SlideShare a Scribd company logo

Government and SOX Compliance for ERP Systems

Download as PPTX, PDF
Dan Aldridge, ERP Software Evangelist, LION
Dan Aldridge, ERP Software Evangelist, LION

This document provides information about DynaFlow, a company that provides software to help organizations manage governance, risk, and compliance (GRC). It discusses DynaFlow's profile, services, and how its software supports GRC/ERM activities like risk management, compliance, segregation of duties, and internal controls. The software includes pre-defined controls and risks libraries, automated control testing, dashboards for monitoring risks and controls, and integration with various enterprise applications.

Technology
1 of 38
1
Contact Information •Dan Aldridge CEO Performa Apps •e-mail dan.aldridge@i-app.com •website www.inforln.com/wp •linkedin Dan Aldridge •twitter @Danaldridge1 •
Agenda  Introduction DynaFlow Governance Risk & Compliance / Enterprise Risk Management Segregation of Duties for Baan / LN  Impact on ERP implementation Contact details: Aart de Glint adeglint@dynaflow-solutions.com Phone +31 318 479712 Mobile +31 654 392046 3
DynaFlow Profile  Main Facts:  Established in 1997  Private company HQ in Canada  Partners in USA, France, Netherlands, Norway, India, Thailand and Australia  Main mission:  To enable global companies to become “Simply in Control” by proactively managing enterprise risks, demonstrating compliance and automating and optimizing business processes.  Dedicated to provide its clients a fast ROI through a short and structured implementation  Professional Services:  Implementation and Training  Compliance & Audit Support  Process Optimization  Solution Hosting Services 4
DynaFlow: Makes it EZ for...
6
Cooking the Books 7 Mr. Ebbers (WorldCom), Mr. Lay (Enron), Mr. Kozlowski (Tyco) http://www.cbsnews.com/video/watch/?id=859384n
8
Regulation - The Hot Potato 9 Loi sur La Sécurité Financière (LSF) SAS-70 SOX C-SOX J-SOX ‘Euro-SOX’ Code Tabaksblat Code Lippens 8th EU Directive Clinger Cohen 21 CFR Part 11 IFRS Basel-II BilMoG
Governance, Risk Mngnt & Compliance Governance describes the overall management approach through which senior executives direct and control the entire organization, using a combination of management information and hierarchical management control structures. Governance activities ensure that critical management information reaching the executive team is sufficiently complete, accurate and timely to enable appropriate management decision making, and provide the control mechanisms to ensure that strategies, directions and instructions from management are carried out systematically and effectively. Risk management is the set of processes through which management identifies, analyzes, and, where necessary, responds appropriately to risks that might adversely affect realization of the organization's business objectives. The response to risks typically depends on their perceived gravity, and involves controlling, avoiding, accepting or transferring them to a third party. Whereas organizations routinely manage a wide range of risks (e.g. technological risks, commercial/financial risks, information security risks etc.), external legal and regulatory compliance risks are arguably the key issue in GRC. Compliance means conforming with stated requirements. At an organizational level, it is achieved through management processes which identify the applicable requirements (defined for example in laws, regulations, contracts, strategies and policies), assess the state of compliance, assess the risks and potential costs of non-compliance against the projected expenses to achieve compliance, and hence prioritize, fund and initiate any corrective actions deemed necessary. 10
GRC/ERM Support at all levels Levels of GRC model Strategical Tactical Operational •Policy •Enterprise Risk Management (Strategic) •Integrated Compliance Frameworks •Consolidated Dashboards (Control Statements) •Procedures •Process Risk Analysis (Tactical) •Process & Internal Control Design & Maintenance •Review (workflow) •Monitoring Efficiency of Internal Controls •Embedded testing & test evidence •Document Management System •KPI/”In Control” reports Continuous monitoring as part of normal business process •Policy •Enterprise Risk Management (Strategic) •Integrated Compliance Frameworks •Consolidated Dashboards (Control Statements) Purchasing Warehouse Management Manufacturing Sales & Distribution •Review •Test
Compliance – Why is this important Regulation Corporate & Executive Responsibility & Liability Fear for Reputation Damage Tightened Credit Lines Premium Insurance Fees Policy Interpretation Implementation Cost Overhead Audit Cost
From Regulation to Compliance Regulations Implementation SOX HIPAA BASEL II Etc. Framework ERM COSO-II COBIT ... Policy & Procedure Implementation Business Risks Business Controls: - Information delivery - Resource acces and use - Risk mitigation - ... Evidence Collection Demonstratiopn Demofo Cnosmtraptliioapnnc e Demofo Cnosmtraptliioann ce of Compliance establish document test People Processes Technology Facilities Data Audit
SOX Section 404 – Internal Control Assessment of internal control “The most contentious aspect of SOX is Section 404, which requires management and the external auditor to report on the adequacy of the company's internal control over financial reporting (ICFR). This is the most costly aspect of the legislation for companies to implement, as documenting and testing important financial manual and automated controls requires enormous effort.” 14 http://www.heritage.org/CDA/upload/SOX-CDA-edited-3.pdf
SOX Internal Control Requirements 15 Documentation  Detailed Process description  Process flowchart (preferable)  Business Risk Assessments  Risk Control Matrix (RCM) Testing  Annual walkthrough of each process.  Testing of key controls. Periodic Reviews  Review of process steps and controls  Updating of all documentation Annual External IC Audit  Essentially external validations that yes you did 1 through 3 above.  The auditor would use a predefined “checklists
Risk / Control Matrix 16 All non-PO invoices received at month end are entered into the system within 3 days of month-end to ensure proper inclusion into Accounts Payable. For production invoices, invoices can only be entered into the system for automatic matching if a valid PO and receipt are already in the system. The system populates the invoice price and due date information from the PO information. All unmatched PO invoices are forwarded to purchasing for follow-up. All purchase orders and non-PO invoices are reviewed, including ledger account coding, and are authorized in accordance with company policy. Cycle counts that result in a difference from perpetual quantity outside limits set by company policy are reviewed; items with a varance deemed to be material are recounted. RISK / CONTROL MATRIX Risk Auditor Assertion ACP-C01 ACP-C04 ACP-C16 PUR-C11 INV-C18 R007 What ensures that purchases are recorded into the proper accounting period? Completeness PC R011 What ensures that invoice prices, quantities and other valuation information is correct? Completeness, E/O, M/V PC PC R042 What ensures that duplicate and/or fictitious purchases are not recorded? Existence/ Occurrence PC PC R075 What ensures that perpetual inventory records reflect proper quantities and amounts? Existence/ Occurrence PC DC R079 What ensures that perpetual-to-physical inventory adjustments are correctly calculated and recorded? Completeness, Measurement/ Valuation DC R093 What ensures that inventory counts, compilations and descriptions are accurate? Measurement/ Valuation DC PC = Preventive Control DC = Detective Control
Enterprise Risk Management (ERM/GRC) The key pains & challenges:  Extra burden “on top” of running the company  Draining resources from critical projects  Absence of clear and documented guidelines  Absence of automation  Cannot be postponed (scheduled audits)  Cost (with NO tangible ROI) The proposed approach & resolution:  Leverage pre-defined knowledge via libraries  Avoid multiple partial systems (and integration burden)  Automate as much as possible tedious and large volume tasks
