07-23-2008 11:53 PM
Hi all,
1) Do organizations follow different SOX act based on the companies work? And where and who implements the sox to the SAP system?
2) Based on SOX act are we creating SOD matrix?
07-25-2008 6:26 AM
As Jose pointed out, SOX is same for all the companies. However, there are different components to carry out these SOX activities. For example:
1. Process Controls 2.5 :- Used for Autiding purposes.
2. Access Contols 5.3 :- It includes : Risk Analysis and Remediation, Compliant User Provision, Enterprise Role Management and Super User Privilege Management
for further information, kindly follow the following link:
[SAP GRC Link|https://websmp205.sap-ag.de/~form/sapnet?_SHORTKEY=01100035870000691285&]
Regards,
Faisal
07-24-2008 12:14 PM
Hi Kevin,I´ll try to answer your questions.
The sox act is the same for all, but the aplication is diferent between diferent companies. You have to analize wich are the risks in your scenario, and which job roles have risks.
For doing this work you can use Compliance calibrator that is a part of GRC, in this utility you have Risk Terminator which will do an analisys of your risks based on "his own" matrix or in one made by you.
You need to determine wich are the risks in your companie, see which of the predefined risks do you nedd and do an analisis based on thar.
I hope this can help, is my first post so if you haven´t understand anything i´ll try to explain it better.
PS- Sorry for my english, i´m spanish and i´m learning english right now
07-24-2008 6:47 PM
Thanks, How exactly you predefine the risks and make SOD matrix?
And is that we select SOX act(404,402 etc) based on the companies application?
07-24-2008 11:22 PM
Kevin-
To devise the risks, you have to define conflicting actions and their corresponding permissions. Then devise functions that contain 2 or more conflicting actions. The devise risks which contain functions.
If you purchase the SAP GRC Compliance Calibrator, you are provided with a stardardized ruleset, which contains risks for almost every system...
Ankur
07-25-2008 6:26 AM
As Jose pointed out, SOX is same for all the companies. However, there are different components to carry out these SOX activities. For example:
1. Process Controls 2.5 :- Used for Autiding purposes.
2. Access Contols 5.3 :- It includes : Risk Analysis and Remediation, Compliant User Provision, Enterprise Role Management and Super User Privilege Management
for further information, kindly follow the following link:
[SAP GRC Link|https://websmp205.sap-ag.de/~form/sapnet?_SHORTKEY=01100035870000691285&]
Regards,
Faisal
07-25-2008 9:31 PM
thank u, But I dont have OSS user ID.Is there any way I can read the link content?
07-28-2008 12:46 AM
>
> thank u, But I dont have OSS user ID.Is there any way I can read the link content?
Kevin, am afraid that without an OSS user you may not be able to check out the Marketplace portal link.
However, you may search these on web, there is enough material available which will atleast give you a clear picture.