An Implementation of a Process-Oriented Cross-System Compliance Monitoring Approach in a SAP ERP and BI Environment.
作者: Thorben Sandner , Michael H. Breitner , Matthias Kehlenbeck
DOI:
关键词: Credit rating 、 Computer security 、 Access control 、 Business Process Model and Notation 、 Business process 、 Business process management 、 IT risk management 、 XACML 、 Computer science 、 Process management 、 Control (management)
摘要: Compliance to regulatory demands has become a crucial matter for organizations. Nonobservance may lead far-reaching consequences, e.g. damage reputation, decline of credit rating or market value, fraud and fines. The success compliance management correlates with the frequency monitoring reporting is affected by complex often time-consuming manual validation tasks. To address this problem, organizations implement corresponding IT solutions. However, heterogeneous system landscapes, different information sources their integration represent major challenges. This paper presents an implementation novel process-oriented cross-system approach. approach based on model which provides annotation business processes internal controls, critical permissions roles as well architecture automatic detection, timely communication deep analysis control exceptions. It solely relies established standards (i.e. XACML, BPMN, COSO SWRL) existing technologies. been deployed in productive SAP ERP BI environment. automatically converts access data from proprietary publishes exceptions system. effects causes these exception can be appropriately analyzed using queries reports.
参考文章(20)
Anke Gericke, Hans-Georg Fill, Dimitris Karagiannis, Robert Winter, Situational method engineering for governance, risk and compliance information systems Proceedings of the 4th International Conference on Design Science Research in Information Systems and Technology - DESRIST '09. pp. 24- ,(2009) , 10.1145/1555619.1555651
R. Agrawal, C. Johnson, J. Kiernan, F. Leymann, Taming Compliance with Sarbanes-Oxley Internal Controls Using Database Technology international conference on data engineering. pp. 92- 92 ,(2006) , 10.1109/ICDE.2006.155
Vladimir Kolovski, James Hendler, Bijan Parsia, Analyzing web access control policies the web conference. pp. 677- 686 ,(2007) , 10.1145/1242572.1242664
Alan R. Hevner, Sudha Ram, Salvatore T. March, Jinsoo Park, Design science in information systems research Management Information Systems Quarterly. ,vol. 28, pp. 75- 105 ,(2004) , 10.5555/2017212.2017217
Nuo Li, JeeHyun Hwang, Tao Xie, Multiple-implementation testing for XACML implementations Proceedings of the 2008 workshop on Testing, analysis, and verification of web services and applications - TAV-WEB '08. pp. 27- 33 ,(2008) , 10.1145/1390832.1390837
Salvatore T. March, Gerald F. Smith, Design and natural science research on information technology decision support systems. ,vol. 15, pp. 251- 266 ,(1995) , 10.1016/0167-9236(94)00041-2
Nicodemos Damianou, Naranker Dulay, Emil Lupu, Morris Sloman, The Ponder Policy Specification Language policies for distributed systems and networks. pp. 18- 38 ,(2001) , 10.1007/3-540-44569-2_2
Antonio Lioy, Cataldo Basile, Piervito Giovanni Scaglioso, Modern Standard-based Access Control in Network Services: XACML in action pp. 296- 305 ,(2008)
Lesley Saunders, TOWARDS A FRAMEWORK ,(1999)
Amit Chatterjee, David Milam, Gaining Competitive Advantage from Compliance and Risk Management Springer, Berlin, Heidelberg. pp. 167- 183 ,(2008) , 10.1007/978-3-540-71880-2_9