USE CASE
SAP Risks
The different types of risks: Sapin, Bâles, SOX, RGPD
SOX
The Sarbanes-Oxley Act of July 30, 2002 requires all listed companies in the United States to submit to the Security and Exchange Commission financial statements certified by their managers.
Read more
This law had a great impact not only in the United States but also in Europe, particularly for European groups with interests in the United States.
Enfin, la « Loi de Sécurité Financière » (LSF) du 1er août 2003 a été comparée à la loi Sarbanes-Oxley bien que le périmètre de la LSF soit plus large.
The objective of this law, which is considered to be the major law on the American financial markets since the 1930s, is to restore investor confidence.
This law applies to companies listed on a U.S. market, whether the company is U.S. or not.
This law is composed of many articles, the one that interests us for SAP is article 404 on internal control.
Article 404 of this law requires senior management to take responsibility for the establishment of an internal accounting and financial control structure and to evaluate its effectiveness annually against a recognized internal control model.
The auditors validate this evaluation.
As far as the SAP IS and authorizations are concerned, the company must be able to demonstrate at any time that its authorizations are under control.
SWAWE RISK and SWAWE CCM will make this task possible.
SWAWE RISK to monitor in real time the SOD risks, and to see the evolution over time.
SWAWE CCM to ensure that compensatory reporting (once the risks have been minimized) is done by the right people, at the right time, and through a described and detailed procedure.
BALES
The Bâle II standards (the second Bâle agreement) constitute a prudential system intended to better apprehend banking risks and mainly the credit risk.
Read more
These are only recommendations, and it is up to each Member State (and any other interested State) to transpose them into its own law.
SAPIN II
The Sapin 2 law aims to strengthen transparency and the fight against corruption and influence peddling in both the public and private spheres.
Read more
To this end, one of the provisions of this law, which came into force on June 1, 2017, requires the chairmen, chief executive officers and managers of companies or belonging to a group of companies with more than 500 employees and with revenues or consolidated revenues of more than €100 million headquartered in France to implement an anti-bribery system to prevent and detect bribery and influence peddling.
This system is broken down into 8 measures, more often referred to as "pillars":
- an anti-corruption code of conduct
- an internal alert system
- a risk map
- third party evaluation procedures
- internal or external accounting control procedures
- a training system
- a disciplinary system
- an internal control and evaluation system
GDPR
The acronym GDPR stands for "General Data Protection Regulation". This new European regulation reinforces the control of the use that can be made of the data concerning the citizens.
Read more
The GDPR applies to any organization, public and private, that processes personal data on its behalf or not.
Risk assessment method
Pour SAPIN II, BALES, GDPR, SWAWE CCM is the tool that allows you to monitor these continuous controls, whether in an SAP system or not.
SWAWE CCM can be adapted to all sectors and exists in financial services as fraud monitoring and financial transaction monitoring.
In manufacturing as quality monitoring and process control; and in technology, for example, as cyber security and network security monitoring.
CCM is a key aspect of governance, risk and compliance (GRC) that helps an organization improve its overall risk management.
There are many benefits to SWAWE CCM :
- Automation of periodic inspections
- Real-time monitoring of control status
- Assurance of control compliance
- Customized reports and dashboards
- Materialization of evidence for auditors
Contents related to this use case
User case
Alcatel Submarine Networks (or ASN), one of the world's leading submarine cable manufacturers and installers, was managing its segregation of duties risks with a solution that was no longer maintained by the vendor and was taking several days to analyze.
Solution RISK
Keep control of your risks and meet the expectations of your auditors in terms of security. Define and implement a risk matrix and have a powerful control tool. Reduce your risks and be able to prove that you have them under control.