Texas Instruments: Making the Journey from Home-Grown SoD Compliance to SAP GRC AC 10.0 Chris Fowler Solution Architect, Texas Instruments Vicki
|
|
- Brent Arnold
- 7 years ago
- Views:
Transcription
1 Texas Instruments: Making the Journey from Home-Grown SoD Compliance to SAP GRC AC 10.0 Chris Fowler Solution Architect, Texas Instruments Vicki Purcell Senior Associate, PricewaterhouseCoopers
2 About Texas Instruments
3 TI s SAP Landscape Single global instance of ECC 6.04 Originally implemented R/3 4.01B in Jan 1999 Not using SAP for HR processing Approximately 12,000 users world-wide Also running single instances of: GTS 8.0 SRM 4.0 (being upgraded to 7.0) CRM 4.0 (being upgraded to 7.0) SCEM 1.1 (being upgraded to EM 7.0)
4 Learning Points How TI: Replaced a limited, custom SOD management solution with standardized SOD controls. Managed implementation of SOD controls and remediation in one project. Moved from job-based security roles to task-based security roles.
5 Challenges & Revelations Existing access request process was not adequate Need to implement a new access request tool Existing SoD tool was not adequate Need to implement a new tool to standardize SoD management Scope of violations in existing roles was too large to mitigate Need a new approach for SAP security design
6 Challenge #1 Existing access request process was not adequate Sensitive access approval decentralized and manual No integration of custom SoD tool with access requests Manual security provisioning after approvals All reminders and escalations generated manually No enforced SLA - requests taking 2 days to 3 months Inadequate archiving of security requests Firefighter process was ad-hoc
7 Revelation #1 Need to implement a new access request tool SAP GRC Access Control 10.0 ARM and EAM Access Request Management (ARM) Replace manual provisioning Emergency Access Management (EAM) Replace ad-hoc firefighter process
8 Challenge #2 Existing SoD tool was not adequate Custom SoD tool only did Role-to-Role analysis Rules checked for roles that should not be combined Only evaluated violations in the ECC system Only evaluated business risks Mitigating control documentation was only at individual user level Internal Audits found that this level of SoD analysis was not effective
9 Challenge #2 - Example Example: TI Rule #3: Returns Administration and Advanced Receiving Role A: RL143 Returns Administration - VS - Role B: RL119 Advanced Receiving Tool would only flag this role combination as an SoD violation
10 Revelation #2 Need to implement a new tool to standardize SoD management Evaluated several different compliance solutions Decided on SAP GRC Access Control 10.0 ARA Convert TI role to role ruleset structure to GRC s function-risk structure Create more comprehensive SoD rules SAP standard GRC rules TI unique rules PwC leading practice rules
11 Original Project Scope Phase 1: Implement ARA and EAM Define TI SoD ruleset and run against ECC and GTS systems Assign IT users broad, individualized firefighter ID s Complete in October, 2012 Phase 2: Implement ARM and finish EAM Define Access Request approval workflows Final definition and assignment of Firefighter users Complete in February, 2013
12 Challenge #3 Scope of violations in existing roles was too large to mitigate SoD analysis showed an unexpectedly high number of violations Intra-role conflicts were biggest problem User conflicts very high, especially in IT support SoD violations that had not been tracked before What now?
