SAP Risk Advisory Services

8/7/2019 SAP Risk Advisory Services

1/24


2/24

Contents

Risk & Challenges in an ERP system

History of Financial Frauds

About AGC Infotech

Our ERP Risk Advisory Services

Our Value Chain Approach

Benefits to your organization

Our Team & Credentials

Annexure

For Discussion Purposes Only 2


3/24

Risk & Challenges in an ERP system

3For Discussion Purposes Only


4/24

Risk & Challenges in an ERP System


Corporations across the world are highly concerned about the security of their EnterpriseResource Planning (ERP) systems such as SAP, from threats like fraud, intrusion, etc that affects

the integrity of their business. They require their policies and procedures to be tightened andsystem to be secured.

There are some challenges that these corporations faces in their day to day business:

We should haveconsidered SoDwhile granting

access

Does my ERP systemhas sufficient

password and useraccess security

controls

I dont know

how thevendor gotpaid twice?

ERP team isspending lot ofunproductive

time onmaintenance

Is my systemprone toaccess

intrusions?

Auditor declaredsystem controls to

be ineffective

Our ERPimplementation

team nevergave us the

controls

How do Idesign business

controls in myERP?

What is theSolution???


5/24




6/24



Source: www. wikipedia.org

Year Company Audit Firm Type of Fraud

2010 Lehman Brothers Ernst & YoungFailure to disclose Repo

105 transactions to investors

2009Satyam Computer

ServicesPWC Falsified accounts

2004 AIG PWC Accounting of structured financialdeals

2002 WorldCom Arthur Andersen Overstated cash flows

2002 Kmart PWC Misleading accounting practices

2001 Enron Arthur Andersen Corporate fraud and corruption

2000 Xerox KPMG Falsifying financial results


7/24

Indias Fraud Survey 2010


Source: KPMG


8/24

2009 CSI Computer Crime Survey


Per the 2009 CSI Computer Crime and Security Survey, change of greatest concern is thatfinancial fraud increased from only 12 percent of respondents to 19.5 percent of respondents. This

is reason for concern because financial fraud consistently causes victim organizations hugelossesalmost $450,000 per victim organization this year


9/24

About AGC Infotech



10/24

About AGC Infotech


Our Company profile

We would like to introduce our self as a leading SAP and HR service provider offering a widesuite of specialist services to our clients ranging from specialist staffing, risk advisory, corporatetraining, consulting to outsourcing.

AGC INFOTECH offers a wide range of professional SAP risk advisory, consulting, developmentand training propositions at reasonable costs. We provide value added service to our clients inthe most cost-effective manner.

Our Services SAP Risk Advisory

SAP Consulting and project support

Corporate training

Manpower solutions

Outsourcing

Benefits of Working with Us:

Services similar to the Big4 audit firms, but at a price that fits your budget

Team from Big4 background bringing best practices

High quality deliverables and reports

Committed team available locally for year-round support


11/24




12/24



Business Blueprint Review

Identify and suggest controls aspart of BBP

Benchmark TO-BE process toLeading practices

Pre Go-Live ReadinessAssessment

A quick check of the status ofcritical master data,organizational elements,configurable controls, processintegrations, system and usersecurity before Go-Live

Verify if suggested controls aredesigned and implemented

Quick Scan Review

A quick check to identify andfix High Risk issues

SAP Business ControlsReview

A detailed review of keybusiness processes havingfinancial implication

SAP Security ControlsReview

A detailed review of Basissecurity, access to criticaltransactions and Segregation

of duties

Audit Work ProgramDocumentation

Preparation of detailed workprogram that will enable theInternal Audit team to conductrigorous audit of the SAP system

SAP Core team training

Preparing the SAP Core teamfor supporting the SAP ECCsystem

SAP End-user training

Preparing the SAP End-userteam for working on the SAPECC system

Auditing an ERP systemtraining

Preparing the Internal auditteam for sustainable audit ofthe SAP ECC system

Fundamentals of ERP systemtraining

Preparing the organization foran upcoming implementationof the SAP ECC system

Before Go-live After Go-Live Corporate Training


13/24




14/24



Understandbusinessprocess

Identifypotential

risks

Developcontrol

framework

Documentaudit

programConducttest of

controls

Reportgaps &suggest

solutions

TrainInternal

Audit team

FinancialAccounting

MaterialsManagement

Sales &Distribution

Basis Security &

UserAdministration


15/24

Benefits to your Organization



16/24

Benefits to your organization

Few of the benefits that your organization will derive from your SAP system, after our services:


Secured ERP

system

Leadingpractices

Compliance

support

Maximizing

configurable

controls

Sustainability

Secured and robust SAP environment from both internal andexternal threats such as unauthorized usage, fraud, intrusion, etc

Leveraging the available automated controls using the existing SAP

configuration and reducing the manual efforts

Controls ready SAP system to meet any existing or upcomingstatutory compliance requirement

Benchmarking your SAP system to the leading industry controlpractices to optimize your ROI

Preparing the management / Internal audit team to conductrepeatable and sustainable audit of SAP system using the step-by-step defined audit program documentation


17/24

Our Team & Credentials



18/24

Team Profile

We have a team of dedicated and highly qualified SAP professionals who have

worked on ERP and IT Risk Advisory projects across 8 countries, including US and UK.

Our team comprises of Certified SAP professionals, CA, MBA and Engineers with

extensive experience in rendering SAP advisory services.

Along with SAP ECC system, our team has hand-on experiences working on tools

such as SAP GRC Access Controls and Approva Bizright Access Controls.

Our Service capabilities:

SAP Business Process Controls Audit

SAP Security and Segregation of Duties Controls Audit

ERP Audit Project Management

Sarbanes Oxley (SOX) Compliance Assistance

ERP Product and Vendor Selection

ERP Audit Tools Development

ERP Trainings



19/24

Team Credentials

19

Industry Clients

Diversified Business Essar Group, India

Beverages Diageo Plc, UK; Dr Pepper Snapple Group Inc., USA

InsuranceChartis (AIG) UAE, Hong Kong, Malaysia, Indonesia, Thailand, Philippines,Vietnam, Taiwan

IT ServicesVOLT Information Sciences Inc., USA; Covansys Corp. Inc., USA; InfosysTechnologies, India

Energy Centrica Plc, UK; Enercon India Ltd; ONGC Ltd., India

FMCG and Consumer Goods ITC Ltd, India Philips India Ltd.

Retail Pantaloon Retail India Ltd.; Welspun India Ltd.

Engineering and Electrical

Equipment Larsen & Toubro Ltd., India; Havells India Ltd.; Bharat Bijlee Ltd., India

Telecommunication VSNL Ltd., India

Pharmaceutical Duane Reade Inc, USA; Glenmark Pharmaceutical Ltd., India

Metals and Minerals ISPAT Industries Ltd., India; BALCO Ltd., India

For Discussion Purposes Only


20/24

Annexure



21/24

Sample Deliverables - Dashboard



22/24

Sample Deliverables - Deliverables



23/24

Sample Deliverables - Report



24/24

End of Presentation. Thanks.


For enquires and more please contact:

Manish Chauhan

Director, AGC Infotech

Mobile #: +91-909-998-796-6

Office #: +91-79-40044661/62/64/65

Website: www.agcinfotech.co.in

Email: [email protected]

Gourav Ladha

Director, ERP Risk Advisory

Mobile #: +91-971-295-295-5

Office #: +91-79-40044661/62/64/65

Website: www.agcinfotech.co.in

Email: [email protected]

Documents

SAP Risk Advisory Services