SlideShare a Scribd company logo
1
Contact Information 
•Dan Aldridge CEO Performa Apps 
•e-mail dan.aldridge@i-app.com 
•website www.inforln.com/wp 
•linkedin Dan Aldridge 
•twitter @Danaldridge1 
•
Agenda 
 Introduction DynaFlow 
Governance Risk & Compliance / Enterprise Risk 
Management 
Segregation of Duties for Baan / LN 
 Impact on ERP implementation 
Contact details: 
Aart de Glint 
adeglint@dynaflow-solutions.com 
Phone +31 318 479712 
Mobile +31 654 392046 
3
DynaFlow Profile 
 Main Facts: 
 
Established in 1997 
 
Private company HQ in Canada 
 
Partners in USA, France, Netherlands, Norway, India, Thailand and Australia 
 Main mission: 
 
To enable global companies to become “Simply in Control” by proactively 
managing enterprise risks, demonstrating compliance and automating and 
optimizing business processes. 
 
Dedicated to provide its clients a fast ROI through a short and structured 
implementation 
 Professional Services: 
 
Implementation and Training 
 
Compliance & Audit Support 
 
Process Optimization 
 
Solution Hosting Services 
4
DynaFlow: Makes it EZ for...
6
Cooking the Books 
7 
Mr. Ebbers (WorldCom), Mr. Lay (Enron), Mr. Kozlowski (Tyco) 
http://www.cbsnews.com/video/watch/?id=859384n
8
Regulation - The Hot Potato 
9 
Loi sur La Sécurité Financière (LSF) 
SAS-70 
SOX 
C-SOX 
J-SOX 
‘Euro-SOX’ 
Code Tabaksblat 
Code Lippens 
8th EU Directive 
Clinger Cohen 
21 CFR Part 11 
IFRS 
Basel-II 
BilMoG
Governance, Risk Mngnt & Compliance 
Governance 
describes the overall management approach through which senior executives direct and 
control the entire organization, using a combination of management information and 
hierarchical management control structures. Governance activities ensure that critical 
management information reaching the executive team is sufficiently complete, accurate and 
timely to enable appropriate management decision making, and provide the control 
mechanisms to ensure that strategies, directions and instructions from management are 
carried out systematically and effectively. 
Risk management 
is the set of processes through which management identifies, analyzes, and, where 
necessary, responds appropriately to risks that might adversely affect realization of the 
organization's business objectives. The response to risks typically depends on their perceived 
gravity, and involves controlling, avoiding, accepting or transferring them to a third party. 
Whereas organizations routinely manage a wide range of risks (e.g. technological risks, 
commercial/financial risks, information security risks etc.), external legal and regulatory 
compliance risks are arguably the key issue in GRC. 
Compliance 
means conforming with stated requirements. At an organizational level, it is achieved through 
management processes which identify the applicable requirements (defined for example in 
laws, regulations, contracts, strategies and policies), assess the state of compliance, assess 
the risks and potential costs of non-compliance against the projected expenses to achieve 
compliance, and hence prioritize, fund and initiate any corrective actions deemed 
necessary. 
10
GRC/ERM Support at all levels 
Levels of GRC model 
Strategical 
Tactical 
Operational 
•Policy 
•Enterprise Risk Management (Strategic) 
•Integrated Compliance Frameworks 
•Consolidated Dashboards (Control Statements) 
•Procedures 
•Process Risk Analysis (Tactical) 
•Process & Internal Control Design & Maintenance 
•Review (workflow) 
•Monitoring Efficiency of Internal Controls 
•Embedded testing & test evidence 
•Document Management System 
•KPI/”In Control” reports 
Continuous monitoring as part of normal business process 
•Policy 
•Enterprise Risk Management (Strategic) 
•Integrated Compliance Frameworks 
•Consolidated Dashboards (Control Statements) 
Purchasing 
Warehouse 
Management 
Manufacturing 
Sales & 
Distribution 
•Review 
•Test
Compliance – Why is this important 
Regulation 
Corporate & Executive Responsibility & Liability 
Fear for Reputation Damage 
Tightened Credit Lines 
Premium Insurance Fees 
Policy Interpretation 
Implementation Cost 
Overhead 
Audit Cost
From Regulation to Compliance 
Regulations Implementation 
SOX 
HIPAA 
BASEL II 
Etc. 
Framework 
ERM 
COSO-II 
COBIT 
... 
Policy & Procedure 
Implementation 
Business Risks 
Business Controls: 
- Information delivery 
- Resource acces and use 
- Risk mitigation 
- ... 
Evidence 
Collection 
Demonstratiopn 
Demofo Cnosmtraptliioapnnc e 
Demofo Cnosmtraptliioann ce 
of Compliance 
establish document test 
People Processes Technology Facilities Data 
Audit
SOX Section 404 – Internal Control 
Assessment of internal control 
“The most contentious aspect of SOX is Section 404, 
which requires management and the external auditor to 
report on the adequacy of the company's internal 
control over financial reporting (ICFR). This is the 
most costly aspect of the legislation for companies to 
implement, as documenting and testing important 
financial manual and automated controls requires 
enormous effort.” 
14 
http://www.heritage.org/CDA/upload/SOX-CDA-edited-3.pdf
SOX Internal Control Requirements 
15 
Documentation 
 
Detailed Process description 
 
Process flowchart (preferable) 
 
Business Risk Assessments 
 
Risk Control Matrix (RCM) 
Testing 
 
Annual walkthrough of each process. 
 
Testing of key controls. 
Periodic Reviews 
 
Review of process steps and controls 
 
Updating of all documentation 
Annual External IC Audit 
 
Essentially external validations that yes you did 1 through 3 above. 
 
