Manage Multiple Compliance Initiatives Effectively Leveraging Shared Master Data

  • by Frank Rambo, PhD, Director, Customer Solution Adoption (CSA), EMEA
  • March 11, 2010
When different teams work with different procedures in different software solutions to address the many internal policies and external regulations to which a company is subject, it leads to inconsistent master data, unnecessary costs, and a lack of management visibility. SAP Business Objects Process Control 3.0 comes with a global master data catalogue and a multiple compliance framework to provide an efficient solution. It allows for managing compliance with respect to multiple regulations in a unified manner in a single system using shared master data. Learn more about how it works and how to set it up in the system.
Key Concept
SAP BusinessObjects Process Control 3.0 runs on an SAP NetWeaver Application Server ABAP 7.01 SP3 or higher and requires an SAP NetWeaver Portal on the same release level as the user interface. The user interface consists of iViews, worksets, and portal roles. The standard reports and dashboards in SAP BusinessObjects Process Control use SAP BusinessObjects Crystal Reports and Xcelsius dashboard technology. The solution also comes with the capability of automated control testing in SAP and non-SAP systems, requiring the installation of Real-Time Agents (RTAs) or adapters from SAP’s software partner Greenlight, respectively. Due to this solution architecture the configuration of a new compliance initiative in SAP BusinessObjects Process Control requires nothing more than some customizing in the IMG and creation of portal content objects based on copies of the content already delivered with the software.

Companies face the challenge to stay compliant with a multitude of diverse regulations and internal policies. Each region has its own unique regulatory requirements, which are not limited solely to financial compliance. Global companies not only need to adhere to their own country’s regulatory mandates, but also to regulatory mandates of any country in which they do business. In most compliance environments, each initiative is managed separately, not only by different individuals, but also by different systems and procedures. This results in the following issues:

  • Lack of management confidence due to non-standardized procedures and reporting
  • Duplication of efforts due to redundant evaluations and tests
  • Inconsistent master data maintained in multiple systems
  • Higher IT costs with multiple systems to maintain and support
  • Slow time-to-compliance as new systems need to be procured, data maintained, and users trained
  • Manual documentation such as spreadsheets or other paper-based solutions
  • Limited oversight across all compliance initiatives from a global perspective

A multiple compliance framework (MCF) solution can overcome these issues. Using a single solution that can handle several different compliance and policy mandates increases both efficiency and effectiveness. Using an MCF helps to eliminate the duplication of efforts and simplify the management of compliance initiatives by using common master data across the entire environment. A single solution reduces the amount of IT hardware needed and the cost of powering and maintaining servers. It also reduces the cost of training users on multiple systems and multiple processes.

SAP BusinessObjects Process Control 3.0 comes with an MCF that includes the following capabilities:

  • Central master data catalog shared across compliance initiatives
  • Shared surveys, manual test plans, and automated controls to reduce efforts when performing assessments, compliance testing, and continuous monitoring
  • Results from evaluations can be referenced from multiple compliance initiatives instead of repeating them
  • Common compliance processes and reporting within and across compliance initiatives

I will cover how the MCF in SAP BusinessObjects Process Control is used from a business user perspective and how a new regulation is set up in the system. As an example I will use a compliance initiative for the Japanese version of Sarbanes-Oxley (JSOX). For a high-level overview of SAP BusinessObjects Process Control, refer to my prior article on a risk-based internal control system, published in the GRC Expert knowledgebase in February 2010.

Frank Rambo, PhD

Frank Rambo, PhD, is managing a team within SAP’s Customer Solution Adoption (CSA) organization working with customers in the SAP analytics area with the objective to drive adoption of new, innovative solutions. Prior to this position, he worked eight years for SAP Germany as a senior consultant focusing on SAP security and identity management. Before he joined SAP in 1999, Frank worked as a physicist in an international research team. He lives in Hamburg, Germany.

See more by this author


Comments

No comments have been submitted on this article. 


Please log in to post a comment.

To learn more about subscription access to premium content, click here.