Remediate Issues within Financial or Operational Compliance Initiatives in a Single System of Record

  • by Frank Rambo, PhD, Director, Customer Solution Adoption (CSA), EMEA
  • August 16, 2010
Too often, controls are managed using inadequate tools (e.g., point solutions, document repositories, and spreadsheets) that require too much manual tracking and updating. With SAP BusinessObjects Process Control 3.0, you can streamline issue identification and remediation with automated task notification and workflow-driven remediation plans.
Key Concept
SAP BusinessObjects Process Control 3.0 comes with an advanced concept of application roles defining ownership of relevant business objects and delivering the required level of security within the application. The application manages different types of evaluations such as design assessments, continuous control monitoring, and test of effectiveness. It sends task notifications to the holders of the responsible application roles, or executes them automatically as automated control scripts in your SAP ERP systems.

SAP Business Objects Process Control 3.0 manages the following types of evaluations for subprocesses and controls through surveys, manual test plans, and automated control scripts:

  • Subprocess design assessments
  • Control design assessments
  • Self-assessments of controls by the control owners
  • Test of control effectiveness with manual test plans
  • Automated or semi-automated test of control effectiveness
  • Automated control monitoring

The term controls refers here to both controls linked to a subprocess and indirect entity level controls (iELC) linked directly to an organization (e.g., code-of-conduct). In general, each type of these evaluations runs through the following basic steps:

  1. Evaluation by the assessors, testers, or the system
  2. Optional review of the results by a reviewer
  3. Issue identification and documentation, if deficiencies are found
  4. Issue remediation by issue owners and documented by remediation plans.
  5. Optional reevaluation by the assessors or testers (for manual evaluations only)

The recipients of the related workflow task notifications are determined by the SAP BusinessObjects Process Control security concept. For details, refer to the Security Guide > SAP Business Objects Process Control 3.0 > Risk management 3.0 available in SAP Service Marketplace at http://service.sap.com/instguides. A high-level summary is provided in Table 1. During manual evaluations with surveys and manual test plans, assessors and testers document new issues within the application and can select any SAP BusinessObjects Process Control user as the owner of the issue, unless the second-level authorization capability is activated in the IMG customizing. In the latter case, you can only select the holders of the application roles indicated in Table 1 for the respective process, subprocess, or control as issue owners.

Frank Rambo, PhD

Frank Rambo, PhD, is managing a team within SAP’s Customer Solution Adoption (CSA) organization working with customers in the SAP analytics area with the objective to drive adoption of new, innovative solutions. Prior to this position, he worked eight years for SAP Germany as a senior consultant focusing on SAP security and identity management. Before he joined SAP in 1999, Frank worked as a physicist in an international research team. He lives in Hamburg, Germany.

See more by this author


Comments

No comments have been submitted on this article. 


Please log in to post a comment.

To learn more about subscription access to premium content, click here.