Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SOX

Go to solution
Former Member

‎07-23-2008 11:53 PM

0 Kudos

Hi all,

1) Do organizations follow different SOX act based on the companies work? And where and who implements the sox to the SAP system?

2) Based on SOX act are we creating SOD matrix?

1 ACCEPTED SOLUTION

Go to solution
former_member184114
Active Contributor

‎07-25-2008 6:26 AM

0 Kudos

As Jose pointed out, SOX is same for all the companies. However, there are different components to carry out these SOX activities. For example:

1. Process Controls 2.5 :- Used for Autiding purposes.

2. Access Contols 5.3 :- It includes : Risk Analysis and Remediation, Compliant User Provision, Enterprise Role Management and Super User Privilege Management

for further information, kindly follow the following link:

[SAP GRC Link|https://websmp205.sap-ag.de/~form/sapnet?_SHORTKEY=01100035870000691285&]

Regards,

Faisal

6 REPLIES 6

Go to solution
jose-manuelvo
Explorer

‎07-24-2008 12:14 PM

0 Kudos

Hi Kevin,I´ll try to answer your questions.

The sox act is the same for all, but the aplication is diferent between diferent companies. You have to analize wich are the risks in your scenario, and which job roles have risks.

For doing this work you can use Compliance calibrator that is a part of GRC, in this utility you have Risk Terminator which will do an analisys of your risks based on "his own" matrix or in one made by you.

You need to determine wich are the risks in your companie, see which of the predefined risks do you nedd and do an analisis based on thar.

I hope this can help, is my first post so if you haven´t understand anything i´ll try to explain it better.

PS- Sorry for my english, i´m spanish and i´m learning english right now

Go to solution
Former Member
In response to jose-manuelvo

‎07-24-2008 6:47 PM

0 Kudos

Thanks, How exactly you predefine the risks and make SOD matrix?

And is that we select SOX act(404,402 etc) based on the companies application?

Go to solution
former_member366047
Contributor
In response to jose-manuelvo

‎07-24-2008 11:22 PM

0 Kudos

Kevin-

To devise the risks, you have to define conflicting actions and their corresponding permissions. Then devise functions that contain 2 or more conflicting actions. The devise risks which contain functions.

If you purchase the SAP GRC Compliance Calibrator, you are provided with a stardardized ruleset, which contains risks for almost every system...

Ankur

Go to solution
former_member184114
Active Contributor

‎07-25-2008 6:26 AM

0 Kudos

As Jose pointed out, SOX is same for all the companies. However, there are different components to carry out these SOX activities. For example:

1. Process Controls 2.5 :- Used for Autiding purposes.

2. Access Contols 5.3 :- It includes : Risk Analysis and Remediation, Compliant User Provision, Enterprise Role Management and Super User Privilege Management

for further information, kindly follow the following link:

[SAP GRC Link|https://websmp205.sap-ag.de/~form/sapnet?_SHORTKEY=01100035870000691285&]

Regards,

Faisal

Go to solution
Former Member
In response to former_member184114

‎07-25-2008 9:31 PM

0 Kudos

thank u, But I dont have OSS user ID.Is there any way I can read the link content?

Go to solution
Former Member
In response to former_member184114

‎07-28-2008 12:46 AM

0 Kudos

> 

> thank u, But I dont have OSS user ID.Is there any way I can read the link content?

Kevin, am afraid that without an OSS user you may not be able to check out the Marketplace portal link.

However, you may search these on web, there is enough material available which will atleast give you a clear picture.