IT Solutions for Detecting and Preventing Fraud and Error Presentation to FMI Sylvie Turcotte, SAP...

IT Solutions for Detecting and Preventing Fraud and Error

Presentation to FMI

Sylvie Turcotte, SAP Canada Inc.

November 26, 2008

© SAP 2008 / Page 2

1. Expectations

2. Specific Examples of IT Solutions

3. Key Benefits

Agenda

© SAP 2008 / Page 3

Fundamental Control Principles

Your Applications

Technology People

Inh

ere

nt

Contr

ols

Configura

ble

Contr

ols

Secu

rity

Contr

ols

Report

ing

Contr

ols

Manual &

Pro

ced

ura

lC

ontr

ols

Business Objectives (Control Objectives & Risk)

Co

ntr

ol

Fra

mew

ork

© SAP 2008 / Page 4

What should you expect from your IT solutions?

Accountability and Ownership

Centralized

Integrated

Automated

Auditable

© SAP 2008 / Page 5

1. Expectations


3. Key Benefits

Agenda

© SAP 2008 / Page 6

The Four Pillars of Internal Control

IT Infrastructure

Perform Assessments

TestAutomated Controls

Test Manual Controls

Sign Off

Remediate Issues

System of Internal Controls:Process-Control-Objective-Risk

Monitor Exceptions

Business Processes

…

Yes

No

S U R V E Y

Cer

tify

Mon

itor

Tes

tD

ocum

ent

© SAP 2008 / Page 7

Document your Controls

IT Infrastructure

Perform Assessments



Sign Off

Remediate Issues


Monitor Exceptions

Business Processes

…

Yes

No

S U R V E Y

Cer

tify

Mon

itor

Tes

tD

ocum

ent

© SAP 2008 / Page 8

Single Repository of Controls

© SAP 2008 / Page 9

Enhanced Accountability – Assignment

© SAP 2008 / Page 10

Enhanced Accountability – Who are the Process and Control Owners?

© SAP 2008 / Page 11

Test Your Controls

IT Infrastructure

Perform Assessments



Sign Off

Remediate Issues


Monitor Exceptions

Business Processes

…

Yes

No

S U R V E Y

Cer

tify

Mon

itor

Tes

tD

ocum

ent

© SAP 2008 / Page 12

Standardization – Documentation

© SAP 2008 / Page 13

Automated Testing

© SAP 2008 / Page 14

Monitor Your Test Results

IT Infrastructure

Perform Assessments



Sign Off

Remediate Issues


Monitor Exceptions

Business Processes

…

Yes

No

S U R V E Y

Cer

tify

Mon

itor

Tes

tD

ocum

ent

© SAP 2008 / Page 15

Scheduling and Process Tracking

© SAP 2008 / Page 16

Scheduling and Process Tracking – Issues

© SAP 2008 / Page 17

Segregation of Duties (SoD Compliance)

© SAP 2008 / Page 18

System Security Controls

Compliant provisioning with dynamic workflow

Path workflow—based on request

type and user attributes

Escalation workflow

Exception workflow

Via e-mail

One-click preventive simulation

100% automated

HR event

Employeehired/retired

Request generate

d100% automated

Mgr approva

l

Risk analysis

Automated provisionin

g

Compliant super user access

New session New session New session New session

SAP_ALL

• Pre-assigned firefighter IDs• Access restrictions• Validity dates• Field-level changes tracked in audit log

Superuser

Firecall ID …

Log

Firecall ID

FICO

Firecall ID

MM

Firecall ID

SD

LogLogLog

© SAP 2008 / Page 19

Reporting – Dashboard

© SAP 2008 / Page 20

Certify Your Compliance

IT Infrastructure

Perform Assessments



Sign Off

Remediate Issues


Monitor Exceptions

Business Processes

…

Yes

No

S U R V E Y

Cer

tify

Mon

itor

Tes

tD

ocum

ent

© SAP 2008 / Page 21

Certification Status

© SAP 2008 / Page 22

1. Expectations


3. Key Benefits

Agenda

© SAP 2008 / Page 23

Expected Benefits

Reduce RISKS, TIME, and COSTS

Effectively mitigate business risks12

6

9 3

12

11

45

8

10

7

Lower costs of internal control with centralized control management

Implement operational controls to improve business process management

© SAP 2008 / Page 24

Come See Us!

At our Booth

Lunch & Learn on SAP GRC Solutions When: December 10th, 12:00pm – 1:30pmWhere: SAP Office – 100 Murray Street, 2nd Floor

© SAP 2008 / Page 25

Thank you! Merci!

Date post:	05-Apr-2015
Category:	Documents
Upload:	vreni-ebbert
View:	108 times
Download:	3 times

IT Solutions for Detecting and Preventing Fraud and Error Presentation to FMI Sylvie Turcotte, SAP...

Documents