An implementation of a process-oriented cross-system compliance monitoring approach in a SAP ERP and BI environment

verfasst von: Thorben Sandner, Matthias Kehlenbeck, Michael H. Breitner
Abstract: Compliance to regulatory demands has become a crucial matter for organizations. Non-observance may lead to far-reaching consequences, e.g. damage to reputation, decline of credit rating or market value, fraud and fines. The success of compliance management correlates with the frequency of monitoring and reporting and is affected by complex and often time-consuming manual validation tasks. To address this problem, organizations implement corresponding IT solutions. However, the often heterogeneous system landscapes, the different information sources and their integration represent major challenges. This paper presents an implementation of a novel process-oriented and cross-system compliance monitoring approach. The approach is based on a model which provides for the annotation of business processes with internal controls, critical permissions and roles as well as an architecture which provides for the automatic detection, timely communication and deep analysis of control exceptions. It solely relies on established standards (i.e. XACML, BPMN, COSO and SWRL) and existing technologies. The implementation has been deployed in a productive SAP ERP and BI environment. It automatically converts access control data from the proprietary SAP model and publishes control exceptions to the BI system. The effects and causes of these control exception can be appropriately analyzed using BI queries and reports.
Organisationseinheit(en): Institut für Wirtschaftsinformatik
Typ: Aufsatz in Konferenzband
Publikationsdatum: 2010
Publikationsstatus: Veröffentlicht
Peer-reviewed: Ja
ASJC Scopus Sachgebiete: Information systems

BibTeX

@inproceedings{5b576ff9463f4cdf85bcff745c75c20f,
title = "An implementation of a process-oriented cross-system compliance monitoring approach in a SAP ERP and BI environment",
abstract = "Compliance to regulatory demands has become a crucial matter for organizations. Non-observance may lead to far-reaching consequences, e.g. damage to reputation, decline of credit rating or market value, fraud and fines. The success of compliance management correlates with the frequency of monitoring and reporting and is affected by complex and often time-consuming manual validation tasks. To address this problem, organizations implement corresponding IT solutions. However, the often heterogeneous system landscapes, the different information sources and their integration represent major challenges. This paper presents an implementation of a novel process-oriented and cross-system compliance monitoring approach. The approach is based on a model which provides for the annotation of business processes with internal controls, critical permissions and roles as well as an architecture which provides for the automatic detection, timely communication and deep analysis of control exceptions. It solely relies on established standards (i.e. XACML, BPMN, COSO and SWRL) and existing technologies. The implementation has been deployed in a productive SAP ERP and BI environment. It automatically converts access control data from the proprietary SAP model and publishes control exceptions to the BI system. The effects and causes of these control exception can be appropriately analyzed using BI queries and reports.",
keywords = "Business process management, IS security, IT compliance, IT risk management, SAP R/3",
author = "Thorben Sandner and Matthias Kehlenbeck and Breitner, {Michael H.}",
note = "Copyright: Copyright 2012 Elsevier B.V., All rights reserved.; 18th European Conference on Information Systems, ECIS 2010 ; Conference date: 07-06-2010 Through 09-06-2010",
year = "2010",
language = "English",
isbn = "9780620471725",
booktitle = "18th European Conference on Information Systems, ECIS 2010",
}