How DynaFlow supports ERM/GRC 18  Business Risks & Business Controls Library  2,500+ pre-defined Controls, Risks and relationships  Certified Best Practices / Benchmark  For all regional & industry specific regulations  (SOX, Basel-II, L262, FDA, HIPAA, IFSR, ISO, etc…)  To address all auditing/auditors requirements  Automated Business Control Execution  Testing Schedules with automated notification & testing  Real-time monitoring & alerts for testers and Mgmt  Evidence Collection & audit trail  Dynamic Risk and Business Control Monitoring  Key Performance & Risks Indicators Dashboard (+ mobile)  Audit Support  Combination of Solution, Libraries and Services
19
Segregation of Duties (SoD) The key pains & challenges:  Now a Critical Business Control for ALL organizations  Involves large volume of data (i.e. Typical = 200,000+ authorizations in Baan alone)  Need to be done across Systems (ERP) and for ALL access types  Is a recurring process due to constant changes The proposed approach & resolution:  Automation,  automation  and automation!
Cross-Applications ERM & SoD
Business Processes & Controls Integr. Process Diagram Employees User Roles Business Risks Applications Access Mgmt Business Controls Compliance Mgmt SoD Mgmt SoD Conflict Rules SoD Business Conflicts Conflict Resolution Documents Documents Document Mgmt
EZ-Compliance SoD Scan Mapics Hyperion BPCS … Network Access Facility Access Security Badges … Mapics Ceridian …
Master SoD Matrix 24
Over 400+ SoD “zones” to be validated 25
The LN / Baan SoD Rules Library  Introduced in 2005  Required 2 years initial development, and is updated 26 regularly  Content and design validated by CFO, Controllers, SOX Senior Consultants, Baan Specialists, etc...  Covers all Baan versions (Triton, Baan IV, ERP-5, LN)  Compliant to Baan Tools and DEM authorizations  Verify 22,000+ Baan session combinations for SoD violations (with violation rating) to validate 400+ SoD sensitive “zones”  Auditors such as E&Y, KPMG, D&T, PWC, Grant Thornton validated the Baan SoD Rules completeness and accuracy by successful certifying all EZ-Compliance clients to be SoD/SOX compliant.
EZ-Compliance Automated SoD Scan Employees Roles Corp-wide Applications Business Controls Business Processes Import DEM Visio Employee / Applications Access List (1) Access Scan SoD Conflict Rules SOX – SoD Conflicts List (2) Conflict Scan Resolution Scan (3) SoD Resolution Rules Mitigated Conflicts List Business Risks SoD Library Oracle Mitigation Controls Import LDAP Import ERP
SoD Conficting Areas Matrix Click to view detailed business functions & conflicts found 28
The automated SoD cycle Import of updated authorizations from all Enterprise Applications Identification of SoD conflicts & related business risks Resolution of conflicts with known patterns Investigation, resolution and mitigation of SoD risks Notification of new conflicts to internal audit team and/or process owners ERP Import Weekly or Daily Result: 90%+ reduction of effort & cost
How DynaFlow supports SoD 30  Access/Authorization Mgmt  Cross-systems authorizations (who is accessing what?)  Periodic Access Reviews  SoD Conflicts Identification  Detective validation (what accesses constitute risks?)  Preventive validation (what is the impact if we change …?)  SoD Conflicts Resolution  Automated resolution/mitigation using pattern rules  SoD Conflicts Monitoring & Alerts  Self-generated SoD Matrix with dynamic alerts  Key Performance & Risks Indicators Dashboard (+ mobile)
Segregation of Duties (SoD) What you gain with DynaFlow:  Cross-ERP Integration (SAP, Oracle, Baan, Mapics, ...)  Bottled Best Practices:  Fully automated Segregation-of-Duties (SoD) Rules  Pre-Defined SoD Libraries available for Baan, SAP, Oracle, etc...  In line with external auditors to secure successful certification  Detective and also Preventative  Fully automated SoD validation  90% reduction on implementation cost & effort  50% reduction on auditing cost  100% Successful SoD Audit  Simplified insight in all user authorizations
32
Integrated Cycles 33 Document Integrate Structure Publish Define Capture Optimize Validate Process Knowledge Review Certify Risk Assessment Control Activity Control Environment Publish Regulations (eg. SOX, ISO, ITAR AS9100, HIPAA, ect) Automate Measure Optimize Route Definition Workflow Objectives Metrics Action Measure Monitor Execute Automation Analyzes
DynaFlow Value Proposition 34 Document Integrate Structure Publish Define Capture Optimize Validate Review Certify Risk Assessment Control Activity Control Environment Publish Automate Measure Optimize Route Definition Objectives Action Measure Monitor Execute Analyzes
DynaFlow Solution Overview Business Controls Checks Financial (Oracle, etc) ERP (SAP, Baan, Mapics, etc) Process & Knowledge Publishing Process Modeling Business Controls Definition Automated Alerts & Notifications Process Automation Employee Process Dashboard Modeler and Auditor Dashboard Transaction Systems Base Dynamic KCI & Issues Escalation Process Optimization & Monitoring Management Dashboard Dynamic KPI & BI Analytics BPM Reporting Office Apps (MS, Email, VPN, etc)
Critical Capabilities Definition ERM & C 36 Audit Management Supports internal auditors in planning and scheduling audit-related tasks, time management, managing work papers, risk assessments, control testing, remediation management and reporting. Risk Management, General Supports risk management professionals with the documentation, workflow, assessment and analysis, reporting, visualization, and remediation of risks. Analytics are mostly qualitative with a limited loss event analysis capability that is not dependent on stochastic analysis. It does not include stochastic analysis, but it may collect data from stochastic risk analytics tools to provide a consolidated view of enterprise risk management. Risk Management, Stochastic Involves stochastic analysis, such as Monte Carlo simulation. Examples include banks that require highly specialized capabilities for Basel II capital calculations and companies that must support project risk assessments of long-term asset investments, such as mining and oil and gas. Only a few EGRC platform vendors directly support these stochastic analysis needs organically or through an OEM partnership. Compliance Management Supports compliance professionals with the documentation, workflow, reporting and visualization of control objectives, controls and associated risks, surveys and self-assessments, testing, and remediation. At a minimum, EGRC management not only will include financial reporting compliance (Sarbanes-Oxley compliance), but also can support other types of compliance, such as ISO 9000, Payment Card Industry, industry-specific regulations, service-level agreements, trading partner requirements and compliance with internal policies. Policy Management Includes a specialized form of document management that enables the policy life cycle from creation to review, change and archiving of policies; mapping of policies to mandates and business objectives in one direction, and risks and controls in another; and distribution to and attestation by employees and business partners. GRC Content Includes many different kinds of content relative to GRC activities. Examples include regulatory analysis and news feeds, standards and frameworks, draft testing and risk assessments, and draft policies. Business Analytics Supports the ability to analyze the impact of risks on business objectives, performance and processes. Gartner, Inc: 30 November 2010/ID Number: G00208665
DynaFlow simplification Regulations Implementation SOX HIPAA BASEL II Etc. Framework COSO-II COBIT ...... Policy & Procedure Implementation Business Risks Business Controls: - Information delivery - Resource acces and use - Risk mitigation - ... Evidence Collection Web Portal Demonstratiopn Demofo Cnosmtraptliioapnnc e Demofo Cnosmtraptliioann ce of Compliance establish document test People Processes Technology Facilities Data Audit Business Control Libraries Business Risk Libraries Compliance Program Mgmt. Compliance Change Mgmt. Compliance Issue Mgmt. Compliance Access &SoD Mgmt. Document Mgmt. Audit Trail Cross-ERP Integration & Mapping Operational Risk Monitoring eBook Generation
38

