has and any new roles including permissions being requested. However, access requests that are under research and are expedited for approval can cause significant problems where legal, regulatory, security, and financial risks can potentially harm the corporation. SAP GRC Access Enforcer automates the access provisioning approval process by combining roles and permissions with workflow. When a user (Requestor) makes an access request to resources for which they do not have permission, Access Enforcer automatically forwards the access request to designated managers and approvers within a predefined workflow.  This workflow is customized to reflect your company policy. Roles and permissions are automatically applied to the enterprise directories when the access request is approved. Access Enforcer automates the role provisioning process within the identity management environment.   It ensures corporate accountability and compliance with Sarbanes Oxley along with other laws and regulations.  Cont..  By Vikas Chauhan / Krishna Chennuri
To report this post you need to login first.

5 Comments

You must be Logged on to comment or reply to a post.

  1. Timm Seitz
    I heard that this product is doing real-time compliance checks:

    1. How is this process technically implemented into the SAP back-end?
    2. How do both products interact with the SAP back-end (by using the SAP JCo)?
    3. How is the code analyzer function implemented into the back-end ERP (just by calling ABAP reports?)?

    Kind regards

    (0) 
    1. Anonymous
      1. With This product you can make the Connections to any SAP System (JCO).Yoy have to define connector for this Connection in this Product.Once Connector is done you are connected to the SAP System.

      2. for this process to be implemented in the Backend the agents are installed to the sysetms these agents takes the request from the front end and performs the SOD analysis.

      the execution of the analysis is done by background jobs.

      3. Real time SOD analsyis:

      The Product Access Enforcer in the SAP GRC Access COntrols Does this for you. As when Customer Requests somes roles for a SAP Systems, When Approver does the Risk Analysis it predicts the Combined Risk Analsyis which is Real Time.
      Regards,

      (0) 
  2. Anonymous
    1. With This product you can make the Connections to any SAP System (JCO).Yoy have to define connector for this Connection in this Product.Once Connector is done you are connected to the SAP System.

    2. for this process to be implemented in the Backend the agents are installed to the sysetms these agents takes the request from the front end and performs the SOD analysis.

    the execution of the analysis is done by background jobs.

    3. Real time SOD analsyis:

    The Product Access Enforcer in the SAP GRC Access COntrols Does this for you. As when Customer Requests somes roles for a SAP Systems, When Approver does the Risk Analysis it predicts the Combined Risk Analsyis which is Real Time.
    Regards,

    (0) 
  3. Sudhan Shan
    Is there a version compatibility issue with these process controls like when we install CC with SAP R3 Enterprise or ECC?Is the installation done by Security Admin or BASIS?

    Thanks
    Sudhan Shan

    (0) 

Leave a Reply