How do you identify critical SOD’s for a financial audit? How do you pass a segregation of duties (SOD) audit for SAP? Should that really be your goal? If you have a Governance, Risk and Compliance (GRC) or Continuous Controls Monitoring (CCM) tool are you safe? When’s the last time you analyzed your rules to determine if they align with your key business risks? When was the last time you reviewed your mitigating controls to ensure they were effective SOX controls for the prior year audit? Come learn how to pass an SAP SOD audit – but learn why checking a compliance box shouldn’t be the main objective.
- Checking compliance boxes shouldn't be the objective of a program
- Poorly governed solutions inhibit your ability to prevent/detect fraud
- ERP functionality and complexity increases the need for automated solutions
- Explore the risks of lack of regular maintenance of your rule sets.
About Adam Harpool
Adam Harpool, a RAS Manager in RSM’s New York office, is a RSM SAP champion and is responsible for developing the Firm’s technology enterprise Governance, Risk, and Compliance (“eGRC”) platform and strategy. Prior to joining RSM, Adam was a management consultant for another accounting services firm and for leading Fortune 500 and mid-market enterprises, where he focused on developing and leading teams in enterprise resource planning (ERP) advisory services, IT strategy and performance consulting, IT internal audit and on performance improvement/business process enhancement engagements.
Adam has experience with multiple GRC tools. Adam’s industry experience includes health care/life sciences, consumer markets/consumer packaged goods and leisure and hospitality.
Jeff Purrington, a RAS Director in California, is the RAS ERP product leader for Oracle Products; including Oracle EBS, PeopleSoft and JD Edwards.
Jeff has 15 years of experience in Information Security and IT Audit that includes: Oracle, PeopleSoft and JD Edwards security and controls design and audit, Governance, Risk and Compliance (GRC), Information Security Program Management, such as Threat and Vulnerability Management, Data Loss Prevention, PCI readiness and IT Governance. He also has experience as the global leader of IT Audit for three Fortune 500 companies where he led several IT operational audits, SOX related campaigns, automated control design initiatives, secure SDLC, fraud risk assessments, data analytics, Archer GRC, as well as IT governance and continuous monitoring programs.