The auditor would use a predefined “checklists
Risk / Control Matrix 
16 
All non-PO invoices received at month end are entered 
into the system within 3 days of month-end to ensure 
proper inclusion into Accounts Payable. 
For production invoices, invoices can only be entered 
into the system for automatic matching if a valid PO and 
receipt are already in the system. The system populates 
the invoice price and due date information from the PO 
information. 
All unmatched PO invoices are forwarded to purchasing 
for follow-up. 
All purchase orders and non-PO invoices are reviewed, 
including ledger account coding, and are authorized in 
accordance with company policy. 
Cycle counts that result in a difference from perpetual 
quantity outside limits set by company policy are 
reviewed; items with a varance deemed to be material 
are recounted. 
RISK / CONTROL MATRIX 
Risk 
Auditor Assertion ACP-C01 ACP-C04 ACP-C16 PUR-C11 INV-C18 
R007 
What ensures that purchases are recorded into the proper 
accounting period? 
Completeness PC 
R011 
What ensures that invoice prices, quantities and other valuation 
information is correct? 
Completeness, 
E/O, M/V 
PC PC 
R042 
What ensures that duplicate and/or fictitious purchases are not 
recorded? 
Existence/ 
Occurrence 
PC PC 
R075 
What ensures that perpetual inventory records reflect proper 
quantities and amounts? 
Existence/ 
Occurrence 
PC DC 
R079 
What ensures that perpetual-to-physical inventory adjustments are 
correctly calculated and recorded? 
Completeness, 
Measurement/ 
Valuation 
DC 
R093 
What ensures that inventory counts, compilations and descriptions 
are accurate? 
Measurement/ 
Valuation 
DC 
PC = Preventive Control 
DC = Detective Control
Enterprise Risk Management (ERM/GRC) 
The key pains & challenges: 
 Extra burden “on top” of running the company 
 Draining resources from critical projects 
 Absence of clear and documented guidelines 
 Absence of automation 
 Cannot be postponed (scheduled audits) 
 Cost (with NO tangible ROI) 
The proposed approach & resolution: 
 Leverage pre-defined knowledge via libraries 
 Avoid multiple partial systems (and integration burden) 
 Automate as much as possible tedious and large volume 
tasks
How DynaFlow supports ERM/GRC 
18 
 Business Risks & Business Controls Library 
 2,500+ pre-defined Controls, Risks and relationships 
 Certified Best Practices / Benchmark 
 For all regional & industry specific regulations 
 (SOX, Basel-II, L262, FDA, HIPAA, IFSR, ISO, etc…) 
 To address all auditing/auditors requirements 
 Automated Business Control Execution 
 Testing Schedules with automated notification & testing 
 Real-time monitoring & alerts for testers and Mgmt 
 Evidence Collection & audit trail 
 Dynamic Risk and Business Control Monitoring 
 Key Performance & Risks Indicators Dashboard (+ mobile) 
 Audit Support 
 Combination of Solution, Libraries and Services
19
Segregation of Duties (SoD) 
The key pains & challenges: 
 Now a Critical Business Control for ALL organizations 
 Involves large volume of data 
(i.e. Typical = 200,000+ authorizations in Baan alone) 
 Need to be done across Systems (ERP) and for ALL 
access types 
 Is a recurring process due to constant changes 
The proposed approach & resolution: 
 Automation, 
 automation 
 and automation!
Cross-Applications ERM & SoD
Business Processes & Controls Integr. 
Process 
Diagram 
Employees 
User 
Roles 
Business 
Risks 
Applications 
Access Mgmt 
Business 
Controls 
Compliance Mgmt 
SoD Mgmt 
SoD 
Conflict 
Rules 
SoD 
Business 
Conflicts 
Conflict 
Resolution 
Documents 
Documents 
Document Mgmt
EZ-Compliance SoD Scan 
Mapics 
Hyperion 
BPCS 
… 
Network Access 
Facility Access 
Security Badges 
… 
Mapics 
Ceridian 
…
Master SoD Matrix 
24
Over 400+ SoD “zones” to be validated 
25
The LN / Baan SoD Rules Library 
 Introduced in 2005 
 Required 2 years initial development, and is updated 
26 
regularly 
 Content and design validated by CFO, Controllers, SOX 
Senior Consultants, Baan Specialists, etc... 
 Covers all Baan versions (Triton, Baan IV, ERP-5, LN) 
 Compliant to Baan Tools and DEM authorizations 
 Verify 22,000+ Baan session combinations for SoD violations 
(with violation rating) to validate 400+ SoD sensitive “zones” 
 Auditors such as E&Y, KPMG, D&T, PWC, Grant Thornton 
validated the Baan SoD Rules completeness and accuracy 
by successful certifying all EZ-Compliance clients to be 
SoD/SOX compliant.
EZ-Compliance Automated SoD Scan 
Employees 
Roles 
Corp-wide 
Applications 
Business 
Controls 
Business 
Processes 
Import 
DEM 
Visio 
Employee / 
Applications 
Access 
List 
(1) 
Access 
Scan 
SoD 
Conflict 
Rules 
SOX – SoD 
Conflicts 
List 
(2) 
Conflict 
Scan 
Resolution 
Scan 
(3) 
SoD 
Resolution 
Rules 
Mitigated 
Conflicts 
List 
Business 
Risks 
SoD 
Library 
Oracle 
Mitigation 
Controls 
Import 
LDAP 
Import 
ERP
SoD Conficting Areas Matrix 
Click to view 
detailed business 
functions & 
conflicts found 
28
The automated SoD cycle 
Import of updated 
authorizations from 
all Enterprise 
Applications 
Identification of 
SoD conflicts & 
related business 
risks 
Resolution of 
conflicts with 
known patterns 
Investigation, 
resolution and 
mitigation of 
SoD risks 
Notification of new 
conflicts to internal 
audit team and/or 
process owners 
ERP 
Import 
Weekly 
or 
Daily 
Result: 90%+ reduction of effort & cost
How DynaFlow supports SoD 
30 
 Access/Authorization Mgmt 
 Cross-systems authorizations (who is accessing what?) 
 Periodic Access Reviews 
 SoD Conflicts Identification 
 Detective validation (what accesses constitute risks?) 
 Preventive validation (what is the impact if we change …?) 
 SoD Conflicts Resolution 
 Automated resolution/mitigation using pattern rules 
 SoD Conflicts Monitoring & Alerts 
 Self-generated SoD Matrix with dynamic alerts 
 Key Performance & Risks Indicators Dashboard (+ mobile)
Segregation of Duties (SoD) 
What you gain with DynaFlow: 
 Cross-ERP Integration (SAP, Oracle, Baan, Mapics, ...) 
 Bottled Best Practices: 
 Fully automated Segregation-of-Duties (SoD) Rules 
 Pre-Defined SoD Libraries available for Baan, SAP, Oracle, 
etc... 
 In line with external auditors to secure successful 
certification 
 Detective and also Preventative 
 Fully automated SoD validation 
 90% reduction on implementation cost & effort 
 50% reduction on auditing cost 
 100% Successful SoD Audit 
 Simplified insight in all user authorizations
32
Integrated Cycles 
33 
Document 
Integrate 
Structure 
Publish 
Define 
Capture 
Optimize 
Validate 
Process 
Knowledge 
Review 
Certify 
Risk 
Assessment 
Control 
Activity 
Control 
Environment 
Publish 
Regulations 
(eg. SOX, ISO, ITAR 
AS9100, HIPAA, ect) 
Automate 
Measure 
Optimize 
Route 
Definition 
Workflow 
Objectives 
Metrics 
Action Measure 
Monitor Execute Automation 
Analyzes
DynaFlow Value Proposition 
34 
Document 
Integrate 
Structure 
Publish 
Define 
Capture 
Optimize 
Validate 
Review 
Certify 
Risk 
Assessment 
Control 
Activity 
Control 
Environment 
Publish 
Automate 
Measure 
Optimize 
Route 
Definition 
Objectives 
Action Measure 
Monitor Execute 
Analyzes
DynaFlow Solution Overview 
Business 
Controls 
Checks 
Financial (Oracle, etc) 
ERP (SAP, Baan, Mapics, etc) 
Process & 
Knowledge 
Publishing 
Process 
Modeling 
Business 
Controls 
Definition 
Automated 
Alerts & 
Notifications 
Process 
Automation 
Employee 
Process 
Dashboard 
Modeler and 
Auditor 
Dashboard 
Transaction 
Systems 
Base 
Dynamic KCI 
& Issues 
Escalation 
Process 
Optimization 
& Monitoring 
Management 
Dashboard 
Dynamic KPI 
& 
BI Analytics 
BPM Reporting 
Office Apps (MS, Email, VPN, etc)
Critical Capabilities Definition ERM & C 
36 
Audit Management 
Supports internal auditors in planning and scheduling audit-related tasks, time management, managing work papers, 
risk assessments, control testing, remediation management and reporting. 
Risk Management, General 
Supports risk management professionals with the documentation, workflow, assessment and analysis, reporting, 
visualization, and remediation of risks. Analytics are mostly qualitative with a limited loss event analysis capability that 
is not dependent on stochastic analysis. It does not include stochastic analysis, but it may collect data from stochastic 
risk analytics tools to provide a consolidated view of enterprise risk management. 
Risk Management, Stochastic 
Involves stochastic analysis, such as Monte Carlo simulation. Examples include banks that require highly specialized 
capabilities for Basel II capital calculations and companies that must support project risk assessments of long-term 
asset investments, such as mining and oil and gas. Only a few EGRC platform vendors directly support these 
stochastic analysis needs organically or through an OEM partnership. 
Compliance Management 
Supports compliance professionals with the documentation, workflow, reporting and visualization of control objectives, 
controls and associated risks, surveys and self-assessments, testing, and remediation. At a minimum, EGRC 
management not only will include financial reporting compliance (Sarbanes-Oxley compliance), but also can support 
other types of compliance, such as ISO 9000, Payment Card Industry, industry-specific regulations, service-level 
agreements, trading partner requirements and compliance with internal policies. 
Policy Management 
Includes a specialized form of document management that enables the policy life cycle from creation to review, change 
and archiving of policies; mapping of policies to mandates and business objectives in one direction, and risks and 
controls in another; and distribution to and attestation by employees and business partners. 
GRC Content 
Includes many different kinds of content relative to GRC activities. Examples include regulatory analysis and news 
feeds, standards and frameworks, draft testing and risk assessments, and draft policies. 
Business Analytics 
Supports the ability to analyze the impact of risks on business objectives, performance and processes. 
Gartner, Inc: 30 November 2010/ID Number: G00208665
DynaFlow simplification 
Regulations Implementation 
SOX 
HIPAA 
BASEL II 
Etc. 
Framework 
COSO-II 
COBIT 
...... 
Policy & Procedure 
Implementation 
Business Risks 
Business Controls: 
- Information delivery 
- Resource acces and use 
- Risk mitigation 
- ... 
Evidence 
Collection 
Web Portal 
Demonstratiopn 
Demofo Cnosmtraptliioapnnc e 
Demofo Cnosmtraptliioann ce 
of Compliance 
establish document test 
People Processes Technology Facilities Data 
Audit 
Business 
Control 
Libraries 
Business Risk Libraries 
Compliance 
Program Mgmt. 
Compliance 
Change Mgmt. 
Compliance 
Issue Mgmt. 
Compliance 
Access &SoD Mgmt. 
Document 
Mgmt. 
Audit 
Trail 
Cross-ERP 
Integration 
& 
Mapping 
Operational Risk 
Monitoring 
eBook 
Generation
38

