Post on 05-Apr-2015
IT Solutions for Detecting and Preventing Fraud and Error
Presentation to FMI
Sylvie Turcotte, SAP Canada Inc.
November 26, 2008
© SAP 2008 / Page 2
1. Expectations
2. Specific Examples of IT Solutions
3. Key Benefits
Agenda
© SAP 2008 / Page 3
Fundamental Control Principles
Your Applications
Technology People
Inh
ere
nt
Contr
ols
Configura
ble
Contr
ols
Secu
rity
Contr
ols
Report
ing
Contr
ols
Manual &
Pro
ced
ura
lC
ontr
ols
Business Objectives (Control Objectives & Risk)
Co
ntr
ol
Fra
mew
ork
© SAP 2008 / Page 4
What should you expect from your IT solutions?
Accountability and Ownership
Centralized
Integrated
Automated
Auditable
© SAP 2008 / Page 5
1. Expectations
2. Specific Examples of IT Solutions
3. Key Benefits
Agenda
© SAP 2008 / Page 6
The Four Pillars of Internal Control
IT Infrastructure
Perform Assessments
TestAutomated Controls
Test Manual Controls
Sign Off
Remediate Issues
System of Internal Controls:Process-Control-Objective-Risk
Monitor Exceptions
Business Processes
…
Yes
No
S U R V E Y
Cer
tify
Mon
itor
Tes
tD
ocum
ent
© SAP 2008 / Page 7
Document your Controls
IT Infrastructure
Perform Assessments
TestAutomated Controls
Test Manual Controls
Sign Off
Remediate Issues
System of Internal Controls:Process-Control-Objective-Risk
Monitor Exceptions
Business Processes
…
Yes
No
S U R V E Y
Cer
tify
Mon
itor
Tes
tD
ocum
ent
© SAP 2008 / Page 8
Single Repository of Controls
© SAP 2008 / Page 9
Enhanced Accountability – Assignment
© SAP 2008 / Page 10
Enhanced Accountability – Who are the Process and Control Owners?
© SAP 2008 / Page 11
Test Your Controls
IT Infrastructure
Perform Assessments
TestAutomated Controls
Test Manual Controls
Sign Off
Remediate Issues
System of Internal Controls:Process-Control-Objective-Risk
Monitor Exceptions
Business Processes
…
Yes
No
S U R V E Y
Cer
tify
Mon
itor
Tes
tD
ocum
ent
© SAP 2008 / Page 12
Standardization – Documentation
© SAP 2008 / Page 13
Automated Testing
© SAP 2008 / Page 14
Monitor Your Test Results
IT Infrastructure
Perform Assessments
TestAutomated Controls
Test Manual Controls
Sign Off
Remediate Issues
System of Internal Controls:Process-Control-Objective-Risk
Monitor Exceptions
Business Processes
…
Yes
No
S U R V E Y
Cer
tify
Mon
itor
Tes
tD
ocum
ent
© SAP 2008 / Page 15
Scheduling and Process Tracking
© SAP 2008 / Page 16
Scheduling and Process Tracking – Issues
© SAP 2008 / Page 17
Segregation of Duties (SoD Compliance)
© SAP 2008 / Page 18
System Security Controls
Compliant provisioning with dynamic workflow
Path workflow—based on request
type and user attributes
Escalation workflow
Exception workflow
Via e-mail
One-click preventive simulation
100% automated
HR event
Employeehired/retired
Request generate
d100% automated
Mgr approva
l
Risk analysis
Automated provisionin
g
Compliant super user access
New session New session New session New session
SAP_ALL
• Pre-assigned firefighter IDs• Access restrictions• Validity dates• Field-level changes tracked in audit log
Superuser
Firecall ID …
Log
Firecall ID
FICO
Firecall ID
MM
Firecall ID
SD
LogLogLog
© SAP 2008 / Page 19
Reporting – Dashboard
© SAP 2008 / Page 20
Certify Your Compliance
IT Infrastructure
Perform Assessments
TestAutomated Controls
Test Manual Controls
Sign Off
Remediate Issues
System of Internal Controls:Process-Control-Objective-Risk
Monitor Exceptions
Business Processes
…
Yes
No
S U R V E Y
Cer
tify
Mon
itor
Tes
tD
ocum
ent
© SAP 2008 / Page 21
Certification Status
© SAP 2008 / Page 22
1. Expectations
2. Specific Examples of IT Solutions
3. Key Benefits
Agenda
© SAP 2008 / Page 23
Expected Benefits
Reduce RISKS, TIME, and COSTS
Effectively mitigate business risks12
6
9 3
12
11
45
8
10
7
Lower costs of internal control with centralized control management
Implement operational controls to improve business process management
© SAP 2008 / Page 24
Come See Us!
At our Booth
Lunch & Learn on SAP GRC Solutions When: December 10th, 12:00pm – 1:30pmWhere: SAP Office – 100 Murray Street, 2nd Floor
© SAP 2008 / Page 25
Thank you! Merci!