Transcription
emple.eduff
SpecialGuestsRayAdams– SAPAmerica,Inc.– FieldServicesDirectorforIndustryBusinessUnit- thechemicalindustry)DaveMoyer– SAPAmerica,Inc.– BusinessStragegist/ImplementaQonSpecialist– UofPa/WhartonAlum
MIS5121:SAPVisitQuesQons
ldControlFailures:Sony(2014)By:MickeyMajzik
ControlFailure:NetworkSecurity Background:v vestheGuardiansofpeacev nddeletedfilesanddocumentsinthedatabasev Releasedoveradozenterabytesofdataandfiles ControlFailures:v v v v Results:v v v v sDataClassificaQonandRetenQonpoliciesnon- ‐existentEncrypQon DoneDifferent?:v aretenQonv Sonymaynothavebeenabletopreventtheyadack,but v UseeffecQveriskanalysis
Reference:– panyid 23021&instanceid 1684629508&statekey f227490cb1de4345al48d832b85785c– ainty,anddoubt.2007.– vv9– com/the- ‐sony- ‐hackers- ‐sQll- ‐have- ‐a- ‐massive- ‐amount- ‐of- ‐data- ‐that- ‐hasnt- ‐been- ‐leaked- ‐yet- ‐2014- ‐12– ?February2015.hdp://Qnyurl.com/pke7txf– ch.December2014.hdp://Qnyurl.com/oqn4k4y
ldControlFailures:By:ChrisQeVazquez
ControlFailure:Upcodingschemeandunbundling Background:v eofapproximately esv unQesv ewdidnotneedsuchservicesv Carev efalsifiedmedicalauthorizaQonforms ControlFailures:v Vendormanagementv orlymanaged,v InformMedicarerecipientsofcoveredandnon- ‐coveredservicesv ReportfraudulentacQviQesv Lidlegovernmentoversight
ControlFailure:Upcodingschemeandunbundling Results:v arenotemergenciesv ndering.Healsofacesapossiblefineof 250,000percount ?:v Monitoredpaymentforservices,especiallyrepeatnon- ‐emergencyv EducateMedicarerecipients Reference:v hdp://www.bizjournals.com/philadelphia/morning roundup/2015/09/health- ‐care- ‐fraud- ‐tkach- ‐bensalem- ‐novacare- ‐ambulanc.htmlv hdps://www.li.gov/philadelphia/press- ‐releases/2015/ambulance- ‐company- ‐owner- ‐charged- ‐in- ‐medicare- ‐fraudv g- ‐health- ‐care- ‐fraud- ‐proves- ‐elusive.html?r 0
ldControlFailures:By:ShizhongYang
ControlFailure:Toshiba- ‐OneofJapan’sLargestAccounQngScandal Background:v JapanesemulQnaQonalcorporaQonwithmorethan140- ‐yearhistory.v Profitswereinflatedby 1.2billion,whichisaboutone- ‐thirdofToshiba’spre- dquarterof2014. ControlFailures:v donconsultaQonserviceratherthanassuranceservice.v Theauditcommideewasneithercapablenorindependent.v ndcompetency. Results:TheresignaQonsremovedhalfofToshiba’s16- class- osethetrustofoverseasinvestors. vicesdivisionsandincometaxpayments.)v hetradingdayinTokyo.v v v v
ControlFailure:Toshiba- ‐OneofJapan’sLargestAccounQngScandal ?:v ctaQons.v ulture.v �ecQve. Reference:v /corporate- ‐business/pressure- ‐to- ‐show- ‐a- ‐profit- ‐led- ‐to- ‐toshibas- ‐accounQng- ‐scandal/#.Vx1wpqgrIUUv hdp://www.business- ‐standard.com/arQcle/opinion/toshiba- ‐a- ‐case- ‐of- ‐internal- ‐audit- ‐failure- ‐115080900760 1.htmlv nal/toshiba- ‐chief- ‐and- ‐7- ‐others- ‐resign- ‐in- ‐accounQng- ‐scandal.html? r 0v hdp://www.iia.nl/actualiteit/nieuws?newsId 1971
MIS5121:UpcomingEvents ReadingAssignment9–Due:Yesterday GuestLecture:SAPWhat’sNew(HANA)- ‐Today FinalExam- ‐May2– Similar in format to Exam 1 and 2– 6 pages of notes allowed (whatever format)– Content Since Exam 2 Prior topics outlined in Week 12 and 13
GRC–Governance,Risk&Compliance14
GRC:Governance,Risk&ComplianceØ History/StructureØ Ø Ø n‘add- dandreleasedasv5.3–separateNet- ‐WeavermoduleSAPGRCv10.0- ‐Majoroverhaul
GRC:Components
l)SAPv5.3RiskAnalysis&RemediaQonSAPv10.0Func onAccessRiskMgmt- ‐(ARM)- ‐- mpliantUserProvisioningUserAccessMgmt- ‐(UAM)- ‐- usinessRulesEnterpriseRoleMgmt(ERM)BusinessRole- ‐Governance(BRG)- e)IntegraQonwithARMpreventsSODconflicts- ‐
.0Func onSuperuserPrivilegeCentralEmergency- ‐MgmtAccess(CEA)- ‐- ‐ProcessControl- ‐- ‐- ‐RiskManagement- ‐- ‐- sSAPandotherappsSub- Assessmentofrisk(indicators)Riskresponse
GRC:Governance,Risk&ComplianceKeyBenefitsØ Ø Ø Ø Ø Real- anceeasier(lowercost)
AssignmentQuesQons- ‐GRC ve,butcanthecostofGRCbejusQfied?
