1 / 13

SAP Security and Controls

SAP Security and Controls . Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations . Agenda. Increased Focus on Security & Controls SAP R/3 Security Risks & Controls Security Management Security Compliance Tools Questions.

dorjan
Download Presentation

SAP Security and Controls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations

  2. Agenda • Increased Focus on Security & Controls • SAP R/3 Security Risks & Controls • Security Management • Security Compliance Tools • Questions

  3. Increased Focus on Security and Controls • Fraud (Barings Bank,WorldCom, Enron,...) • Security Breaches (UCs, BC, Stanford...) • Regulatory Compliance • Sarbanes-Oxley (SOX) • Family Educational Rights and Privacy Act (FERPA) • Gramm-Leach-Bliley Act (GLBA) • Health Insurance Portability and Accountability Act (HIPAA)

  4. Security Risks • Access Control • Do some users have too much access? • Sufficient access restrictions to private information? • Segregation of Duties (SoD)

  5. Security Compliance Tools – Internal Controls • “Internal Controls are processes designed by management to provide reasonable assurance that the Institute will achieve its objectives” (From MIT’s Guidelines For Financial Review and Control) • Cost of implementing control should not exceed the expected benefit of the control • “Security is a process not a product”

  6. Security Compliance Tools Who has access to sensitive transactions? Are there any SoD violations? • Real-Time Monitoring • Remove access or assign mitigating controls • Reduce time and effort when providing information to auditors • Used during implementation of new modules

  7. SoD Rules Matrix • Predefined SoD Rule Set • Can Add Custom Transactions to Rule Set

  8. Virsa-Compliance Calibrator

  9. Virsa-Compliance Calibrator

  10. Virsa-Compliance Calibrator • Resolve SoD Issues

  11. Security Compliance Software Vendors • Virsa • Approva • Oversight Systems • Big 4 (E&Y, PwC, KPMG, Deloitte)

  12. Benefits of Security Compliance Tools - Summary • Run with SAP R/3 • Automate SoD analysis • Automate monitoring of critical transactions • Quick assessment of authorization compliance for business users, auditors, and IT security staff • Used during development/project efforts • Avoid manual analysis and false positives

  13. Questions

More Related