Recommended

IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOXMahesh Patwardhan
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 
Sap grc process control 10.0
Sap grc process control 10.0Sap grc process control 10.0
Sap grc process control 10.0Latha Kamal
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties SolutionsAhmed Abdul Hamed
 
Audit Sample Report
Audit Sample ReportAudit Sample Report
Audit Sample ReportRandy James
 
A Comprehensive Approach to Application Portfolio Rationalization
A Comprehensive Approach to Application Portfolio RationalizationA Comprehensive Approach to Application Portfolio Rationalization
A Comprehensive Approach to Application Portfolio RationalizationCognizant
 
IAM Methods 2.0 Presentation Michael Nielsen Deloitte
IAM Methods 2.0 Presentation Michael Nielsen DeloitteIAM Methods 2.0 Presentation Michael Nielsen Deloitte
IAM Methods 2.0 Presentation Michael Nielsen DeloitteIBM Sverige
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 

Recommended

IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOXMahesh Patwardhan
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 
Sap grc process control 10.0
Sap grc process control 10.0Sap grc process control 10.0
Sap grc process control 10.0Latha Kamal
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties SolutionsAhmed Abdul Hamed
 
Audit Sample Report
Audit Sample ReportAudit Sample Report
Audit Sample ReportRandy James
 
A Comprehensive Approach to Application Portfolio Rationalization
A Comprehensive Approach to Application Portfolio RationalizationA Comprehensive Approach to Application Portfolio Rationalization
A Comprehensive Approach to Application Portfolio RationalizationCognizant
 
IAM Methods 2.0 Presentation Michael Nielsen Deloitte
IAM Methods 2.0 Presentation Michael Nielsen DeloitteIAM Methods 2.0 Presentation Michael Nielsen Deloitte
IAM Methods 2.0 Presentation Michael Nielsen DeloitteIBM Sverige
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
Data migration methodology for sap v2
Data migration methodology for sap v2Data migration methodology for sap v2
Data migration methodology for sap v2cvcby
 
03.1 general control
03.1 general control03.1 general control
03.1 general controlMulyadi Yusuf
 
Sap grc-access-control-solution
Sap grc-access-control-solutionSap grc-access-control-solution
Sap grc-access-control-solutionAnywhere Gondodza SAP.GRC.FI.B.COM.ACC.HONS (MSU)
 
SAP Risk Management
SAP Risk ManagementSAP Risk Management
SAP Risk ManagementAuditBot SAP Security Audit
 
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureSecurity-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureThe Open Group SA
 
SAP GRC
SAP GRC SAP GRC
SAP GRC Kellton Tech Solutions Ltd
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITMax Neira Schliemann
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security AuditMufaddal Nullwala
 
Risk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarRisk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarAviva Spectrum™
 
Risk Management Procedure And Guidelines PowerPoint Presentation Slides
Risk Management Procedure And Guidelines PowerPoint Presentation Slides Risk Management Procedure And Guidelines PowerPoint Presentation Slides
Risk Management Procedure And Guidelines PowerPoint Presentation Slides SlideTeam
 
Business Architecture - Paul Turner
Business Architecture - Paul TurnerBusiness Architecture - Paul Turner
Business Architecture - Paul TurnerIIBA UK Chapter
 
EA Report.pdf
EA Report.pdfEA Report.pdf
EA Report.pdfDrShekharTankhiwale
 
SAP Governance,Risk and Compliance
SAP Governance,Risk and ComplianceSAP Governance,Risk and Compliance
SAP Governance,Risk and ComplianceTLI GrowthSession
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecturenarenvivek
 
DMBOK 2.0 and other frameworks including TOGAF & COBIT - keynote from DAMA Au...
DMBOK 2.0 and other frameworks including TOGAF & COBIT - keynote from DAMA Au...DMBOK 2.0 and other frameworks including TOGAF & COBIT - keynote from DAMA Au...
DMBOK 2.0 and other frameworks including TOGAF & COBIT - keynote from DAMA Au...Christopher Bradley
 
Business Drivers Behind Data Governance
Business Drivers Behind Data GovernanceBusiness Drivers Behind Data Governance
Business Drivers Behind Data GovernancePrecisely
 
ITIL Process Map
ITIL Process MapITIL Process Map
ITIL Process MapFarjana Akhter Jahan
 
Business Architecture and Enterprise Planning
Business Architecture and Enterprise PlanningBusiness Architecture and Enterprise Planning
Business Architecture and Enterprise Planningi3 Technologies, Inc
 
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...TransWare AG
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 CA CISA Jayjit Biswas
 

More Related Content

What's hot

IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
Data migration methodology for sap v2
Data migration methodology for sap v2Data migration methodology for sap v2
Data migration methodology for sap v2cvcby
 
03.1 general control
03.1 general control03.1 general control
03.1 general controlMulyadi Yusuf
 
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureSecurity-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureThe Open Group SA
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
Risk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarRisk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarAviva Spectrum™
 
Risk Management Procedure And Guidelines PowerPoint Presentation Slides
Risk Management Procedure And Guidelines PowerPoint Presentation Slides Risk Management Procedure And Guidelines PowerPoint Presentation Slides
Risk Management Procedure And Guidelines PowerPoint Presentation Slides SlideTeam
 
Business Architecture - Paul Turner
Business Architecture - Paul TurnerBusiness Architecture - Paul Turner
Business Architecture - Paul TurnerIIBA UK Chapter
 
SAP Governance,Risk and Compliance
SAP Governance,Risk and ComplianceSAP Governance,Risk and Compliance
SAP Governance,Risk and ComplianceTLI GrowthSession
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecturenarenvivek
 
DMBOK 2.0 and other frameworks including TOGAF & COBIT - keynote from DAMA Au...
DMBOK 2.0 and other frameworks including TOGAF & COBIT - keynote from DAMA Au...DMBOK 2.0 and other frameworks including TOGAF & COBIT - keynote from DAMA Au...
DMBOK 2.0 and other frameworks including TOGAF & COBIT - keynote from DAMA Au...Christopher Bradley
 