More Related Content

What's hot

Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties Solutions
Ahmed Abdul Hamed
 
Building a Business Continuity Capability
Building a Business Continuity CapabilityBuilding a Business Continuity Capability
Building a Business Continuity Capability
Rod Davis
 
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity Management
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance Services
Capgemini
 
Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)
Narudom Roongsiriwong, CISSP
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014
Paul Simidi
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
Dinesh O Bareja
 
Business Continuity - Business Risk & Management
Business Continuity - Business Risk & ManagementBusiness Continuity - Business Risk & Management
Business Continuity - Business Risk & Management
Andrew Styles
 
IT General Controls
IT General ControlsIT General Controls
IT General Controls
Cicero Ray Rufino
 
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptxBUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
JayLloyd8
 
Cobit
CobitCobit
GRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program OverviewGRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program Overview
Denise Robinson
 
Risk and Business Continuity Management
Risk and Business Continuity ManagementRisk and Business Continuity Management
Risk and Business Continuity Management
Continuity and Resilience
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
Julia Urbina-Pineda
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
Midhun Nirmal
 
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
Alan McSweeney
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
FireEye, Inc.
 
Business Continuity Plan Powerpoint Presentation Slides
Business Continuity Plan Powerpoint Presentation SlidesBusiness Continuity Plan Powerpoint Presentation Slides
Business Continuity Plan Powerpoint Presentation Slides
SlideTeam
 
ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best Practice
MissionMode
 
Segregation of Duties
Segregation of DutiesSegregation of Duties
Segregation of Duties
PECB
 

What's hot (20)

Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties Solutions
 
Building a Business Continuity Capability
Building a Business Continuity CapabilityBuilding a Business Continuity Capability
Building a Business Continuity Capability
 
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity Management
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance Services
 
Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
 
Business Continuity - Business Risk & Management
Business Continuity - Business Risk & ManagementBusiness Continuity - Business Risk & Management
Business Continuity - Business Risk & Management
 
IT General Controls
IT General ControlsIT General Controls
IT General Controls
 
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptxBUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
 
Cobit
CobitCobit
Cobit
 
GRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program OverviewGRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program Overview
 
Risk and Business Continuity Management
Risk and Business Continuity ManagementRisk and Business Continuity Management
Risk and Business Continuity Management
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
 
Business Continuity Plan Powerpoint Presentation Slides
Business Continuity Plan Powerpoint Presentation SlidesBusiness Continuity Plan Powerpoint Presentation Slides
Business Continuity Plan Powerpoint Presentation Slides
 
ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best Practice
 
Segregation of Duties
Segregation of DutiesSegregation of Duties
Segregation of Duties
 

Viewers also liked

Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
TransWare AG
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
CA CISA Jayjit Biswas
 
Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23
Smart ERP Solutions, Inc.
 
Automating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and FinancialsAutomating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and Financials
Smart ERP Solutions, Inc.
 
Casa engl
Casa englCasa engl
Segregation of Duties and Continuous Delivery
Segregation of Duties and Continuous DeliverySegregation of Duties and Continuous Delivery
Segregation of Duties and Continuous Delivery
Sriram Narayanan
 
SAP GRC 10 Access Control
SAP GRC 10 Access ControlSAP GRC 10 Access Control
SAP GRC 10 Access Control
Nasir Gondal
 
Sarbanes-Oxley Act (SOX)
Sarbanes-Oxley Act (SOX)Sarbanes-Oxley Act (SOX)
Sarbanes-Oxley Act (SOX)
vinaya.hs
 
Gov & Private Sector Regulatory Compliance: Using Hadoop to Address Requirements
Gov & Private Sector Regulatory Compliance: Using Hadoop to Address RequirementsGov & Private Sector Regulatory Compliance: Using Hadoop to Address Requirements
Gov & Private Sector Regulatory Compliance: Using Hadoop to Address Requirements
DataWorks Summit
 
DCAA/DCMA Compliance & Audit Changes Facing All Government Contractors and Re...
DCAA/DCMA Compliance & Audit Changes Facing All Government Contractors and Re...DCAA/DCMA Compliance & Audit Changes Facing All Government Contractors and Re...
DCAA/DCMA Compliance & Audit Changes Facing All Government Contractors and Re...
Insero & Co. CPAs, LLP
 
3 Way Match for Purchasing Professionals
3 Way Match for Purchasing Professionals3 Way Match for Purchasing Professionals
3 Way Match for Purchasing Professionals
Bill Kohnen
 
SOD Segregation Of Duties - Séparation de Droits et Responsabilités
SOD Segregation Of Duties - Séparation de Droits et ResponsabilitésSOD Segregation Of Duties - Séparation de Droits et Responsabilités
SOD Segregation Of Duties - Séparation de Droits et Responsabilités
COMPETENSIS
 
Sox Compliance Solution
Sox Compliance SolutionSox Compliance Solution
Sox Compliance Solution
guest586cf0
 
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSecurity & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoft
Smart ERP Solutions, Inc.
 
