An implementation of a process-oriented cross-system compliance monitoring approach in a SAP ERP and BI environment

authored by: Thorben Sandner, Matthias Kehlenbeck, Michael H. Breitner
Abstract: Compliance to regulatory demands has become a crucial matter for organizations. Non-observance may lead to far-reaching consequences, e.g. damage to reputation, decline of credit rating or market value, fraud and fines. The success of compliance management correlates with the frequency of monitoring and reporting and is affected by complex and often time-consuming manual validation tasks. To address this problem, organizations implement corresponding IT solutions. However, the often heterogeneous system landscapes, the different information sources and their integration represent major challenges. This paper presents an implementation of a novel process-oriented and cross-system compliance monitoring approach. The approach is based on a model which provides for the annotation of business processes with internal controls, critical permissions and roles as well as an architecture which provides for the automatic detection, timely communication and deep analysis of control exceptions. It solely relies on established standards (i.e. XACML, BPMN, COSO and SWRL) and existing technologies. The implementation has been deployed in a productive SAP ERP and BI environment. It automatically converts access control data from the proprietary SAP model and publishes control exceptions to the BI system. The effects and causes of these control exception can be appropriately analyzed using BI queries and reports.
Organisation(s): Institute of Computer Science for Business Administration
Type: Conference contribution
Publication date: 2010
Publication status: Published
Peer reviewed: Yes
ASJC Scopus subject areas: Information Systems

BibTeX

@inproceedings{5b576ff9463f4cdf85bcff745c75c20f,
title = "An implementation of a process-oriented cross-system compliance monitoring approach in a SAP ERP and BI environment",
abstract = "Compliance to regulatory demands has become a crucial matter for organizations. Non-observance may lead to far-reaching consequences, e.g. damage to reputation, decline of credit rating or market value, fraud and fines. The success of compliance management correlates with the frequency of monitoring and reporting and is affected by complex and often time-consuming manual validation tasks. To address this problem, organizations implement corresponding IT solutions. However, the often heterogeneous system landscapes, the different information sources and their integration represent major challenges. This paper presents an implementation of a novel process-oriented and cross-system compliance monitoring approach. The approach is based on a model which provides for the annotation of business processes with internal controls, critical permissions and roles as well as an architecture which provides for the automatic detection, timely communication and deep analysis of control exceptions. It solely relies on established standards (i.e. XACML, BPMN, COSO and SWRL) and existing technologies. The implementation has been deployed in a productive SAP ERP and BI environment. It automatically converts access control data from the proprietary SAP model and publishes control exceptions to the BI system. The effects and causes of these control exception can be appropriately analyzed using BI queries and reports.",
keywords = "Business process management, IS security, IT compliance, IT risk management, SAP R/3",
author = "Thorben Sandner and Matthias Kehlenbeck and Breitner, {Michael H.}",
note = "Copyright: Copyright 2012 Elsevier B.V., All rights reserved.; 18th European Conference on Information Systems, ECIS 2010 ; Conference date: 07-06-2010 Through 09-06-2010",
year = "2010",
language = "English",
isbn = "9780620471725",
booktitle = "18th European Conference on Information Systems, ECIS 2010",
}