Embedding compliance and automating workflows with ControlPanelGRC

MONDAY, OCTOBER 05, 2009

Embedding compliance and automating workflows with ControlPanelGRC

While the original drivers of the compliance movement have mostly faded from the general public's consciousness, the stringent requirements left in their wake have not. Government mandates, varied industry regulations, organizational controls, trade issues and security risks continue to be matters of increasing concern that require meticulous attention to detail and (at some point) action.

Yet while the level of difficulty and need for accuracy increase, organizations are being forced to meet these requirements, in the current economy, with tighter budgets and fewer resources.

Today, the opportunity exists for executives, auditors, IT and management professionals, and technical product groups within the SAP® environment to take advantage of the discipline required for compliance to drive innovation and process improvements, and ultimately achieve a competitive advantage while using resources more effectively. Achieving these outcomes, however, requires a change in thinking regarding compliance.

First-generation Fix

When Sarbanes-Oxley (SOX) was first enacted, the main focus was Segregation of Duties (SOD) at a very granular level. A first-generation GRC (Governance, Risk and Compliance) solution could respond to, and fully satisfy, these specific needs, and companies would spend whatever resources necessary to comply.

Today, organizations are being asked to provide results well beyond SOD with fewer resources. In other words, they must deal with even higher levels of compliance reporting requirements, along with heightened security and risk issues, while working within a finite budget.

Auditors and companies alike realize that well-managed and well-controlled systems extend beyond SOD, and in fact affect a wide range of IT processes. They also have learned that in addition to meeting SOX compliance demands, they need to safeguard investors and other constituencies from fraud, theft of data, system failures due to lack of controls, and catastrophic outages.

As a result, compliance can no longer take the form of a yearly, after-the-fact audit. It needs to be embedded into day-to-day operations and into business processes.

Second-generation Innovation

SymSoft Corporation provides a second-generation GRC suite of modular, integrated applications that address the major areas of compliance concerns for SAP users, especially in heavily regulated industries. Its software solution, ControlPanelGRC, reduces the overall cost of compliance by accelerating administrative tasks in SAP® Security and Basis, and addressing the major areas of concern for compliance in SAP®.

While first generation GRC solutions responded to SOX, they didn't increase the automation of processes that would result in tangible operational improvements, nor did they do anything to manage the high ongoing maintenance costs. ControlPanelGRC software is a flexible, easy-to-use toolset for the SAP environment that creates real-time analysis, risk mitigation and reporting through an intuitive interface that facilitates self-generated queries, ultimately leading to greater ROI from the ERP solution.

ControlPanelGRC provides an affordable, robust toolset for CIOs, Internal Auditors, Security, Basis, and Functional Administrators that address key areas of concern. Features include:

The ability to embed compliance into business processes rather than making it a separate task or operation

Automated and accelerated workflows

Real-time analysis, mitigation and reporting

Documented workflows that embed compliance into daily tasks

Effortless compliance reporting

Executive dashboards that provide information regarding the current state of compliance across all modules

Integration into existing SAP landscape without the need to support additional infrastructure

Audit Impact + Robust Toolset = Automation and Greater ROI

ControlPanelGRC's second-generation technology brings a laser focus to compliance automation, which reduces the cost and hassle of demonstrating compliance, and converts active compliance and auditing into value-added initiatives for business.

By integrating ControlPanelGRC software into the SAP environment, organizations can:

Reduce audit time, expense and distraction so they can remain focused on external market issues and reduce the “lost opportunity” costs that an audit will create internally

Embed compliance and accelerate workflows to improve data access and reporting, eliminating the repetitive manual tasks that occupy too much time and energy, freeing associates to focus on more important matters

Achieve the lowest Total Cost of Compliance (TCC) through a thoughtful design and functionality, while providing a significant overall cost advantage. This makes GRC more affordable for organizations that need it and allows clients to quickly implement process improvements and obtain greater ROI from an SAP purchase

From a business perspective, tasks automated through ControlPanelGRC software empower employees who would normally be involved for months preparing for an internal audit to focus on activities that the C-level deems impactful to the top-line or bottom-line.

From an IT perspective, implementation time can be spent on more innovative processes. And from an audit perspective, the second-generation GRC solution gives compliance executives an opportunity to become a real player in business innovation by reducing costs, opening new markets and driving new product lines. Ultimately, they gain the ability to model and fine-tune business processes rather than spending all their time focusing on proving they have controls for them.

The ControlPanelGRC Software Toolset

ControlPanel Risk Analyzer

Real-time risk analysis and mitigation

Online analysis of Segregation of Duty and Sensitive Authorization risks at the Authorization Object level

Simplified remediation by listing incompatible Transactions by function

ControlPanel Usage Analyzer & License Optimizer

Transaction Monitoring by User without creating a huge database footprint

System usage reviews to understand associate needs and to facilitate license classifications

Reverse Business Engineering, automatic monitoring of Transaction executions, automatic User Measurement Licensing classifications

ControlPanel Transport Manager

Change management policy enforcement with the ControlPanelGRC process

Automatic processing of Change Requests with workflows that include integrated tracking and recording

ControlPanel User and Role Manager

> Acceleration of day-to-day SAP security administration with an integrated solution for User and Role change management – including risk analysis, owner approval and facilitated request processing

Simplification and Monitoring of Security Testing processes

Simplified troubleshooting processes for the Security Team

Risk identification during Role maintenance processes

ControlPanel Emergency Access Manager

Temporary Authorization to troubleshoot real Production issues

Automated provisioning and tracking of pre-approved Emergency Access

Compliant management, approval, documentation and monitoring of cross-system Batch Jobs

Cross-System infrastructure to centrally schedule and monitor batch processes

ControlPanel Batch Manager

Compliant management

Approval

Documentation

Monitoring cross-system Batch Jobs

ControlPanel AutoAuditor

Automated execution, delivery and validation tracking of predefined or custom reports

Review tracking of critical compliance reports

Licensing Options

Flexible licensing options cater to any budgetary requirement