Beyond SOX: Addressing non-financial risks through SAP configuration and sound supporting processes
While many organizations focus on compliance during an SAP implementation, often related to financial reporting and regulations such as Sarbanes-Oxley (SOX), they might be underutilizing optional SAP controls that could provide extreme value to their SAP system and supporting processes. How can you apply SAP configuration and sound supporting to minimize and mitigate operational and strategic risks? This session will take a deep dive into missed and misunderstood controls and processing, while sharing configurations and practices that can make your organization run more efficiently, reduce time spent on non-value-added work, and mitigate risk.
Attendees will:
– Hear specific examples of underutilized or misused controls covering the SAP Basis system (i.e. table logging), vendor/customer master (i.e., dual control), procurement (i.e., tolerances), sales (i.e., incompleteness), GRC (i.e., the firefighter process), and more
– Learn about some of the most commonly seen control misunderstandings and the risks created by actions such as using only % or absolute values in tolerances
– Obtain tips on how to create the business case for resolving these control gaps and enabling these controls, using simple data analysis procedures through SAP Query to the BI Warehouse to quantify risk exposure and value
– Understand who in the organization should be involved in recommending and validating control changes, and how to set up an appropriate cross-functional team to ensure decisions are sound and don’t introduce other risks
– See how, once identified, tools like SAP Audit Management or SAP Process Control can be used to track the remediation status of these gaps to completion