Sox compliance and BPC

Hi Gurus
In our project a user is doing admin job of BPC as well.He is the sole user.Now auditor has objected to him maintaining the server and being user at same time. I am giving production support to BPC . Now I am  supposed to make sox  document  and make a list of task which he should not do. Security/access  is being maintained by me. Can some one give me some ideas or direction on this issue please ?
Thanks
Satya

It is very specific to client so withdrawing.

Similar Messages

  • MSS and SoX compliance

    Hi,
    when I use Manager Self-Service to display and modify financial data over the Enterprise Portal in an Intranet environment, has the conection between the portal and the desktop to be encrypted (SSL/HTTPS) to be SoX compliant?
    br,
    Tobias

    Hi,
    Well, to sum it up:
    1. It's up to the auditor. He decides whether my control framework is accurate or not. Worst case: I choose a bad auditor and the SOx compliance won't stand up in the court.
    2. What's data integrity and confidentiality is up to the data/process. As all of you are stating:
    "data being entered is accurate" [Simon]
    "SOx does bother about whether appropriate controls have been defined and are operating effectively" [Vinay]
    "The availability,integrity and confidentiality rules will be very much applicable to your context" [Ramesh]
    The usage of SSL/encryption depends on the process and on the environment. If the process/data is highly critical, I need all the mechanisms/security necessary to ensure data integrity and confidentiality. These parameters differ from external and internal access and what is already implemented in the organization (SSO, Kerberos, backend system, etc)
    3. To ensure point 1+2 I can decide from varios frameworks. If the framework I selected - eg COBIT (PO2.3 & DS5) - and my implementation of this framework mandates security, I have to implement SSL.
    Are there any best practices of the varios possibilities available? Like:
    1. If the application is available externally, verify at least: Firewall, provide SSL, etc.
    2. If the application is available only internally, verify that I&AM is compliant to ISO X, etc?
    br,
    Tobias

  • SOX Auditing on BPC 7.0

    We are in the process of rolling out BPC 7.0 and have run into some SOX auditing issues. The team leveraging the software is not large enough to segment roles in order to fulfill the segregation of duties requirement. Because of this, it looks like we are going to have to use IT resources, to push changes into production, in order to mitigate the finance team being able to make changes and having the ability to move them to production.
    All of this can be subverted if we can find a way to implement a robust logging mechanism. From what I have heard, BPC does not have the ability to track changes to logic files.
    Does anyone know of a way to track logic changes?
    How are other companies meeting SOX logging and segregation of duties requirements?
    Are there any third part tools that can handle SOX compliance for us?

    Hi EWillie,
    you better should post your message into this forum:
    SAP Planning and Consolidation, version for SAP NetWeaver
    The GRC forum unfortunately does not deal with BPC.
    Best,
    Frank

  • Security solution with Identity server for SOX compliance

    Hi all,
    Has anybody used Identity Server as security solution to achieve SOX compliance? i want to know general view, opinions , experiance of ppl while implementing such solution.
    Just a little background of SOX: It is Created by US Congress in the wake of corporate scandals like Enron in 2001 and 2002.it is an attempts to tighten controls over corporate financial reporting and transparency.
    I am basically interested in implementing security solutions using Identity server for SOX compliance. Section 404 of this act deals with internal controls, which essentially requires organizations to provide following facilities -
    1. User Identification, authorization and access
    2. User control of user accounts
    3. Central identification and access rights/permissions management
    4. Violation and security activity report
    Has anybody developed such solution? What are your general experiance, problems , issues etc? Please share your view....

    Just too quick to draw conclusion: See below FAQ
    If you are not in the same AS container, let me know. Jerry
    Copy from J2EE agent FAQ
    Question - Is it possible to install a J2EE 2.1agent and Identity Server on the same instance of the application server ?
    Installing the IS60SP1/IS61 server and J2EE 2.1 policy agent on the sameninstance of Application server is not a supported configuration. We do support the 21 J2EE agent and IS installed on different instances of the application server. So, users can install theJ2EE 2.1 agent on a one instance of the application server and install IS on a different instance of the apps server.

  • SOX Compliance in HFM- Best Practice

    Hi guys,
    Is there any "best practice" for SOX compliance in HFM? Can you do it by using Shared Services? Should I work with the .SEC file?
    Have you ever been required to do so? I was asked to do so, but since it's not my field, I'm kind of lost...
    Any advice would be greatly appreciated.
    Thanks!
    Jay

    SOX covers a number of topics. Ask for the request list from the SOX auditors, and then go through each item and determine where in the system is the best source.
    The .sec file is likely not going to work. There is a provisioning report that is more helpful for user access.