13 Revelation #3 Need a new approach for SAP Security design Clean up existing violations within roles Be sustainable over time Introduce least privilege access for all users
14 Security Approach Options Option 1: Remodel Split roles to single out conflicting transactions Remove authorization objects from specific roles Benefits Provides quick(er) incremental fixes Addresses easy issues Risks Create additional roles which increase maintenance costs Corrects initial issue, but could cause long-term issues Could be more costly in long term Repetitive process required to fix all issues Duplication of access and mixed design complicates provisioning
15 Security Approach Options Option 2: Rebuild Build all new security roles Use transaction usage history, role mapping templates, etc. Implement consistent design meeting business and regulatory needs Benefits Complete SoD remediation much sooner Long-term fix to issues Continuous compliance is possible (get clean stay clean) Reduce maintenance and compliance costs Provides sustainable provisioning design with GRC Efficient resolution of all SAP Security Assessment audit red flags Risks No immediate impact on SoD statistics Will require change in mindset of business and security team
16 Role Design Decision Decision Point: Keep Job-based role model or switch to task-based roles? Pain points with job-based roles: More difficult to control SoD violations Excessive duplication of transactions Roles provide excessive access to the users who only need some of the functions Broad definition of job roles permit them to grow over time Least privilege concept is more difficult to implement with job roles Conclusion: In TI s dynamic environment, designing new job-based roles would have resulted in overly broad access or in a huge number of individually tailored roles
17 Role Design Decision TI s decision: implement task-based role model All roles free of intra-role SoD violations Minimal duplication of tcodes across roles Roles are designed to lowest common denominator to make them reusable Easy to implement least privilege concept User SoD violations are handled with role unassignments rather than role changes Eliminate non-used tcodes from new roles
18 What Task-Based Roles What are task-based roles? What are task-based roles? TIER 1: GENERAL ACCESS General access is provisioned via one single role made up of tasks common to all users, such as printing, inbox, SU53, etc. Where Contract Maintenance AR Common Display Company Code: 1003 User General Process Billing FI Common Display Sales Organization: 1003 Tier 1 Vendor Master Maintenance Tier 2 Tier 4 Tier 3 TIER 2: DISPLAY ACCESS Display access is provisioned via a set of roles defined by functional area that allow display and reporting access intended to compliment the functional roles of the users TIER 3: FUNCTIONAL ACCESS Functional access is provisioned via multiple single task based roles. Role grouping of activities that are the lowest common denominator of tasks and permission components to suit the needs of the end users. These groupings usually are SOD free and part of a sub-process such as Invoice Processing or Material Master Maintenance. TIER 4: CONTROL POINTS Roles that provide additional control point access or granularity needed by Tiers 1-3 such as Company Code, Plant, etc.
19 Project Scope Change Where does role redesign fit in the project scope? Decided to integrate the role redesign and GRC Access Control implementation into a single project Extended Phase 2 (ARM) to complete May, 2013 Added Role Design project to execute in parallel
20 Metrics Increased SoD risk visibility by 700% Decreased number of transactions in roles by 50% Reduced transaction duplication in roles by 97% Eliminated 100% of manual and changed authorizations Eliminated 100% of intra-role SoD violations Reduced SoD user violations by 97%
21 Key Learnings This is rocket science! (you need experts to help) Ensure availability of the core team In a highly customized environment, having a Developer on the project team is key GRC doesn t end with the implementation Be prepared for the potential results - you really don t know how bad the SoD situation is You may not eliminate all SoD violations by segregation
22 SoD Compliance Process Compliance Effort Breakout Mitigation 10% Ruleset Customization 30% Remediation 20% Role Redesign 40%
23 Best Practices Do not allow business users to have direct access to tables and programs Make sure you have at least 12 months of transaction usage data Have separate transactions for display vs. update SAP Security Team should be involved at the beginning of any development project Ensure all roles are free of intra-role violations to make user remediation easier Ownership of risk and role management must belong to the business, not IT Do not underestimate business readiness requirements
24 Key Benefits Automation of security provisioning processes allows SAP Security Team to focus on proactive activities Greater visibility to mitigated and unmitigated SoD conflicts Provides tools to empower the business to own their risk management process Audit independence
25 Questions?
26
27 THANK YOU FOR PARTICIPATING Please provide feedback on this session by completing a short survey via the event mobile application. SESSION CODE: 0901 For ongoing education on this area of focus, visit
The Benefits of Advanced Behavioral Analysis Bridget Wilcox and Luke Finsaas
[ The Benefits of Advanced Behavioral Analysis Bridget Wilcox and Luke Finsaas [ Learning Points What is Advanced Behavioral Analysis? Benefits to SAP Security Benefits to SAP licensing [ WHAT IS ADVANCED
More informationApplication Control Effectiveness for SAP. December 2007
Application Control Effectiveness for SAP December 2007 Meeting Objectives Application Control Effectiveness Compliance at a glance Trends and challenges Technology issues Application Control Business
More informationContinuous Monitoring: Match Your Business Needs with the Right Technique
Continuous Monitoring: Match Your Business Needs with the Right Technique Jamie Levitt, Ron Risinger, September 11, 2012 Agenda 1. Introduction 2. Challenge 3. Continuous Monitoring 4. SAP s Continuous
More informationMinimize Access Risk and Prevent Fraud With SAP Access Control
SAP Solution in Detail SAP Solutions for Governance, Risk, and Compliance SAP Access Control Minimize Access Risk and Prevent Fraud With SAP Access Control Table of Contents 3 Quick Facts 4 The Access
More informationExpert Tips To Simplify And Automate Your User Access Request Process David Denson PwC
Expert Tips To Simplify And Automate Your User Access Request Process David Denson PwC IN THIS SESSION In this session, we will discuss effective strategies that have been utilized at other implementations
More informationS24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma
S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma Governance, Risk, Compliance (GRC) Automation Siamak Razmazma Siamak.razmazma@protiviti.com September 2009 Agenda Introduction to
More informationSAP BusinessObjects GRC Access Control 10.0 New Feature Highlights and Initial Lessons Learned
SAP BusinessObjects GRC Access Control 10.0 New Feature Highlights and Initial Lessons Learned Executive Summary Organizations evaluating technology solutions to enhance their governance, risk and compliance
More informationWelcome to the Audit, Control & Security Stream. Sponsored by:
Welcome to the Audit, Control & Security Stream Sponsored by: Realizing the Value of your Controls Platform Gerald West Manager, Security and Controls Assurance Serco Agenda Introduction Strategies (the
More information1. Introduction to the Automated Accounts Payable Development... 3. 2. Process Flows of Purchase Orders, Goods Receipts and Invoice Queries...
