Analyze Segregation of Duties in Legacy Systems with Compliance Calibrator

  • by Jayne Gibbon, Director of Customer Care, SAP
  • April 15, 2008
Starting with Compliance Calibrator 5.1, and continuing with versions 5.2 and 5.3, you can connect Compliance Calibrator to non-SAP systems to perform Segregation of Duties analysis. See how to set up Compliance Calibrator to do this in six steps.
Key Concept

Compliance Calibrator is one of SAP’s solutions for GRC. It provides real-time controls compliance and features capabilities such as Segregation of Duties analysis at the object level, while providing both management and analytical reports. It also contains internal control monitoring capabilities, including simulation and automated testing and reporting.

Even as an SAP employee, I recognize that companies often end up with a system environment that includes, in addition to SAP systems, numerous purchased software packages and home-grown applications. This invariably makes the analysis of Segregation of Duties (SoD) very difficult. Not only do you have to deal with conflicts within a single system, you might have conflicts across multiple systems as well.

Up to version 4.0, Compliance Calibrator was only available for SAP systems. With the introduction of version 5.1 on SAP NetWeaver, this limitation no longer exists. In fact, Compliance Calibrator 5.2 and 5.3 now come with adapters not just for SAP but for Oracle, PeopleSoft, and JD Edwards. SAP Note 1076755 includes specifics on what versions this solution supports and how the adapters work. This allows companies that have large heterogeneous environments to directly connect Compliance Calibrator to these different purchased software platforms. Compliance Calibrator also contains a base-level rule package for these non-SAP applications.

However, many companies might have other systems, such as BAAN, Hyperion, or homegrown legacy applications, that they want to evaluate for SoD. Until now, many companies had to rely on a manual process for doing an evaluation of these other systems.

I’ll go through the steps necessary to set up Compliance Calibrator in a manner that allows you to evaluate SoD for any computer application that you want. For the purpose of this article, I will use the term “legacy application” to denote an application to which Compliance Calibrator cannot directly connect. Remember that you can follow these steps for a homegrown application or a purchased software application.

Jayne Gibbon

Jayne Gibbon, CPA, has been implementing SAP applications since 1996 and is currently a director in the Chief Customer Office at SAP. Jayne’s focus is making customers successful with their SAP HANA deployments. She has helped more than 100 customers drive business value with SAP HANA. Prior to joining SAP in 2007, Jayne worked for two multinational manufacturing companies based in Wisconsin. While an SAP customer, Jayne led the very first implementation of Virsa’s Compliance Calibrator, which is now part of SAP Access Control. Jayne’s experience includes internal audit; computer security; governance, risk, and compliance; SAP HANA; and SAP analytics.

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.