  • SOX Compliance for Oracle Retail

    Is oracle retail SOX ( Sarbanes and Oxley) compliance? Under what conditions of implementation will oracle retail ( primarily RMS) be SOX compliant?

    Great question. Curious to learn the answer.

  • Wireless Guest SOX compliance

    Hello,
    A customer has stated that they need to be "SOX compliant" and I need to confirm whether for that compliancy, a dedicated Guest anchor WLC is required.  Can't find any Cisco reference to it other than "Secure Guest Access" which is the tradition Foreign-Anchor WLC architecture.
    thanks in advance for any comments

    Hi,
    Below Cisco AP with
    software version : 5.2.157.0 , 5.2.178.5
    Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, AP1522 Wireless LAN Access Points

  • SOX compliance

    my requirement is :
    SOX compliance will require that there is a record of date and time of when an object is changed.
    There has been some report that the record of date and time on some objects are changed, even when the object is used, and not really modified. Need to know more about it. Please list any issues or recommendations.
    how do i check this feature.

    coldfire,
    Let's start off with some questions.
    1) Define 'object'
    2) "There has been some report" - from whom?
    3) "some objects are changed, even when the object is used, and not really modified." - define 'changed'.
    4) Can you provide an example of this on apex.oracle.com?
    Joel

  • SAP BW 7.3 and BPC 7.5 NW

    Hi,
    We are currently using BPC 7.5 Netweaver with BI 7.01
    We are now planning to migrate our BI to BW 7.3. We had earlier heard that BPC 7.5 does not work or is not supported with BW 7.3
    Kindly help and let me know if BW 7.3 and BPC 7.5 work together. Is there any specific support pack on BW or BPC that will make them work together.
    Please help.
    Thanks and Regards,
    Amit

    Hi Amit,
    In case you still need assistance on this subject, BPC 7.5 SP09 is supported on NW & BW 7.3.
    You will need to install the add-on CPMBPC 753 now available in the SMP.
    Kind Regards,
    Marcelo

  • SOX Compliance in SAP

    Hi all,
    we are about do one project for US based company for which they are asking about SOX compliance in SAP.
    Can any one tell, what we have to do in SAP R/3 in order meet SOX compliance as per US regulations.
    Regs,
    Ramesh B

    Hi Ramesh,
    You have to maintain proper Basis authorization prefer work flow, set up prcess for any functional or technical changes in the production system i.e. form for change request, incident request for authorization, no direct access to tables in the Production client, authorization group assignment for custom program for dual validation, monthly window for production transport or Emergency transport.
    Regards,
    Santosh

  • S&OP on Hana, IBP and BPC

    Hi All,
    can some one please help me in understanding the difference between S&OP on HANA, IBP and BPC and how they are differentiated from SAP APO?
    Thanks in advance.
    Thanks,
    Kishore

    Story started around 2012 with S&OP Hana until version 3.0. Following marketing definition and Gartner group vocabulary, this application has now change its name to IBP S&OP 4.0. Nothing changes within S&OP except improvements with 4.0.
    IBP is a new family of application in SCM under Hana
    BCP belongs to analytic family, not much appropriate for SCM Concern.
    APO is the previous APS of SAP that is still supported until 2025. Say a new customer needs SCM advance planning, better going IBP nowaday but nothing wrong with APO neither
    Daniel

  • Visual Studio and BPC 10.0

    Hi all,
    I'm a relatively new Planning Consultant and on a new project have the requirement of having an input screen for the allocation of time, for an individual, against a project.
    Examples of the required input are:
    - Allocate Nick Carter, to Project ABC, for 28 November 2011, Full Day (8hours).
    - Allocate Joe Bloggs, to Project XYZ, from 28th November to 1st February, Full Days
    Has anyone used Visual Studio to create an input screen, and maybe used a drag and drop design that integrates well with BPC.
    There is also a requirement for Versions, i.e. Scenario 1, Scenario 2, which allow different planning options.
    The BPC input screen, even with the Web UI 10.0 is limited, especially due to the way it presents data as numbers as opposed to text.
    Any feedback or advice would be much appreciated!