Business Drivers Behind Data Governance
Business Drivers Behind Data GovernanceBusiness Drivers Behind Data Governance
Business Drivers Behind Data GovernancePrecisely
 
Business Architecture and Enterprise Planning
Business Architecture and Enterprise PlanningBusiness Architecture and Enterprise Planning
Business Architecture and Enterprise Planningi3 Technologies, Inc
 

What's hot (20)

IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 
Data migration methodology for sap v2
Data migration methodology for sap v2Data migration methodology for sap v2
Data migration methodology for sap v2
 
03.1 general control
03.1 general control03.1 general control
03.1 general control
 
Sap grc-access-control-solution
Sap grc-access-control-solutionSap grc-access-control-solution
Sap grc-access-control-solution
 
SAP Risk Management
SAP Risk ManagementSAP Risk Management
SAP Risk Management
 
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureSecurity-by-Design in Enterprise Architecture
Security-by-Design in Enterprise Architecture
 
SAP GRC
SAP GRC SAP GRC
SAP GRC
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & IT
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness training
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
Risk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarRisk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches Webinar
 
Risk Management Procedure And Guidelines PowerPoint Presentation Slides
Risk Management Procedure And Guidelines PowerPoint Presentation Slides Risk Management Procedure And Guidelines PowerPoint Presentation Slides
Risk Management Procedure And Guidelines PowerPoint Presentation Slides
 
Business Architecture - Paul Turner
Business Architecture - Paul TurnerBusiness Architecture - Paul Turner
Business Architecture - Paul Turner
 
EA Report.pdf
EA Report.pdfEA Report.pdf
EA Report.pdf
 
SAP Governance,Risk and Compliance
SAP Governance,Risk and ComplianceSAP Governance,Risk and Compliance
SAP Governance,Risk and Compliance
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecture
 
DMBOK 2.0 and other frameworks including TOGAF & COBIT - keynote from DAMA Au...
DMBOK 2.0 and other frameworks including TOGAF & COBIT - keynote from DAMA Au...DMBOK 2.0 and other frameworks including TOGAF & COBIT - keynote from DAMA Au...
DMBOK 2.0 and other frameworks including TOGAF & COBIT - keynote from DAMA Au...
 
Business Drivers Behind Data Governance
Business Drivers Behind Data GovernanceBusiness Drivers Behind Data Governance
Business Drivers Behind Data Governance
 
ITIL Process Map
ITIL Process MapITIL Process Map
ITIL Process Map
 
Business Architecture and Enterprise Planning
Business Architecture and Enterprise PlanningBusiness Architecture and Enterprise Planning
Business Architecture and Enterprise Planning
 

Viewers also liked

Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...TransWare AG
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 CA CISA Jayjit Biswas
 
Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Smart ERP Solutions, Inc.
 
Automating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and FinancialsAutomating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and FinancialsSmart ERP Solutions, Inc.
 
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?SAPinsider Events
 
Segregation of Duties and Continuous Delivery
Segregation of Duties and Continuous DeliverySegregation of Duties and Continuous Delivery
Segregation of Duties and Continuous DeliverySriram Narayanan
 
SAP GRC 10 Access Control
SAP GRC 10 Access ControlSAP GRC 10 Access Control
SAP GRC 10 Access ControlNasir Gondal
 
Sarbanes-Oxley Act (SOX)
Sarbanes-Oxley Act (SOX)Sarbanes-Oxley Act (SOX)
Sarbanes-Oxley Act (SOX)vinaya.hs
 
Gov & Private Sector Regulatory Compliance: Using Hadoop to Address Requirements
Gov & Private Sector Regulatory Compliance: Using Hadoop to Address RequirementsGov & Private Sector Regulatory Compliance: Using Hadoop to Address Requirements
Gov & Private Sector Regulatory Compliance: Using Hadoop to Address RequirementsDataWorks Summit
 
DCAA/DCMA Compliance & Audit Changes Facing All Government Contractors and Re...
DCAA/DCMA Compliance & Audit Changes Facing All Government Contractors and Re...DCAA/DCMA Compliance & Audit Changes Facing All Government Contractors and Re...
DCAA/DCMA Compliance & Audit Changes Facing All Government Contractors and Re...Insero & Co. CPAs, LLP
 
3 Way Match for Purchasing Professionals
3 Way Match for Purchasing Professionals3 Way Match for Purchasing Professionals
3 Way Match for Purchasing ProfessionalsBill Kohnen
 
SOD Segregation Of Duties - Séparation de Droits et Responsabilités
SOD Segregation Of Duties - Séparation de Droits et ResponsabilitésSOD Segregation Of Duties - Séparation de Droits et Responsabilités
SOD Segregation Of Duties - Séparation de Droits et ResponsabilitésCOMPETENSIS
 
Sox Compliance Solution
Sox Compliance SolutionSox Compliance Solution
Sox Compliance Solutionguest586cf0
 
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSecurity & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSmart ERP Solutions, Inc.
 
Project Risk register
Project Risk registerProject Risk register
Project Risk registerKashif Mastan
 
SOX compliance - Understanding Sarbanes-Oxley
SOX compliance - Understanding Sarbanes-OxleySOX compliance - Understanding Sarbanes-Oxley
SOX compliance - Understanding Sarbanes-OxleyAmarnath Gupta
 
FulcrumWay - Implement Effective Access Controls within your Oracle ERP System
FulcrumWay - Implement Effective Access Controls within your Oracle ERP SystemFulcrumWay - Implement Effective Access Controls within your Oracle ERP System
FulcrumWay - Implement Effective Access Controls within your Oracle ERP SystemFulcrumWay
 

Viewers also liked (20)

Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
 
Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23
 
Automating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and FinancialsAutomating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and Financials
 
Casa engl
Casa englCasa engl
Casa engl
 
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
 
Segregation of Duties and Continuous Delivery
Segregation of Duties and Continuous DeliverySegregation of Duties and Continuous Delivery
Segregation of Duties and Continuous Delivery
 
SAP GRC 10 Access Control
SAP GRC 10 Access ControlSAP GRC 10 Access Control
SAP GRC 10 Access Control
 
Sarbanes-Oxley Act (SOX)
Sarbanes-Oxley Act (SOX)Sarbanes-Oxley Act (SOX)
Sarbanes-Oxley Act (SOX)
 
Gov & Private Sector Regulatory Compliance: Using Hadoop to Address Requirements
Gov & Private Sector Regulatory Compliance: Using Hadoop to Address RequirementsGov & Private Sector Regulatory Compliance: Using Hadoop to Address Requirements
Gov & Private Sector Regulatory Compliance: Using Hadoop to Address Requirements
 
DCAA/DCMA Compliance & Audit Changes Facing All Government Contractors and Re...
DCAA/DCMA Compliance & Audit Changes Facing All Government Contractors and Re...DCAA/DCMA Compliance & Audit Changes Facing All Government Contractors and Re...
DCAA/DCMA Compliance & Audit Changes Facing All Government Contractors and Re...
 