Risk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and ImplementationRisk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and Implementation
Risk Management Institution of Australasia
 
Project Risk register
Project Risk registerProject Risk register
Project Risk register
Kashif Mastan
 
Inforln.com HTML5 based Enterprise Modeler (DEM) in Infor ERP LN 10.4
Inforln.com HTML5 based Enterprise Modeler (DEM) in Infor ERP LN 10.4Inforln.com HTML5 based Enterprise Modeler (DEM) in Infor ERP LN 10.4
Inforln.com HTML5 based Enterprise Modeler (DEM) in Infor ERP LN 10.4
Dan Aldridge, ERP Software Evangelist, LION
 
SOX compliance - Understanding Sarbanes-Oxley
SOX compliance - Understanding Sarbanes-OxleySOX compliance - Understanding Sarbanes-Oxley
SOX compliance - Understanding Sarbanes-Oxley
Amarnath Gupta
 
FulcrumWay - Implement Effective Access Controls within your Oracle ERP System
FulcrumWay - Implement Effective Access Controls within your Oracle ERP SystemFulcrumWay - Implement Effective Access Controls within your Oracle ERP System
FulcrumWay - Implement Effective Access Controls within your Oracle ERP System
FulcrumWay
 
Coso Monitoring - Templates
Coso Monitoring - TemplatesCoso Monitoring - Templates
Coso Monitoring - Templates
Aviva Spectrum™
 

Viewers also liked (20)

Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
 
Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23
 
Automating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and FinancialsAutomating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and Financials
 
Casa engl
Casa englCasa engl
Casa engl
 
Segregation of Duties and Continuous Delivery
Segregation of Duties and Continuous DeliverySegregation of Duties and Continuous Delivery
Segregation of Duties and Continuous Delivery
 
SAP GRC 10 Access Control
SAP GRC 10 Access ControlSAP GRC 10 Access Control
SAP GRC 10 Access Control
 
Sarbanes-Oxley Act (SOX)
Sarbanes-Oxley Act (SOX)Sarbanes-Oxley Act (SOX)
Sarbanes-Oxley Act (SOX)
 
Gov & Private Sector Regulatory Compliance: Using Hadoop to Address Requirements
Gov & Private Sector Regulatory Compliance: Using Hadoop to Address RequirementsGov & Private Sector Regulatory Compliance: Using Hadoop to Address Requirements
Gov & Private Sector Regulatory Compliance: Using Hadoop to Address Requirements
 
DCAA/DCMA Compliance & Audit Changes Facing All Government Contractors and Re...
DCAA/DCMA Compliance & Audit Changes Facing All Government Contractors and Re...DCAA/DCMA Compliance & Audit Changes Facing All Government Contractors and Re...
DCAA/DCMA Compliance & Audit Changes Facing All Government Contractors and Re...
 
3 Way Match for Purchasing Professionals
3 Way Match for Purchasing Professionals3 Way Match for Purchasing Professionals
3 Way Match for Purchasing Professionals
 
SOD Segregation Of Duties - Séparation de Droits et Responsabilités
SOD Segregation Of Duties - Séparation de Droits et ResponsabilitésSOD Segregation Of Duties - Séparation de Droits et Responsabilités
SOD Segregation Of Duties - Séparation de Droits et Responsabilités
 
Sox Compliance Solution
Sox Compliance SolutionSox Compliance Solution
Sox Compliance Solution
 
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSecurity & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoft
 
Risk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and ImplementationRisk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and Implementation
 
Project Risk register
Project Risk registerProject Risk register
Project Risk register
 
Inforln.com HTML5 based Enterprise Modeler (DEM) in Infor ERP LN 10.4
Inforln.com HTML5 based Enterprise Modeler (DEM) in Infor ERP LN 10.4Inforln.com HTML5 based Enterprise Modeler (DEM) in Infor ERP LN 10.4
Inforln.com HTML5 based Enterprise Modeler (DEM) in Infor ERP LN 10.4
 
SOX compliance - Understanding Sarbanes-Oxley
SOX compliance - Understanding Sarbanes-OxleySOX compliance - Understanding Sarbanes-Oxley
SOX compliance - Understanding Sarbanes-Oxley
 
FulcrumWay - Implement Effective Access Controls within your Oracle ERP System
FulcrumWay - Implement Effective Access Controls within your Oracle ERP SystemFulcrumWay - Implement Effective Access Controls within your Oracle ERP System
FulcrumWay - Implement Effective Access Controls within your Oracle ERP System
 
Coso Monitoring - Templates
Coso Monitoring - TemplatesCoso Monitoring - Templates
Coso Monitoring - Templates
 

Similar to Government and SOX Compliance for ERP Systems

Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s  IT GRC Tools – Key Issues and TrendsMaclear’s  IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear LLC
 
CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard
Jim Robins
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
Hendri Eka Saputra
 
It Governance Methodology Cox
It Governance Methodology CoxIt Governance Methodology Cox
It Governance Methodology Cox
William Cox MBA, QPM, CSM, PMP, CPHIMS
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.ppt
KhalilIdhman
 
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
IBM Sverige
 
Fixnix GRC Suite A Glance
Fixnix GRC Suite A GlanceFixnix GRC Suite A Glance
Fixnix GRC Suite A Glance
FixNix Inc.,
 
Cobit 41 framework
Cobit 41 frameworkCobit 41 framework
Cobit 41 framework
Yulias Sihombing, Ak, MAk, CIA
 
How to Drive Value from Operational Risk Data - Part 2
How to Drive Value from Operational Risk Data - Part 2How to Drive Value from Operational Risk Data - Part 2
How to Drive Value from Operational Risk Data - Part 2
Perficient, Inc.
 
An Introduction to econsys
An Introduction to econsysAn Introduction to econsys
An Introduction to econsys
Andrew Redfern
 
An IT Governance program
An IT Governance programAn IT Governance program
An IT Governance program
John Goodpasture
 
AuditPaas by SafePaaS
AuditPaas by SafePaaSAuditPaas by SafePaaS
AuditPaas by SafePaaS
Jane Jones
 
AuditPaaS SafePaaS
AuditPaaS SafePaaSAuditPaaS SafePaaS
AuditPaaS SafePaaS
Emma Kelly
 
SafepaaS AuditPaaS
SafepaaS AuditPaaSSafepaaS AuditPaaS
SafepaaS AuditPaaS
Jane Jones
 
SafePaaS AuditPaaS
SafePaaS AuditPaaS SafePaaS AuditPaaS
SafePaaS AuditPaaS
Jane Jones
 
Vivek cv
Vivek cvVivek cv
Vivek cv
Vivek Cholera
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
EnterpriseGRC Solutions, Inc.
 
Grc and is audit
Grc and is auditGrc and is audit
Grc and is audit
BIBEKCHAUDHARYBScHon
 
ClockworkISMS
ClockworkISMSClockworkISMS
ClockworkISMS
Delaney
 
FulcrumWay GRC Solutions
FulcrumWay GRC SolutionsFulcrumWay GRC Solutions
FulcrumWay GRC Solutions
Mantala
 

Similar to Government and SOX Compliance for ERP Systems (20)

Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s  IT GRC Tools – Key Issues and TrendsMaclear’s  IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and Trends
 
CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
 
It Governance Methodology Cox
It Governance Methodology CoxIt Governance Methodology Cox
It Governance Methodology Cox
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.ppt
 
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
 
Fixnix GRC Suite A Glance
Fixnix GRC Suite A GlanceFixnix GRC Suite A Glance
Fixnix GRC Suite A Glance
 
Cobit 41 framework
Cobit 41 frameworkCobit 41 framework
Cobit 41 framework
 
How to Drive Value from Operational Risk Data - Part 2
How to Drive Value from Operational Risk Data - Part 2How to Drive Value from Operational Risk Data - Part 2
How to Drive Value from Operational Risk Data - Part 2
 
An Introduction to econsys
An Introduction to econsysAn Introduction to econsys
An Introduction to econsys
 
An IT Governance program
An IT Governance programAn IT Governance program
An IT Governance program
 
