SAPLIB

Download Free Business Continuity Plans Audit Checklist. This Checklist covers some basic activity during BCM testing such as:
- Table-top testing of various scenarios involves an imaginary ‘walkthrough’ of a continuity plan in a specific set of circumstances, using imaginary events and predicting what is likely to happen on the ground.
- Simulations are one of the most important testing approaches, as simulations also serve to train the people concerned and help identify other issues that could be critical but that have not been identified through the walk-through test. (more…)

Popularity: 15% [?]

1. Information flows sequentially, and there are technical obstacles for each step.

2. The whole process relies on manual operations. Information is typically exchanged by e-mail. Data is stored in Microsoft Excel spreadsheets. Validation and consolidation require considerable effort and time. The whole process is prone to errors.

3. Whole teams spend weeks or months gathering the data, making sure that it’s correct and consolidating it. Because this whole process is based on manual operations, many companies invest in third party assurance by hiring expensive auditing companies. Costs can reach two million euros per an annual report.

4. Sustainability solutions often aren’t integrated into other existing systems. According to a survey of 150 companies in the U.S. and Europe by AMR Research, less than one-third use their ERP systems to help manage CSR issues. Yet these enterprise-wide systems should be the very foundation of balancing environmental, social, and business objectives.

Popularity: 16% [?]

1. Documentation: The mapping exercise
A company looks at SOX and other regulations to see which areas of their business are going to be affected by the regulation’s requirements. They then go through an intensive mapping process, identifying the business processes, subprocesses, and departments that are involved.

The next step is to highlight the risks and compliance issues. For example, when someone is taking orders from new customers, they need to make sure that a credit check is performed every time. The company should develop a control that will be done from outside its order-taking system that checks all transactions and reports back on whether the system is running credit checks for all new customers.

2. Testing: Real-time and historical
After the documentation phase, companies then implement control checks, either preventative checks, such as those that seek out Segregation of Duties (SoD) violations, or detective checks, which are after-the-fact checks on what happened (historical) or what’s happening right now (real-time). By automating both real-time and historical checks, a company can form a clearer idea of how their business is operating. (more…)

Popularity: 25% [?]

1. Cheaper, with fewer errors: The average purchase-to-pay transaction can be reduced from $12.03 to $8.58 when moving from a low to a high level of automation. Automated transactions are between 10 and 25 percent less prone to error.

2. Better protection: Preventative controls embedded in a system cannot be ignored and are not subject to interpretation.

3. Quicker to detect and fix: There is little or no time lag between an event occurring and being detected, so management can be notified immediately of a problem. (more…)

Popularity: 17% [?]

What if you have a small branch office and just one accounting clerk? What if you have year-end closing and need to grant exceptional access to the system?

Remember the master key? The key supervisor hands it out to someone who needs it desperately, and never gets it back. The people who receive these special keys are called superusers. Just like Superman, superusers have superpowers and can do anything.

Superuser access is hard to manage and risky to control, and yet it is sometimes needed. Some users are given carte blanche access, giving them free access to all systems, all objects, all transactions. This is the worst case scenario, because it means that their company has no control over who does what. (more…)

Popularity: 10% [?]