cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Process of sign off by CEO-CFO

Former Member

on ‎01-25-2013 10:37 AM

0 Kudos

Hi GRC Gurus,

As per PC 3.0 the following is the hierarchy in which sign off will happen.

Process Control sends the sign-off survey tasks and instances to the owners of all levels subject to sign-off, based upon your configuration of the Default Sign-Off Level parameter and the organizations scheduled for sign-off. For details on this parameter, refer to the Survey Parameters and Defaults section in Sign-Off Survey Master Data.

Process Control sends the sign-off survey tasks and e-mail notifications first to the respondent (owners of the objects) at the lowest level subject to sign-off (for example, subprocess owners first, then process owners, then organization owners).

After the respondent for each lower level subject to sign-off has completed the sign-off task, Process Control then sends the survey tasks and e-mail notifications to the respondent of the next higher level subject to sign-off. The sign-off survey tasks and e-mail notifications will proceed up each level, until finally reaching the topmost level of the sign-off hierarchy.

However in PC 10.0 I do not find a level below organisation to trigger sign off survey. I tried with owner roles at sub-process and process level also but to no avail. Kindly throw some light.

Regards

KSolaiappan

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

singhsmi
Advisor
Advisor
‎01-28-2013 11:54 AM
0 Kudos

Hi,

Even in PC3.0 the signoff process is only on organization level and never on the levels below organization.

Regards,

Smita.

Show replies
Show replies
Former Member
‎01-28-2013 12:20 PM
0 Kudos

Hi Smita,

Please see the link http://help.sap.com/saphelp_grcpc20/helpdata/en/a7/85f3fbd6ac4382abebcdbc729e6157/content.htm

     There are three options provided.

1. Organisation only

2. Process and Organisation only.

3. Sub-process, process and organisation.

Regards

KSolaiappan

singhsmi
Advisor
Advisor
‎01-29-2013 8:16 AM
0 Kudos

Hi  KSolaiappan,

You are looking at the help for PC 2.0 and 3.0. In PC 3.0 and 10.0, signoff happens only on organization level.

Regards,

Smita.

Former Member
‎01-29-2013 8:45 AM
0 Kudos

Hi Smita,

Thanks for your reply.

  

Requirement under Clause 49 as per ICAI (Guide to Internal Control over Financial Reporting) :

Chapter 5 of the above guide provides as follows:

            5.1        The revised clause 49 requires annual certification by CEO/CFO on the design and operating effectiveness of internal control over financial reporting. The internal control framework explained in the preceding section (  refers to the guide) forms the basis of this certification.

 

            5.2       The certification process is based on a bottom-up approach. Line managers provide assurance on the design and operating effectiveness of internal control based on the internal control framework created.

            5.3       The accountability starts with the CEO and CFO and then delegated to various process owners throughout the organization. Regardless of documentation and performance of testing for operational effectiveness, process owners take responsibility for their respective business process and   controls. Process owners provide assurance upwards periodically ( eg. Each quarter) to a designated authority (e.g., Chief Risk Officer) to ensure that execute management provides assurance to the senior management on the operations of internal controls, status of deficiencies, changes in the design to process controls.

           5.4       The designated authority ( e.g. Chief Risk Officer) in turn provides assurance to CEO and CFO on completion of the assessment process that the following have been disclosed and reported to the Auditors and the Audit Committee:

    1. Deficiencies in the design or operation of internal controls, if any,
      together with the action taken or proposed to be taken to rectify these
      deficiencies.
    2. Significant changes in internal controls during the year.
    3. Significant changes in accounting policies during the year and that the
      same have been disclosed in the notes to the financial statements, and
    4. Instances of significant fraud if any, of which the involvement
      therein, if any, of the management or an employee having a significant role in
      the Company’s internal control system.

          5.5 Based on the above, the CEO and CFO provide certification on the internal controls to the Board.

The functionality as was existing in PC 2.0 meets the above requirement exactly and I do not think SOX requirement would be different.

I would like to know the reason behind removing such a useful functionality in a higher version. Any document on this withdrawal will be handy.

Even in Peoplesoft there is sign off options at subprocess level.  Why not in SAP GRC.

"Sign-Off Options in Peoplesoft

Sign-Off Level Specify the level at which sign offs are required. Options are:

 

          Subprocess: Select to require sign offs only
               by subprocess owners.

          Subprocess and Bus. Process: Select to require sign offs by both subprocess owners and business process owners."

Thanks & Regards.

KSolaiappan

singhsmi
Advisor
Advisor
‎01-29-2013 10:58 AM
0 Kudos

Hi,

I think you are referring to requirement number 5.4. There is new feature introduced in PC3.0 as part of certification process and this is AOD (Aggregation of Deficiencies). I think this requirement can be achieved by this feature.

Regards,

Smita.

Ask a Question