SOD MIC
-
Upload
ravi-karamchandani -
Category
Documents
-
view
219 -
download
0
Transcript of SOD MIC
-
7/28/2019 SOD MIC
1/10
SAP AG 2006, mySAP ERP 2005, 1
SAP MIC: Management of Internal Controls
Continuous Improvement
Continuous Improvement
Scoping and
Set-Up
Document
Processes &
Controls
Sign-Off,
Prepare
Certifi cation /
Internal Control
Report
Assess
Control
Design &
Remediate
Issues
Test
Operating
Effective-
ness
Attest
and
Report
Management Auditor
-
7/28/2019 SOD MIC
2/10
SAP AG 2006, mySAP ERP 2005, 2
Disclaimer
These materials are subject to change without notice. These
materials are provided by SAP AG and its affiliated companies
("SAP Group" ) for informational purposes only, without
representation or warranty of any kind, and SAP Group shall not
be liable for errors or omissions with respect to the materials. The
only warranties for SAP Group products and services are those
that are set forth in the express warranty statements
accompanying such products and services, if any. Nothing herein
should be construed as constituting an additional warranty.
-
7/28/2019 SOD MIC
3/10
SAP AG 2006, mySAP ERP 2005, 3
SAP MIC: Import of Automated Control Testing Results
Many companies use dedicated control testing applications to test contro l effectiveness. These
results are automaticall y pushed into MIC via an XI interface.
2) Results pushed to MIC
User Violation DetailedReport Time: Feb 1, 2005 12:59 PM
User Rule Priority Exception
John B lack Create Mas ter Data + Tr igger payment High 1 Violat ion
1) Dedicated tool performs analysis of control effectiveness in ERP system
Example: Test of a Segregation of Duties (SOD) control
XI
Test logs created
Remediation
workflows triggered
Lowered TCO
Business Benefits
Lower cost of compliance
-
7/28/2019 SOD MIC
4/10
SAP AG 2006, mySAP ERP 2005, 4
SAP Automation of MIC Controls - 2005
ReportPDF
ExternalSOD
Toolset mySAP ERP
ControlExecution
mySAP CRM
.
XI
ScheduleJob
ExecuteReport
Post toMIC
DatabaseReport
Generated
MIC
-
7/28/2019 SOD MIC
5/10
SAP AG 2006, mySAP ERP 2005, 5
SAP Automation of MIC Controls - 2005
ReportPDF
External
TestingApplication
XI
ScheduleJob
ExecuteReport
Post toMIC
DatabaseSend
Report
MIC
ReportPDF
1. Trigger
Testing
2. SendResult
3. Send Result
-
7/28/2019 SOD MIC
6/10
SAP AG 2006, mySAP ERP 2005, 6
SAP MIC: Audit Information System (AIS) Link
AIS can be used to perform control effect iveness test ing within the SAP t ransactional
system. A direct link from MIC to AIS will streamline testing activities.
MIC Test Log
Test procedure:
Perform G/L Account
Analysis i n AIS
Enter AIS
Findings:
Reconcil iation delays
exist: see document
100003716/2003 fo r more
info
Tester
enters AIS
via link in
MIC
Tester
documents
results in
MIC
Tester executes repor t
Lowered TCO
Business Benefits
Lower cost of compliance
-
7/28/2019 SOD MIC
7/10
SAP AG 2006, mySAP ERP 2005, 7
Central Process Catalog
SAP MIC: XI Upload of Master Data/Central Catalogs
Process Group 1: Sales and Distribution
Process Group 2:
Process Group 1.2:
Process 5: ..
Process 6: ..
Process Group 1.1: Sales
Process 1: Contract Negot.
Process 2: Order Process.
Process 3: CRM
Process 4: Sales Support
PC4You North America
PC4You USA - East
PC4You USA - West
PC4You Canada
PC4You Mexico
PC4You Corporate
PC4You EMEA
..
Org Unit Hierarchy
Legacy SOX
System / MS Excel
XI Interface
populates
SAP MIC
withexisting
data
SAP MIC
Many companies have initial SOX/contro l documentation in PC-based tools or MS
Excel. Via an XI interface, this data can be uploaded into MIC.
Reduced implementation t ime
Reduced migration costs / TCO
Business Benefits
Reduced cost of compliance
-
7/28/2019 SOD MIC
8/10
SAP AG 2006, mySAP ERP 2005, 8
SAP Analytics Supporting Corporate Governance
Overview Project Progress Control Design Assessment
Process Design Assessment Issue Analysis
-
7/28/2019 SOD MIC
9/10
SAP AG 2006, mySAP ERP 2005, 9
Application Pre-Requisites
These systems are used for data sources: mySAP ERP 2005 (FINBASIS 600) SP02
or mySAP ERP 2004 (FINBASIS 300) SP11
These modules are used as data sources: a back-end application SAP Management of Internal Controls (MIC) as part of mySAP
ERP (must be implemented before this particular analytic app can be deployed)
This particu lar analytic application is fully Remote Function Call (RFC)-based (no BW installation necessary), reading data directly from therespect ive back-end application (SAP MIC). The following advantagesresult from this approach:
Direct MIC data access (no BI-extraction necessary). The use of MICs built-in buffering capability is recommended to optimize performance
Long texts available long texts relating to controls, issues or other objectsare critical in the corporate governance context. It is now possible to displaythese texts in an analytic app as the BW limitation (max. 60 characters)does not apply here
Authorization / Personalization maintained in the back-end application (SAPMIC) applies in the analytic app as well (no double authorizationmaintenance or personalization necessary)
-
7/28/2019 SOD MIC
10/10
SAP AG 2006, mySAP ERP 2005, 10
SAP MIC: Other enhancements
Customer-defined fields
Each customer can choose to add additional documentation fields tomaster data objects such as controls or processes
Mass tester assignment
Testers can be assigned to cover all controls within a particular
organizational unit or process group
Segregation of duties analysis of MIC authorizations
Reports covering which authorizations can be combined within the MIC
application itself (e.g. should a control owner be allowed to test their own
control?)
Versioning for all documents attached to MIC objects