3 Way Match for Purchasing Professionals
3 Way Match for Purchasing Professionals3 Way Match for Purchasing Professionals
3 Way Match for Purchasing Professionals
 
SOD Segregation Of Duties - Séparation de Droits et Responsabilités
SOD Segregation Of Duties - Séparation de Droits et ResponsabilitésSOD Segregation Of Duties - Séparation de Droits et Responsabilités
SOD Segregation Of Duties - Séparation de Droits et Responsabilités
 
Sox Compliance Solution
Sox Compliance SolutionSox Compliance Solution
Sox Compliance Solution
 
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSecurity & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoft
 
Risk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and ImplementationRisk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and Implementation
 
Project Risk register
Project Risk registerProject Risk register
Project Risk register
 
Inforln.com HTML5 based Enterprise Modeler (DEM) in Infor ERP LN 10.4
Inforln.com HTML5 based Enterprise Modeler (DEM) in Infor ERP LN 10.4Inforln.com HTML5 based Enterprise Modeler (DEM) in Infor ERP LN 10.4
Inforln.com HTML5 based Enterprise Modeler (DEM) in Infor ERP LN 10.4
 
SOX compliance - Understanding Sarbanes-Oxley
SOX compliance - Understanding Sarbanes-OxleySOX compliance - Understanding Sarbanes-Oxley
SOX compliance - Understanding Sarbanes-Oxley
 
FulcrumWay - Implement Effective Access Controls within your Oracle ERP System
FulcrumWay - Implement Effective Access Controls within your Oracle ERP SystemFulcrumWay - Implement Effective Access Controls within your Oracle ERP System
FulcrumWay - Implement Effective Access Controls within your Oracle ERP System
 

Similar to Government and SOX Compliance for ERP Systems

Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear LLC
 
CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard Jim Robins
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.pptKhalilIdhman
 
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011IBM Sverige
 
Fixnix GRC Suite A Glance
Fixnix GRC Suite A GlanceFixnix GRC Suite A Glance
Fixnix GRC Suite A GlanceFixNix Inc.,
 
How to Drive Value from Operational Risk Data - Part 2
How to Drive Value from Operational Risk Data - Part 2How to Drive Value from Operational Risk Data - Part 2
How to Drive Value from Operational Risk Data - Part 2Perficient, Inc.
 
An Introduction to econsys
An Introduction to econsysAn Introduction to econsys
An Introduction to econsysAndrew Redfern
 
SafepaaS AuditPaaS
SafepaaS AuditPaaSSafepaaS AuditPaaS
SafepaaS AuditPaaSJane Jones
 
SafePaaS AuditPaaS
SafePaaS AuditPaaS SafePaaS AuditPaaS
SafePaaS AuditPaaS Jane Jones
 
AuditPaas by SafePaaS
AuditPaas by SafePaaSAuditPaas by SafePaaS
AuditPaas by SafePaaSJane Jones
 
AuditPaaS SafePaaS
AuditPaaS SafePaaSAuditPaaS SafePaaS
AuditPaaS SafePaaSEmma Kelly
 
ClockworkISMS
ClockworkISMSClockworkISMS
ClockworkISMSDelaney
 
FulcrumWay GRC Solutions
FulcrumWay GRC SolutionsFulcrumWay GRC Solutions
FulcrumWay GRC SolutionsMantala
 

Similar to Government and SOX Compliance for ERP Systems (20)

Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and Trends
 
CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
 
It Governance Methodology Cox
It Governance Methodology CoxIt Governance Methodology Cox
It Governance Methodology Cox
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.ppt
 
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
 
Fixnix GRC Suite A Glance
Fixnix GRC Suite A GlanceFixnix GRC Suite A Glance
Fixnix GRC Suite A Glance
 
Cobit 41 framework
Cobit 41 frameworkCobit 41 framework
Cobit 41 framework
 
How to Drive Value from Operational Risk Data - Part 2
How to Drive Value from Operational Risk Data - Part 2How to Drive Value from Operational Risk Data - Part 2
How to Drive Value from Operational Risk Data - Part 2
 
An Introduction to econsys
An Introduction to econsysAn Introduction to econsys
An Introduction to econsys
 
An IT Governance program
An IT Governance programAn IT Governance program
An IT Governance program
 
SafepaaS AuditPaaS
SafepaaS AuditPaaSSafepaaS AuditPaaS
SafepaaS AuditPaaS
 
SafePaaS AuditPaaS
SafePaaS AuditPaaS SafePaaS AuditPaaS
SafePaaS AuditPaaS
 
AuditPaas by SafePaaS
AuditPaas by SafePaaSAuditPaas by SafePaaS
AuditPaas by SafePaaS
 
AuditPaaS SafePaaS
AuditPaaS SafePaaSAuditPaaS SafePaaS
AuditPaaS SafePaaS
 
Vivek cv
Vivek cvVivek cv
Vivek cv
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
 
Grc and is audit
Grc and is auditGrc and is audit
Grc and is audit
 
ClockworkISMS
ClockworkISMSClockworkISMS
ClockworkISMS
 
FulcrumWay GRC Solutions
FulcrumWay GRC SolutionsFulcrumWay GRC Solutions
FulcrumWay GRC Solutions
 

More from Dan Aldridge, ERP Software Evangelist, LION

Inforln.com ERP LN 10.3 & 10.4 Quality Management Non-conformance Reporting D...
Inforln.com ERP LN 10.3 & 10.4 Quality Management Non-conformance Reporting D...Inforln.com ERP LN 10.3 & 10.4 Quality Management Non-conformance Reporting D...
Inforln.com ERP LN 10.3 & 10.4 Quality Management Non-conformance Reporting D...Dan Aldridge, ERP Software Evangelist, LION
 
Inforln.com ERP LN 10.3 & 10.4 Manufacturing Non-conformance Handling Differe...
Inforln.com ERP LN 10.3 & 10.4 Manufacturing Non-conformance Handling Differe...Inforln.com ERP LN 10.3 & 10.4 Manufacturing Non-conformance Handling Differe...
Inforln.com ERP LN 10.3 & 10.4 Manufacturing Non-conformance Handling Differe...Dan Aldridge, ERP Software Evangelist, LION
 

More from Dan Aldridge, ERP Software Evangelist, LION (20)

Inforln.com Learn LN - Infor Ming.le User Interface Concepts
Inforln.com Learn LN - Infor Ming.le User Interface ConceptsInforln.com Learn LN - Infor Ming.le User Interface Concepts
Inforln.com Learn LN - Infor Ming.le User Interface Concepts
 
Inforln.com ERP LN Finance Concepts Overview Training
Inforln.com ERP LN Finance Concepts Overview TrainingInforln.com ERP LN Finance Concepts Overview Training
Inforln.com ERP LN Finance Concepts Overview Training
 
