Documente Academic
Documente Profesional
Documente Cultură
Annexure
Corporations across the world are highly concerned about the security of their Enterprise
Resource Planning (ERP) systems such as SAP, from threats like fraud, intrusion, etc that affects
the integrity of their business. They require their policies and procedures to be tightened and
system to be secured.
There are some challenges that these corporations faces in their day to day business:
I don‟t know
We should have
how the Auditor declared
considered SoD
vendor got system controls to How do I
while granting
paid twice? be ineffective design business
access
controls in my
ERP?
ERP team is Does my ERP system
spending lot of has sufficient
unproductive password and user Our ERP
time on access security implementation
Is my system
maintenance controls team never
prone to
access gave us the
intrusions? controls
What is the
Solution???
Satyam Computer
2009 PWC Falsified accounts
Services
Source: KPMG
For Discussion Purposes Only 7
2009 CSI Computer Crime Survey
Per the 2009 CSI Computer Crime and Security Survey, “…change of greatest concern is that
financial fraud increased from only 12 percent of respondents to 19.5 percent of respondents. This
is reason for concern because financial fraud consistently causes victim organizations huge
losses—almost $450,000 per victim organization this year…”
Our Services
SAP Risk Advisory
SAP Consulting and project support
Corporate training
Manpower solutions
Outsourcing
Services similar to the Big4 audit firms, but at a price that fits your budget
Team from Big4 background bringing best practices
High quality deliverables and reports
Committed team available locally for year-round support
For Discussion Purposes Only 10
Our ERP Risk Advisory Services
Business Blueprint Review Quick Scan Review SAP Core team training
Identify and suggest controls as A quick check to identify and Preparing the SAP Core team
part of BBP fix „High Risk‟ issues for supporting the SAP ECC
Benchmark TO-BE process to system
SAP Business Controls
Leading practices
Review SAP End-user training
A detailed review of key Preparing the SAP End-user
Pre Go-Live Readiness business processes having team for working on the SAP
Assessment financial implication ECC system
A quick check of the status of SAP Security Controls Auditing an ERP system
critical master data,
Review training
organizational elements,
configurable controls, process A detailed review of Basis Preparing the Internal audit
integrations, system and user security, access to critical team for sustainable audit of
security before Go-Live transactions and Segregation the SAP ECC system
of duties
Verify if suggested controls are Fundamentals of ERP system
designed and implemented Audit Work Program
training
Documentation
Preparing the organization for
Preparation of detailed work
an upcoming implementation
program that will enable the
of the SAP ECC system
Internal Audit team to conduct
rigorous audit of the SAP system
Understand
business
process
Train Identify
Internal potential
Audit team risks
Report
Develop
gaps & Sales & Materials control
suggest Distribution Management
framework
solutions
Conduct Document
test of audit
controls program
Few of the benefits that your organization will derive from your SAP system, after our services:
Secured ERP Secured and robust SAP environment from both internal and
system external threats such as unauthorized usage, fraud, intrusion, etc
Maximizing
Leveraging the available automated controls using the existing SAP
configurable
configuration and reducing the manual efforts
controls
We have a team of dedicated and highly qualified SAP professionals who have
worked on ERP and IT Risk Advisory projects across 8 countries, including US and UK.
Our team comprises of Certified SAP professionals, CA, MBA and Engineers with
extensive experience in rendering SAP advisory services.
Along with SAP ECC system, our team has hand-on experiences working on tools
such as SAP GRC Access Controls and Approva Bizright Access Controls.
Industry Clients
VOLT Information Sciences Inc., USA; Covansys Corp. Inc., USA; Infosys
IT Services
Technologies, India
Energy Centrica Plc, UK; Enercon India Ltd; ONGC Ltd., India
FMCG and Consumer Goods ITC Ltd, India Philips India Ltd.
Metals and Minerals ISPAT Industries Ltd., India; BALCO Ltd., India