SOX (Sarbanes-Oxley Act) July 2002

Enron and WorldCom resulting in a crisis in investor confidence and huge losses to their shareholders. The US government responded quickly, passing the Sarbanes Oxley Act (Investor Protection Act of 2002) This Act applies to publicly traded company Paul Sarbanes Michael Oxley

The scope of the act focuses on: Internal controls. R Process. Policies. Compliance and reporting. Transparency. Accuracy. Governance. Accountability. Responsibility. Avoidance of conflict

C G

GRC 1. It keeps track of what you are doing and raises an alert when things start to go off track or when risks appear 2. Elimination of manual processes and reduction of cost 1. Better manage compliance and risk 2. Better protect value proactively avoid risk events; reduce cost of violations 3. Better perform actively link risk and performance management and objectives

Simulation and proactive compliance Risk mitigation and remediation Real-time drill-down analysis and reporting Management reporting

I have listed 7 major pointers which can help organizations towards better SAP security in the Sarbanes Oxley Era. 1. Provide users access on a need to know and need to do basis. 2. Adequately secure programs, transactions and tables. 3. All user accesses to SAP R/3 are properly authorized and approved.

4. Segregation of duties is maintained for all sensitive business transactions 5. All controls and business processes are documented. 6. Anti-fraud preventive controls are in place to prevent & detect fraud before an audit. 7. User profiles and roles in SAP are secured and designed to meet business requirements.

GRC

G-Governance making sure that things are done according to your standards
R - Risk. Everything we do involves an element of risk. When it comes to running across freeways or playing with matches, its pretty clear that certain risks are just not to be taken. When it comes to business, however, risk becomes a way to help you both protect value (what you have) and create value (by strategically expanding your business or adding new products and services). C-Compliance C to controls, meaning that you put certain controls in place to ensure that compliance is happening. This might mean monitoring your factorys emissions or ensuring that your import and export papers are in order. Or it might just simply mean that the same person is not creating vendors and cutting checks to her brother-in-law Frank on the sly