Inforln.com ERP LN 10.4 Using the New Claim Features
Inforln.com ERP LN 10.4 Using the New Claim FeaturesInforln.com ERP LN 10.4 Using the New Claim Features
Inforln.com ERP LN 10.4 Using the New Claim Features
 
Inforln.com ERP LN 10.4 Managing Material Demand for Preventive Maintenance
Inforln.com ERP LN 10.4 Managing Material Demand for Preventive MaintenanceInforln.com ERP LN 10.4 Managing Material Demand for Preventive Maintenance
Inforln.com ERP LN 10.4 Managing Material Demand for Preventive Maintenance
 
Inforln.com ERP LN 10.4 Credit and Rebill Invoices Enhancements
Inforln.com ERP LN 10.4 Credit and Rebill Invoices EnhancementsInforln.com ERP LN 10.4 Credit and Rebill Invoices Enhancements
Inforln.com ERP LN 10.4 Credit and Rebill Invoices Enhancements
 
Inforln.com ERP LN 10.4 Advance Invoicing Enhancements
Inforln.com ERP LN 10.4 Advance Invoicing EnhancementsInforln.com ERP LN 10.4 Advance Invoicing Enhancements
Inforln.com ERP LN 10.4 Advance Invoicing Enhancements
 
Inforln.com ERP LN 10.3 & 10.4 Quality Management Non-conformance Reporting D...
Inforln.com ERP LN 10.3 & 10.4 Quality Management Non-conformance Reporting D...Inforln.com ERP LN 10.3 & 10.4 Quality Management Non-conformance Reporting D...
Inforln.com ERP LN 10.3 & 10.4 Quality Management Non-conformance Reporting D...
 
Inforln.com ERP LN 10.3 & 10.4 Miscellaneous Project Enhancements
Inforln.com ERP LN 10.3 & 10.4 Miscellaneous Project EnhancementsInforln.com ERP LN 10.3 & 10.4 Miscellaneous Project Enhancements
Inforln.com ERP LN 10.3 & 10.4 Miscellaneous Project Enhancements
 
Inforln.com ERP LN 10.3 & 10.4 MAUC Hours Differences
Inforln.com ERP LN 10.3 & 10.4 MAUC Hours DifferencesInforln.com ERP LN 10.3 & 10.4 MAUC Hours Differences
Inforln.com ERP LN 10.3 & 10.4 MAUC Hours Differences
 
Inforln.com ERP LN 10.3 & 10.4 Manufacturing Non-conformance Handling Differe...
Inforln.com ERP LN 10.3 & 10.4 Manufacturing Non-conformance Handling Differe...Inforln.com ERP LN 10.3 & 10.4 Manufacturing Non-conformance Handling Differe...
Inforln.com ERP LN 10.3 & 10.4 Manufacturing Non-conformance Handling Differe...
 
Inforln.com ERP 10.3 &10.4 Estimating Differences
Inforln.com ERP 10.3 &10.4 Estimating DifferencesInforln.com ERP 10.3 &10.4 Estimating Differences
Inforln.com ERP 10.3 &10.4 Estimating Differences
 
Inforln.com ERP LN 10.3 & 10.4 Contract Invoicing Differences
Inforln.com ERP LN 10.3 & 10.4 Contract Invoicing DifferencesInforln.com ERP LN 10.3 & 10.4 Contract Invoicing Differences
Inforln.com ERP LN 10.3 & 10.4 Contract Invoicing Differences
 
Inforln.com ERP LN 10.3 & 10.4 Configurable Contract Deliverables Enhancements
Inforln.com ERP LN 10.3 & 10.4 Configurable Contract Deliverables EnhancementsInforln.com ERP LN 10.3 & 10.4 Configurable Contract Deliverables Enhancements
Inforln.com ERP LN 10.3 & 10.4 Configurable Contract Deliverables Enhancements
 
Inforln.com ERP LN 10.3 & 10.4 Project Peg Audit History Differences
Inforln.com ERP LN 10.3 & 10.4 Project Peg Audit History DifferencesInforln.com ERP LN 10.3 & 10.4 Project Peg Audit History Differences
Inforln.com ERP LN 10.3 & 10.4 Project Peg Audit History Differences
 
Inforln.com Baan 4 to LN Differences Training - Warehousing & Inventory Control
Inforln.com Baan 4 to LN Differences Training - Warehousing & Inventory ControlInforln.com Baan 4 to LN Differences Training - Warehousing & Inventory Control
Inforln.com Baan 4 to LN Differences Training - Warehousing & Inventory Control
 
Inforln.com Baan to LN Upgrade Differences Training - UI Enhancements
Inforln.com Baan to LN Upgrade Differences Training - UI EnhancementsInforln.com Baan to LN Upgrade Differences Training - UI Enhancements
Inforln.com Baan to LN Upgrade Differences Training - UI Enhancements
 
Inforln.com Baan to LN Differences Training - Order Management
Inforln.com Baan to LN Differences Training - Order ManagementInforln.com Baan to LN Differences Training - Order Management
Inforln.com Baan to LN Differences Training - Order Management
 
Infor ln.com baan 4 to ln upgrade differences training order management
Infor ln.com baan 4 to ln upgrade differences training order managementInfor ln.com baan 4 to ln upgrade differences training order management
Infor ln.com baan 4 to ln upgrade differences training order management
 
Inforln.com Baan 4 to LN Differences Training - Multisite & Common Data
Inforln.com Baan 4 to LN Differences Training - Multisite & Common DataInforln.com Baan 4 to LN Differences Training - Multisite & Common Data
Inforln.com Baan 4 to LN Differences Training - Multisite & Common Data
 
Inforln.com Baan 4 to LN Upgrade Differences Training - Enterprise Planning
Inforln.com Baan 4 to LN Upgrade Differences Training - Enterprise PlanningInforln.com Baan 4 to LN Upgrade Differences Training - Enterprise Planning
Inforln.com Baan 4 to LN Upgrade Differences Training - Enterprise Planning
 

Recently uploaded

[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 

Recently uploaded (20)

