Sarbanes–Oxley

  • Leading into a Better Digital Future

    Right advice for all your IT and Business Needs

    We are an international, passionate team of SAP consultants with a proven record of managing SAP rollouts, implementations and consulting projects. We are committed to bring the depth of SAP software expertise to the job.

    At Vinci Solutions we feel that our services whether rapid SAP All In One Implementation or various IT consulting represent what we consider to be very best expert assistance for your business success.

    Our Philosophy

    Effective knowledge transfer is at the heart of our philosophy, our clients can count on gaining the skills required to take full control of IT environment reducing total cost of ownership and maximizing return on investment.

    From solution planning to implementation and ongoing operations, when you partner with Vinci Solution, you can be sure of getting the right advice for your business, no matter where and when you need it.

    SAP Managed Services

    Reduce IT Costs

    Reduce the production costs of running IT services in-house.

    We provide sufficient skill set, technology solutions and maintenance support services to help you to save money, and win the competitive market.

    QARAT SAP S/4HANA Solutions

    SAP Fast-Track
    Programs

    Have a system that has a flexibility to adopt as your business expands.

    We provide the fast-start program for Small and Midsize Companies by creating affordable and flexible solutions. We help you to obtain an estimate of SAP project costs and implement the solution quickly and cost-effectively.

    SAP Optimisation Review

    SAP Optimisation

    Achieve a better balance between people, process, information and technology.

    We can help you today as it is the right time to optimize your business processes and maximize the potential of your existing SAP system and make them work together in sync. As a result of our SAP Optimisation Review you will embrace more SAP functionality to empower other business processes.

    SAP Training Programs

    SAP Training
    Programs

    Target to address users’ justifiable concerns and improve their use of SAP through SAP Training Programs.

    Through knowledge transfer and staying close to the customer's core team we aim to help you achieve real self-sufficiency.

    SAP GRC Implementation

    Governance Risk
    Compliance

    Secure Financial Applications Systems for SOX Compliance.

    Implementing four components of SAP GRC Access Control:

    • Access Risk Analysis (ARA) aka Compliance Calibrator
    • Access Request Management (ARM) aka Access Reinforcer
    • Emergency Access Management (EAM) aka Firefighter
    • Business Role Management (BRM) aka Role Expert
  • Risk Management

    Risk Management Philosophy and Challenges

    Risk Management as a compliance exercise;
    Silo-ed risk management processes, leads to duplicate efforts among business units;
    Inconsistent processes and unclear Roles & Responsibilities lead to gaps in risk activities;
    Risk Management not anchored in sound enterprise-wide technology systems, leads to inefficiency and increased costs;
    Risk Management programs fall short by stopping at risk assessments, standalone programs, or conceptual frameworks;
    Risk Management disconnects from business objectives and, consequently, performance management.

    Risk Management Drivers

    Transform Risk Management process from a silo approach to a more coordinated and oriented approach;
    Consolidate risks at higher levels of the organization and evaluate global risk exposure;
    Respond intelligently by focusing on key risks, creating cross-organizational resolution strategies, and tracking response costs;
    Improve visibility and optimize decision making by aligning risks to strategic priorities and business objectives (enhance risk communications to the board);
    Monitor key risks in a proactive way through a standardized and centralized Key Risk Indicator framework.
  • SAP Audit Management Powered by HANA

    Transform audit. Move beyond Assurance.

    SAP Audit Management Scope

     Why SAP AM? The Big Picture.

    Streamline audits
    by leveraging technology
    to create, organise,
    and share working papers.

    Audit Management is an enterprise platform for internal audit management. It is an addition to Governance, Risk, and Compliance (GRC) offering dedicated to internal audit modules.

    SAP Audit Management Scope

    SAP Audit Management offers a value proposition based in streamlined audit planning and execution as well as integration with and deeper contributions to enterprise risk management as well as control and compliance management. SAP’s solution stands out by offering the SAP HANA in-memory database and integration with SAP Fraud Management, SAP GRC Process Control and SAP GRC Risk Management. The resulting solution focuses on audit process management with added support for rapid review and analysis of heterogeneous data sets. This combination of capabilities offers a key differentiator for SAP in a solution landscape primarily focused on audit planning and execution.

    Positioning Audit Management

    SAP AM has been developed and posited in line with overall SAP products roadmap:

    SAP Audit Management Scope

    Automate non-negotiable assurance activities:
    Streamline and unlock working papers, sharpen audit planning with risk based tools and increase productivity with mobile capabilities.
    Integrate and align for continues assurance:
    Integrate Audit Management with SAP GRC solutions to focus on critical business risks and with ERP systems and monitor controls and shift from periodic to continues assurance.
    Shift internal audit from policeman to trusted advisor:
    Leverage SAP Analytics and SAP HANA to monitor enterprise level issues and uncover new business opportunities.

