FCPA Anti-Bribery & Corruption White Paper
A recent whitepaper by Michael Rasmussen titled “Anti-Bribery & Corruption: The Good, The Bad, & The Ugly” discusses how over the past 18 months the sentiment at the DOJ has shifted from...
View ArticleImportant Guidance from US Department of Justice and SEC about the Foreign...
The Department of Justice and the Securities and Exchange Commission have just released A Resource Guide to the U.S. Foreign Corrupt Practices Act (the link is to the Department of Justice’s web site,...
View ArticleA Leap Forward for Risk and Compliance
Last week, I had the honor of being the opening keynote speaker at the Compliance Week West conference in Palo Alto. As we gathered, I chatted with a couple of friends from a large technology company....
View ArticleDo not pass go without a risk analysis! Mission Possible?
We all have high expectations to reduce risks in our SAP environments. The objective which we chose to take was to get clean and stay clean. Management has further decided to track our every move...
View ArticleZero violations *is* possible!
We've been running Virsa/Compliance Callibrator/SAP GRC for quite a while now. When we first started the project and ran the first analysis it turned out that we were in much better shape than many...
View ArticleOn the Brink of a Revolution in Decision Making
I truly believe that amazing developments are arriving that will make future decision-making far more effective. I want to talk about two in this post; admittedly one is more a hope and the other more...
View ArticleBoard Oversight of IT and Technology
I admit to criticizing my “alma mater”, PwC, for much of their thought ‘leadership’ over the last years.Today, I come to praise PwC, not to bury it.They have published an excellent guide for boards...
View ArticleFighting Fraud with New Techniques such as Big Data and Predictive Analytics
The Aberdeen Group has a new research report out on Fighting Fraud with Big Data Visibility and Intelligence. The report includes a useful review of the risk and cost of fraud. (Note that it errs when...
View ArticleSome Questions Before Migrating to SAP® GRC 10.0
Hi, Since the announcement of SAP GRC 10.0, every organization wants to migrate from 5.3 to 10.0 Hence I would like to start this blog with some questions of Migration from 5.3 to 10.0. 1. Why do...
View ArticleSome Useful - Security Guide SAP Access Control™ 10.0 / Process Control™ 10.0...
Security GuideSAP Access Control™ 10.0 / Process Control™ 10.0 / Risk Management™ 10.0 Please find the the same in the below link : https://websmp210.sap-ag.de/~sapdownload/011000358700001377352010E
View ArticleBoards and CFOs Pay Attention to the CIO’s Key Role in Strategy
Recently, two of the Big Four accounting firms released reports that address the increasing importance of the CIO. PwC published their 5th Annual Digital IQ Survey and Deloitte issued an Audit...
View ArticleAdvice on scoping SOX work on segregation of duties (SOD) and restricted...
Many organizations do far too much work on these areas, primarily because they scope the work in isolation from their top-down approach to the identification of key controls. They base their scope on...
View ArticleGRC podcasts with Michael Rasmussen and James Roeske
In recent days, both noted GRC pundit and analyst Michael Rasmussen and consultant James Roeske sat down with Dave Hannon of SAPinsider to answer questions regarding GRC frameworks and SAP Access...
View ArticleCountdown to #GRC2013 – Getting the Most ‘Bang for Your Buck’
If you haven’t registered yet for GRC 2013, March 19-22 in Las Vegas, there’s still time! With more than 250 sessions to choose from, including workshops, case studies, demos, panel discussions, and...
View ArticleUsing BRF+ DB lookup to create complex msmp rules
1.) Some of the common attributes on which you will base your BRF msmp rule are alredy available in context( like priority,criticality etc.) but there are few other attributes which are not...
View ArticleGRC 5.3/ GRC 10.0
Hello All, I am a bigner in GRC, I have worked on GRC5.3 for SOD violation. I took up the important task of cleaning the role and building the GRC complaince roles.I am fameliar with SOD risk and...
View ArticleGRC Archiving and Database Build Up
When data builds up it can affect SAP system performance. The best practice for this situation is data archiving. This moves the data out of the production system in order to manage database growth...
View ArticleSome of the main steps to upgrade from 5.3 to 10.0 for Access Control
Hello All, Please find some of the main steps to upgrade from 5.3 to 10 for Access Control are listed below: SAP provides a migration tool with capability to export data from existing Access Control...
View ArticleA Brief points about Process Control
Hello All,Here are some brief points about Process Control : Process Control is to automate the most time-consuming tasks related to Sarbanes-Oxley compliance: controls assessment. The Sarbanes-Oxley...
View ArticleDo not pass go without a risk analysis! Mission Possible?
We all have high expectations to reduce risks in our SAP environments. The objective which we chose to take was to get clean and stay clean. Management has further decided to track our every move...
View Article