[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 

Government and SOX Compliance for ERP Systems

  • 1. 1
  • 2. Contact Information •Dan Aldridge CEO Performa Apps •e-mail dan.aldridge@i-app.com •website www.inforln.com/wp •linkedin Dan Aldridge •twitter @Danaldridge1 •
  • 3. Agenda  Introduction DynaFlow Governance Risk & Compliance / Enterprise Risk Management Segregation of Duties for Baan / LN  Impact on ERP implementation Contact details: Aart de Glint adeglint@dynaflow-solutions.com Phone +31 318 479712 Mobile +31 654 392046 3
  • 4. DynaFlow Profile  Main Facts:  Established in 1997  Private company HQ in Canada  Partners in USA, France, Netherlands, Norway, India, Thailand and Australia  Main mission:  To enable global companies to become “Simply in Control” by proactively managing enterprise risks, demonstrating compliance and automating and optimizing business processes.  Dedicated to provide its clients a fast ROI through a short and structured implementation  Professional Services:  Implementation and Training  Compliance & Audit Support  Process Optimization  Solution Hosting Services 4
  • 5. DynaFlow: Makes it EZ for...
  • 6. 6
  • 7. Cooking the Books 7 Mr. Ebbers (WorldCom), Mr. Lay (Enron), Mr. Kozlowski (Tyco) http://www.cbsnews.com/video/watch/?id=859384n
  • 8. 8
  • 9. Regulation - The Hot Potato 9 Loi sur La Sécurité Financière (LSF) SAS-70 SOX C-SOX J-SOX ‘Euro-SOX’ Code Tabaksblat Code Lippens 8th EU Directive Clinger Cohen 21 CFR Part 11 IFRS Basel-II BilMoG
  • 10. Governance, Risk Mngnt & Compliance Governance describes the overall management approach through which senior executives direct and control the entire organization, using a combination of management information and hierarchical management control structures. Governance activities ensure that critical management information reaching the executive team is sufficiently complete, accurate and timely to enable appropriate management decision making, and provide the control mechanisms to ensure that strategies, directions and instructions from management are carried out systematically and effectively. Risk management is the set of processes through which management identifies, analyzes, and, where necessary, responds appropriately to risks that might adversely affect realization of the organization's business objectives. The response to risks typically depends on their perceived gravity, and involves controlling, avoiding, accepting or transferring them to a third party. Whereas organizations routinely manage a wide range of risks (e.g. technological risks, commercial/financial risks, information security risks etc.), external legal and regulatory compliance risks are arguably the key issue in GRC. Compliance means conforming with stated requirements. At an organizational level, it is achieved through management processes which identify the applicable requirements (defined for example in laws, regulations, contracts, strategies and policies), assess the state of compliance, assess the risks and potential costs of non-compliance against the projected expenses to achieve compliance, and hence prioritize, fund and initiate any corrective actions deemed necessary. 10
  • 11. GRC/ERM Support at all levels Levels of GRC model Strategical Tactical Operational •Policy •Enterprise Risk Management (Strategic) •Integrated Compliance Frameworks •Consolidated Dashboards (Control Statements) •Procedures •Process Risk Analysis (Tactical) •Process & Internal Control Design & Maintenance •Review (workflow) •Monitoring Efficiency of Internal Controls •Embedded testing & test evidence •Document Management System •KPI/”In Control” reports Continuous monitoring as part of normal business process •Policy •Enterprise Risk Management (Strategic) •Integrated Compliance Frameworks •Consolidated Dashboards (Control Statements) Purchasing Warehouse Management Manufacturing Sales & Distribution •Review •Test
  • 12. Compliance – Why is this important Regulation Corporate & Executive Responsibility & Liability Fear for Reputation Damage Tightened Credit Lines Premium Insurance Fees Policy Interpretation Implementation Cost Overhead Audit Cost
  • 13. From Regulation to Compliance Regulations Implementation SOX HIPAA BASEL II Etc. Framework ERM COSO-II COBIT ... Policy & Procedure Implementation Business Risks Business Controls: - Information delivery - Resource acces and use - Risk mitigation - ... Evidence Collection Demonstratiopn Demofo Cnosmtraptliioapnnc e Demofo Cnosmtraptliioann ce of Compliance establish document test People Processes Technology Facilities Data Audit
  • 14. SOX Section 404 – Internal Control Assessment of internal control “The most contentious aspect of SOX is Section 404, which requires management and the external auditor to report on the adequacy of the company's internal control over financial reporting (ICFR). This is the most costly aspect of the legislation for companies to implement, as documenting and testing important financial manual and automated controls requires enormous effort.” 14 http://www.heritage.org/CDA/upload/SOX-CDA-edited-3.pdf
  • 15. SOX Internal Control Requirements 15 Documentation  Detailed Process description  Process flowchart (preferable)  Business Risk Assessments  Risk Control Matrix (RCM) Testing  Annual walkthrough of each process.  Testing of key controls. Periodic Reviews  Review of process steps and controls  Updating of all documentation Annual External IC Audit  Essentially external validations that yes you did 1 through 3 above.  The auditor would use a predefined “checklists
  • 16. Risk / Control Matrix 16 All non-PO invoices received at month end are entered into the system within 3 days of month-end to ensure proper inclusion into Accounts Payable. For production invoices, invoices can only be entered into the system for automatic matching if a valid PO and receipt are already in the system. The system populates the invoice price and due date information from the PO information. All unmatched PO invoices are forwarded to purchasing for follow-up. All purchase orders and non-PO invoices are reviewed, including ledger account coding, and are authorized in accordance with company policy. Cycle counts that result in a difference from perpetual quantity outside limits set by company policy are reviewed; items with a varance deemed to be material are recounted. RISK / CONTROL MATRIX Risk Auditor Assertion ACP-C01 ACP-C04 ACP-C16 PUR-C11 INV-C18 R007 What ensures that purchases are recorded into the proper accounting period? Completeness PC R011 What ensures that invoice prices, quantities and other valuation information is correct? Completeness, E/O, M/V PC PC R042 What ensures that duplicate and/or fictitious purchases are not recorded? Existence/ Occurrence PC PC R075 What ensures that perpetual inventory records reflect proper quantities and amounts? Existence/ Occurrence PC DC R079 What ensures that perpetual-to-physical inventory adjustments are correctly calculated and recorded? Completeness, Measurement/ Valuation DC R093 What ensures that inventory counts, compilations and descriptions are accurate? Measurement/ Valuation DC PC = Preventive Control DC = Detective Control
  • 17. Enterprise Risk Management (ERM/GRC) The key pains & challenges:  Extra burden “on top” of running the company  Draining resources from critical projects  Absence of clear and documented guidelines  Absence of automation  Cannot be postponed (scheduled audits)  Cost (with NO tangible ROI) The proposed approach & resolution:  Leverage pre-defined knowledge via libraries  Avoid multiple partial systems (and integration burden)  Automate as much as possible tedious and large volume tasks
