SAP SOX Compliance
What Is SOX Compliance?
The Sarbanes-Oxley Act (SOX) of 2002 requires financial transparency by U.S. public companies, ensuring their data is secure and accurate. Drafted by Congressmen Paul Sarbanes and Michael Oxley following several U.S. corporate and financial scandals, SOX compliance means having a formalized system for internal controls — one that provides full financial transparency.
In a blog post, the criticality of SAP governance, risk management, and compliance (GRC) for SOX compliance is explored. The author points out that two sections (Section 302 and Section 404) are the most important and relevant for SAP GRC and finance users.
What Is SOX Compliance?
The Sarbanes-Oxley Act (SOX) of 2002 requires financial transparency by U.S. public companies, ensuring their data is secure and accurate. Drafted by Congressmen Paul Sarbanes and Michael Oxley following several U.S. corporate and financial scandals, SOX compliance means having a formalized system for internal controls — one that provides full financial transparency.
In a blog post, the criticality of SAP governance, risk management, and compliance (GRC) for SOX compliance is explored. The author points out that two sections (Section 302 and Section 404) are the most important and relevant for SAP GRC and finance users.
An SAP SOX compliance checklist should address the following:
- Segregation of duties
- SAP GRC monitoring
- Safeguard SOX audit trails against emergency access
- Automate SAP audit reporting
Further Resources for SAPinsiders
Accounting & Finance Expands Its Influence. In this article, learn how UGI Utilities developed a strategic roadmap to better anticipate internal and external demands on the business — including regulations such as SOX. The utility shares how using BlackLine and its task functionality provides intuitive controls for SOX compliance.
Beyond SOX: Addressing non-financial risks through SAP configuration and sound supporting processes. Often, compliance is a focal point during SAP implementation to ensure compliance with financial reporting and regulations, such as SOX. However, there are optional SAP controls that could provide even more value to companies’ SAP system and supporting processes. In this session, Steve Biskie from RSM shares how to minimize and mitigate operational and strategic risks through SAP configuration. Understand who in the organization should be involved in recommending and validating control changes, and how to set up an appropriate cross-functional team to ensure decisions are sound and don’t introduce other risks.
Bridging the Cybersecurity Gap in IT General Controls (ITGC). Compliance with regulations like SOX often require a set of controls in place to mitigate risks to the integrity of financial reporting. Current ITGC testing performed by internal and external auditors is only focused on one slice of access risk. In this session, Brian Tremblay from Onapsis shares why it’s critical to understand the threats that exist to your SAP system beyond the current ITGC scope and how they relate to compliance with SOX.
A vendor that can help SAP customers with SOX compliance is Appsian Security. The provider offers a single platform for automating how users secure user identity, govern access, detect and prevent fraud, and demonstrate compliance with SOX, the General Data Protection Regulation, and more across critical business applications.
969 results
-
Changes Are Coming to Healthcare: Is Your ERP System Ready?
ManagementAs the stormy economy continues to batter even the sturdiest businesses, even healthcare companies are feeling under the weather. However, while many are cutting back on IT spending, there are positive signs for SAP professionals as the industry continues its march to modernization. The federal stimulus package focused considerable public attention on technology and the...…
-
Manage Global Trade Restitution Laws and Demands Using SAP BusinessObjects Global Trade Services 8.0
Learn how SAP BusinessObjects Global Trade Services handles the restitution process in the European Union. Understand how to configure restitution functionality in SAP BusinessObjects Global Trade Services 8.0 through a step-by-step configuration checklist. Key Concept SAP BusinessObjects Global Trade Services allows you to export agricultural products from the European Union (EU) to non-EU countries by...…
-
Ensuring SoD Library Quality
Learn how to get the SAP user and approver community truly involved in reviewing segregation of duties (SoD) risk rules. Key Concept Companies using SAP BusinessObjects Access Control are ultimately responsible for the thoroughness of their segregation of duties (SoD) library, even though SAP delivers a baseline ruleset (see SAP Note 986996 [GRC Access Control...…
-
How to “Stay Clean” (for Now) with Risk Terminator
To realize all the business benefits of SAP BusinessObjects Access Control, it is important that you implement compliant user provisioning and enterprise role management (formerly Access Enforcer and Role Expert). However, if you are not ready to do that, Risk Terminator provides a very good interim solution. You can follow these step-by-step instructions for configuring...…
-
Forestall Data Loss and Enforce Data Security with an Air-Tight Backup Policy
Learn strategies that are invaluable for designing and developing a backup and restore procedure capable of safeguarding the data in your entire SAP system landscape while guaranteeing adequate data protection, security, and compliance with legal regulations. Key Concept A backup policy covers processes and procedures of making data (or database) copies with the intent of...…
-
Is Business Objects the Next ERP?
ManagementOver the past two decades, the ERP system has evolved from a collection of components into a platform for collaboration and innovation. Find out why Business Objects executives, speaking at the inaugural Business Objects Influencer Summit, say its platform is poised to undergo a similar transformation – and what it means for the SAP ERP...…
-
SAP E-Recruiting Part 3: Source Talent Globally While Supporting Local Regulations and Business Needs
Recruiting practices not only determine the quality of your employees but also must comply with local and international business laws. Learn the important considerations for using SAP E-Recruiting in a global environment. Most of these tips for using SAP E-recruiting are also valid for single-country deployments. Key Concept A context is a version of the...…
-
Avoid Losing Valuable Sales and Customer Data by Using Backup and Recovery in Depth
Find out why multiple, in-depth layers of recovery parameters are more effective than a single layer when backing up and recovering SAP CRM data, business processes, and event logs. Key Concept Backup and recovery in depth refers to the strategy of creating multiple layers of recovery parameters (rather than a single layer) to better back...…
-
Develop a Strong Talent Pipeline Using SuccessFactors Recruiting Marketing
Having a talent pipeline consisting of top candidates who can be recruited to open positions is important for recruiters to do their job. The candidates in the talent pipeline can also provide candidate referrals to the recruiters. See the functionalities available in Recruiting Marketing (previously known as Jobs2Web) and how to use them to build...…
-
Spotlight: Ensure Security During an Implementation of an SAP Application
/Project Management/MobileBill Oliver, founding partner at Winterhawk Consulting, answers questions on how to ensure that SAP applications remain secure during an implementation. To learn more about challenges security teams face during implementations of SAP applications, I had Bill Oliver, founding partner at Winterhawk Consulting, answer a series of questions about his experience implementing SAP applications...…
Your request has been successfully sent