Contents 1. Introduction to the Automated Accounts Payable Development... 3 2. Process Flows of Purchase Orders, Goods Receipts and Invoice Queries... 4 2.1 Ideal MM Process... 4 2.2 Missing GRN process...
More informationMD348 Umoja Asset, Inventory and Equipment Master Data Maintenance. Umoja Asset, Inventory and Equipment Master Data Maintenance Version 5 1
MD348 Umoja Asset, Inventory and Equipment Master Data Maintenance Umoja Asset, Inventory and Equipment Master Data Maintenance Version 5 Copyright Last Modified: United Nations 17-August-13 1 Agenda Course
More informationOverview of SAP BusinessObjects Risk Management 10.0
Overview of SAP BusinessObjects Risk Management 10.0 Applies to: SAP BusinessObjects Risk Management 10.0, SAP NetWeaver 7.0, Enhancement Package 2. For more information, visit the Governance, Risk, and
More informationAP Automation at Fossil. How Fossil implemented Opentext Vendor Invoice Management Wim Schalken
AP Automation at Fossil How Fossil implemented Opentext Vendor Invoice Management Wim Schalken Agenda INTRODUCTION LANDSCAPE PROJECT PROCESS LESSONS LEARNED Click to edit super huge text copy The Fossil
More informationEMC HYBRID CLOUD FOR SAP
White Paper EMC HYBRID CLOUD FOR SAP Centralize compliance information into a single repository Automate application control verification Integrate RSA Archer with SAP EMC Solutions Abstract This White
More informationHow Accenture is taking SAP NetWeaver Identity Management to the next level. Kristian Lehment, SAP AG Matthew Pecorelli, Accenture
How Accenture is taking SAP NetWeaver Identity Management to the next level Kristian Lehment, SAP AG Matthew Pecorelli, Accenture In This Session You will receive an overview of the functionality that
More informationAn Introduction to Continuous Controls Monitoring
An Introduction to Continuous Controls Monitoring Reduce compliance costs, strengthen the control environment and lessen the risk of unintentional errors and fraud Richard Hunt, Managing Director Marc
More informationLessons from McKesson s Approach to Maintaining a Mature, Cost-Effective Sarbanes-Oxley Program
Orange County Convention Center Orlando, Florida May 15-18, 2011 Lessons from McKesson s Approach to Maintaining a Mature, Cost-Effective Sarbanes-Oxley Program Vickie Pilotti Kelly Worley Ben Wienand
More informationEnsuring Contract Compliance through integration of Ariba Contracts and SAP ECC Michael Chavez and Sean Rhoades, Deloitte Consulting LLP
Orange County Convention Center Orlando, Florida June 3-5, 2014 Ensuring Contract Compliance through integration of Ariba Contracts and SAP ECC Michael Chavez and Sean Rhoades, Deloitte Consulting LLP
More informationGRC TRAINING: RISK OWNERS
GRC TRAINING: RISK OWNERS Table of Contents GRC ROLES & RESPONSIBILITIES RISK OWNERS... 3 RESPONSIBILITIES REFERENCE... 3 SAP SECURITY AND GOVERNANCE PROCEDURES... 4 PROCESS 1: NEW OR AMENDED ROLES...
