Expand +



How Santa Can Stay Compliant

by Gary Byrne, Senior Editor, SAPinsider

December 20, 2011

You’ve read many stories about SAP applications this year. You’ve read about risk management, segregation of duties, access control, financial compliance. I hope many of these articles helped you with some challenges you faced this year. As Christmas draws near, I thought it might be a good idea to discuss how Financials Expert and GRC Expert can help Santa meet various challenges to keep his operations compliant.

Santa makes a list. He checks it twice. So you know he’s thorough about remaining compliant. I heard that he implemented SAP BusinessObjects Access Control to keep his operations shipshape. But how can he be certain that everything remains compliant after this implementation goes live? Nicola White offers Santa 10 tips in her article titled "10 Tips to Ensure Compliance Doesn’t Slip After a GRC 10.0 Go-Live."

She states that “when you are designing controls as part of an implementation of version 10.0 of SAP BusinessObjects GRC solutions, give some thought about how your organization will be able to maintain levels of compliance six months or one year later. It is easy to become noncompliant almost immediately post go-live. These best practices can help you avoid that pitfall.”

Santa’s elves are involved in all types of repetitive manufacturing (e.g., wooden toys, dolls, games, bicycles), and as he sets out on his sleigh, he is carrying a huge volume of product. He faces a costing challenge. Here is some advice from Muralidharan Sethuraman from his article titled “Leverage the Benefits of Period-Based Accounting for Special Make-to-Order Manufacturing Scenarios”:

“A repetitive manufacturing production process applies to manufacturing sites that are characterized by high volume and continuous production of a finished product. In this type of manufacturing process, a product cost collector is used to manage the production process and to collect associated costs incurred. The focus of a product cost collector is to enable period accounting that shows all costs of producing the finished product, instead of individual lot-oriented cost control, which enables collection of costs to manufacture a particular quantity of units. A product cost collector breaks down the costs for each step of the production process and therefore provides detailed cost information of the project, such as actual costs incurred, which is the variance analysis based on projected (or target) costs versus actual costs at the level of each material.”

If Santa delivers any European-made fruitcakes or stollens into the stockings of non-European Union households, he can benefit from the following advice from GRC Expert author Ravi Kalluri: “SAP BusinessObjects Global Trade Services allows you to export agricultural products from the European Union (EU) to non-EU countries by assigning a restitution license to the sales and distribution (SD) sales document. Restitution functionality is a part of the Risk Management module in SAP BusinessObjects Global Trade Services.” This advice is from "Manage Global Trade Restitution Laws and Demands Using SAP BusinessObjects Global Trade Services 8.0."

Santa also has to maintain and protect his list, but at critical times such as his period-end closing, he might have to provide additional access to it. In his article titled "Turn Emergency Access Management into an Auditable, Centralized Process for Your SAP Landscape," Frank Rambo has the following advice for Santa with regard to this issue:

“Emergency access management is the process to grant temporary critical access privileges in IT systems required to execute an exceptional task and review the system activities performed by the privileged users during that time. This process is a frequent target during system audits as it typically reveals vulnerabilities in the following areas:

• An all-or-nothing approach in the design of emergency access privileges exceeding required privileges to tackle a given exceptional situation by far.
• Business owners hardly involved in the approval and review of emergency access.
• A review of system activities executed with emergency access privileges often is not an auditable process.

Additionally, a tendency to grant business users excessive access privileges to tackle all kinds of rather exceptional situations, such as period-end closing activities or master data maintenance, often leads to segregation of duties (SoD) issues throughout their access privileges.”

So as you can see, as long as Santa subscribes to Financials Expert and GRC Expert, he can remain compliant and enjoy many more years of wishing everyone Merry Christmas and a good night.

An email has been sent to:

More from SAPinsider


Please log in to post a comment.

No comments have been submitted on this article. Be the first to comment!