It was a cold morning, and I was late for work. The A/P database was rejecting logins, and last night’s back-up didn’t happen. That was only the beginning. As I entered the building, the receptionist said, “The CFO is waiting in your office. A field agent from the FBI is with him.”

They got right to the point. The FBI was investigating suspected fraud and identity theft. Dozens of depositor accounts at several banks had large withdrawals wired to offshore banks. The account holders were disputing all the withdrawals. Coincidentally, all the account holders were employees, who had arranged direct deposits of their paychecks, from our company. The perpetrator clearly had access to our confidential employee data. As the director of IT security, I had to sort it out. The FBI had many questions; the CIO was reluctantly being interviewed by CNN; my head was on the block, and it was only 9 AM...

Many companies have resorted to a gambler's approach to testing the proper authorization controls of complex ERP systems. Some assess risk "after-the-fact" through the use of detection solutions that operate on downloaded data; while others invest in incomplete segregation of duties (SoD) solutions that focus on the obvious and overlook the subtleties of ERP systems, fraud or motivated perpetrators; or worse yet, some even make changes before conducting cross-systems analysis to test for violations created by conflicting access across systems.

So, how do we ultimately resolve these challenges?

Compliance Calibrator&Reg; Overview

The ideal solution is to utilize an automated system that provides preventative and detective authorization controls to attest, validate and verify that processes happen the way they are designed, and activities are managed per established policy. By taking a proactive approach to catching violations before they occur and consistently checking controls in real-time, risk is reduced to a minimum. The answer: Virsa's Compliance Calibrator, which delivers real-time, 24/7 "Continuous Compliance" by preventing security and controls violations before they occur.

Compliance Calibrator sits within SAP and provides the only real-time solution for risk assessment, simulation and remediation. In addition, with the largest set of validated rules, Compliance Calibrator helps you to perform detailed risk analysis, including SoD to prevent potential conflicts.

Real-Time Risk Assessment Provides Continuous Compliance that Saves You Money

 *Preventative and detective controls - stop authorization violations at the role definition stage, before they are committed to production through real-time, remote simulation
 *Customized real-time reporting for management and auditors
 *Automatic drill-downs to quickly discover the source of any authorization violation for rapid remediation or control mitigation
 *Sits inside SAP to eliminate the need for additional hardware or software requirements to deploy or maintain over time

Domain Expertise in a Product Package

 *Largest rules database for SoD controls, built on real-world experience and consistently validated by outside auditors to get you up and running quickly with 90% of what you need
 *Automated rule-building to ease the pain when creating the custom 10% of rules that are specific to your organization
 *Transaction monitoring to help you focus on the major risks first by targeting only the transactions actually being used
 *Business views for business folks and technical views for those SAP-types that know all the T_codes
 *Strong relationships with SAP, certified products and our own namespace within SAP such that system upgrades are a non-event

Comprehensive SoD Analysis to Reduce Risk

 *Scanning at both the transaction and object-level to identify even the trickiest violations and eliminate costly investigation of false positive violations
 *Custom code and user exit scanning that can only be performed from within SAP to identify potential control issues
 *Cross-system analysis tests the complete SAP landscape to provide detailed anlaysis for even the most complex environment
 *Position-based analysis for those using SAP HR and for hidden "reference user" violations

Vendor Site:- Virsa