SAPLIB

1. Documentation: The mapping exercise
A company looks at SOX and other regulations to see which areas of their business are going to be affected by the regulation’s requirements. They then go through an intensive mapping process, identifying the business processes, subprocesses, and departments that are involved.

The next step is to highlight the risks and compliance issues. For example, when someone is taking orders from new customers, they need to make sure that a credit check is performed every time. The company should develop a control that will be done from outside its order-taking system that checks all transactions and reports back on whether the system is running credit checks for all new customers.

2. Testing: Real-time and historical
After the documentation phase, companies then implement control checks, either preventative checks, such as those that seek out Segregation of Duties (SoD) violations, or detective checks, which are after-the-fact checks on what happened (historical) or what’s happening right now (real-time). By automating both real-time and historical checks, a company can form a clearer idea of how their business is operating. (more…)

Popularity: 25% [?]

1. Cheaper, with fewer errors: The average purchase-to-pay transaction can be reduced from $12.03 to $8.58 when moving from a low to a high level of automation. Automated transactions are between 10 and 25 percent less prone to error.

2. Better protection: Preventative controls embedded in a system cannot be ignored and are not subject to interpretation.

3. Quicker to detect and fix: There is little or no time lag between an event occurring and being detected, so management can be notified immediately of a problem. (more…)

Popularity: 17% [?]

Benefit one: Business process improvement
One byproduct of implementing strong internal controls is business process improvement. When companies start to take a close look at their business processes and document, measure, and monitor them, they can make them more efficient and streamlined. It gives companies a chance to examine their processes closely and ask themselves probing questions such as, “Why does it take seven people for us to do something, when Company X only needs three people to do the same thing?”

Benefit two: Management by exception
By establishing a norm (such as “The process works this way and when it doesn’t, a control will alert us”), companies learn to manage by exception. Controls start to function as a barometer of how things are operating in the company — and give an early warning of how things could go awry, or an indication of trends. Controls can also flag how companies need to change or improve their processes. If companies don’t continue to assess their controls and respond to the changes that controls indicate are necessary, they could be considered negligent. (more…)

Popularity: 16% [?]

What if you have a small branch office and just one accounting clerk? What if you have year-end closing and need to grant exceptional access to the system?

Remember the master key? The key supervisor hands it out to someone who needs it desperately, and never gets it back. The people who receive these special keys are called superusers. Just like Superman, superusers have superpowers and can do anything.

Superuser access is hard to manage and risky to control, and yet it is sometimes needed. Some users are given carte blanche access, giving them free access to all systems, all objects, all transactions. This is the worst case scenario, because it means that their company has no control over who does what. (more…)

Popularity: 10% [?]

1. Increased shareholder value:

A properly functioning and documented governing framework can provide corporate leaders with an increased sense of security as they reflect on the efforts they are making toward managing compliance and risk issues. Governance can also provide reassurance to those outside of the company by demonstrating the organization’s capacity for understanding the need to manage risk and compliance issues as well as its ability to institute a functioning GRC system. The result can be measured in the strengthening of the company’s brand and reputation, which translates into stronger shareholder value.

2. Lower overall costs:

A unified and holistic approach to GRC also helps to lower the overall yearly costs to managing a company’s risk and compliance activities. For example, a GRC approach increases efficiency, allowing a company to reduce the number of people dedicated to this function and the number of hours required to carry out risk and compliance duties.

3. Improved financial performance:

A strong governing framework facilitates transparency, giving company leaders a logical and structured process (more…)

Popularity: 6% [?]