AuditPaas by SafePaaS
AuditPaas by SafePaaSAuditPaas by SafePaaS
AuditPaas by SafePaaS
 
AuditPaaS SafePaaS
AuditPaaS SafePaaSAuditPaaS SafePaaS
AuditPaaS SafePaaS
 
SafepaaS AuditPaaS
SafepaaS AuditPaaSSafepaaS AuditPaaS
SafepaaS AuditPaaS
 
SafePaaS AuditPaaS
SafePaaS AuditPaaS SafePaaS AuditPaaS
SafePaaS AuditPaaS
 
Vivek cv
Vivek cvVivek cv
Vivek cv
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
 
Grc and is audit
Grc and is auditGrc and is audit
Grc and is audit
 
ClockworkISMS
ClockworkISMSClockworkISMS
ClockworkISMS
 
FulcrumWay GRC Solutions
FulcrumWay GRC SolutionsFulcrumWay GRC Solutions
FulcrumWay GRC Solutions
 

More from Dan Aldridge, ERP Software Evangelist, LION

Inforln.com Learn LN - Infor Ming.le User Interface Concepts
Inforln.com Learn LN - Infor Ming.le User Interface ConceptsInforln.com Learn LN - Infor Ming.le User Interface Concepts
Inforln.com Learn LN - Infor Ming.le User Interface Concepts
Dan Aldridge, ERP Software Evangelist, LION
 
Inforln.com ERP LN Finance Concepts Overview Training
Inforln.com ERP LN Finance Concepts Overview TrainingInforln.com ERP LN Finance Concepts Overview Training
Inforln.com ERP LN Finance Concepts Overview Training
Dan Aldridge, ERP Software Evangelist, LION
 
Inforln.com ERP LN 10.4 Using the New Claim Features
Inforln.com ERP LN 10.4 Using the New Claim FeaturesInforln.com ERP LN 10.4 Using the New Claim Features
Inforln.com ERP LN 10.4 Using the New Claim Features
Dan Aldridge, ERP Software Evangelist, LION
 
Inforln.com ERP LN 10.4 Managing Material Demand for Preventive Maintenance
Inforln.com ERP LN 10.4 Managing Material Demand for Preventive MaintenanceInforln.com ERP LN 10.4 Managing Material Demand for Preventive Maintenance
Inforln.com ERP LN 10.4 Managing Material Demand for Preventive Maintenance
Dan Aldridge, ERP Software Evangelist, LION
 
Inforln.com ERP LN 10.4 Credit and Rebill Invoices Enhancements
Inforln.com ERP LN 10.4 Credit and Rebill Invoices EnhancementsInforln.com ERP LN 10.4 Credit and Rebill Invoices Enhancements
Inforln.com ERP LN 10.4 Credit and Rebill Invoices Enhancements
Dan Aldridge, ERP Software Evangelist, LION
 
Inforln.com ERP LN 10.4 Advance Invoicing Enhancements
Inforln.com ERP LN 10.4 Advance Invoicing EnhancementsInforln.com ERP LN 10.4 Advance Invoicing Enhancements
Inforln.com ERP LN 10.4 Advance Invoicing Enhancements
Dan Aldridge, ERP Software Evangelist, LION
 
Inforln.com ERP LN 10.3 & 10.4 Quality Management Non-conformance Reporting D...
Inforln.com ERP LN 10.3 & 10.4 Quality Management Non-conformance Reporting D...Inforln.com ERP LN 10.3 & 10.4 Quality Management Non-conformance Reporting D...
Inforln.com ERP LN 10.3 & 10.4 Quality Management Non-conformance Reporting D...
Dan Aldridge, ERP Software Evangelist, LION
 
Inforln.com ERP LN 10.3 & 10.4 Miscellaneous Project Enhancements
Inforln.com ERP LN 10.3 & 10.4 Miscellaneous Project EnhancementsInforln.com ERP LN 10.3 & 10.4 Miscellaneous Project Enhancements
Inforln.com ERP LN 10.3 & 10.4 Miscellaneous Project Enhancements
Dan Aldridge, ERP Software Evangelist, LION
 
Inforln.com ERP LN 10.3 & 10.4 MAUC Hours Differences
Inforln.com ERP LN 10.3 & 10.4 MAUC Hours DifferencesInforln.com ERP LN 10.3 & 10.4 MAUC Hours Differences
Inforln.com ERP LN 10.3 & 10.4 MAUC Hours Differences
Dan Aldridge, ERP Software Evangelist, LION
 
Inforln.com ERP LN 10.3 & 10.4 Manufacturing Non-conformance Handling Differe...
Inforln.com ERP LN 10.3 & 10.4 Manufacturing Non-conformance Handling Differe...Inforln.com ERP LN 10.3 & 10.4 Manufacturing Non-conformance Handling Differe...
Inforln.com ERP LN 10.3 & 10.4 Manufacturing Non-conformance Handling Differe...
Dan Aldridge, ERP Software Evangelist, LION
 
Inforln.com ERP 10.3 &10.4 Estimating Differences
Inforln.com ERP 10.3 &10.4 Estimating DifferencesInforln.com ERP 10.3 &10.4 Estimating Differences
Inforln.com ERP 10.3 &10.4 Estimating Differences
Dan Aldridge, ERP Software Evangelist, LION
 
Inforln.com ERP LN 10.3 & 10.4 Contract Invoicing Differences
Inforln.com ERP LN 10.3 & 10.4 Contract Invoicing DifferencesInforln.com ERP LN 10.3 & 10.4 Contract Invoicing Differences
Inforln.com ERP LN 10.3 & 10.4 Contract Invoicing Differences
Dan Aldridge, ERP Software Evangelist, LION
 
Inforln.com ERP LN 10.3 & 10.4 Configurable Contract Deliverables Enhancements
Inforln.com ERP LN 10.3 & 10.4 Configurable Contract Deliverables EnhancementsInforln.com ERP LN 10.3 & 10.4 Configurable Contract Deliverables Enhancements
Inforln.com ERP LN 10.3 & 10.4 Configurable Contract Deliverables Enhancements
Dan Aldridge, ERP Software Evangelist, LION
 
Inforln.com ERP LN 10.3 & 10.4 Project Peg Audit History Differences
Inforln.com ERP LN 10.3 & 10.4 Project Peg Audit History DifferencesInforln.com ERP LN 10.3 & 10.4 Project Peg Audit History Differences
Inforln.com ERP LN 10.3 & 10.4 Project Peg Audit History Differences
Dan Aldridge, ERP Software Evangelist, LION
 
Inforln.com Baan 4 to LN Differences Training - Warehousing & Inventory Control
Inforln.com Baan 4 to LN Differences Training - Warehousing & Inventory ControlInforln.com Baan 4 to LN Differences Training - Warehousing & Inventory Control
Inforln.com Baan 4 to LN Differences Training - Warehousing & Inventory Control
Dan Aldridge, ERP Software Evangelist, LION
 
Inforln.com Baan to LN Upgrade Differences Training - UI Enhancements
Inforln.com Baan to LN Upgrade Differences Training - UI EnhancementsInforln.com Baan to LN Upgrade Differences Training - UI Enhancements
Inforln.com Baan to LN Upgrade Differences Training - UI Enhancements
Dan Aldridge, ERP Software Evangelist, LION
 
Inforln.com Baan to LN Differences Training - Order Management
Inforln.com Baan to LN Differences Training - Order ManagementInforln.com Baan to LN Differences Training - Order Management
Inforln.com Baan to LN Differences Training - Order Management
Dan Aldridge, ERP Software Evangelist, LION
 