KeyITControlsOverview GRC– Whatismeans– 2- ‐3FuncQonsIncluded– 1- ‐2BenefitsofUse
Character23
es)?
he‘Adams’?Ø AdamI- ‐‘BigMe’Ø Ø Ø Ø Ø AdamII- ‐‘LidleMe’Ø Ø Ø Ø
CharacterandControlsØ AdamI- ‐‘BigMe’Ø Ø Ø Ø Ø Career- gic–culQvateyourstrengthsAdamII- ‐‘LidleMe’Ø Ø Ø Ø allogic- ‐givetoreceiveHumbleØ Ø Ø Basisforgrace
ichAdamareyou?
amI- ‐‘BigMe’§ § § § BethebestyoucanbeNaturaldisposiQon(self)AdamII- meoccupiedwithstruggletoachieve
CharacterandControlsWhichAdamareyou?MyTakeAways:v Characterisontheinsidev v v v OKtobeflawed–weallare.Charactercanbedevelopedv v (DeepSaQsfacQon)v allyenjoy
CharacterandControlsHumilityCodev v v v v v v v v notachieveself- outside(God,family,tradiQons, lbecomematureDavidBrooks:TheRoadtoCharacter
AssignmentQuesQons- ‐Character bleormoreself- - ngsmallactsofself- ulogyvirtues”and“resumevirtues”?
Professor Ed BeaverThoughts on Success(Gleaned from my 39 Year arenessoftheinevitabilityofconflict.’
Success . . . First Things First Solve Business Problems Learn all you can about the business Outcome is business success / value Right role of Technology (IT and SC) Technology is Fun Business Value is the end – not Technology (Bewareof technology driven initiatives)
Success . . . Your Personal Act Whatever our Job / Role is – Do it Well Interpersonal Skills are Critical – hone them Speak and write well Be Inquisitive, Learn Continually Energy – in all you do, ,exude it In your career you’ll have many bosses – somegood, some bad. Manage the relationship Boss knows what you’re working on – contributions Boss working to support your efforts
Success . . . Beyond Yourself Team Leadership Vision Other Focus
Success . . . Initial Focus in life (business) - Success Later focus of life (personal) - Significance More to life than work – work / Life balance Me Faith FamilyRef: Halftime book by Bob Buford
BreakTime
Risk/ControlMatrixFinalExercise38
yDesign ImplementaQon§ AutomatedControls§ ManualControls§ ApplicaQonSecurity§ SegregaQonofDuQes§ Approvals§ Reports§ ProceduresControlAcQviQes/ControlsCONTROLDESIGN
Risk/ControlMatrix:FinalExercise Agenda– PriorClass(April4):Part1- ‐IdenQfyRisks– LastClass(April11):Part2,3 RiskPriority(Severity&Likelihood) IdenQfyControls LinkControlstoRisks– Today:Part4- ‐CompleteControlDefiniQons– April25:Part5,6- ‐ControlProcess/AuditDetails;PersonalQuesQons– DueApril2811:59PM:AssignmentSubmission
§ § Tab:Part2–GBIControlsControlDescripQon(ColumnsF- ‐ K)Markeachusingtaxonomyprovided§ fineappropriatemissingQtle§ FinancialStatementAsserQons(ColumnsL- ‐ Q)Markwithx§ § ControlRiskAssessment(ColumnsR- ‐ sV- ‐ AK)Markstatementsimpactedwithx
C)process§ plesfromtheProcuretoPayprocess:§ § § § § astabinSubmissionSpreadsheetResources:§ § Professor:inclass,e- ‐mail,phone(609- ‐206- ‐9783)TableTSTC(ListoftransacQoncodes–reports)
ExtraSlides
Risk/ControlMatrix:FinalExercisePart1:a) rocessatGBIb) oCash(OTC)processatGBI§ § § ocessIdenQfyaminimum4risksineachoftheOTCsub- ‐processes:ü OR&H:OrderReceiptandHandlingü MF:MaterialFlow(shipping)ü CI:CustomerInvoicingü PR&H:PaymentReceiptandHandling
ntrolsfortheOrdertoCash(OTC)processatGBI§ § § § sub- ‐processes:ü OR&H:OrderReceiptandHandlingü MF:MaterialFlow(shipping)ü CI:CustomerInvoicingü smustbeAutomated/Configcontrols
rt1)totheControls(Part2)§ § § § § acontrol:² ² opedTBD(ToBeDetermined)
ExtraSlides
SAPSystemCharacterisQcs49
IntegratedDatabaseØ oftablesØ OTCcreatesfinancialposQngs)Ø AuditorsneedtounderstandtheflowofinformaQonØ DatabasescanbeaccessedbyanymoduleØ sØ SAPmodulesaretransparenttousers
inlastcoupleweeksofclass.
yDesign ImplementaQon§ AutomatedControls§ ManualControls§ ApplicaQonSecurity§ SegregaQonofDuQes§ Approvals§ Reports§ ProceduresControlAcQviQes/ControlsCONTROLDESIGN
usProcessReqmtsTraining&Procedures
usProcessReqmtsTraining&Procedures
SAP:NotJustECC/ERP
SAP:BusinessSuite
oftheinevitabilityofconflict.’
MIS 5121:Business Processes, ERP Systems & Controls Week14:!SAP!HANA,!GRC, Character! EdwardBeaver& Edward.Beaver@temple.edu ff