More informationExtraction of SAP Data for Audit & Compliance
Extraction of SAP Data for Audit & Compliance LiveCompare Case Study David Barkhausen 20 November 2012 Contents Key Learning Points British American Tobacco Overview Audit Challenges Addressing The Challenges
More information[ COREY PEARSON. Driving Process Efficiency through SAP Business Workflow at Stanley - 1803. John Hoover, Stanley Works Rajkishore Una, GyanSys Inc.
Driving Process Efficiency through SAP Business Workflow at Stanley - 1803 ] John Hoover, Stanley Works Rajkishore Una, GyanSys Inc. [ CHAVONE JACOBS ASUG INSTALLATION MEMBER MEMBER SINCE: 2003 [ ALLAN
More informationMasterminding Data Governance
Why Data Governance Matters The Five Critical Steps for Data Governance Data Governance and BackOffice Associates Masterminding Data Governance 1 of 11 A 5-step strategic roadmap to sustainable data quality
More informationUsing COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister
Using COBiT For Sarbanes Oxley Japan November 18 th 2006 Gary A Bannister Who Am I? Who am I & What I Do? I am an accountant with 28 years experience working in various International Control & IT roles.
More informationACL WHITEPAPER. Automating Fraud Detection: The Essential Guide. John Verver, CA, CISA, CMC, Vice President, Product Strategy & Alliances
ACL WHITEPAPER Automating Fraud Detection: The Essential Guide John Verver, CA, CISA, CMC, Vice President, Product Strategy & Alliances Contents EXECUTIVE SUMMARY..................................................................3
More informationThe Power of Risk, Compliance & Security Management in SAP S/4HANA
The Power of Risk, Compliance & Security Management in SAP S/4HANA OUR AGENDA Key Learnings Observations on Risk & Compliance Management Current State Current Challenges The SAP GRC and Security Solution
More informationInfosys: Treating Governance and Compliance Strategically with SAP Access Control
Infosys: Treating Governance and Compliance Strategically with SAP Access Control Stringent management of user access controls and the segregation of duties are becoming a strategic concern for businesses
More informationORACLE APPLICATION ACCESS CONTROLS GOVERNOR FOR PEOPLESOFT
ORACLE APPLICATION ACCESS CONTROLS GOVERNOR FOR PEOPLESOFT KEY FEATURES Continuously monitors application users access from high-level ERP roles and permissions to detailed access points 550 + Delivered,
More informationMoving your enterprise systems to the cloud? What do you need to know to manage the risks? Jamie Levitt, Director
www.pwc.com Moving your enterprise systems to the cloud? What do you need to know to manage the risks? November 2015 Jamie Levitt, Director Disclaimer Certain matters reviewed today may represent services
More informationVendor Management. Minimizing Value Leakage. Deloitte Consulting LLP. November 19, 2013
Vendor Management Minimizing Value Leakage Deloitte Consulting LLP November 19, 2013 Vendor Management is a rapidly emerging business practice in the outsourcing industry Define sourcing strategy Assess
More informationIT28 GOING PAPERLESS WITH MICROSOFT DYNAMICS NAV 2016. Tom Taylor, Microsoft
IT28 GOING PAPERLESS WITH MICROSOFT DYNAMICS NAV 2016 Tom Taylor, Microsoft YOUR PRESENTER Tom Taylor Partner Technology Strategist, Microsoft 12 years experience Dynamics NAV NAVUG member 9 years 2 SESSION
More informationGO LIVE, ON TIME, ON BUDGET
GO LIVE, ON TIME, ON BUDGET HOW TO OPTIMISE SAP Implementations AND UPGRADES THE PROBLEM IT leaders are familiar with demands-juggling ; a skill that reflects the success of IT. Business software systems
More informationWhite Paper: The Seven Elements of an Effective Compliance and Ethics Program
White Paper: The Seven Elements of an Effective Compliance and Ethics Program Executive Summary Recently, the United States Sentencing Commission voted to modify the Federal Sentencing Guidelines, including
More informationIDS for SAP. Application Based IDS Reporting in the ERP system SAP R/3
IDS for SAP Application Based IDS Reporting in the ERP system SAP R/3 1 Research Question How is the performance of this SAP IDS when running with reduction of false positives and anonymization? Hypothesis
