IT Solutions for Detecting and Preventing Fraud and Error Presentation to FMI Sylvie Turcotte, SAP...
-
Upload
vreni-ebbert -
Category
Documents
-
view
108 -
download
3
Transcript of IT Solutions for Detecting and Preventing Fraud and Error Presentation to FMI Sylvie Turcotte, SAP...
IT Solutions for Detecting and Preventing Fraud and Error
Presentation to FMI
Sylvie Turcotte, SAP Canada Inc.
November 26, 2008
© SAP 2008 / Page 2
1. Expectations
2. Specific Examples of IT Solutions
3. Key Benefits
Agenda
© SAP 2008 / Page 3
Fundamental Control Principles
Your Applications
Technology People
Inh
ere
nt
Contr
ols
Configura
ble
Contr
ols
Secu
rity
Contr
ols
Report
ing
Contr
ols
Manual &
Pro
ced
ura
lC
ontr
ols
Business Objectives (Control Objectives & Risk)
Co
ntr
ol
Fra
mew
ork
© SAP 2008 / Page 4
What should you expect from your IT solutions?
Accountability and Ownership
Centralized
Integrated
Automated
Auditable
© SAP 2008 / Page 5
1. Expectations
2. Specific Examples of IT Solutions
3. Key Benefits
Agenda
© SAP 2008 / Page 6
The Four Pillars of Internal Control
IT Infrastructure
Perform Assessments
TestAutomated Controls
Test Manual Controls
Sign Off
Remediate Issues
System of Internal Controls:Process-Control-Objective-Risk
Monitor Exceptions
Business Processes
…
Yes
No
S U R V E Y
Cer
tify
Mon
itor
Tes
tD
ocum
ent
© SAP 2008 / Page 7
Document your Controls
IT Infrastructure
Perform Assessments
TestAutomated Controls
Test Manual Controls
Sign Off
Remediate Issues
System of Internal Controls:Process-Control-Objective-Risk
Monitor Exceptions
Business Processes
…
Yes
No
S U R V E Y
Cer
tify
Mon
itor
Tes
tD
ocum
ent
© SAP 2008 / Page 8
Single Repository of Controls
© SAP 2008 / Page 9
Enhanced Accountability – Assignment
© SAP 2008 / Page 10
Enhanced Accountability – Who are the Process and Control Owners?
© SAP 2008 / Page 11
Test Your Controls
IT Infrastructure
Perform Assessments
TestAutomated Controls
Test Manual Controls
Sign Off
Remediate Issues
System of Internal Controls:Process-Control-Objective-Risk
Monitor Exceptions
Business Processes
…
Yes
No
S U R V E Y
Cer
tify
Mon
itor
Tes
tD
ocum
ent
© SAP 2008 / Page 12
Standardization – Documentation
© SAP 2008 / Page 13
Automated Testing
© SAP 2008 / Page 14
Monitor Your Test Results
IT Infrastructure
Perform Assessments
TestAutomated Controls
Test Manual Controls
Sign Off
Remediate Issues
System of Internal Controls:Process-Control-Objective-Risk
Monitor Exceptions
Business Processes
…
Yes
No
S U R V E Y
Cer
tify
Mon
itor
Tes
tD
ocum
ent
© SAP 2008 / Page 15
Scheduling and Process Tracking
© SAP 2008 / Page 16
Scheduling and Process Tracking – Issues
© SAP 2008 / Page 17
Segregation of Duties (SoD Compliance)
© SAP 2008 / Page 18
System Security Controls
Compliant provisioning with dynamic workflow
Path workflow—based on request
type and user attributes
Escalation workflow
Exception workflow
Via e-mail
One-click preventive simulation
100% automated
HR event
Employeehired/retired
Request generate
d100% automated
Mgr approva
l
Risk analysis
Automated provisionin
g
Compliant super user access
New session New session New session New session
SAP_ALL
• Pre-assigned firefighter IDs• Access restrictions• Validity dates• Field-level changes tracked in audit log
Superuser
Firecall ID …
Log
Firecall ID
FICO
Firecall ID
MM
Firecall ID
SD
LogLogLog
© SAP 2008 / Page 19
Reporting – Dashboard
© SAP 2008 / Page 20
Certify Your Compliance
IT Infrastructure
Perform Assessments
TestAutomated Controls
Test Manual Controls
Sign Off
Remediate Issues
System of Internal Controls:Process-Control-Objective-Risk
Monitor Exceptions
Business Processes
…
Yes
No
S U R V E Y
Cer
tify
Mon
itor
Tes
tD
ocum
ent
© SAP 2008 / Page 21
Certification Status
© SAP 2008 / Page 22
1. Expectations
2. Specific Examples of IT Solutions
3. Key Benefits
Agenda
© SAP 2008 / Page 23
Expected Benefits
Reduce RISKS, TIME, and COSTS
Effectively mitigate business risks12
6
9 3
12
11
45
8
10
7
Lower costs of internal control with centralized control management
Implement operational controls to improve business process management
© SAP 2008 / Page 24
Come See Us!
At our Booth
Lunch & Learn on SAP GRC Solutions When: December 10th, 12:00pm – 1:30pmWhere: SAP Office – 100 Murray Street, 2nd Floor
© SAP 2008 / Page 25
Thank you! Merci!