Bridging the Cybersecurity Gap in IT General Controls (ITGC)

Compliance with regulations like Sarbanes-Oxley (SOX) often require a set of controls in place to mitigate risks to the integrity of financial reporting. Current ITGC testing performed by internal and external auditors is only focused on one slice of access risk. Different entry points into SAP systems are overlooked and present a higher level of risks that are currently not even assessed. How would you and your organization respond if presented with a scenario where you could 'ace' your ITGC audit and still be completely exposed? In this session participants will:
- Be provided a snapshot of the current ITGC testing approaches commonly applied by auditors
- Learn the shortcomings of these approaches
- Understand the threats that exist to your SAP beyond the current ITGC scope and how they relate to compliance (specifically Sarbanes-Oxley)
- See how you can mitigate these risks BEFORE your internal and external audit

This content is available to SAPinsider Premium Members.
Please click below to log in or create an account

Login Now »

Create Acount»


Brian Tremblay Onapsis
Read More

Brian leads the Compliance Practice at Onapsis where he is responsible for helping customers understand and navigate the challenges and opportunities created by the increasing overlap of compliance, cybersecurity and business continuity related to IT General Controls and regulatory & compliance matters such as Sarbanes Oxley (SOX) and the General Data Protection Regulation (GDPR). Prior to Onapsis, he was the CAE for high-tech semiconductor company Acacia Communications. In addition to founding and leading all activities of the internal audit function, he helped prepare the organization to go public (including implementing SOX) and facilitated its implementation of enterprise risk management (ERM). Previously, Tremblay was the director of internal audit at Iron Mountain, overseeing all audits and projects within North America as well as liaising with global quality managers. Prior, as a senior manager at Houghton Mifflin Harcourt, he built out an internal audit department and executed a SOX implementation. Earlier in his career, he worked at Raytheon and Deloitte.