Infor ln.com baan 4 to ln upgrade differences training order management
Infor ln.com baan 4 to ln upgrade differences training   order managementInfor ln.com baan 4 to ln upgrade differences training   order management
Infor ln.com baan 4 to ln upgrade differences training order management
Dan Aldridge, ERP Software Evangelist, LION
 
Inforln.com Baan 4 to LN Differences Training - Multisite & Common Data
Inforln.com Baan 4 to LN Differences Training - Multisite & Common DataInforln.com Baan 4 to LN Differences Training - Multisite & Common Data
Inforln.com Baan 4 to LN Differences Training - Multisite & Common Data
Dan Aldridge, ERP Software Evangelist, LION
 
Inforln.com Baan 4 to LN Upgrade Differences Training - Enterprise Planning
Inforln.com Baan 4 to LN Upgrade Differences Training - Enterprise PlanningInforln.com Baan 4 to LN Upgrade Differences Training - Enterprise Planning
Inforln.com Baan 4 to LN Upgrade Differences Training - Enterprise Planning
Dan Aldridge, ERP Software Evangelist, LION
 

More from Dan Aldridge, ERP Software Evangelist, LION (20)

Inforln.com Learn LN - Infor Ming.le User Interface Concepts
Inforln.com Learn LN - Infor Ming.le User Interface ConceptsInforln.com Learn LN - Infor Ming.le User Interface Concepts
Inforln.com Learn LN - Infor Ming.le User Interface Concepts
 
Inforln.com ERP LN Finance Concepts Overview Training
Inforln.com ERP LN Finance Concepts Overview TrainingInforln.com ERP LN Finance Concepts Overview Training
Inforln.com ERP LN Finance Concepts Overview Training
 
Inforln.com ERP LN 10.4 Using the New Claim Features
Inforln.com ERP LN 10.4 Using the New Claim FeaturesInforln.com ERP LN 10.4 Using the New Claim Features
Inforln.com ERP LN 10.4 Using the New Claim Features
 
Inforln.com ERP LN 10.4 Managing Material Demand for Preventive Maintenance
Inforln.com ERP LN 10.4 Managing Material Demand for Preventive MaintenanceInforln.com ERP LN 10.4 Managing Material Demand for Preventive Maintenance
Inforln.com ERP LN 10.4 Managing Material Demand for Preventive Maintenance
 
Inforln.com ERP LN 10.4 Credit and Rebill Invoices Enhancements
Inforln.com ERP LN 10.4 Credit and Rebill Invoices EnhancementsInforln.com ERP LN 10.4 Credit and Rebill Invoices Enhancements
Inforln.com ERP LN 10.4 Credit and Rebill Invoices Enhancements
 
Inforln.com ERP LN 10.4 Advance Invoicing Enhancements
Inforln.com ERP LN 10.4 Advance Invoicing EnhancementsInforln.com ERP LN 10.4 Advance Invoicing Enhancements
Inforln.com ERP LN 10.4 Advance Invoicing Enhancements
 
Inforln.com ERP LN 10.3 & 10.4 Quality Management Non-conformance Reporting D...
Inforln.com ERP LN 10.3 & 10.4 Quality Management Non-conformance Reporting D...Inforln.com ERP LN 10.3 & 10.4 Quality Management Non-conformance Reporting D...
Inforln.com ERP LN 10.3 & 10.4 Quality Management Non-conformance Reporting D...
 
Inforln.com ERP LN 10.3 & 10.4 Miscellaneous Project Enhancements
Inforln.com ERP LN 10.3 & 10.4 Miscellaneous Project EnhancementsInforln.com ERP LN 10.3 & 10.4 Miscellaneous Project Enhancements
Inforln.com ERP LN 10.3 & 10.4 Miscellaneous Project Enhancements
 
Inforln.com ERP LN 10.3 & 10.4 MAUC Hours Differences
Inforln.com ERP LN 10.3 & 10.4 MAUC Hours DifferencesInforln.com ERP LN 10.3 & 10.4 MAUC Hours Differences
Inforln.com ERP LN 10.3 & 10.4 MAUC Hours Differences
 
Inforln.com ERP LN 10.3 & 10.4 Manufacturing Non-conformance Handling Differe...
Inforln.com ERP LN 10.3 & 10.4 Manufacturing Non-conformance Handling Differe...Inforln.com ERP LN 10.3 & 10.4 Manufacturing Non-conformance Handling Differe...
Inforln.com ERP LN 10.3 & 10.4 Manufacturing Non-conformance Handling Differe...
 
Inforln.com ERP 10.3 &10.4 Estimating Differences
Inforln.com ERP 10.3 &10.4 Estimating DifferencesInforln.com ERP 10.3 &10.4 Estimating Differences
Inforln.com ERP 10.3 &10.4 Estimating Differences
 
Inforln.com ERP LN 10.3 & 10.4 Contract Invoicing Differences
Inforln.com ERP LN 10.3 & 10.4 Contract Invoicing DifferencesInforln.com ERP LN 10.3 & 10.4 Contract Invoicing Differences
Inforln.com ERP LN 10.3 & 10.4 Contract Invoicing Differences
 
Inforln.com ERP LN 10.3 & 10.4 Configurable Contract Deliverables Enhancements
Inforln.com ERP LN 10.3 & 10.4 Configurable Contract Deliverables EnhancementsInforln.com ERP LN 10.3 & 10.4 Configurable Contract Deliverables Enhancements
Inforln.com ERP LN 10.3 & 10.4 Configurable Contract Deliverables Enhancements
 
Inforln.com ERP LN 10.3 & 10.4 Project Peg Audit History Differences
Inforln.com ERP LN 10.3 & 10.4 Project Peg Audit History DifferencesInforln.com ERP LN 10.3 & 10.4 Project Peg Audit History Differences
Inforln.com ERP LN 10.3 & 10.4 Project Peg Audit History Differences
 
Inforln.com Baan 4 to LN Differences Training - Warehousing & Inventory Control
Inforln.com Baan 4 to LN Differences Training - Warehousing & Inventory ControlInforln.com Baan 4 to LN Differences Training - Warehousing & Inventory Control
Inforln.com Baan 4 to LN Differences Training - Warehousing & Inventory Control
 
Inforln.com Baan to LN Upgrade Differences Training - UI Enhancements
Inforln.com Baan to LN Upgrade Differences Training - UI EnhancementsInforln.com Baan to LN Upgrade Differences Training - UI Enhancements
Inforln.com Baan to LN Upgrade Differences Training - UI Enhancements
 
Inforln.com Baan to LN Differences Training - Order Management
Inforln.com Baan to LN Differences Training - Order ManagementInforln.com Baan to LN Differences Training - Order Management
Inforln.com Baan to LN Differences Training - Order Management
 
Infor ln.com baan 4 to ln upgrade differences training order management
Infor ln.com baan 4 to ln upgrade differences training   order managementInfor ln.com baan 4 to ln upgrade differences training   order management
Infor ln.com baan 4 to ln upgrade differences training order management
 
Inforln.com Baan 4 to LN Differences Training - Multisite & Common Data
Inforln.com Baan 4 to LN Differences Training - Multisite & Common DataInforln.com Baan 4 to LN Differences Training - Multisite & Common Data
Inforln.com Baan 4 to LN Differences Training - Multisite & Common Data
 
Inforln.com Baan 4 to LN Upgrade Differences Training - Enterprise Planning
Inforln.com Baan 4 to LN Upgrade Differences Training - Enterprise PlanningInforln.com Baan 4 to LN Upgrade Differences Training - Enterprise Planning
Inforln.com Baan 4 to LN Upgrade Differences Training - Enterprise Planning
 

