home

Articles

Blog

Books

Tools

Links

FAQ Page


Compliance Calibrator


From the publisher website or publicity

It was a cold morning, and I was late for work. The A/P database was rejecting logins, and last night’s back-up didn’t happen. That was only the beginning. As I entered the building, the receptionist said, “The CFO is waiting in your office. A field agent from the FBI is with him.”

They got right to the point. The FBI was investigating suspected fraud and identity theft. Dozens of depositor accounts at several banks had large withdrawals wired to offshore banks. The account holders were disputing all the withdrawals. Coincidentally, all the account holders were employees, who had arranged direct deposits of their paychecks, from our company. The perpetrator clearly had access to our confidential employee data. As the director of IT security, I had to sort it out. The FBI had many questions; the CIO was reluctantly being interviewed by CNN; my head was on the block, and it was only 9 AM...

Exposures to fraud, identity theft and data tampering have become costly, and unfortunately, commonplace events within corporations worldwide. Such events have created an onslaught of legislative mandates, like the Sarbanes-Oxley Act (SOX), more stringent corporate governance policies, and privacy regulations to force companies to conduct a more careful analysis of business risk and implement internal controls. And, who do these tasks fall upon? Internal controls, IT security, and auditors.

Many companies have resorted to a gambler's approach to testing the proper authorization controls of complex ERP systems. Some assess risk "after-the-fact" through the use of detection solutions that operate on downloaded data; while others invest in incomplete segregation of duties (SoD) solutions that focus on the obvious and overlook the subtleties of ERP systems, fraud or motivated perpetrators; or worse yet, some even make changes before conducting cross-systems analysis to test for violations created by conflicting access across systems.

So, how do we ultimately resolve these challenges?

Compliance Calibrator&Reg; Overview

The ideal solution is to utilize an automated system that provides preventative and detective authorization controls to attest, validate and verify that processes happen the way they are designed, and activities are managed per established policy. By taking a proactive approach to catching violations before they occur and consistently checking controls in real-time, risk is reduced to a minimum. The answer: Virsa's Compliance Calibrator, which delivers real-time, 24/7 "Continuous Compliance" by preventing security and controls violations before they occur.

Compliance Calibrator sits within SAP and provides the only real-time solution for risk assessment, simulation and remediation. In addition, with the largest set of validated rules, Compliance Calibrator helps you to perform detailed risk analysis, including SoD to prevent potential conflicts.

Real-Time Risk Assessment Provides Continuous Compliance that Saves You Money


 *Preventative and detective controls - stop authorization violations at the role definition stage, before they are committed to production through real-time, remote simulation
 *Customized real-time reporting for management and auditors
 *Automatic drill-downs to quickly discover the source of any authorization violation for rapid remediation or control mitigation
 *Sits inside SAP to eliminate the need for additional hardware or software requirements to deploy or maintain over time

Domain Expertise in a Product Package


 *Largest rules database for SoD controls, built on real-world experience and consistently validated by outside auditors to get you up and running quickly with 90% of what you need
 *Automated rule-building to ease the pain when creating the custom 10% of rules that are specific to your organization
 *Transaction monitoring to help you focus on the major risks first by targeting only the transactions actually being used
 *Business views for business folks and technical views for those SAP-types that know all the T_codes
 *Strong relationships with SAP, certified products and our own namespace within SAP such that system upgrades are a non-event

Comprehensive SoD Analysis to Reduce Risk


 *Scanning at both the transaction and object-level to identify even the trickiest violations and eliminate costly investigation of false positive violations
 *Custom code and user exit scanning that can only be performed from within SAP to identify potential control issues
 *Cross-system analysis tests the complete SAP landscape to provide detailed anlaysis for even the most complex environment
 *Position-based analysis for those using SAP HR and for hidden "reference user" violations

Keywords
Basel II software
compliance automation
Compliance Calibrator
compliance software
compliance tool
defective controls
domain expertise
ERP
internal control
internal control security
internal control software
internal controls
preventative controls
regulatory compliance
regulatory software
regulatory tool
SAP
SAP HR
Sarbanes-Oxley Act
Sarbanes-Oxley and ERP
Sarbanes-Oxley compliance
Sarbanes-Oxley software
Sarbanes-Oxley tool
segregation of duties
SOX
transaction monitoring


Related Articles
PortAuthority Goes Global
Sarbanes-Oxley Debacle
Mobius and Sapphire
COX - Sooner Rather than Later on SOX Reform
GAO Supports SOX Cost Claims
Redwood and REALTECH

Other tools that may interest you by area:-

Sarbanes-Oxley tools

Basel II tools

Regulation tools

Finance tools

Management tools

Vendor: Virsa


See our Sarbanes-Oxley compliance, load testing and Financial Glossary pages.
Articles   Books   FAQ Page   home   Jobs   Links   Reviews Page   Tools  
Booklist   books   Measurement   Testing   Tools