SAP BW|BOBJ|Project Management Blog

Do You Make These Global Trade Service Process Control Mistakes?[Checklist]

Written by Lonnie D. Ayers, PMP | Wed, Jan, 18, 2012 @ 03:40 PM

SAP GRC Process Control

SAP GRC GTS (Global Risk & Compliance, Global Trade Services) require that you have highly evolved, perfectly executable processes.

 

 

 

SAP GRC Process Control Documentation Self-Audit Questions

See if you find any of the following issues within your organization:

  1. Not all processes are well-documented and stored in a central repository - including the documentation of policies, work papers, and evidence to meet the reporting requirements of Sarbanes-Oxley section 302 and 404.

  2. Only some, not all processes comply with the Sarbanes Oxley (SOX) requirements 302, 404, 409 and 401.

  3. Appropriate alerting capabilities are not automated to comply with SOX Section 409 (enable notification of investors of financial results without delay). 

    As a result, you cannot notify stakeholders of pre-defined exceptions in an automated fashion.

  4. No automated testing procedures exist to test internal controls.

  5. Business process managers are not accountable for control documentation and testing, versus Internal Audit or IT.

  6. No comprehensive audit trail information exists to ensure compliance.

  7. Control assessment visibility does not exist at Corporate Level.

  8. Documentation is not scalable and reusable.

  9. Exception based reporting is not implemented.

  10. External Auditors cannot be provided with high quality, easy-to follow policy and procedure documentation.

  11. Internal Audit and compliance resources utilization is not optimized.

  12. Internal Audit does not perform audits regularly to cover the effectiveness and efficiency of operations, reliability of financial reporting, compliance with applicable laws and regulations, and safeguarding of assets.

  13. Manual control testing is not streamlined with automated task assignments, guided procedures, or workflows.

  14. The controls to be tested cannot be rationalized.

  15. The majority of process control testing is not automated and cannot be scheduled for appropriate locations, business units, or legal entities.

  16. The testing process does not enable continuous testing of key controls and periodic testing of non-key controls in a repeatable sustainable manner.

 

As you can see, there are numerous process controls you must get right for an effective GRC GTS Compliance environment to exist.  We recommend you get SAP GRC expertise when it comes to implementing these processes

 

Self-Audit Checklist

 

Ideally, they will be highly experienced in multi-national complex environments.  In the meantime, we've converted the above recommendations in a more indepth self-audit checklist with actionable insight you can implement now within your own organization.

 

 

Comments and links are always welcome.

 

More reading:

14 Remote SAP Consulting Mistakes You Don't Know You're Making

Learn What is Catch Weight Management

Top 10 Benefits for Financial Analysis in the Latest SAP EP4

Learn What Tools To Use To Investigate IS-Mill Functionality

Leverage SAP BW to Increase Supply Chain Inventory Accuracy

BusinessObjects Explorer Best Practices

 

 

Thanks

  
View full post