    SAP Audit Management Three Core Differentiating Features

    Audit Management.
    The foundation of the solution is a flexible project management and collaboration platform for internal audits.
    Visibility to
    Enterprise Risk
    Needs.
    SAP Audit Management integrates with SAP GRC Risk Management and SAP GRC Process Control to ensure that audits are aligned to top enterprise risks.
    HANA Foundation.
    SAP Audit Management is built on SAP’s HANA in-memory database. This enhances Audit Management’s search capabilities, helping users to locate information distributed across large and diverse sets of applications and documents in very little time.

    SAP Audit Management Scope

    What this solution is specifically designed to accomplish:

    Elevate the impact of audit efforts
    by using technology
    to provide insight
    on key business risks.

    • Create a state-of-the art UI to provide easy to use audit software;
    • Provide centralised audit data storage and a data model covering end-to-end audit processes with a risk-based approach;
    • Shift from functional audit solution approach to collaborative software increasing the effectiveness of audit experts and increasing stakeholder engagement;
    • Allow unstructured data search to release available information from audit work papers;
    • Streamline working paper management with drag and drop, off-line capability;
    • Create a fully mobile enabled solution – audit with any device – anywhere;
    • Leverage automated deployment on the cloud with SAP HANA;
    • Integrate with SAP GRC solutions and big data capabilities to transform audit.

    SAP Audit Management – Capabilities Delivered

    Amplify the influence
    and value of internal audit
    by using next generation analytics
    to provide advice
    beyond the obvious.

    • Full coverage of audit process: Plan, Prepare, Perform, Communicate, Monitor;
    • Flexible Audit Universe provides a single source of all audit functionality and a global monitor of audit requests;
    • Powerful Working Paper Management – working papers created simply via drag and drop and accessed with a single click, enabling manager review;
    • Global monitoring of findings and follow-ups;
    • Mobile capability (voice, photo, video, document) to instantly capture audit evidence, enabling easy access to end-to-end process on multiple devices;
    • Search capability reaches all audit data via a simple search and one click;
    • Intuitive and user friendly interfaces;
    • General conformance to IIA Standards.

    Business Benefits

    Effectiveness
    of audit planning
    and prioritization
    • Maximise of % of productive time per auditor
    • Increase in use of working papers and documentation for planning and reporting
    • Decrease in total staff time per audit
    Speed
    and frequency
    of audit completion
    • Reduction in audit cycle time (Initiate to report)
    • Rapid search
    • Review of large volumes of heterogeneous data
    Attention
    to deeper
    insights
    • Linkages between audit and risk management
    • Linkages between audit and fraud management
    • Linkages between audit and process control
  • SAP GRC Implementation

    The regulations, such as the Sarbanes-Oxley Act, require companies to document their business processes, identify risks and define controls to mitigate them, and regularly demonstrate the effectiveness of those controls.

    To comply with these regulations and to protect the integrity of the business data, the organizations need to go beyond the static documentation of internal controls to actively ensuring that they are effectively guarding against fraud and errors, while streamlining business processes to reduce costs and inefficiencies.

    Sarbanes–Oxley (SOX) 2002 Act History

    • Known as the “Public Company Accounting Reform and Investor Protection Act”.
    • Issued in as a response to a number of major corporate and accounting scandals Enron, Tyco International, WorldCom.
    • Since then SOX-type laws have been subsequently enacted in Japan, Germany, France, Italy, Australia, Israel, India, South Africa, and Turkey.
    • Sections 3. Corporate Responsibility (accuracy and validity of FS) and 4. Enhanced Financial Disclosures (off balance sheet) are directly related to system functions.

    The most far-reaching reforms of American business practices since the time of Franklin D. Roosevelt

    Signed with comments from the US president Into Law

    Compliance and SOX. What’s it all about?

