Manage Multiple Compliance Initiatives Using the Multicompliance Framework in SAP Process Control 10.0
- by Kehinde Eseyin, Senior SAP GRC Consultant, Turnkey Consulting Ltd.
- July 12, 2012
Learn how different compliance initiatives can coexist within a central compliance management repository while harnessing existing master data. This leads to a more efficient regulatory adherence process.
Compliance initiatives are a set of regulations and legislations that an enterprise is expected to adhere to strictly in the process of conducting its business activities. The compliance initiatives that organizations are expected to comply with differ based on metrics such as localization, size, and industry sector. The multicompliance management capability of SAP Process Control 10.0 can help you face the challenge of managing different regulations centrally.
A typical organization is faced with the business need of managing one or more regulations, procedures, or policies. Some common compliance initiatives include the US Sarbanes-Oxley Act, Japanese SOX (J-SOX), Health Insurance Portability and Accountability Act (HIPAA), US Food and Drug Administration (FDA), and the German Data Protection Law. Aside from these standard regulations, organizations also need to set up corporate policies (or internal controls) that define the corporate and strategic philosophy of the business enterprise. For all these regulations and policies, organizations need to ensure and enforce strict compliance to avoid undesirable implications as a result of noncompliance, such as litigation, fines, and outright blacklisting.
As the need to ensure sanity in the way businesses are managed locally and globally rises, it is evident that companies will continue to witness an increase in the number of regulations that will eventually dictate how businesses are conducted, especially in the best interest of the investors. This inevitable trend will be especially challenging for multinational corporations that will have to comply with their local regulations and standards, as well as with related global standards. The consolation, anyway, is that in as much as the different regulations are distinct, they will probably have metrics (driven by master data) that are similar and that can be used to evaluate compliance. Let’s quickly examine three distinct regulations: Sarbanes-Oxley Act, Payment Card Industry (PCI) Data Security Standard, and Gramm-Leach Bliley Act (GLBA).
The Sarbanes-Oxley Act is geared towards data security and information integrity, and is designed to ensure that financial information is accurate, as well as to ensure the reliability and effectiveness of the system that produces it. The Payment Card Industry (PCI) Data Security Standard is geared towards fraud prevention and data privacy, and it ensures that organizations comply with information security obligations as they relate to data protection, safeguard from intrusion, and access control. The Gramm-Leach Bliley Act is aimed at ensuring data privacy by compelling organizations to have in place administrative, physical, and technical infrastructures that guarantee security protection, integrity, and confidentiality of the customer’s financial information. A quick deduction shows that even though these regulations are unique, the regulations will still likely need to access the same or similar master data elements, such as risks, processes, controls, mitigation controls, and test plans to drive compliance control, monitoring, and reporting.
Would you like to see this full item?