SAPLIB

1. Information flows sequentially, and there are technical obstacles for each step.

2. The whole process relies on manual operations. Information is typically exchanged by e-mail. Data is stored in Microsoft Excel spreadsheets. Validation and consolidation require considerable effort and time. The whole process is prone to errors.

3. Whole teams spend weeks or months gathering the data, making sure that it’s correct and consolidating it. Because this whole process is based on manual operations, many companies invest in third party assurance by hiring expensive auditing companies. Costs can reach two million euros per an annual report.

4. Sustainability solutions often aren’t integrated into other existing systems. According to a survey of 150 companies in the U.S. and Europe by AMR Research, less than one-third use their ERP systems to help manage CSR issues. Yet these enterprise-wide systems should be the very foundation of balancing environmental, social, and business objectives.

Popularity: 16% [?]

1. Documentation: The mapping exercise
A company looks at SOX and other regulations to see which areas of their business are going to be affected by the regulation’s requirements. They then go through an intensive mapping process, identifying the business processes, subprocesses, and departments that are involved.

The next step is to highlight the risks and compliance issues. For example, when someone is taking orders from new customers, they need to make sure that a credit check is performed every time. The company should develop a control that will be done from outside its order-taking system that checks all transactions and reports back on whether the system is running credit checks for all new customers.

2. Testing: Real-time and historical
After the documentation phase, companies then implement control checks, either preventative checks, such as those that seek out Segregation of Duties (SoD) violations, or detective checks, which are after-the-fact checks on what happened (historical) or what’s happening right now (real-time). By automating both real-time and historical checks, a company can form a clearer idea of how their business is operating. (more…)

Popularity: 25% [?]

1. Cheaper, with fewer errors: The average purchase-to-pay transaction can be reduced from $12.03 to $8.58 when moving from a low to a high level of automation. Automated transactions are between 10 and 25 percent less prone to error.

2. Better protection: Preventative controls embedded in a system cannot be ignored and are not subject to interpretation.

3. Quicker to detect and fix: There is little or no time lag between an event occurring and being detected, so management can be notified immediately of a problem. (more…)

Popularity: 17% [?]

Benefit one: Business process improvement
One byproduct of implementing strong internal controls is business process improvement. When companies start to take a close look at their business processes and document, measure, and monitor them, they can make them more efficient and streamlined. It gives companies a chance to examine their processes closely and ask themselves probing questions such as, “Why does it take seven people for us to do something, when Company X only needs three people to do the same thing?”

Benefit two: Management by exception
By establishing a norm (such as “The process works this way and when it doesn’t, a control will alert us”), companies learn to manage by exception. Controls start to function as a barometer of how things are operating in the company — and give an early warning of how things could go awry, or an indication of trends. Controls can also flag how companies need to change or improve their processes. If companies don’t continue to assess their controls and respond to the changes that controls indicate are necessary, they could be considered negligent. (more…)

Popularity: 16% [?]

What if you have a small branch office and just one accounting clerk? What if you have year-end closing and need to grant exceptional access to the system?

Remember the master key? The key supervisor hands it out to someone who needs it desperately, and never gets it back. The people who receive these special keys are called superusers. Just like Superman, superusers have superpowers and can do anything.

Superuser access is hard to manage and risky to control, and yet it is sometimes needed. Some users are given carte blanche access, giving them free access to all systems, all objects, all transactions. This is the worst case scenario, because it means that their company has no control over who does what. (more…)

Popularity: 10% [?]