More informationSAP Workflow Classics Session 803 Martin Maguth, Norikkon Torsten Schnorpfeil, Norikkon
SAP Workflow Classics Session 803 Martin Maguth, Norikkon Torsten Schnorpfeil, Norikkon AGENDA 1. Introduction 2. Purchase requisition release 3. Parked invoice approval 4. TMS transport release KEY LEARNING
More informationSupply Chain Shared Services (SCSS)
Supply Chain Shared Services (SCSS) Agenda Supply Chain, Procurement Program Overview Proposed Policy Changes Procurement Program Objectives Program Key Milestones Next Steps 2 Supply Chain, Procurement
More informationCity of Palo Alto (ID # 1521) Finance Committee Staff Report
City of Palo Alto Finance Committee Staff Report Report Type: Meeting Date: 4/19/2011 Summary Title: SAP Enterprise Resource Planning Assessment Title: Post-Implementation SAP Enterprise Resource Planning
More informationProven deployments across different Industry verticals; Being used by leading brands
What is SapphireIMS? Comprehensive IT Service Management Suite consisting of IT Service desk certified as per ITIL 3.0 (ITSM) IT Asset management (ITAM) Business Service Monitoring (BSM) IT Automation
More informationUsing SAP Master Data Technologies to Enable Key Business Capabilities in Johnson & Johnson Consumer
Using SAP Master Data Technologies to Enable Key Business Capabilities in Johnson & Johnson Consumer Terry Bouziotis: Director, IT Enterprise Master Data Management JJHCS Bob Delp: Sr. MDM Program Manager
More informationCase Study of a Segregation of Duties Project
Case Study of a Segregation of Duties Project Applies to: SAP Security, SAP GRC Access Control Suite For more information, visit the Security homepage. Summary As Companies today are struggling to meet
More informationApplication Management Services (AMS)
Contents 1. AMS : An Overview 2. AMS : Models 3. Delivery Organization 4. Processes & Tools 5. Transition Methodology 6. Pricing Application Management Services (AMS) Enterprise Application Services Capability
More informationCracking the Code on Software License Management
Cracking the Code on Software License Management Overview of IT Asset Management Integration Integration of the physical, financial, and contractual attributes of IT assets Enables the delivery of timely
More informationUnlocking the power of SAP s governance, risk and compliance technology
Insights on governance, risk and compliance March 2013 Unlocking the power of SAP s governance, risk and compliance technology Contents Introduction... 1 Governance, risk and compliance defined... 2 Value
More informationGR5 Access Request. Process Diagram
GR5 Access Request Process Diagram Purpose, Benefits, and Key Process Steps Purpose This scenario uses business roles to show a new user access provisioning and also demo using simplified access request
More informationDisclosure of Drug Promotion Expenses: The Importance of Master Data Management and Considerations for Choosing a Reporting Solution
Disclosure of Drug Promotion Expenses: The Importance of Master Data Management and Considerations for Choosing a Reporting Solution April 2010 This document contains information specific to Cegedim Dendrite
More informationIdentity & Access Management Case Study & Lessons Learned. Prepared by Tariq Jan
Identity & Access Management Case Study & Lessons Learned Prepared by Tariq Jan Investment Bank Case Study Top 5 leading global financial services firm $116 billion in revenue $2 trillion in assets 220k
More informationwww.pwc.com Advisory Services Oracle Alliance Case Study
www.pwc.com Advisory Services Oracle Alliance Case Study A global software company turns a Sarbanes-Oxley challenge into an opportunity for cost reduction and performance improvement Client s challenge
More informationSILVERPOP Step-Up Plan
Big Scary Cranium SILVERPOP Step-Up Plan Evolve from Email marketing to behavioral marketing automation Get more from your investment in IBM Silverpop See your personalized road map to better performance
More informationBusiness-Driven, Compliant Identity Management
SAP Solution in Detail SAP NetWeaver SAP Identity Management Business-Driven, Compliant Identity Management Table of Contents 3 Quick Facts 4 Business Challenges: Managing Costs, Process Change, and Compliance
