Скачать презентацию IT Solutions for Detecting and Preventing Fraud and Скачать презентацию IT Solutions for Detecting and Preventing Fraud and

91f194f730feb665c8ddab94f9b49d66.ppt

  • Количество слайдов: 25

IT Solutions for Detecting and Preventing Fraud and Error Presentation to FMI Sylvie Turcotte, IT Solutions for Detecting and Preventing Fraud and Error Presentation to FMI Sylvie Turcotte, SAP Canada Inc. November 26, 2008

Agenda 1. Expectations 2. Specific Examples of IT Solutions 3. 3. Key Benefits 2 Agenda 1. Expectations 2. Specific Examples of IT Solutions 3. 3. Key Benefits 2

3 Technology Manual & Procedural Controls Your Applications Reporting Controls Security Controls Configurable Controls 3 Technology Manual & Procedural Controls Your Applications Reporting Controls Security Controls Configurable Controls Inherent Controls Control Framework Fundamental Control Principles Business Objectives (Control Objectives & Risk) People

What should you expect from your IT solutions? n n Centralized n Integrated n What should you expect from your IT solutions? n n Centralized n Integrated n Automated n 4 Accountability and Ownership Auditable

Agenda 1. Expectations 2. Specific Examples of IT Solutions 3. 3. Key Benefits 5 Agenda 1. Expectations 2. Specific Examples of IT Solutions 3. 3. Key Benefits 5

The Four Pillars of Internal Control Monitor Certify ü ü ü Monitor Exceptions Test The Four Pillars of Internal Control Monitor Certify ü ü ü Monitor Exceptions Test Automated Controls Business Processes … Sign Off Remediate Issues Test Manual Controls Perform Assessments SU RV EY Yes No Document IT Infrastructure 6 System of Internal Controls: Process-Control-Objective-Risk

Document your Controls Monitor Certify ü ü ü Monitor Exceptions Test Automated Controls Business Document your Controls Monitor Certify ü ü ü Monitor Exceptions Test Automated Controls Business Processes … Sign Off Remediate Issues Test Manual Controls Perform Assessments SU RV EY Yes No Document IT Infrastructure 7 System of Internal Controls: Process-Control-Objective-Risk

Single Repository of Controls 8 Single Repository of Controls 8

Enhanced Accountability – Assignment 9 Enhanced Accountability – Assignment 9

Enhanced Accountability – Who are the Process and Control Owners? 10 Enhanced Accountability – Who are the Process and Control Owners? 10

Test Your Controls Monitor Certify ü ü ü Monitor Exceptions Test Automated Controls Business Test Your Controls Monitor Certify ü ü ü Monitor Exceptions Test Automated Controls Business Processes … Sign Off Remediate Issues Test Manual Controls Perform Assessments SU RV EY Yes No Document IT Infrastructure 11 System of Internal Controls: Process-Control-Objective-Risk

Standardization – Documentation 12 Standardization – Documentation 12

Automated Testing 13 Automated Testing 13

Monitor Your Test Results Monitor Certify ü ü ü Monitor Exceptions Test Automated Controls Monitor Your Test Results Monitor Certify ü ü ü Monitor Exceptions Test Automated Controls Business Processes … Sign Off Remediate Issues Test Manual Controls Perform Assessments SU RV EY Yes No Document IT Infrastructure 14 System of Internal Controls: Process-Control-Objective-Risk

Scheduling and Process Tracking 15 Scheduling and Process Tracking 15

Scheduling and Process Tracking – Issues 16 Scheduling and Process Tracking – Issues 16

Segregation of Duties (So. D Compliance) 17 Segregation of Duties (So. D Compliance) 17

System Security Controls Compliant provisioning with dynamic workflow HR event Request generated Employee hired/retired System Security Controls Compliant provisioning with dynamic workflow HR event Request generated Employee hired/retired Mgr approval Compliant super user access 100% automated Superuser Path workflow— based on request type and user attributes SAP_ALL Via e-mail New session Escalation workflow Risk analysis New session Firecall ID SD MM FICO Log Log One-click preventive simulation Exception workflow Automated provisioning 18 100% automated • • New session Firecall ID … Pre-assigned firefighter IDs Access restrictions Validity dates Field-level changes tracked in audit log Log

Reporting – Dashboard 19 Reporting – Dashboard 19

Certify Your Compliance Monitor Certify ü ü ü Monitor Exceptions Test Automated Controls Business Certify Your Compliance Monitor Certify ü ü ü Monitor Exceptions Test Automated Controls Business Processes … Sign Off Remediate Issues Test Manual Controls Perform Assessments SU RV EY Yes No Document IT Infrastructure 20 System of Internal Controls: Process-Control-Objective-Risk

Certification Status 21 Certification Status 21

Agenda 1. Expectations 2. Specific Examples of IT Solutions 3. 3. Key Benefits 22 Agenda 1. Expectations 2. Specific Examples of IT Solutions 3. 3. Key Benefits 22

Expected Benefits 11 12 1 2 10 9 3 8 4 7 6 5 Expected Benefits 11 12 1 2 10 9 3 8 4 7 6 5 Effectively mitigate business risks Implement operational controls to improve business process management Lower costs of internal control with centralized control management Reduce RISKS, TIME, and COSTS 23

Come See Us! At our Booth Lunch & Learn on SAP GRC Solutions When: Come See Us! At our Booth Lunch & Learn on SAP GRC Solutions When: December 10 th, 12: 00 pm – 1: 30 pm Where: SAP Office – 100 Murray Street, 2 nd Floor 24

Thank you! Merci! 25 Thank you! Merci! 25