Scribd Logo
Upload

Welcome to Scribd!

  • How Do I Prepare My SAP Environment For UK SOX

    Uploaded by

    chibuike
    22 views10 pages

    Original Title

    How do I prepare my SAP environment for UK SOX_

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    22 views10 pages

    How Do I Prepare My SAP Environment For UK SOX

    Uploaded by

    chibuike

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 10

    4/16/23, 3:22 AM How do I prepare my SAP environment for UK SOX?

     EN  | Contact Us

    Search... 

    A
    E

    How do I prepare my SAP


    environment for UK SOX?
    June 18, 2021

    Written by Salomé Jaussaud

    Salomé is a Cloud and Security Marketing Specialist for Europe. She completed her master degree
    through Microsoft before joining the EPI-USE Labs team. Her goal is to research different challenges
    in the market and share SAP knowledge with the IT industry.


    https://www.epiuselabs.com/data-security/sap-environment-for-uk-sox 1/10
    4/16/23, 3:22 AM How do I prepare my SAP environment for UK SOX?

    Just as the 2001 Enron scandal led to the enactment of the Sarbanes-Oxley (SOX) legislation

    in the US, so major business failures in the UK ‒ such as the large contractor Carillion, the

    retailer BHS and Patisserie Valerie ‒ have hastened the Government’s decision to put SOX in

    place here. The aim is to ensure that management is reporting an accurate view of the

    business to the auditors and shareholders.

    If your SAP® system is relied on for your financial reporting, then you must be certain that the

    information that it holds is a faithful reflection of the organisation’s real accounts. That means that

    all access to the system must be aligned closely to the user’s job functions and it must be regularly

    verified, to ensure the integrity and confidentiality of the data. This is, of course, also very much in

    line with the GDPR requirement of ‘Privacy by Design’, which needs to be applied when providing

    access to information systems such as SAP.


    https://www.epiuselabs.com/data-security/sap-environment-for-uk-sox 2/10
    4/16/23, 3:22 AM How do I prepare my SAP environment for UK SOX?

    GRC for SAP challenges

    What are the UK SOX directives?

    Brydon published a report “Restoring trust in audit and corporate governance” proposing

    guidelines to strengthen the UK framework for large companies and the way they are audited. The

    estimated date for these new rules to enter into force is December 2023. Here are the key findings

    from the report:

    “The CEO and CFO must provide an annual attestation to the board of directors as to the effectiveness

    of the company’s internal controls over financial reporting and that this attestation be guided by new

    principles on internal controls reporting to be developed by the Audit Committee Chairs Independent

    https://www.epiuselabs.com/data-security/sap-environment-for-uk-sox 3/10
    4/16/23, 3:22 AM How do I prepare my SAP environment for UK SOX?

    Forum and endorsed by ARGA. [2.8.3] “.

    “Companies will be required to disclose when any material failure of their internal controls has taken

    place. A disclosed failure would lead to the CEO/CFO attestation being subject to audit for the

    following three reporting years. [2.8.4] “.

    This means that manual processes such as excel spreadsheets will probably no longer be allowed.

    Companies using SAP will be invited to move their manual processes into automated GRC

    applications for SAP. UK SOX also means that the management team must quickly identify who

    made changes in the SAP systems and when.

    What should your GRC tool include to comply with UK SOX?

    Building the best GRC for SAP strategy for your organisation requires a flexible and business-

    centric tool with the following capabilities:

    Identify access risks: The ability to identify SAP access risk exposure and show clean-up

    opportunities via a user-friendly web application.


    https://www.epiuselabs.com/data-security/sap-environment-for-uk-sox 4/10
    4/16/23, 3:22 AM How do I prepare my SAP environment for UK SOX?

    Review access alignment: Check that users’ access is limited to what they actually need to do for

    their job and identify superfluous access.

    Periodic review of users’ access: Allow your business users to review the SAP users’ access risk in

    your SAP systems periodically with ease and efficiency. This process will significantly improve the

    visibility of your GRC environment, and may be an audit and statutory requirement for your

    organisation.

    Provide emergency access: When a user’s access is closely aligned to their daily job requirements,

    there may well be a need for temporary or emergency access for a limited period – often called

    firefighter access. You should be able to do this efficiently, and provide a complete audit trail.