More informationSoftware Configuration Management Best Practices
White Paper AccuRev Software Configuration Management Best Practices Table of Contents page Executive Summary...2 Introduction...2 Best Practice 1: Use Change Packages to Integrate with Issue Tracking...2
More informationSession 1604 Interactive Discussion Forum with ASUG Solution Manager SIG Leadership: Capitalizing on SAP Solution Manager for your business and IT
Session 1604 Interactive Discussion Forum with ASUG Solution Manager SIG Leadership: Capitalizing on SAP Solution Manager for your business and IT initiatives Disclaimer This presentation outlines our
More informationUsing Technology to Automate Fraud Detection Within Key Business Process Areas
Using Technology to Automate Fraud Detection Within Key Business Process Areas 2013 ACFE Canadian Fraud Conference September 10, 2013 John Verver, CA, CISA, CMA Vice President, Strategy ACL Services Ltd
More informationEnabling Data Quality
Enabling Data Quality Establishing Master Data Management (MDM) using Business Architecture supported by Information Architecture & Application Architecture (SOA) to enable Data Quality. 1 Background &
More informationData Consistency Management Overview January 2014. Customer
Data Consistency Management Overview January 2014 Customer Agenda Motivation SAP Solution Manager as Tool for Data Consistency Management Transactional Correctness (TC) Guided Self Service Data Consistency
More informationIMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE
IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE ABSTRACT Changing regulatory requirements, increased attack surfaces and a need to more efficiently deliver access to the business
More informationM-Files EAM. Agile Plant Maintenance Solutions
M-Files EAM Agile Plant Maintenance s M-Files Platform Development 2005 M-Files 1.0 2006 M-Files 2.0 2006 M-Files 3.0 2002 M-Files Product development started Windows Explorer integration Metadata-driven
More informationService Automation to implement and operate your Cloud initiatives
Service Automation to implement and operate your Cloud initiatives Pierre AESCHLIMANN Principal Solution Consultant (EMEA Global Accounts) BMC Software ! Request, change, and support business services!
More informationData Audit Solution. Data quality visibility in 5 days for improving corporate performance. TABLE OF CONTENTS. Purpose of this white paper
Solution Data quality visibility in 5 days for improving corporate performance. Purpose of this white paper This white paper describes the BackOffice Associates engagement and the increasing importance
More informationService Portfolio Management PinkVERIFY
-11-G-001 General Criteria Does the tool use ITIL 2011 Edition process terms and align to ITIL 2011 Edition workflows and process integrations? -11-G-002 Does the tool have security controls in place to
More informationMulti Channel Invoice Processing the way forward
Multi Channel Invoice Processing the way forward eflow GUIDE: ONE PLATFORM. MULTIPLE SOLUTIONS Top Image Systems A Guide to: Multi Channel Invoice Processing Money makes the world go round, or so they
More informationDETAILED BOOT CAMP AGENDA
DETAILED BOOT CAMP AGENDA Intro to Dynamics CRM 2016: Sales, Marketing, and Service OVERVIEW CRM CONCEPTS AND BASICS CRM Purpose Introduction to Sales Introduction to Marketing Introduction to Service
More informationInternal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation
2015 State of the Internal Audit Profession Study Internal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation 68% of companies have gone through or
More informationBuilding flexible, easy to change and rock-solid applications with BRFplus decision services. Carsten Ziegler, James Taylor
[ Building flexible, easy to change and rock-solid applications with BRFplus decision services Carsten Ziegler, James Taylor [ Learning Points Learn how the empowerment of business experts is built into
More informationIntegrated Governance, Risk and Compliance (igrc) Approach
U.S. Department of Homeland Security (DHS) United States Secret Service (USSS) Integrated Governance, Risk and Compliance (igrc) Approach Concept Paper* *connectedthinking Provided to: Provided by: Mrs.
