Beyond SOX: Addressing non-financial risks through SAP configuration and sound supporting processes

While many organizations focus on compliance during an SAP implementation, often related to financial reporting and regulations such as Sarbanes-Oxley (SOX), they might be underutilizing optional SAP controls that could provide extreme value to their SAP system and supporting processes. How can you apply SAP configuration and sound supporting to minimize and mitigate operational and strategic risks? This session will take a deep dive into missed and misunderstood controls and processing, while sharing configurations and practices that can make your organization run more efficiently, reduce time spent on non-value-added work, and mitigate risk.

Attendees will:

  • Hear specific examples of underutilized or misused controls covering the SAP Basis system (i.e. table logging), vendor/customer master (i.e., dual control), procurement (i.e., tolerances), sales (i.e., incompleteness), GRC (i.e., the firefighter process), and more
  • Learn about some of the most commonly seen control misunderstandings and the risks created by actions such as using only % or absolute values in tolerances
  • Obtain tips on how to create the business case for resolving these control gaps and enabling these controls, using simple data analysis procedures through SAP Query to the BI Warehouse to quantify risk exposure and value
  • Understand who in the organization should be involved in recommending and validating control changes, and how to set up an appropriate cross-functional team to ensure decisions are sound and don’t introduce other risks
  • See how, once identified, tools like SAP Audit Management or SAP Process Control can be used to track the remediation status of these gaps to completion


Steve Biskie RSM
Read More

Steve Biskie is a Director at RSM, where he leads the Center of Excellence for Risk Analytics & Automation and is one of RSM's SAP Champions. He has over 25 years of experience spanning all 3 Lines of Defense, and specializes in transforming inefficient and outdated processes and technologies to optimize GRC and audit performance. He has helped organizations from the middle-market to the Fortune 100 implement high-value, sustainable analytics and continuous monitoring programs. He has a passion for using technology to automate mundane, time-consuming tasks to allow organizations to re-focus attention on high-value, thoughtful, and data-informed analysis. Steve is a published author, an internationally-recognized speaker on risk and compliance-related topics, and a six-time IIA All-Star Speaker. He is the author of Surviving an SAP Audit, (SAP Press, 2010), and an expert reviewer for the book Security, Audit, and Control Features: SAP ERP (3rd & 4th Editions). Steve also teaches beginner through advanced SAP auditing courses through the MIS Training Institute, and has traveled to more than 14 countries to share his expertise.