SAP

Should we first optimize our security design or implement GRC? This is a common question that I come across while discussing with many of my customers. Why is this such a common question? What is the need to optimize the security design? Why can't we take the existing security design as a starting point and implement GRC? These are some of the questions that follow up the customer question. However anyone familiar with the way security design has been architected in the past will easily identify the need for answering the customer's question as that is the foundation of any compliance framework. Traditionally, security has been used as a tool to get the users to use the system by providing necessary (most of the times excess access). The focus has always been on using it as a technical option to grant access to the system. It was never perceived as a powerful tool in the hands of administrators or auditors for safeguarding the information assets. However with a overwhelming number of regulations and their regulations placing enormous thrust on safeguarding the information systems, organizations can not overlook access controls which forms the basis of any compliance framework. GRC is a powerful tool which can provide detective and preventive control mechanism to monitor access controls. It can help diagnose the SOD report (detective controls) and enable granting access to the system after adequate reviews are done(preventive control). However GRC is only a front end and the real benefit of implementing GRC can be reaped if and only if the back end system is cleaned. Security optimization aims to clean up the existing security architecture by critically analyzing the existing security design for relevance, redundancy, duplication and compliance. There is no one best approach / sequence for security optimization and GRC implementation. It will be good to initiate both the activities in parallel. However depending on the extent of clean up required, either of the two activities could follow up on the other.

Posted by Keerthana Mainkar at 10:12 AM | Permalink | Comments ( 0 ) | TrackBacks ( 0 )

SAP or any other ERP project execution in compliance way is a challenge for security and controls team.

In the project initiation and planning phases, security and controls will be given lower priority by which security KPIs will not be defined and Security objectives will not be covered in Scope statement and WBS processes.

Continue reading " Successful project planning for compliance identity management - Part I " »

Posted by Raghu Duggirala at 2:53 PM | Permalink | Comments ( 0 ) | TrackBacks ( 0 )

In the part-1 blog, the main topics in a business transformation were covered at high level.
In current Part-2 blog, the global process will be discussed.
A global process-oriented approach requires generally accepted (standardized) and comparable descriptions of work processes. Therefore, the key purpose of global SAP Roles is to have a uniform basis with global principles.

Continue reading " SAP Security design strategy for a transformation program (Part 2) " »

Posted by Raghu Duggirala at 3:05 PM | Permalink | Comments ( 0 ) | TrackBacks ( 0 )

Security design is very critical in any SAP project. Most of projects will have major security issues during go-live,hyper care & steady state with incorrect authorization analysis,design and frame work. The security role authorizations frame work is important for compliant user provisioning for any project and in particular for business transformation projects.

SAP security is robust and well defined as compare to other ERP systems. In Business transformation projects, the SAP security shall be new to the end users and they should be given good training. The security awareness sessions shall be part of training.

Few important design points will be covered in this blog.

Continue reading " SAP Security design strategy for a transformation program " »

Posted by Raghu Duggirala at 9:59 AM | Permalink | Comments ( 0 ) | TrackBacks ( 0 )

What has helped retailers eliminate costs, manage assets and provide self checkout facility to customers? What has eliminated multiple resource requirements for handling and tracking packages and parcels in transport industry? What has off late reduced the burden of manual intervention at the toll gates?

No reward for guessing and it is RFID (Radio-frequency identification). Simply put, RFID (also sometimes referred to as Auto ID) outlines a technique of identifying an entity relevant to business, by use of radio waves (with the help of RFID tags and tag readers). Now various industries have seen multi faced utility of RFID. Let's assess its usage in Pharma Manufacturing with focus on regulatory compliance.

Continue reading " RFID in Pharma Manufacturing and Regulatory Compliance " »

Posted by Anand Krishna Sharma at 6:10 AM | Permalink | Comments ( 0 ) | TrackBacks ( 0 )

by Anand Krishna Sharma

Validation and adherence to regulatory guidelines is an integral part of any Life Sciences Company. One of the most popular IT systems in the market that form core of the functional system is SAP. SAP offers unique advantages, challenges and issues in catering to regulatory compliance due its inherent complexity, structure and processes. I would like to give a snapshot of such nuances in implementing Validation and compliance checks at a very high level in SAP environment.