More informationState of Alaska Enterprise Messaging and Directory Services Strategy Vision and Scope
State of Alaska Enterprise Messaging and Directory Services Strategy Vision and Scope State of Alaska Document ID: Title: Supersedes: Status: 1010 Enterprise Messaging and Directory Services Strategy Vision
More informationRisk Management in Role-based Applications Segregation of Duties in Oracle
Risk Management in Role-based Applications Segregation of Duties in Oracle Sundar Venkat, Senior Manager, Protiviti Tai Tam, Accounting Manager, Electronic Arts Core Competencies C23 Page 0 of 29 Agenda
More informationOptimizing the Source to Contract Process to Maximize and Lock in Savings Patrick Eckhert Cardinal Health Head of Indirect Procurement
Optimizing the Source to Contract Process to Maximize and Lock in Savings Patrick Eckhert Cardinal Health Head of Indirect Procurement Program Goals and Overview Goal Share our strategy and approach for
More informationCA Workload Automation for SAP Software
CA Workload Automation for SAP Software 2 The Application Economy Spurs New SAP System Workload Challenges Business is being shaped more and more by what has become an application-based world. In this
More informationAtlanta OAUG. Internet Expenses Key to speedy processing. Chetan Manjarekar chetan.manjarekar@patni.com
Atlanta OAUG Internet Expenses Key to speedy processing Chetan Manjarekar chetan.manjarekar@patni.com Agenda Business Objectives UnOptimized Process Characteristics Objectives Focus Requirements for speedy
More informationAudit of the Enterprise Resource Planning System Implementation
Office of the City Auditor, City of San Diego Audit Report January 2011 Audit of the Enterprise Resource Planning System Implementation Management identified and addressed most system implementation risks
More informationIntroducing webmethods OneData for Master Data Management (MDM) Software AG
Introducing webmethods OneData for Master Data Management (MDM) Software AG What is Master Data? Core enterprise data used across business processes. Example Customer, Product, Vendor, Partner etc. Product
More informationMonster Energy Energizes Its ERP Testing With Panaya
Orange County Convention Center Orlando, Florida June 3-5, 2014 Monster Energy Energizes Its ERP Testing With Panaya Speakers: Tami Fox Monster Energy Avishai Shafir - Panaya Typical Packaged ERP Systems
More informationSAM Benefits Overview
SAM Benefits Overview control. optimize. grow. M Software Asset Management What is SAM? Software Asset Management, often referred to as SAM, is a vital set of continuous business processes that provide
More informationThe Firewall Audit Checklist Six Best Practices for Simplifying Firewall Compliance and Risk Mitigation
The Firewall Audit Checklist Six Best Practices for Simplifying Firewall Compliance and Risk Mitigation Copyright, AlgoSec Inc. All rights reserved The Need to Ensure Continuous Compliance Regulations
More informationMinder. simplifying IT. All-in-one solution to monitor Network, Server, Application & Log Data
Minder simplifying IT All-in-one solution to monitor Network, Server, Application & Log Data Simplify the Complexity of Managing Your IT Environment... To help you ensure the availability and performance
More informationProduct Complaints Management. Infosys Handbook for Life Sciences
Product Complaints Management Infosys Handbook for Life Sciences Table of Contents Introduction 3 Infosys Point of View 4 Success Story - Complaint management for one of the world s top 5 bio-pharmaceutical
More informationMECOMS Customer Care & Billing As A Service
MECOMS Customer Care & Billing As A Service MECOMS As A Service. Your pay as you grow meter-to-cash solution. Introducing MECOMS As A Service, an innovative customer management and billing solution for
More informationHow to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions
How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions Introduction This paper provides an overview of the integrated solution and a summary of implementation options
More informationMODERNIZING IT PLATFORMS SUCCESSFULLY HOW PLATFORM RENEWAL PROJECTS CREATE VALUE
MODERNIZING IT PLATFORMS SUCCESSFULLY HOW PLATFORM RENEWAL PROJECTS CREATE VALUE INTRODUCTION The machinery and plant engineering industry is under pressure to transform. Globalization, new competitors,
More informationSecurity and Your SAP System When Working with Winshuttle Products
Security and Your SAP System When Working with Winshuttle Products 2014 Winshuttle, LLC. All rights reserved. 2/14 www.winshuttle.com Background Companies running SAP systems are accustomed to configuring
More informationTAKE COST CONTROL AND COMPLIANCE TO A NEW LEVEL. with ACL Travel & Entertainment Expense Fraud and Cost Control Solution
TAKE COST CONTROL AND COMPLIANCE TO A NEW LEVEL with ACL Travel & Entertainment Expense Fraud and Cost Control Solution TAKE COST CONTROL AND COMPLIANCE TO A NEW LEVEL with ACL Travel & Entertainment Expense
More informationFraud Prevention and Deterrence
Fraud Prevention and Deterrence Fraud Risk Assessment 2016 Association of Certified Fraud Examiners, Inc. What Is Fraud Risk? The vulnerability that an organization faces from individuals capable of combining
More informationWhy Professional Services Firms Need an Integrated ERP Solution
A Computer Generated Solutions, Inc. White Paper Why Professional Services Firms Need an Integrated ERP Solution Microsoft Dynamics Case Study 2011 Table of Contents ERP Landscape... 3-4 A More Focused