  • 18. How DynaFlow supports ERM/GRC 18  Business Risks & Business Controls Library  2,500+ pre-defined Controls, Risks and relationships  Certified Best Practices / Benchmark  For all regional & industry specific regulations  (SOX, Basel-II, L262, FDA, HIPAA, IFSR, ISO, etc…)  To address all auditing/auditors requirements  Automated Business Control Execution  Testing Schedules with automated notification & testing  Real-time monitoring & alerts for testers and Mgmt  Evidence Collection & audit trail  Dynamic Risk and Business Control Monitoring  Key Performance & Risks Indicators Dashboard (+ mobile)  Audit Support  Combination of Solution, Libraries and Services
  • 19. 19
  • 20. Segregation of Duties (SoD) The key pains & challenges:  Now a Critical Business Control for ALL organizations  Involves large volume of data (i.e. Typical = 200,000+ authorizations in Baan alone)  Need to be done across Systems (ERP) and for ALL access types  Is a recurring process due to constant changes The proposed approach & resolution:  Automation,  automation  and automation!
  • 22. Business Processes & Controls Integr. Process Diagram Employees User Roles Business Risks Applications Access Mgmt Business Controls Compliance Mgmt SoD Mgmt SoD Conflict Rules SoD Business Conflicts Conflict Resolution Documents Documents Document Mgmt
  • 23. EZ-Compliance SoD Scan Mapics Hyperion BPCS … Network Access Facility Access Security Badges … Mapics Ceridian …
  • 25. Over 400+ SoD “zones” to be validated 25
  • 26. The LN / Baan SoD Rules Library  Introduced in 2005  Required 2 years initial development, and is updated 26 regularly  Content and design validated by CFO, Controllers, SOX Senior Consultants, Baan Specialists, etc...  Covers all Baan versions (Triton, Baan IV, ERP-5, LN)  Compliant to Baan Tools and DEM authorizations  Verify 22,000+ Baan session combinations for SoD violations (with violation rating) to validate 400+ SoD sensitive “zones”  Auditors such as E&Y, KPMG, D&T, PWC, Grant Thornton validated the Baan SoD Rules completeness and accuracy by successful certifying all EZ-Compliance clients to be SoD/SOX compliant.
  • 27. EZ-Compliance Automated SoD Scan Employees Roles Corp-wide Applications Business Controls Business Processes Import DEM Visio Employee / Applications Access List (1) Access Scan SoD Conflict Rules SOX – SoD Conflicts List (2) Conflict Scan Resolution Scan (3) SoD Resolution Rules Mitigated Conflicts List Business Risks SoD Library Oracle Mitigation Controls Import LDAP Import ERP
  • 28. SoD Conficting Areas Matrix Click to view detailed business functions & conflicts found 28
  • 29. The automated SoD cycle Import of updated authorizations from all Enterprise Applications Identification of SoD conflicts & related business risks Resolution of conflicts with known patterns Investigation, resolution and mitigation of SoD risks Notification of new conflicts to internal audit team and/or process owners ERP Import Weekly or Daily Result: 90%+ reduction of effort & cost
  • 30. How DynaFlow supports SoD 30  Access/Authorization Mgmt  Cross-systems authorizations (who is accessing what?)  Periodic Access Reviews  SoD Conflicts Identification  Detective validation (what accesses constitute risks?)  Preventive validation (what is the impact if we change …?)  SoD Conflicts Resolution  Automated resolution/mitigation using pattern rules  SoD Conflicts Monitoring & Alerts  Self-generated SoD Matrix with dynamic alerts  Key Performance & Risks Indicators Dashboard (+ mobile)
  • 31. Segregation of Duties (SoD) What you gain with DynaFlow:  Cross-ERP Integration (SAP, Oracle, Baan, Mapics, ...)  Bottled Best Practices:  Fully automated Segregation-of-Duties (SoD) Rules  Pre-Defined SoD Libraries available for Baan, SAP, Oracle, etc...  In line with external auditors to secure successful certification  Detective and also Preventative  Fully automated SoD validation  90% reduction on implementation cost & effort  50% reduction on auditing cost  100% Successful SoD Audit  Simplified insight in all user authorizations
  • 32. 32
  • 33. Integrated Cycles 33 Document Integrate Structure Publish Define Capture Optimize Validate Process Knowledge Review Certify Risk Assessment Control Activity Control Environment Publish Regulations (eg. SOX, ISO, ITAR AS9100, HIPAA, ect) Automate Measure Optimize Route Definition Workflow Objectives Metrics Action Measure Monitor Execute Automation Analyzes
  • 34. DynaFlow Value Proposition 34 Document Integrate Structure Publish Define Capture Optimize Validate Review Certify Risk Assessment Control Activity Control Environment Publish Automate Measure Optimize Route Definition Objectives Action Measure Monitor Execute Analyzes
  • 35. DynaFlow Solution Overview Business Controls Checks Financial (Oracle, etc) ERP (SAP, Baan, Mapics, etc) Process & Knowledge Publishing Process Modeling Business Controls Definition Automated Alerts & Notifications Process Automation Employee Process Dashboard Modeler and Auditor Dashboard Transaction Systems Base Dynamic KCI & Issues Escalation Process Optimization & Monitoring Management Dashboard Dynamic KPI & BI Analytics BPM Reporting Office Apps (MS, Email, VPN, etc)
  • 36. Critical Capabilities Definition ERM & C 36 Audit Management Supports internal auditors in planning and scheduling audit-related tasks, time management, managing work papers, risk assessments, control testing, remediation management and reporting. Risk Management, General Supports risk management professionals with the documentation, workflow, assessment and analysis, reporting, visualization, and remediation of risks. Analytics are mostly qualitative with a limited loss event analysis capability that is not dependent on stochastic analysis. It does not include stochastic analysis, but it may collect data from stochastic risk analytics tools to provide a consolidated view of enterprise risk management. Risk Management, Stochastic Involves stochastic analysis, such as Monte Carlo simulation. Examples include banks that require highly specialized capabilities for Basel II capital calculations and companies that must support project risk assessments of long-term asset investments, such as mining and oil and gas. Only a few EGRC platform vendors directly support these stochastic analysis needs organically or through an OEM partnership. Compliance Management Supports compliance professionals with the documentation, workflow, reporting and visualization of control objectives, controls and associated risks, surveys and self-assessments, testing, and remediation. At a minimum, EGRC management not only will include financial reporting compliance (Sarbanes-Oxley compliance), but also can support other types of compliance, such as ISO 9000, Payment Card Industry, industry-specific regulations, service-level agreements, trading partner requirements and compliance with internal policies. Policy Management Includes a specialized form of document management that enables the policy life cycle from creation to review, change and archiving of policies; mapping of policies to mandates and business objectives in one direction, and risks and controls in another; and distribution to and attestation by employees and business partners. GRC Content Includes many different kinds of content relative to GRC activities. Examples include regulatory analysis and news feeds, standards and frameworks, draft testing and risk assessments, and draft policies. Business Analytics Supports the ability to analyze the impact of risks on business objectives, performance and processes. Gartner, Inc: 30 November 2010/ID Number: G00208665
  • 37. DynaFlow simplification Regulations Implementation SOX HIPAA BASEL II Etc. Framework COSO-II COBIT ...... Policy & Procedure Implementation Business Risks Business Controls: - Information delivery - Resource acces and use - Risk mitigation - ... Evidence Collection Web Portal Demonstratiopn Demofo Cnosmtraptliioapnnc e Demofo Cnosmtraptliioann ce of Compliance establish document test People Processes Technology Facilities Data Audit Business Control Libraries Business Risk Libraries Compliance Program Mgmt. Compliance Change Mgmt. Compliance Issue Mgmt. Compliance Access &SoD Mgmt. Document Mgmt. Audit Trail Cross-ERP Integration & Mapping Operational Risk Monitoring eBook Generation
  • 38. 38