Continue reading " Validation in SAP projects " »

Posted by Guest Blogger at 9:54 AM | Permalink | Comments ( 0 ) | TrackBacks ( 0 )

We heard of Preconfigured templates which will be kind of half the problem solved, ready to consume and jumpstart the implementation project.  On similar lines while I was looking at some of the ongoing legal changes that are to be complied in a time bound fashion,  I was wondering if we can come up with 'Preconfigured point solutions for accelerated legal compliance'.   Below is my thought process on same and wish to share view points with the ERP fraternity.

Continue reading " Preconfigured point solutions for accelerated compliance of ERP systems to regulatory changes " »

Posted by Udayakanth Kuppa at 9:28 AM | Permalink | Comments ( 1 ) | TrackBacks ( 0 )

In this blog entry , we discuss some of  major challenges faced by organization in adoption of IFRS. "Starting early" is one of the key decision organization should take to overcome these challenges.

Continue reading " IFRS adoption and IT systems: What should be your focus area ? Part 2 " »

Posted by Anand Prakash Jangid at 1:54 PM | Permalink | Comments ( 0 ) | TrackBacks ( 0 )

With the timeline for adoption/convergence of IFRS fast approaching , its important for businesses worldwide to understand the impact of it on IT systems. Those not involving IT from the beginning are typically the organizations underestimating the level of changes associated with IFRS implementation.The ability to meet these challenging reporting requirements largely depends upon the magnitude of the IFRS and GAAP differences, the capabilities of the company's information systems and the agility of its processes.There cannot be one best solution for all companies, it is better to start the process earlier than late.

Continue reading " IFRS adoption and IT systems: What should be your focus area ? " »

Posted by Anand Prakash Jangid at 2:25 PM | Permalink | Comments ( 7 ) | TrackBacks ( 0 )

If this is true, then AccAD is your “goto” solution. Positioned as a complimentary offering to SAP Netweaver, SAP’s Accelerated Application delivery (ACCAD), is a standalone application. It can be leveraged as an enabler for SAP's global central system strategy e.g., Central Portal as single central access point for end-users worldwide.

Access via AccAD is significantly fast than direct access over WAN. This is true for limited bandwidth and longer latencies.

Continue reading " Are you concerned about your Netweaver web application performance in your remote offices? " »

Posted by Senthil Muthuvelu at 3:08 PM | Permalink | Comments ( 1 ) | TrackBacks ( 0 )

Continue reading " BCP in ERP Business Processes " »

Posted by Senthil Muthuvelu at 1:27 AM | Permalink | Comments ( 0 ) | TrackBacks ( 0 )

Globalisation and investment across the globe has resulted in a need for comparable financial statements. Today different countries are following different GAAP as suggested by their local accounting bodies, there by making the financial statements comparison across the geography, a much complex process. IASB has tried to bring down the effort of financial statement normalisation through IFRS. The spend on IFRS convergence is expected to be as high as 0.5% of the revenue of a company.

Continue reading " IFRS the next big wave " »

Posted by Keerthana Mainkar at 6:51 AM | Permalink | Comments ( 0 ) | TrackBacks ( 0 )

Continue reading " Compliance to Competency - Is compliance a bane or a boon " »

Posted by Keerthana Mainkar at 6:06 AM | Permalink | Comments ( 0 ) | TrackBacks ( 0 )

With the exponential growth rate of data in enterprise business systems, it becomes billion $ challenge to manage information to meet the legal and business mandates in the increased global economy threat today.

Continue reading " What is your ILM strategy today? Is it more than archiving? " »

Posted by Senthil Muthuvelu at 2:44 PM | Permalink | Comments ( 0 ) | TrackBacks ( 0 )