Carlisle Construction Materials
Value Achieved in Automated Controls in an SAP Environment
[tabs style=”default”] [tab title=”Executive Summary”]
Business processes and technology change at a rapid pace. In the context of change, internal controls over financial reporting, regulatory requirements (e.g., SOX), internal and external auditors, and fraud risk put increased pressure on corporations to ensure ERP systems are secure and access control risks are managed in the context of a dynamic business environment. Segregation of duties (SoD), inherited rights, critical and super user access, and changes to roles are too much for today’s organization to manage adequately in manual processes. To address access control risk, organizations are establishing an access control and SoD strategy with process and technology to build and maintain an access control program that balances business agility, control, and security to mitigate risk, reduce loss/exposure, and satisfy auditors and regulators while enabling users to perform their jobs. Carlisle Construction Materials (CCM) is a case in point. Due to consistently poor audit findings, CCM knew their SAP environment was not audit ready or in a healthy state of compliance. To address this problem, CCM evaluated and purchased the ControlPanelGRC® Access Controls Suite in late 2013 and completed their remediation efforts in 2014. ControlPanelGRC is a Governance, Risk, and Compliance (GRC) solution provider of automated and continuous control monitoring and enforcement for SAP environments. ControlPanelGRC automates time-consuming tasks associated with compliance reporting and audit support through rapid implementation, integration with SAP, reporting and analytics, and an intuitive user experience.
[/tab] [tab title=”Table of Contents”]
- Growing Need for Automated Access Control & Segregation of Duties
- Carlisle Construction Materials
- Value Achieved in Automated Controls in an SAP Environment
- The Challenge Carlisle Construction Materials Faced
- Solution to Carlisle Construction Material’s Problem
- Value Achieved in GRC Efficiency, Effectiveness, and Agility
- GRC Efficiency Value
- GRC Effectiveness Value
- GRC Agility Value
- GRC 20/20’s Final Perspective
- About GRC 20/20 Research, LLC
- Research Methodology
[/tab] [tab title=”Author”]
Michael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
©GRC 20/20 Research, LLC. All Rights Reserved.
No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of GRC 20/20 Research, LLC. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines established in client contract. The information contained in this publication is believed to be accurate and has been obtained from sources believed to be reliable but cannot be guaranteed and is subject to change. GRC 20/20 accepts no liability whatever for actions taken based on information that may subsequently prove to be incorrect or errors in analysis. This research contains opinions of GRC 20/20 analysts and should not be construed as statements of fact. GRC 20/20 disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. Although GRC 20/20 may include a discussion of related legal issues, GRC 20/20 does not provide legal advice or services and its research should not be construed or used as such.