Manage Multiple Compliance Initiatives Using the Multicompliance Framework in SAP Process Control 10.0

  • by Kehinde Eseyin, Senior SAP GRC Consultant, Turnkey Consulting Ltd.
  • July 12, 2012
Learn how different compliance initiatives can coexist within a central compliance management repository while harnessing existing master data. This leads to a more efficient regulatory adherence process.
Key Concept
Compliance initiatives are a set of regulations and legislations that an enterprise is expected to adhere to strictly in the process of conducting its business activities. The compliance initiatives that organizations are expected to comply with differ based on metrics such as localization, size, and industry sector. The multicompliance management capability of SAP Process Control 10.0 can help you face the challenge of managing different regulations centrally.

A typical organization is faced with the business need of managing one or more regulations, procedures, or policies. Some common compliance initiatives include the US Sarbanes-Oxley Act, Japanese SOX (J-SOX), Health Insurance Portability and Accountability Act (HIPAA), US Food and Drug Administration (FDA), and the German Data Protection Law. Aside from these standard regulations, organizations also need to set up corporate policies (or internal controls) that define the corporate and strategic philosophy of the business enterprise. For all these regulations and policies, organizations need to ensure and enforce strict compliance to avoid undesirable implications as a result of noncompliance, such as litigation, fines, and outright blacklisting.

As the need to ensure sanity in the way businesses are managed locally and globally rises, it is evident that companies will continue to witness an increase in the number of regulations that will eventually dictate how businesses are conducted, especially in the best interest of the investors.  This inevitable trend will be especially challenging for multinational corporations that will have to comply with their local regulations and standards, as well as with related global standards. The consolation, anyway, is that in as much as the different regulations are distinct, they will probably have metrics (driven by master data) that are similar and that can be used to evaluate compliance. Let’s quickly examine three distinct regulations: Sarbanes-Oxley Act, Payment Card Industry (PCI) Data Security Standard, and Gramm-Leach Bliley Act (GLBA).

The Sarbanes-Oxley Act is geared towards data security and information integrity, and is designed to ensure that financial information is accurate, as well as to ensure the reliability and effectiveness of the system that produces it. The Payment Card Industry (PCI) Data Security Standard is geared towards fraud prevention and data privacy, and it ensures that organizations comply with information security obligations as they relate to data protection, safeguard from intrusion, and access control. The Gramm-Leach Bliley Act is aimed at ensuring data privacy by compelling organizations to have in place administrative, physical, and technical infrastructures that guarantee security protection, integrity, and confidentiality of the customer’s financial information. A quick deduction shows that even though these regulations are unique, the regulations will still likely need to access the same or similar master data elements, such as risks, processes, controls, mitigation controls, and test plans to drive compliance control, monitoring, and reporting.

Kehinde Eseyin

Kehinde Eseyin is a senior SAP security and GRC consultant with Turnkey Consulting (UK) Limited. He has more than eight years of SAP authorizations, GRC, and Basis experience. In the past, he has managed teams to coordinate security, GRC, and Basis administration activities within a multinational environment and operated as an independent consultant, performing SAP system audits and SAP GRC Access Control implementations. He holds a bachelor’s degree in computer science. He has different certifications, including SAP Access Control 10.0 Consultant; SAP Technical Consultant (SAP NetWeaver on Oracle); SAP Solution Manager Operations Consultant; SAP Support Engineer – SAP Solutions Manager; SAP Business One Consultant; Oracle Database Administration Professional (OCP DBA); ITIL v3; and PRINCE2. He is the co-author of SAP BusinessObjects Access Control 10.0 Application Associate Certification [Review Questions and Answers].

See more by this author


Comments

No comments have been submitted on this article. 


Please log in to post a comment.

To learn more about subscription access to premium content, click here.