SAPLIB

SAP Security In-Depth is a free technical publication leaded by the Onapsis Research Labs with the purpose of providing specialized information about the current and future risks in the SAP security field, allowing all the different actors (financial managers, information security managers, SAP administrators, auditors, consultants and the general professional community) to better understand the involved risks and the techniques and tools available to assess and mitigate them. (more…)

Popularity: 66% [?]

1. Documentation: The mapping exercise
A company looks at SOX and other regulations to see which areas of their business are going to be affected by the regulation’s requirements. They then go through an intensive mapping process, identifying the business processes, subprocesses, and departments that are involved.

The next step is to highlight the risks and compliance issues. For example, when someone is taking orders from new customers, they need to make sure that a credit check is performed every time. The company should develop a control that will be done from outside its order-taking system that checks all transactions and reports back on whether the system is running credit checks for all new customers.

2. Testing: Real-time and historical
After the documentation phase, companies then implement control checks, either preventative checks, such as those that seek out Segregation of Duties (SoD) violations, or detective checks, which are after-the-fact checks on what happened (historical) or what’s happening right now (real-time). By automating both real-time and historical checks, a company can form a clearer idea of how their business is operating. (more…)

Popularity: 25% [?]

ASAP (Accelerated SAP) project implementation cover several phase such as:
Phase 1: Project Preparation
Phase 2: Business Blueprint
Phase 3: Realization
Phase 4: Final Preparation
Phase 5: Go-Live and Support
below detail checklist and step by step for ASAP implementation

Download

Popularity: 73% [?]

Risk planning: For each business activity, what are we trying to achieve, what are the assumptions and constraints, and what risks do we want to monitor?

Risk identification and analysis: For each business activity, we identify the risks. For each risk we look at the nature of the risk, its probability of occurrence, and the quantitative and qualitative aspects of the risk.

Risk response: Is there anything we can do to reduce, mitigate, or even remove the risk? How much will this cost? What is the potential ROI of taking this step? Who’s responsible for making sure that the response happens?

Risk monitoring: In this step, we continuously track and monitor each of the risks and analyze any risks that, despite our efforts, turn into incidents.

Popularity: 23% [?]

SAP GRC Process Improvement is a improvement model based on governance risk and control. With such a process of continuous improvement in place, companies get the most important benefit that they are seeking from GRC—the peace of mind that comes from knowing that financial information is accurate, risks are being managed, regulations are being complied with, and that the probability of nasty surprises is as low as it can be.

Popularity: 21% [?]