    Trust relationships: Allow monitoring of terminals where users login and the times, in order to

    discover anomalies that might indicate unauthorised or inappropriate use.

    Provide full audit trail: Store a complete audit trail of all changes made to users’ access in the

    SAP system.

    It should be remembered that the GRC tool is just one part of an overall GRC strategy that must be

    designed and implemented to ensure that all regulatory requirements can be met:

     There needs to be an effective Enterprise Risk Management process in place.

     Security and role design must be easy to maintain and support the compliance environment.

     Internal controls must be designed to cover all residual risk in the environment.

    This strategy enables the GRC tool to do an effective job of maintaining and monitoring the SAP

    system.

    Curious for more information? Find out about GRC for SAP solutions and request a demo.


    https://www.epiuselabs.com/data-security/sap-environment-for-uk-sox 5/10
    4/16/23, 3:22 AM How do I prepare my SAP environment for UK SOX?

    General Data Protection Regulation Privacy by Design compliance Access risk controls

    GRC for SAP Data privacy regulations Access Risk management SAP data privacy & security

    uk sox Sarbanes-Oxley (SOX) legislation

    Like it? Share it:

      


    https://www.epiuselabs.com/data-security/sap-environment-for-uk-sox 6/10
    4/16/23, 3:22 AM How do I prepare my SAP environment for UK SOX?

    Leave a Comment:
    First Name *

    Last Name

    Email *

    Website


    https://www.epiuselabs.com/data-security/sap-environment-for-uk-sox 7/10
    4/16/23, 3:22 AM How do I prepare my SAP environment for UK SOX?

    Comment *

    protected by reCAPTCHA
    Privacy - Terms

    S U B M I T CO M M E N T

    Previous Post Next Post

    Group Elephant ERP

    MANAGE YOUR SAP ENVIRONMENT

     Run SAP in the cloud

     Premium Support Services

     Custom development

     Sunset legacy SAP systems



    https://www.epiuselabs.com/data-security/sap-environment-for-uk-sox 8/10
    4/16/23, 3:22 AM How do I prepare my SAP environment for UK SOX?

    OPTIMIZE YOUR SAP L ANDSCAPE

     SAP divestitures & mergers

     Create lean test systems

     Streamline SAP cloud migrations

     Get test data on demand

     Rapidly refresh or copy SAP systems

    MA XIMIZE YOUR SAP HCM SYSTEMS

     Analyze HR data in real time

     Let users create SAP HR reports

     Manage HR data variances

     Test your HCM system with real data

     Simplify your HCM cloud migration

     Create professional communications

    SIMPLIFY YOUR SAP SECURIT Y & COMPLIANCE

    PREV HOME NEXT

     Manage your data privacy compliance

    Recommended
     Simplify data scrambling and masking

     Redact and archive SAP records


    GDPR versus the Australian Privacy Act
     Encrypt communications and data at rest

    Retention period: A minimum or a maximum?



    https://www.epiuselabs.com/data-security/sap-environment-for-uk-sox 9/10
    4/16/23, 3:22 AM How do I prepare my SAP environment for UK SOX?

     Manage
    SAP your SAP
    User Access information
    Reviews: riskpractices
    Six best

    What's popping with POPIA?

    GDPR: the Data Adequacy and Data Minimisation


    TOOLS & KNOWLEDGE RESOURCES
    principle

     View upcoming webinars


    Get Instant Updates
     Ebooks and ultimate guides
    First Name * Last Name *
     Latest blogs

     Client success stories

     Find a partner

    Email *

    GET SUPPORT

    What best describes your role? *

    - eul_logo_w_white
    Please Select -

    EPI-USE Labs is committed to protecting your privacy. If you

    would like to receive instant notifications for this blog, please        


    tick below:
    © 2023 EPI-USE Labs

    I agree
    Trafford to receive
    House, instant
    11th Floor, blogRoad,
    Chester notifications for
    Stretford, Let's
    Manchester, United Kingdom, M32 0RS    • Other Office Locations

    Talk Data Security*


     

    Privacy Policy
    You may unsubscribe from these communications Cookie Policy
    at any time. Disclaimer Copyright CCPA Compliance

    We store your data securely and we don’t pass your data to

    any other companies Read more in our Privacy Policy and


    https://www.epiuselabs.com/data-security/sap-environment-for-uk-sox 10/10

    You might also like