SAP- IT Security and Business Controls Monitoring Automation

We understand automation of control monitoring is essential to address the challenges you have today. Based on our discussion with clients, we understand that they are trying to streamline a rationalised IT security and business control monitoring framework for ERP systems.

Key objectives

Streamline IT security and business control monitoring framework by automating the monitoring process
Sustenance of the control monitoring model and ensure compliance

How we can help?

A PwC team will leverage its dedicated control repository based on your risk matrix and requirement
A dedicated team will provide managed services support pertaining to IT & business controls

Problems to solve

Automated monitoring of IT security and business controls
Visibility on effectiveness of controls through management dashboards
Lack of dedicated support for monitoring the effectiveness of controls

Leveraging Our Repository - Typical Controls for Automation

Monitoring password sharing for non-AD linked users and report exceptions
Critical “SAP_ALL” & “SAP_NEW” profile access is assigned to a dialog user
Debug change access is assigned for more than 2 days in production environment
Alert role owners when sensitive/ privileged access is assigned to unauthorised user group

To ensure there is no budget overrun (evaluation by cost centers, internal orders, projects)
Alert to the control owner on missing critical fields for customer/vendor/bank/material etc.
If a user has created fictitious vendor and initiated payment for those vendor
Highlight if separated user Ids are still active in SAP systems

Physical inventory count and difference posted by the same user
Create sales order and credit master update by the same user
Alert to risk managers if PO/PR creation and release is performed by the same user
Requisition an item and create a PO from that requisition
Hide inventory by not fully receiving order but invoicing

Alert to risk managers if audit configuration has been changed
Monitor changes to system settings that prevent duplicate invoice posting
Event report if client maintenance activity is performed in SAP system
Alert to risk manager if profile parameters are modified

Access to create project budget in the system and access to approve the project budget
Access to process sales order in the system and access to do delivery processing
If time maintenance and payroll processing is performed by the same user
Alert to risk manager if both park and post assigned to the same user

Generate exception if the SAP system’s disk space reaches its threshold value which will stop logging
Monitor critical financial jobs schedule to ensure that errors to key jobs are identified and resolved timely
Event report for application server stoppage and sudden start
Event report for master data compliance

Governance and lack of dedicated support
Complicated UI
Lack of compliance regulation
No process improvement

Governance and lack of dedicated support

Post implementation of an automation control monitoring solution its sustenance becomes a challenge due to the lack of control compliance expertise and solution knowledge

Complicated UI

Complicated user interface makes it difficult for business to ensure framework sustenance
This results in users going back to the manual process

Lack of compliance regulation

No compliance support to ensure the below activities

Regular compliance health check
Identification of failed controls
Timely remediation
Furnish trend analysis on controls

No process improvement

No process improvement workflow wherein inputs from the stakeholders and changing business needs to be accommodated in the control model

Various functions that benefit from this service offering

Holistic view to the management for CEO/CFO certification
Real-time dashboards on control status
Reduced compliance costs

Visibility on status of controls pertaining to business process
Monitoring whether timely action taken for any exceptions noted by the external auditor
Easy to track the status of critical controls during audits

Reduced time in data extraction and audit
Timely RCA and resolution of control exception

Visibility on control status during audits.
Focus on action taken for any exceptions noted by the Ext. Auditor
Focus on critical areas during audits

Can easily review current status of controls using the automated monitoring solution
Data needed for review is readily available, no need to request for data extraction
Interactive tool to receive comments from business over any exceptions reported

Benefits of having control monitoring solution

Protecting investments and making system regulatory compliance

Reduced audit efforts

Centralised reporting and better visibility

Integrated compliance management

Cost of internal and external assurance

Efficiency in controls monitoring

Accuracy, completeness and accountability

Follow PwC India

Required fields are marked with an asterisk(*)

Name*

Organisation*

Email*

Contact*

Query*

By submitting your contact information you acknowledge that you have read the privacy statement and that you consent to our processing the data in accordance with that privacy statement including international transfers. If you change your mind at any time about wishing to receive material from us you can send an e-mail to privacy@pwc.com.

Contact us

Nikunj Seth

Leader, Risk Managed Services, Risk Consulting, PwC India

Sangram Gayal