ACS SIG

Tuesday 9th February 2010 at 9:30am - 9:30am

nr Heathrow,

Event has expired

This event is kindly being sponsored by Turnkey Consulting.

Chris Haigh, ACS Co-Chair will present to the group Global SAP Security at Kimberly Clark. This will be a brief introduction to the new co-chair and the SAP Security environment at Kimberly-Clark. The security challenges of a global organisation, running nearly every SAP module for 53,000 users world-wide.

Simon Persin from Turnkey Consulting will be joined by Scott Waller and Richard Green from Royal Dutch Shell to deliver the presentation SAP GRC Access Controls Optimised for Operation. The components of the SAP GRC Access Controls Suite are often seen as individual tools designed to address different aspects of an organisations governance, risk and compliance requirements in isolation. While in release 5.3, the components can be deployed individually, the business case is often stronger by combining the capabilities into an integrated solution to have a consistent view of compliance throughout the organisation. However, trying to implement the whole solution at once can involve a complex project often resulting in a confused solution which is difficult to support.

In this session we take a look at the customer experience of integrating these components using real-life deployment examples to explore proven technical solutions for the integration of SPM, RAR and CUP.

We use the experiences of Royal Dutch Shell to provide an example of a phased implementation approach into a truly global organisation. We will look at the deployment and support of RAR and the approach toward introducing further functionality using GRC s CUP and SPM. We will also identify hints and tips for managing the operational use of GRC in a complex business environment.

Aims of the Session

  • Understand the benefits of the GRC components in isolation or combined;
  • Gain an understanding of customer experiences with implementing integrated GRC solutions.
  • Learn technical tips and tricks for the operational use of GRC.

Presentation Outline

  1. Introduction and agenda;
  2. GRC Components in isolation;
    a. Taking a look at RAR, SPM, CUP and ERM to identify the functionality delivered by the individual components.
    b. Integration points between the components RAR, SPM and CUP.
  3. Customer Experience Royal Dutch Shell
    a. Background and Scope;
    b. Phased Approach to implementation Phase 1 RAR, Phase 2 CUP & SPM / Use of Pilots before global roll out.
    c. Implementation experiences;
    d. Lessons Learnt; Dos and Donts.
  4. Operations and Support for the tools in a global SoX environment.
    a. Tasks required from support team;
    b. Global vs local changes;
    c. Risk areas and controls.
  5. Conclusions, Questions and close.

Alan Toomey, ACS Co-Chair, will deliver SAP Audit & Security Top 20 Risks

  1. Default IDs in the systems
  2. Use of default profile of SAP_ALL
  3. Use of default profile of SAP_NEW
  4. Authentication controls
  5. Control of several key basis transactions
  6. Controls over customized objects
  7. Controls over customized programs
  8. Controls over customized transactions
  9. Controls over customized tables
  10. Generic IDs
  11. Change control
  12. Obsolete/Inactive users on the system
  13. Protection of the SAP* account
  14. Programming standards for customized programs
  15. System production locks
  16. Job Termination
  17. Locked Transactions
  18. Validate Users
  19. All Transaction Start Authority
  20. Authorisation Groups

Chris Haigh from Kimberly Clark will present to the group Upgrading to ECC6 - On the other side of the world. How the recent upgrade of the Asia Pacific SAP system, was done. Lessons learnt, issues overcome and the approach we successfully used on a 4.6c to ECC6.0 technical upgrade for some 6,000 users.

Paul Jackson from SAP will present a session on SolMan? This will an insight into:

  • What is the Solution Manager?
  • What Solution Information is available for Audit & Controls?
  • How can we Go Forward with SolMan?

Event Resources

Global SAP Security at Kimberly-Clark - Chris Haigh Kimberly Clark (3.03 MB)
SAP GRC Access Controls Optimised for Operation - Simon Persin Turnkey and Richard Green Royal Dutch Shell (796.55 KB)
SAP Audit & Security - Top 20 Risks - Alan Toomey Air Products (1.12 MB)
Upgrading to ECC6 - On the other side of the world - chris Haigh Kimberly Clark (358.78 KB)
Solman? - Paul Jackson SAP (1.63 MB)
Solman Security Guide - Paul Jackson SAP (6.68 MB)

Event has expired

Join UKISUG Today and Start Getting The Most Out Of SAP

Becoming a member of the UK & Ireland SAP User Group is a unique and cost effective way to develop your own SAP skills and bring the benefits to your organisation by learning
from the experience of your peers.

Join Now

Our User Group Community

19 hours ago

Our Training & Change Management SIG is less than 3 weeks away! @sysdocgroup will discuss digital learning to impr… twitter.com/i/web/status/1…