Big4Guy
Big4GuyWelcome to Big4Guy.com. Big4Guy is an online resource where I will share with you the latest news, insights, knowledge and some experiences as a Big 4 consultant. We will discuss some of the important issues which organisations are facing today in the areas of information security, security and controls in SAP R/3, Oracle Applications, J.D.Edwards, Peoplesoft and various other ERP's. You will also find information on latest complaince regulations like Sarbanes Oxley, Basel II and so on. Big4guy will also attempt to provide valuable resources for individuals interested in examinations the CISA, CISM, CISSP, PMP and various other security certifications considered essential for entry in any Big 4 accounting, auditing and consulting firms. You are invited to post your comments and viewpoints to posts here. I sincerely hope this online journal will be useful to everyone from a budding student to a professional in the accounting, auditing, management and consultancy professions.
|
Post details: Benefits of Implementing a Governance Risk and Compliance Solution
02/27/08
Benefits of Implementing a Governance Risk and Compliance Solution
At a recent SAP conference session, one of my colleagues presented a case study on how implementing SAP's GRC solution set can be useful to a company. His slides were based around how to build a business case for implementing Virsa. He used his own real life examples and decision criteria used by his organisation while implementing a SOX compliance tool like Virsa. I am summarizing some of the key points from his presentation below. Five key benefits of implementing Virsa Compliance Calibrator are listed below, though the list is not exhaustive, these can be used a starting points by organisations in building the business case for Virsa CC implementation:
1. Real time analysis and reporting - SAP's GRC solution helps in real time analysis of SODs.
Reports can be run instantly from SAP itself. There is no need to export tables or report data from SAP for analysis. All the data that one needs is in built in the compliance calibrator GRC solution.
2. Security Redesign not required - Implementing a tool like Virsa does not require companies to redsign their security. The security process can essentially be the same. Virsa can be used as an out of the box solution, to assess the security roles, user's access and SODs.
3. Easy implementation and maintenance - The single most important beenfit of Virsa is the
implementation time. The time required for implementing Virsa is very short, most companies have implemented SAP Virsa compliance calibrator within a week, time to go-live is one week in most cases.
4. Controls documentation - Business process controls can be documented within the Virsa tool. So in case, there is a compensating control which mitigates an existing risk, this can be referenced in Virsa CC directly.
5. Preventative Solution - Continuous compliance is the buzzword today. Security risk assessment at the role profile level becomes possible with SAP GRC before the role is attached to an user's ID. Risk analysis can be run to check if adding a transaction to a role will result in SOD. This entire approach is more preventative rather than detective.
Read more like this....
SAP R/3 System Landscape
SAP R/3 Installation Guide
Manual Authorization Roles in SAP R/3
SAP System Administration Concepts
Comments:
No Comments for this post yet...
Categories
Archives
Search
| Mon | Tue | Wed | Thu | Fri | Sat | Sun |
|---|---|---|---|---|---|---|
| << < | > >> | |||||
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | ||||||
Misc
All content copyright © 2005-2008
Big4Guy.com
Do not reproduce either in part or full without the express permission of the
Webmaster