More informationCOMPLIANCE MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS COMPLIANCE MANAGEMENT SOLUTIONS
THOMSON REUTERS ACCELUS COMPLIANCE MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS Our solutions dynamically connect business transactions, strategy, and operations to the ever-changing regulatory environment,
More informationAli Chalak, Manager. Top 10 Audit Findings
Ali Chalak, Manager Top 10 Audit Findings Objective Review top ten audit findings for credit unions from regulators and external auditors standpoint. We will provide these findings, discuss the impact
More informationIBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems
IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems Proactively address regulatory compliance requirements and protect sensitive data in real time Highlights Monitor and audit data activity
More informationShared Services - Accounts Payable. Technology / Process Enhancements August 2014 Implementation
Shared Services - Accounts Payable Technology / Process Enhancements August 2014 Implementation Shared Services - Accounts Payable Tech / Process Enhancements Agenda: Enhancement Overview Enhancement M-Pathways
More information4/1/2009. Short-termterm
Hi, my name is Susan ITIL in the Workplace The Practical Application of a Best Practice Framework Susan Ryan April 3, 2009 IT industry worker for over 25 years ITIL v2 Manager Certified itsmf Minnesota
More informationCase Study: Intercompany and Revenue Recognition process in SAP for a Professional Services Industry. Sandeep Bagchi and Rahul Raina
Case Study: Intercompany and Revenue Recognition process in SAP for a Professional Services Industry Sandeep Bagchi and Rahul Raina NTT Data at a Glance World s sixth largest IT Service provider & systems
More informationA shift in responsibility. More parties involved Integration with other systems. 2
EFFECTIVE SERVICE RELATIONSHIP MANAGEMENT ALSO INCLUES THE FOLLOWING ACTIVITIES: Today, organizations frequently elect to have certain services be provided by service vendors, also referred to as service
More informationCost Justifying Mobility Management Untapped Cost Savings You Can t Ignore
Wireless expenses are the fastest growing and least managed telecom expenses. Most organizations are managing mobility with a patchwork of manual processes - for hundreds of devices, contracts, and invoices
More informationSAP Change Control - One Integrated Process to Manage Software Solution Deployments SAP AG
SAP Change Control - One Integrated Process to Manage Software Solution Deployments SAP AG Disclaimer This presentation outlines our general product direction and should not be relied on in making a purchase
More informationBilling and Revenue Management - A Case for Change
Achieving High Performance in Insurance Billing SAP Americas Insurance Forum, November 2007 2007 Accenture. All rights reserved. Billing and Revenue Management has a dramatic effect on insurers, reinsurers,
More informationHelping Enterprises Succeed: Responsible Corporate Strategy and Intelligent Business Insights
I D C E X E C U T I V E I N S I G H T S Helping Enterprises Succeed: Responsible Corporate Strategy and Intelligent Business Insights May 2009 By Albert Pang, Research Director, Enterprise Applications
More informationflex support Service Overview
NTS Technology Partners introduce NTS FLEX a unique portfolio of Managed Services, Cloud and Support solutions for any business size. flex support Service Overview Version 1.1 For Further Information see
More informationTest du CISM. Attention, les questions, comme l'examen, ne sont disponibles qu'en anglais.
Test du CISM Attention, les questions, comme l'examen, ne sont disponibles qu'en anglais. 1. Which of the following would BEST ensure the success of information security governance within an organization?
More informationCA Nimsoft Service Desk
CA Nimsoft Service Desk Rapid Workflow Implementation Guide 7.13.7 Legal Notices Copyright 2013, CA. All rights reserved. Warranty The material contained in this document is provided "as is," and is subject
More informationFour Universal Truths Jeopardizing Customer Service in Financial Institutions Changes That Will Transform Customer Service Experiences and Outcomes
White Paper Four Universal Truths Jeopardizing Customer Service in Financial Institutions Changes That Will Transform Customer Service Experiences and Outcomes Sykes Enterprises, Incorporated l www.sykes.com
More informationFermilab Computing Division Service Level Management Process & Procedures Document
BMC Software Consulting Services Fermilab Computing Division Process & Procedures Document Client: Fermilab Date : 07/07/2009 Version : 1.0 1. GENERAL Description Purpose Applicable to Supersedes This
More informationThe Benefits of Component Object- Based SCADA and Supervisory System Application Development
The Benefits of Component Object- Based SCADA and Supervisory System Application Development By Steven D. Garbrecht, Marketing Program Manager for Infrastructure and Platforms Table of Contents 1. Overview...
More informationSummit Platform. IT and Business Challenges. SUMMUS IT Management Solutions. IT Service Management (ITSM) Datasheet. Key Benefits
Summit Platform The Summit Platform provides IT organizations a comprehensive, integrated IT management solution that combines IT service management, IT asset management, availability management, and project
More information