Recently uploaded

Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Tatiana Kojar
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms  calicut university B. sc Cs 4th sem.pdfdbms  calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
alexjohnson7307
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
Pravash Chandra Das
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 

Recently uploaded (20)

Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms  calicut university B. sc Cs 4th sem.pdfdbms  calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 

Government and SOX Compliance for ERP Systems

  • 1. 1
  • 2. Contact Information •Dan Aldridge CEO Performa Apps •e-mail dan.aldridge@i-app.com •website www.inforln.com/wp •linkedin Dan Aldridge •twitter @Danaldridge1 •
  • 3. Agenda  Introduction DynaFlow Governance Risk & Compliance / Enterprise Risk Management Segregation of Duties for Baan / LN  Impact on ERP implementation Contact details: Aart de Glint adeglint@dynaflow-solutions.com Phone +31 318 479712 Mobile +31 654 392046 3
  • 4. DynaFlow Profile  Main Facts:  Established in 1997  Private company HQ in Canada  Partners in USA, France, Netherlands, Norway, India, Thailand and Australia  Main mission:  To enable global companies to become “Simply in Control” by proactively managing enterprise risks, demonstrating compliance and automating and optimizing business processes.  Dedicated to provide its clients a fast ROI through a short and structured implementation  Professional Services:  Implementation and Training  Compliance & Audit Support  Process Optimization  Solution Hosting Services 4
  • 5. DynaFlow: Makes it EZ for...
  • 6. 6
  • 7. Cooking the Books 7 Mr. Ebbers (WorldCom), Mr. Lay (Enron), Mr. Kozlowski (Tyco) http://www.cbsnews.com/video/watch/?id=859384n
  • 8. 8
  • 9. Regulation - The Hot Potato 9 Loi sur La Sécurité Financière (LSF) SAS-70 SOX C-SOX J-SOX ‘Euro-SOX’ Code Tabaksblat Code Lippens 8th EU Directive Clinger Cohen 21 CFR Part 11 IFRS Basel-II BilMoG
  • 10. Governance, Risk Mngnt & Compliance Governance describes the overall management approach through which senior executives direct and control the entire organization, using a combination of management information and hierarchical management control structures. Governance activities ensure that critical management information reaching the executive team is sufficiently complete, accurate and timely to enable appropriate management decision making, and provide the control mechanisms to ensure that strategies, directions and instructions from management are carried out systematically and effectively. Risk management is the set of processes through which management identifies, analyzes, and, where necessary, responds appropriately to risks that might adversely affect realization of the organization's business objectives. The response to risks typically depends on their perceived gravity, and involves controlling, avoiding, accepting or transferring them to a third party. Whereas organizations routinely manage a wide range of risks (e.g. technological risks, commercial/financial risks, information security risks etc.), external legal and regulatory compliance risks are arguably the key issue in GRC. Compliance means conforming with stated requirements. At an organizational level, it is achieved through management processes which identify the applicable requirements (defined for example in laws, regulations, contracts, strategies and policies), assess the state of compliance, assess the risks and potential costs of non-compliance against the projected expenses to achieve compliance, and hence prioritize, fund and initiate any corrective actions deemed necessary. 10
  • 11. GRC/ERM Support at all levels Levels of GRC model Strategical Tactical Operational •Policy •Enterprise Risk Management (Strategic) •Integrated Compliance Frameworks •Consolidated Dashboards (Control Statements) •Procedures •Process Risk Analysis (Tactical) •Process & Internal Control Design & Maintenance •Review (workflow) •Monitoring Efficiency of Internal Controls •Embedded testing & test evidence •Document Management System •KPI/”In Control” reports Continuous monitoring as part of normal business process •Policy •Enterprise Risk Management (Strategic) •Integrated Compliance Frameworks •Consolidated Dashboards (Control Statements) Purchasing Warehouse Management Manufacturing Sales & Distribution •Review •Test
  • 12. Compliance – Why is this important Regulation Corporate & Executive Responsibility & Liability Fear for Reputation Damage Tightened Credit Lines Premium Insurance Fees Policy Interpretation Implementation Cost Overhead Audit Cost
  • 13. From Regulation to Compliance Regulations Implementation SOX HIPAA BASEL II Etc. Framework ERM COSO-II COBIT ... Policy & Procedure Implementation Business Risks Business Controls: - Information delivery - Resource acces and use - Risk mitigation - ... Evidence Collection Demonstratiopn Demofo Cnosmtraptliioapnnc e Demofo Cnosmtraptliioann ce of Compliance establish document test People Processes Technology Facilities Data Audit
  • 14. SOX Section 404 – Internal Control Assessment of internal control “The most contentious aspect of SOX is Section 404, which requires management and the external auditor to report on the adequacy of the company's internal control over financial reporting (ICFR). This is the most costly aspect of the legislation for companies to implement, as documenting and testing important financial manual and automated controls requires enormous effort.” 14 http://www.heritage.org/CDA/upload/SOX-CDA-edited-3.pdf
  • 15. SOX Internal Control Requirements 15 Documentation  Detailed Process description  Process flowchart (preferable)  Business Risk Assessments  Risk Control Matrix (RCM) Testing  Annual walkthrough of each process.  Testing of key controls. Periodic Reviews  Review of process steps and controls  Updating of all documentation Annual External IC Audit  Essentially external validations that yes you did 1 through 3 above.  The auditor would use a predefined “checklists
  • 16. Risk / Control Matrix 16 All non-PO invoices received at month end are entered into the system within 3 days of month-end to ensure proper inclusion into Accounts Payable. For production invoices, invoices can only be entered into the system for automatic matching if a valid PO and receipt are already in the system. The system populates the invoice price and due date information from the PO information. All unmatched PO invoices are forwarded to purchasing for follow-up. All purchase orders and non-PO invoices are reviewed, including ledger account coding, and are authorized in accordance with company policy. Cycle counts that result in a difference from perpetual quantity outside limits set by company policy are reviewed; items with a varance deemed to be material are recounted. RISK / CONTROL MATRIX Risk Auditor Assertion ACP-C01 ACP-C04 ACP-C16 PUR-C11 INV-C18 R007 What ensures that purchases are recorded into the proper accounting period? Completeness PC R011 What ensures that invoice prices, quantities and other valuation information is correct? Completeness, E/O, M/V PC PC R042 What ensures that duplicate and/or fictitious purchases are not recorded? Existence/ Occurrence PC PC R075 What ensures that perpetual inventory records reflect proper quantities and amounts? Existence/ Occurrence PC DC R079 What ensures that perpetual-to-physical inventory adjustments are correctly calculated and recorded? Completeness, Measurement/ Valuation DC R093 What ensures that inventory counts, compilations and descriptions are accurate? Measurement/ Valuation DC PC = Preventive Control DC = Detective Control
  • 17. Enterprise Risk Management (ERM/GRC) The key pains & challenges:  Extra burden “on top” of running the company  Draining resources from critical projects  Absence of clear and documented guidelines  Absence of automation  Cannot be postponed (scheduled audits)  Cost (with NO tangible ROI) The proposed approach & resolution:  Leverage pre-defined knowledge via libraries  Avoid multiple partial systems (and integration burden)  Automate as much as possible tedious and large volume tasks
