by Gary Byrne, Managing Editor, GRC Expert
GRC Expert - Volume 5 (2012), Update 3

SAP’s Sonny Dasgupta answers questions about how an IT organization can protect its company’s reputation and bottom line from fraud with Oversight Systems’ continuous transaction monitoring (CTM) software. Oversight Systems’ CTM application is an SAP-endorsed Enterprise Business Solution.

by Kehinde Eseyin, Systems Support Manager, TOTAL Nigeria PLC, Nigeria
GRC Expert - Volume 5 (2012), Update 1

Risk Terminator provides the framework that ensures that role provisioning to users and role maintenance (including creation) activities are subjected to proper risk analysis in a scenario in which such activities are performed directly in the plug-in system. Follow this comprehensive step-by-step procedure to learn how to configure and use Risk Terminator productively and efficiently in your SAP BusinessObjects Access Control 10.0-based system landscape.

by Maurizio Binatti, SAP GRC Consultant, Aglea s.r.l.
GRC Expert - Volume 4 (2011), Update 9

Learn how to measure and assess whether three-way match invoice control has been effectively implemented — in terms of security, segregation of duties (SoD), and processes — to reduce the risk of fraud and monetary losses over the procure-to-pay (P2P) process.

by Frank Rambo, Director, Customer Solution Adoption EMEA, SAP
GRC Expert - Volume 4 (2011), Update 9

SAP BusinessObjects Access Control 10.0 centralizes what has traditionally been the disparate process of administering exception-based access. In the past administrators maintained firefighter, owner, and supervisor assignments locally in each system, and business users initiated firefighter sessions in these systems. In version 10.0, however, the process of maintenance and initialization of firefighter sessions is done from the SAP BusinessObjects GRC platform. Additionally, a new workflow provides an auditable process for ensuring that supervisors review the new consolidated log reports following firefighter activity. Examine how log reports are augmented, providing a more complete tracking of firefighter activity. Learn how to use new features available with version 10.0 adding significant value around your emergency access management process.

by Jayne Gibbon, Director of SAP GRC Support, SAP
GRC Expert - Volume 4 (2011), Update 7

Upon first running segregation of duties (SoD) reports in SAP BusinessObjects Access Control, management staff can become overloaded with data and assume that the results simply cannot be correct. It is then the responsibility of the owners of SAP BusinessObjects Access Control to prove that the reports are accurate. Step through the process that SAP BusinessObjects Access Control owners can go through to prove that the reports are correct. The steps are specific to SAP BusinessObjects Risk Analysis and Remediation (RAR) version 5.3, as this is currently the most used version. They are also applicable to SAP BusinessObjects Access Control 10.0.

by Mari Hurskainen, Authorization Global Concept Owner, Nokia Siemens Networks
GRC Expert - Volume 4 (2011), Update 7

Learn how to get the SAP user and approver community truly involved in reviewing segregation of duties (SoD) risk rules.

by Anurag Barua, Director of Information Technology
GRC Expert - Volume 3 (2010), Update 10

Step through nine common purchase-to-pay scenarios and their proper mitigations on the way to compliance. These tips include configuration and processes you can apply in your standard SAP ERP systems.

by Richard Hunt, Managing Director, and Marc Jackson, Consultant, Turnkey Consulting
GRC Expert - Volume 3 (2010), Update 9

Continuous controls monitoring (CCM) can help reduce compliance costs, strengthen the control environment, and reduce the risk of unintentional errors and fraud. Learn how using CCM in your GRC activities can improve business process operations in an efficient, cost-effective manner.

by Regine Schimmer and Jens Koster, SAP AG
SAPinsider - 2010 (Volume 11), April (Issue 2)

Many companies are realizing that they must weave governance, risk, and compliance (GRC) principles into their security processes. By complementing their existing identity management functionality with a GRC solution that manages access control, companies can enable compliant identity management, ensuring that roles and authorizations assigned to a user do not contain conflicting rights. This secures the identity management process, while making it completely compliant.

by Frank Rambo, Director, Regional Implementation Group (RIG) EMEA, SAP GRC
GRC Expert - Volume 3 (2010), Update 1

The Segregation of Duties (SoD) Review feature in SAP BusinessObjects Access Control 5.3 allows for an automated and decentralized SoD review by business managers or risk owners. The SoD Review takes the SoD violations detected during a batch risk analysis and organizes their resolution in a request-based approval workflow. Reviewers can assign mitigation controls for users with SoD violations or request removal of detected violations from the security administrators in the same workflow. The article comes in two parts. In part 1, follow a detailed process flow during an SoD review, its business benefits, and recommended use of various features. Part 2 focuses on configuration of the SoD Review in the system.