Professional Documents
Culture Documents
How Do I Prepare My SAP Environment For UK SOX
How Do I Prepare My SAP Environment For UK SOX
EN | Contact Us
Search...
A
E
Salomé is a Cloud and Security Marketing Specialist for Europe. She completed her master degree
through Microsoft before joining the EPI-USE Labs team. Her goal is to research different challenges
in the market and share SAP knowledge with the IT industry.
https://www.epiuselabs.com/data-security/sap-environment-for-uk-sox 1/10
4/16/23, 3:22 AM How do I prepare my SAP environment for UK SOX?
Just as the 2001 Enron scandal led to the enactment of the Sarbanes-Oxley (SOX) legislation
in the US, so major business failures in the UK ‒ such as the large contractor Carillion, the
retailer BHS and Patisserie Valerie ‒ have hastened the Government’s decision to put SOX in
place here. The aim is to ensure that management is reporting an accurate view of the
If your SAP® system is relied on for your financial reporting, then you must be certain that the
information that it holds is a faithful reflection of the organisation’s real accounts. That means that
all access to the system must be aligned closely to the user’s job functions and it must be regularly
verified, to ensure the integrity and confidentiality of the data. This is, of course, also very much in
line with the GDPR requirement of ‘Privacy by Design’, which needs to be applied when providing
https://www.epiuselabs.com/data-security/sap-environment-for-uk-sox 2/10
4/16/23, 3:22 AM How do I prepare my SAP environment for UK SOX?
Brydon published a report “Restoring trust in audit and corporate governance” proposing
guidelines to strengthen the UK framework for large companies and the way they are audited. The
estimated date for these new rules to enter into force is December 2023. Here are the key findings
“The CEO and CFO must provide an annual attestation to the board of directors as to the effectiveness
of the company’s internal controls over financial reporting and that this attestation be guided by new
principles on internal controls reporting to be developed by the Audit Committee Chairs Independent
https://www.epiuselabs.com/data-security/sap-environment-for-uk-sox 3/10
4/16/23, 3:22 AM How do I prepare my SAP environment for UK SOX?
“Companies will be required to disclose when any material failure of their internal controls has taken
place. A disclosed failure would lead to the CEO/CFO attestation being subject to audit for the
This means that manual processes such as excel spreadsheets will probably no longer be allowed.
Companies using SAP will be invited to move their manual processes into automated GRC
applications for SAP. UK SOX also means that the management team must quickly identify who
Building the best GRC for SAP strategy for your organisation requires a flexible and business-
Identify access risks: The ability to identify SAP access risk exposure and show clean-up
https://www.epiuselabs.com/data-security/sap-environment-for-uk-sox 4/10
4/16/23, 3:22 AM How do I prepare my SAP environment for UK SOX?
Review access alignment: Check that users’ access is limited to what they actually need to do for
Periodic review of users’ access: Allow your business users to review the SAP users’ access risk in
your SAP systems periodically with ease and efficiency. This process will significantly improve the
visibility of your GRC environment, and may be an audit and statutory requirement for your
organisation.
Provide emergency access: When a user’s access is closely aligned to their daily job requirements,
there may well be a need for temporary or emergency access for a limited period – often called
firefighter access. You should be able to do this efficiently, and provide a complete audit trail.
Trust relationships: Allow monitoring of terminals where users login and the times, in order to
Provide full audit trail: Store a complete audit trail of all changes made to users’ access in the
SAP system.
It should be remembered that the GRC tool is just one part of an overall GRC strategy that must be
designed and implemented to ensure that all regulatory requirements can be met:
Security and role design must be easy to maintain and support the compliance environment.
Internal controls must be designed to cover all residual risk in the environment.
This strategy enables the GRC tool to do an effective job of maintaining and monitoring the SAP
system.
Curious for more information? Find out about GRC for SAP solutions and request a demo.
https://www.epiuselabs.com/data-security/sap-environment-for-uk-sox 5/10
4/16/23, 3:22 AM How do I prepare my SAP environment for UK SOX?
General Data Protection Regulation Privacy by Design compliance Access risk controls
GRC for SAP Data privacy regulations Access Risk management SAP data privacy & security
https://www.epiuselabs.com/data-security/sap-environment-for-uk-sox 6/10
4/16/23, 3:22 AM How do I prepare my SAP environment for UK SOX?
Leave a Comment:
First Name *
Last Name
Email *
Website
https://www.epiuselabs.com/data-security/sap-environment-for-uk-sox 7/10
4/16/23, 3:22 AM How do I prepare my SAP environment for UK SOX?
Comment *
protected by reCAPTCHA
Privacy - Terms
S U B M I T CO M M E N T
Custom development
Recommended
Simplify data scrambling and masking
Manage
SAP your SAP
User Access information
Reviews: riskpractices
Six best
Find a partner
Email *
GET SUPPORT
- eul_logo_w_white
Please Select -
I agree
Trafford to receive
House, instant
11th Floor, blogRoad,
Chester notifications for
Stretford, Let's
Manchester, United Kingdom, M32 0RS • Other Office Locations
Privacy Policy
You may unsubscribe from these communications Cookie Policy
at any time. Disclaimer Copyright CCPA Compliance
https://www.epiuselabs.com/data-security/sap-environment-for-uk-sox 10/10