An implementation of a process-oriented cross-system compliance monitoring approach in a SAP ERP and BI environment

Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

Authors

View graph of relations

Details

Original languageEnglish
Title of host publication18th European Conference on Information Systems, ECIS 2010
Publication statusPublished - 2010
Event18th European Conference on Information Systems, ECIS 2010 - Pretoria, South Africa
Duration: 7 Jun 20109 Jun 2010

Abstract

Compliance to regulatory demands has become a crucial matter for organizations. Non-observance may lead to far-reaching consequences, e.g. damage to reputation, decline of credit rating or market value, fraud and fines. The success of compliance management correlates with the frequency of monitoring and reporting and is affected by complex and often time-consuming manual validation tasks. To address this problem, organizations implement corresponding IT solutions. However, the often heterogeneous system landscapes, the different information sources and their integration represent major challenges. This paper presents an implementation of a novel process-oriented and cross-system compliance monitoring approach. The approach is based on a model which provides for the annotation of business processes with internal controls, critical permissions and roles as well as an architecture which provides for the automatic detection, timely communication and deep analysis of control exceptions. It solely relies on established standards (i.e. XACML, BPMN, COSO and SWRL) and existing technologies. The implementation has been deployed in a productive SAP ERP and BI environment. It automatically converts access control data from the proprietary SAP model and publishes control exceptions to the BI system. The effects and causes of these control exception can be appropriately analyzed using BI queries and reports.

Keywords

    Business process management, IS security, IT compliance, IT risk management, SAP R/3

ASJC Scopus subject areas

Cite this

An implementation of a process-oriented cross-system compliance monitoring approach in a SAP ERP and BI environment. / Sandner, Thorben; Kehlenbeck, Matthias; Breitner, Michael H.
18th European Conference on Information Systems, ECIS 2010. 2010.

Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

Sandner, T, Kehlenbeck, M & Breitner, MH 2010, An implementation of a process-oriented cross-system compliance monitoring approach in a SAP ERP and BI environment. in 18th European Conference on Information Systems, ECIS 2010. 18th European Conference on Information Systems, ECIS 2010, Pretoria, South Africa, 7 Jun 2010.
Sandner, T., Kehlenbeck, M., & Breitner, M. H. (2010). An implementation of a process-oriented cross-system compliance monitoring approach in a SAP ERP and BI environment. In 18th European Conference on Information Systems, ECIS 2010
Sandner T, Kehlenbeck M, Breitner MH. An implementation of a process-oriented cross-system compliance monitoring approach in a SAP ERP and BI environment. In 18th European Conference on Information Systems, ECIS 2010. 2010
Sandner, Thorben ; Kehlenbeck, Matthias ; Breitner, Michael H. / An implementation of a process-oriented cross-system compliance monitoring approach in a SAP ERP and BI environment. 18th European Conference on Information Systems, ECIS 2010. 2010.
Download
@inproceedings{5b576ff9463f4cdf85bcff745c75c20f,
title = "An implementation of a process-oriented cross-system compliance monitoring approach in a SAP ERP and BI environment",
abstract = "Compliance to regulatory demands has become a crucial matter for organizations. Non-observance may lead to far-reaching consequences, e.g. damage to reputation, decline of credit rating or market value, fraud and fines. The success of compliance management correlates with the frequency of monitoring and reporting and is affected by complex and often time-consuming manual validation tasks. To address this problem, organizations implement corresponding IT solutions. However, the often heterogeneous system landscapes, the different information sources and their integration represent major challenges. This paper presents an implementation of a novel process-oriented and cross-system compliance monitoring approach. The approach is based on a model which provides for the annotation of business processes with internal controls, critical permissions and roles as well as an architecture which provides for the automatic detection, timely communication and deep analysis of control exceptions. It solely relies on established standards (i.e. XACML, BPMN, COSO and SWRL) and existing technologies. The implementation has been deployed in a productive SAP ERP and BI environment. It automatically converts access control data from the proprietary SAP model and publishes control exceptions to the BI system. The effects and causes of these control exception can be appropriately analyzed using BI queries and reports.",
keywords = "Business process management, IS security, IT compliance, IT risk management, SAP R/3",
author = "Thorben Sandner and Matthias Kehlenbeck and Breitner, {Michael H.}",
note = "Copyright: Copyright 2012 Elsevier B.V., All rights reserved.; 18th European Conference on Information Systems, ECIS 2010 ; Conference date: 07-06-2010 Through 09-06-2010",
year = "2010",
language = "English",
isbn = "9780620471725",
booktitle = "18th European Conference on Information Systems, ECIS 2010",

}

Download

TY - GEN

T1 - An implementation of a process-oriented cross-system compliance monitoring approach in a SAP ERP and BI environment

AU - Sandner, Thorben

AU - Kehlenbeck, Matthias

AU - Breitner, Michael H.

N1 - Copyright: Copyright 2012 Elsevier B.V., All rights reserved.

PY - 2010

Y1 - 2010

N2 - Compliance to regulatory demands has become a crucial matter for organizations. Non-observance may lead to far-reaching consequences, e.g. damage to reputation, decline of credit rating or market value, fraud and fines. The success of compliance management correlates with the frequency of monitoring and reporting and is affected by complex and often time-consuming manual validation tasks. To address this problem, organizations implement corresponding IT solutions. However, the often heterogeneous system landscapes, the different information sources and their integration represent major challenges. This paper presents an implementation of a novel process-oriented and cross-system compliance monitoring approach. The approach is based on a model which provides for the annotation of business processes with internal controls, critical permissions and roles as well as an architecture which provides for the automatic detection, timely communication and deep analysis of control exceptions. It solely relies on established standards (i.e. XACML, BPMN, COSO and SWRL) and existing technologies. The implementation has been deployed in a productive SAP ERP and BI environment. It automatically converts access control data from the proprietary SAP model and publishes control exceptions to the BI system. The effects and causes of these control exception can be appropriately analyzed using BI queries and reports.

AB - Compliance to regulatory demands has become a crucial matter for organizations. Non-observance may lead to far-reaching consequences, e.g. damage to reputation, decline of credit rating or market value, fraud and fines. The success of compliance management correlates with the frequency of monitoring and reporting and is affected by complex and often time-consuming manual validation tasks. To address this problem, organizations implement corresponding IT solutions. However, the often heterogeneous system landscapes, the different information sources and their integration represent major challenges. This paper presents an implementation of a novel process-oriented and cross-system compliance monitoring approach. The approach is based on a model which provides for the annotation of business processes with internal controls, critical permissions and roles as well as an architecture which provides for the automatic detection, timely communication and deep analysis of control exceptions. It solely relies on established standards (i.e. XACML, BPMN, COSO and SWRL) and existing technologies. The implementation has been deployed in a productive SAP ERP and BI environment. It automatically converts access control data from the proprietary SAP model and publishes control exceptions to the BI system. The effects and causes of these control exception can be appropriately analyzed using BI queries and reports.

KW - Business process management

KW - IS security

KW - IT compliance

KW - IT risk management

KW - SAP R/3

UR - http://www.scopus.com/inward/record.url?scp=84870647480&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84870647480

SN - 9780620471725

BT - 18th European Conference on Information Systems, ECIS 2010

T2 - 18th European Conference on Information Systems, ECIS 2010

Y2 - 7 June 2010 through 9 June 2010

ER -

By the same author(s)