    Expects

    • Greater scrutiny
    • Shareholder protection
    • Legal responsibility from the finance system (people, processes, and technology)

    Demands

    • Increased visibility and control
    • Decreased cycle times
    • Improved forecasting accuracy and timeliness

    Rewards

    • Reduced costs
    • Greater transparency
    • Increased accuracy

    Controls Already Delivered by SAP

    SAP GRC

    Inherent Controls

    • Integrated balanced posting
    • Real time online data and Document Principle
    • Monitor questionable postings for review and approval
    • System retained transaction, program change, and configuration history
    • Internal controls structure monitoring

    Configurable Controls

    • Edit checks and tolerances
    • Required and system populated fields
    • Defaulted and predefined master data
    • Reason codes
    • User defined error/warning messages
    • Automatic integrated posting following predefined posting keys
    • Workflow

    Reporting Controls

    • Timely closing process monitoring capabilities
    • Delivered standard reports contained in easily accessible report tree
    • Context sensitive help
    • XBRL reporting capability
    • System supplied auditing capabilities
      • Audit trails
      • Changed document log
      • Document flow

    Security Controls (via SAP GRC)

    • Flexible user access and permissions to programs, transactions, tables, and fields
    • Both coarse and fine-grain authorization management including segregation of duties via comprehensive authorization mechanism
    • Detection and prevention of unauthorized access
    • Includes a Delivered toolkit to promote efficient, effective creation and maintenance of user profiles and assignments

    SAP Governance, Risk, and Compliance (GRC)

    SAP GRC helps organizations enhance their governance, risk and compliance (GRC) processes. The product suite contains a set of tools which allow risk and compliance teams to effectively, proactively, and pervasively manage risks and controls within a single platform.

    SAP GRC is an advanced set of technology solution that enables you to turn your policies and procedures into automated processes, ensuring that policies do not simply exist on paper but are automatically implemented as part of your workflow.

    • Access Control (AC)
    • Process Control (PC)
    • Risk Management (RM)

    Are three integrated modules allowing pervasive risk management across business processes and user access activities by enhancing key automated monitoring and risk reporting capabilities.

    Vinci Solutions help organizations evaluate and implement GRC solutions.

    Understanding how the technology you have supports compliance will enable you to be proactive in dealing with regulatory issues.

    The implementation process includes:

    • Technical installation of the products;
    • Configuration and deployment of the complete GRC suite, including:
      • Analyze and Manage Access Risks,
      • Provision and Manage Users,
      • Design and Manage Roles, and
      • Centralized Emergency Access;
    • Workshops with key business process owners to adjust delivered Segregation of Duties (SoD) risk levels to reflect company's unique requirements;
    • Adjustments of SAP transactions included in the different Segregation of Dutiesdefinitions;
    • Integration custom SAP transactions into company's SoD rule set;
    • Project management and coordination among executive management, IT, business teams, and auditors to obtain input on Segregation of Dutiesrisk levels, and the workflow approval process;
    • Training on SAP Governance, Risk and Compliance and Best Practices;
    • Access risk mitigation across multiple ERPs;
    • Performing Segregation of Duties simulations for role-level and user-level changes to determine the impact of removing sensitive or conflicting transactions.
  • SAP GRC Product Overview

    By utilizing SAP GRC Product range the organizations gain a clear understanding of the enterprise control matrix, the ability to identify critical control gaps, maximize opportunities to use automated process controls, consolidate to eliminate redundancies, and, ultimately, increase business predictability and shareholder value.

    SAP GRC Access Control

    SAP GRC Access Control provides central management of Segregation of Duties (SOD) and Firefighter IDs access across multiple ERP systems.

    Access Risk
    Analysis
    • Simplifies remediation and mitigation processes;
    • Manages and assigns compensating controls.
    Access Request
    Management
    • Enables "Business Concept" within the role design and provisioning process;
    • Automates user provisioning and incorporates Access Risk Analysis into the process.
    Emergency Access
    Management
    • Streamlines temporary super-user access by adding workflow;
    • Addresses the issue of managing elevated levels of user access when dealing with an exceptional situation;
    • Enables audit log for actions taken by the user with elevated access.
    Business Role
    Management
    • Provides a streamlined and controlled process for the design, development and deployment of compliant roles;
    • Helps at an early stage to ensure that role configuration changes do not lead to access violations in the production system.

    SAP GRC Process Control

    SAP GRC Process Control enables automated monitoring of controls and workflow alerts.

    • Includes monitoring of transactional records and configuration;
    • Provides capabilities around content life-cycle management (CLM).

    SAP GRC Risk Management

    Read more about Risk Management Philosophy, Challenges and Drivers

    SAP GRC Risk Management brings risks and controls together, integrating Access Control and Process Control into a single platform from which the summarized view of business process and their respective automated controls could be reported, evaluated and enhanced.

    • Transforms Risk Management program into a routine of business activities, embedding risk management into the core business processes of strategic planning, execution, monitoring, and analysis.
    • Helps establish Risk Management as a management discipline offering the methods and processes to identify, assess, measure, and monitor risks within the business.

    SAP Help Portal: http://help.sap.com/grc