On-Going Compliance is the process and/or combination of processes ensuring that your ERP systems contain minimal SoD issues and will contain an ever decreasing number of SoD issues. The "zero SoD issues" target can of course not be made a reality because of finite resources and business skills constraints. Instead, business controls are implemented to cover remaining business risks induced either by SoD issues or by accesses to critical business processes.
The purpose and challenge of the on-going compliance process is to ensure the equilibrium between minimization of SoD issues, efficient documentation and control of business risks and seamless operation of business processes within your systems.
Companies have to go for a realisitic, well structured and coherent approach to on-going compliance. The overall target is to ensure that business risks are mitigated and will continue to be mitigated in the whole systems landscape. Such an approach usually includes at least the following key building blocks:
Ensure that business risks will continually be detected and mitigated with the required and appropriate level of documentation. Appropriate "testing" sessions should be planned for and launched on a regular basis. Business risks control process is expected by many auditos to be improved and rendered even more efficient by companies on the long run.
ADINEO on-going compliance key features
ADINEO keeps track of users activity for audit purposes. ERP systems tracability and auditability are key in the area of on-going compliance. Based on customizable batch processes, ADINEO retrieves data directly from the ERP system and stores it in its own database. These data is enriched to keep track of every significant information that could then be made available for analysis across all modules of the business suite.
Critical or important business risks are usually mitigated through the setup of business controls. These controls are assigned to users, with the purpose to test and / or review them regularly. ADINEO continuouslymonitors critical and important business risks by systematic and automated analysis of system activity. ADINEO ensures that assigned business controls are applied and reviewed with the defined protocols, procedures and the relevant frequencies based on workflow enabled tracking functions.
Alerts can be customized to detect selected business risks occurrence. ADINEO will not overwhelm you with data from your ERP systems. And the reason is simple: you do not have the time to review amounts of figures, mixing real risks and less important issues. ADINEO provides you with the ability to determine which business risks to set under alert automation.
Continuous monitoring of ERP users and authorizations setup through customizable batch processes. ADINEO regularly scans the full ERP systems and reports on unauthorized activities in the systems. Unauthorized activities are those that do not correspond to the IT guidelines defined by your company (for example, the construction of manual authorizations while your company decided to use the automated functions of your ERP systems).
Continuous improvement of business functions assignment based on automated and customizable batches targeting users activity review. The purpose of every organization should be to restrict ERP systems accesses to what is actually needed by end users. Based on systematic and regular reviews of users activity, ADINEO provides you with statistics telling you how to optimize and reduce accesses.
t
Set the pace for authorizations continuous improvement within ERP systems. ERP systems configuration and functionalities evolve in time, and users requirements too. Authorizations assignments to users have to be always looked for optimization, providing those users with the accesses they really require. Not more, not less. This continuous improvement initiative aims at reducing the number of SoD issues at user level, thus reducing the number of business controls to be performed.
Setup efficient tracklogging programs to systematically review systems activity for the use of critical business processes. This kind of procedure should either be automated or run at regular time intervals on specified users or group of users. In particular, system activities of "super users", usually accessing your productive systems for maintenance purposes, should be reviewed for anomalies detection and overall control purpose.
Solutions > On-Going Compliance
Preserving compliance through automated and customizable systems monitoring of users activity and business risks. ADINEO delivers.
Copyright 2005-2006. ADINEO. All Rights Reserved.