    Hi Sabine, thank you for the replies!
    We are using BPC 10.0 for NetWeaver, and not MS.
    The reassurance that it is technically possible if good for our Project as we can start to move forwards with the Bluerprinting. We are going to use NetWeaver Gateway to connect Visual Studio to SAP (BW and BPC).
    We have done some mock-ups for Excel but have come accross some significnat limitations, some of which are column limits, and how we need the input cell, e.g. 8 (hours), to Project Name.
    [The current solution looks like this|http://i44.tinypic.com/1o7hjr.jpg], and the way that we thought BPC Excel could look is like this: [BPC Excel Possible Design|http://www.freeimagehosting.net/newuploads/fef8f.jpg]
    I have also found information that there are row and column limitations on excel that will restrict the volume of data we are required to show / input at any one time. (I found information [here|Maximum Number of Columns Exceeded Message; under Sakthi Jaganathan's post)
    I'm not sure what you mean by Business Object Connector. From internet research it suggests it's a BOBJ connector for BI4 which we will be using for reporting.
    Thanks again for your comments, you don't realise how much it helps us!
    Nick

  • Difference between EPM Add-in for Excel and BPC 10.0?

    Hi Forum,
    I'm currently researching an upgrade to version 10.0.  We're currently running BPC 7.0 for MS.  I'm confused at the moment, because I'm not sure if/what the difference is between the EPM Add-In and BPC 10.0.  Can someone answer this?
    I'm also not understanding the future roadmap for BPC 10.0 and beyond.  It appears to me that an attempt to merge Business Objects functionality and BPC functionality into one product/suite of products is what is happening, but I could be wrong about that too.  Can someone expand on this as well?
    Thanks,
    Mike
    Edited by: hutchinsm on Oct 19, 2011 4:53 PM

    The EPM10 Client (aka add-in) is the unified Excel interface for a subset of EPM products (Profitability and Cost Management, Financial Consolidations, Strategy Management and BPC).  Clients did not like having different report writing paradigms in all of these applications, so the EPM10 Client was developed utilizing a technology called Extended Analytics Analyzer mashed with some of the BPC reporting functionality from BPC7.x to provide one stop shopping for accessing data in EPM applications.  Additionally, the EPM10 Client can be used in many cases to report directly against native BW cubes or any other source that supports an ODBO connection. 
    BPC10 is the planning and consolidations application with the code engine to support the application functionality.  If you purchase/upgrade to BPC10, the EPM10 Client is made available as an additional download to complete the package.  In BPC10, the EPM10 Client is used both for reporting as well as for write back to the database for end users.
    A new roadmap with BPC10 and beyond is just being finalized.  Look for announcements around this in the next few weeks.

  • What are Outlooksoft and BPC ?

    Hi All,
    Could anyone please tell me what are Outlooksoft and BPC ? 
    Thank you,
    Sandy

    Hi,
    Take a look at the blog below.
    /people/ryan.leask/blog/2007/09/03/what-is-cpm-and-what-is-happening-with-sem-and-bi-integrated-planning
    Regards.

  • SAP Outlooksoft and BPC

    What is relation between outlooksoft and BPC ? is both r same ? After SAP acquistion outlooksoft renamed to BPC?
    Please let me know.

    It is recommeded to search before posting - see this blog
    SAP's definitive strategy for planning technologies moving forward: What's the word on BPC, BI-IP and SRC?

Maybe you are looking for

  • HOW DO I LOAD PDF FILES SO THAT I CAN READ THEM ON MY IPOD?

    I have books that I downloaded from Free Ebooks that are stored on my compuer as PDF files.  Can I import them directly into ITUNES and then to my IPOD?

  • Using Airtunes for other things than iTunes?

    Hi, Is it possible to use my Airport Express, which is connected to speakers around the house, for other sounds than just from iTunes? So I can hear different sounds from all applications as though it were my built in speakers I was using? Thanks. Mc

  • ADF Dynamic Table Generation

    Hi, I'm trying to generate dynimic tables from my backing bean and i can't get it work, i've looking on the web and many forums, and this is the only example i've found : public void setDataTable(UIXTable param) { this.dataTable = param; if(!columnsB

  • Trying to set up MS Outlook 2007Contacts and Calendar with my BB 8330

    I keep trying to set up my BB 8330 with Outlook 2007 but I keep getting a Runtime Error "Cannot find system in table file".  Please help!!! this is driving me crazy.  I was able to add my Lotus Notes with no problem. Solved! Go to Solution.

  • [SOLVED] can't load module-echo-cancel for PulseAudio (WebRtc)

    I have added the line load-module module-echo-cancel to /etc/pulse/default.conf as said in the arch wiki but after I do that , I cannot start pulse and it gives me the follwoing error : E: [pulseaudio] main.c: Daemon startup failed. I have tried look