  • 18. How DynaFlow supports ERM/GRC 18  Business Risks & Business Controls Library  2,500+ pre-defined Controls, Risks and relationships  Certified Best Practices / Benchmark  For all regional & industry specific regulations  (SOX, Basel-II, L262, FDA, HIPAA, IFSR, ISO, etc…)  To address all auditing/auditors requirements  Automated Business Control Execution  Testing Schedules with automated notification & testing  Real-time monitoring & alerts for testers and Mgmt  Evidence Collection & audit trail  Dynamic Risk and Business Control Monitoring  Key Performance & Risks Indicators Dashboard (+ mobile)  Audit Support  Combination of Solution, Libraries and Services
  • 19. 19
  • 20. Segregation of Duties (SoD) The key pains & challenges:  Now a Critical Business Control for ALL organizations  Involves large volume of data (i.e. Typical = 200,000+ authorizations in Baan alone)  Need to be done across Systems (ERP) and for ALL access types  Is a recurring process due to constant changes The proposed approach & resolution:  Automation,  automation  and automation!
  • 22. Business Processes & Controls Integr. Process Diagram Employees User Roles Business Risks Applications Access Mgmt Business Controls Compliance Mgmt SoD Mgmt SoD Conflict Rules SoD Business Conflicts Conflict Resolution Documents Documents Document Mgmt
  • 23. EZ-Compliance SoD Scan Mapics Hyperion BPCS … Network Access Facility Access Security Badges … Mapics Ceridian …
  • 25. Over 400+ SoD “zones” to be validated 25
  • 26. The LN / Baan SoD Rules Library  Introduced in 2005  Required 2 years initial development, and is updated 26 regularly  Content and design validated by CFO, Controllers, SOX Senior Consultants, Baan Specialists, etc...  Covers all Baan versions (Triton, Baan IV, ERP-5, LN)  Compliant to Baan Tools and DEM authorizations  Verify 22,000+ Baan session combinations for SoD violations (with violation rating) to validate 400+ SoD sensitive “zones”  Auditors such as E&Y, KPMG, D&T, PWC, Grant Thornton validated the Baan SoD Rules completeness and accuracy by successful certifying all EZ-Compliance clients to be SoD/SOX compliant.
  • 27. EZ-Compliance Automated SoD Scan Employees Roles Corp-wide Applications Business Controls Business Processes Import DEM Visio Employee / Applications Access List (1) Access Scan SoD Conflict Rules SOX – SoD Conflicts List (2) Conflict Scan Resolution Scan (3) SoD Resolution Rules Mitigated Conflicts List Business Risks SoD Library Oracle Mitigation Controls Import LDAP Import ERP
  • 28. SoD Conficting Areas Matrix Click to view detailed business functions & conflicts found 28
  • 29. The automated SoD cycle Import of updated authorizations from all Enterprise Applications Identification of SoD conflicts & related business risks Resolution of conflicts with known patterns Investigation, resolution and mitigation of SoD risks Notification of new conflicts to internal audit team and/or process owners ERP Import Weekly or Daily Result: 90%+ reduction of effort & cost
  • 30. How DynaFlow supports SoD 30  Access/Authorization Mgmt  Cross-systems authorizations (who is accessing what?)  Periodic Access Reviews  SoD Conflicts Identification  Detective validation (what accesses constitute risks?)  Preventive validation (what is the impact if we change …?)  SoD Conflicts Resolution  Automated resolution/mitigation using pattern rules  SoD Conflicts Monitoring & Alerts  Self-generated SoD Matrix with dynamic alerts  Key Performance & Risks Indicators Dashboard (+ mobile)
  • 31. Segregation of Duties (SoD) What you gain with DynaFlow:  Cross-ERP Integration (SAP, Oracle, Baan, Mapics, ...)  Bottled Best Practices:  Fully automated Segregation-of-Duties (SoD) Rules  Pre-Defined SoD Libraries available for Baan, SAP, Oracle, etc...  In line with external auditors to secure successful certification  Detective and also Preventative  Fully automated SoD validation  90% reduction on implementation cost & effort  50% reduction on auditing cost  100% Successful SoD Audit  Simplified insight in all user authorizations
  • 32. 32
  • 33. Integrated Cycles 33 Document Integrate Structure Publish Define Capture Optimize Validate Process Knowledge Review Certify Risk Assessment Control Activity Control Environment Publish Regulations (eg. SOX, ISO, ITAR AS9100, HIPAA, ect) Automate Measure Optimize Route Definition Workflow Objectives Metrics Action Measure Monitor Execute Automation Analyzes
  • 34. DynaFlow Value Proposition 34 Document Integrate Structure Publish Define Capture Optimize Validate Review Certify Risk Assessment Control Activity Control Environment Publish Automate Measure Optimize Route Definition Objectives Action Measure Monitor Execute Analyzes
  • 35. DynaFlow Solution Overview Business Controls Checks Financial (Oracle, etc) ERP (SAP, Baan, Mapics, etc) Process & Knowledge Publishing Process Modeling Business Controls Definition Automated Alerts & Notifications Process Automation Employee Process Dashboard Modeler and Auditor Dashboard Transaction Systems Base Dynamic KCI & Issues Escalation Process Optimization & Monitoring Management Dashboard Dynamic KPI & BI Analytics BPM Reporting Office Apps (MS, Email, VPN, etc)
  • 36. Critical Capabilities Definition ERM & C 36 Audit Management Supports internal auditors in planning and scheduling audit-related tasks, time management, managing work papers, risk assessments, control testing, remediation management and reporting. Risk Management, General Supports risk management professionals with the documentation, workflow, assessment and analysis, reporting, visualization, and remediation of risks. Analytics are mostly qualitative with a limited loss event analysis capability that is not dependent on stochastic analysis. It does not include stochastic analysis, but it may collect data from stochastic risk analytics tools to provide a consolidated view of enterprise risk management. Risk Management, Stochastic Involves stochastic analysis, such as Monte Carlo simulation. Examples include banks that require highly specialized capabilities for Basel II capital calculations and companies that must support project risk assessments of long-term asset investments, such as mining and oil and gas. Only a few EGRC platform vendors directly support these stochastic analysis needs organically or through an OEM partnership. Compliance Management Supports compliance professionals with the documentation, workflow, reporting and visualization of control objectives, controls and associated risks, surveys and self-assessments, testing, and remediation. At a minimum, EGRC management not only will include financial reporting compliance (Sarbanes-Oxley compliance), but also can support other types of compliance, such as ISO 9000, Payment Card Industry, industry-specific regulations, service-level agreements, trading partner requirements and compliance with internal policies. Policy Management Includes a specialized form of document management that enables the policy life cycle from creation to review, change and archiving of policies; mapping of policies to mandates and business objectives in one direction, and risks and controls in another; and distribution to and attestation by employees and business partners. GRC Content Includes many different kinds of content relative to GRC activities. Examples include regulatory analysis and news feeds, standards and frameworks, draft testing and risk assessments, and draft policies. Business Analytics Supports the ability to analyze the impact of risks on business objectives, performance and processes. Gartner, Inc: 30 November 2010/ID Number: G00208665
  • 37. DynaFlow simplification Regulations Implementation SOX HIPAA BASEL II Etc. Framework COSO-II COBIT ...... Policy & Procedure Implementation Business Risks Business Controls: - Information delivery - Resource acces and use - Risk mitigation - ... Evidence Collection Web Portal Demonstratiopn Demofo Cnosmtraptliioapnnc e Demofo Cnosmtraptliioann ce of Compliance establish document test People Processes Technology Facilities Data Audit Business Control Libraries Business Risk Libraries Compliance Program Mgmt. Compliance Change Mgmt. Compliance Issue Mgmt. Compliance Access &SoD Mgmt. Document Mgmt. Audit Trail Cross-ERP Integration & Mapping Operational Risk Monitoring eBook Generation
  • 38. 38