https://community.sap.com/t5/application-development-and-automation-discussions/sox/m-p/4180335#M999192 <HTML><HEAD></HEAD><BODY><P>Hi Kevin,I´ll try to answer your questions.</P><P>The sox act is the same for all, but the aplication is diferent between diferent companies. You have to analize wich are the risks in your scenario, and which job roles have risks.</P><P>For doing this work you can use Compliance calibrator that is a part of GRC, in this utility you have Risk Terminator which will do an analisys of your risks based on "his own" matrix or in one made by you.</P><P>You need to determine wich are the risks in your companie, see which of the predefined risks do you nedd and do an analisis based on thar.</P><P>I hope this can help, is my first post so if you haven´t understand anything i´ll try to explain it better.</P><P>PS- Sorry for my english, i´m spanish and i´m learning english right now</P><P></P></BODY></HTML> Thu, 24 Jul 2008 11:14:39 GMT jose-manuelvo 2008-07-24T11:14:39Z https://community.sap.com/t5/application-development-and-automation-discussions/sox/m-p/4180334#M999191 <HTML><HEAD></HEAD><BODY><P>Hi all,</P><P></P><P></P><P>1) Do organizations follow different SOX act based on the companies work? And where and who implements the sox to the SAP system? </P><P></P><P> 2) Based on SOX act are we creating SOD matrix?</P></BODY></HTML> Wed, 23 Jul 2008 22:53:48 GMT https://community.sap.com/t5/application-development-and-automation-discussions/sox/m-p/4180334#M999191 Former Member 2008-07-23T22:53:48Z https://community.sap.com/t5/application-development-and-automation-discussions/sox/m-p/4180335#M999192 <HTML><HEAD></HEAD><BODY><P>Hi Kevin,I´ll try to answer your questions.</P><P>The sox act is the same for all, but the aplication is diferent between diferent companies. You have to analize wich are the risks in your scenario, and which job roles have risks.</P><P>For doing this work you can use Compliance calibrator that is a part of GRC, in this utility you have Risk Terminator which will do an analisys of your risks based on "his own" matrix or in one made by you.</P><P>You need to determine wich are the risks in your companie, see which of the predefined risks do you nedd and do an analisis based on thar.</P><P>I hope this can help, is my first post so if you haven´t understand anything i´ll try to explain it better.</P><P>PS- Sorry for my english, i´m spanish and i´m learning english right now</P><P></P></BODY></HTML> Thu, 24 Jul 2008 11:14:39 GMT https://community.sap.com/t5/application-development-and-automation-discussions/sox/m-p/4180335#M999192 jose-manuelvo 2008-07-24T11:14:39Z https://community.sap.com/t5/application-development-and-automation-discussions/sox/m-p/4180336#M999193 <HTML><HEAD></HEAD><BODY><P>Thanks, How exactly you predefine the risks and make SOD matrix? </P><P></P><P>And is that we select SOX act(404,402 etc) based on the companies application?</P></BODY></HTML> Thu, 24 Jul 2008 17:47:01 GMT https://community.sap.com/t5/application-development-and-automation-discussions/sox/m-p/4180336#M999193 Former Member 2008-07-24T17:47:01Z https://community.sap.com/t5/application-development-and-automation-discussions/sox/m-p/4180337#M999194 <HTML><HEAD></HEAD><BODY><P>Kevin-</P><P></P><P>To devise the risks, you have to define conflicting actions and their corresponding permissions. Then devise functions that contain 2 or more conflicting actions. The devise risks which contain functions.</P><P></P><P>If you purchase the SAP GRC Compliance Calibrator, you are provided with a stardardized ruleset, which contains risks for almost every system...</P><P></P><P>Ankur</P></BODY></HTML> Thu, 24 Jul 2008 22:22:44 GMT https://community.sap.com/t5/application-development-and-automation-discussions/sox/m-p/4180337#M999194 Former Member 2008-07-24T22:22:44Z https://community.sap.com/t5/application-development-and-automation-discussions/sox/m-p/4180338#M999195 <HTML><HEAD></HEAD><BODY><P>As Jose pointed out, SOX is same for all the companies. However, there are different components to carry out these SOX activities. For example:</P><P></P><P>1. Process Controls 2.5 :- Used for Autiding purposes.</P><P></P><P>2. Access Contols 5.3 :- It includes : Risk Analysis and Remediation, Compliant User Provision, Enterprise Role Management and Super User Privilege Management</P><P></P><P>for further information, kindly follow the following link:</P><P></P><P>[SAP GRC Link|https://websmp205.sap-ag.de/~form/sapnet?_SHORTKEY=01100035870000691285&amp;]</P><P></P><P></P><P>Regards,</P><P>Faisal</P></BODY></HTML> Fri, 25 Jul 2008 05:26:38 GMT https://community.sap.com/t5/application-development-and-automation-discussions/sox/m-p/4180338#M999195 former_member184114 2008-07-25T05:26:38Z https://community.sap.com/t5/application-development-and-automation-discussions/sox/m-p/4180339#M999196 <HTML><HEAD></HEAD><BODY><P>thank u, But I dont have OSS user ID.Is there any way I can read the link content?</P></BODY></HTML> Fri, 25 Jul 2008 20:31:04 GMT https://community.sap.com/t5/application-development-and-automation-discussions/sox/m-p/4180339#M999196 Former Member 2008-07-25T20:31:04Z https://community.sap.com/t5/application-development-and-automation-discussions/sox/m-p/4180340#M999197 <HTML><HEAD></HEAD><BODY><P>&gt; </P><PRE><CODE><P></P><P>&gt; thank u, But I dont have OSS user ID.Is there any way I can read the link content?</P></CODE></PRE><P></P><P>Kevin, am afraid that without an OSS user you may not be able to check out the Marketplace portal link.</P><P></P><P>However, you may search these on web, there is enough material available which will atleast give you a clear picture.</P></BODY></HTML> Sun, 27 Jul 2008 23:46:34 GMT https://community.sap.com/t5/application-development-and-automation-discussions/sox/m-p/4180340#M999197 Former Member 2008-07-27T23:46:34Z