Background

key
insights

Key Insights

Throughout our work, we've uncovered the most effective procedures, techniques, and methodologies for effectively delivering SAP Security and GRC solutions. We proactively share this knowledge through our Key Insights programme - a series of roundtables, webinars and thought leadership activities aimed at promoting discussion with peers and experts around best practice and to generate an informative forum for knowledge sharing.

Insight Events

Controls Automation – Uncovering the Myths

Controls Automation – Uncovering the Myths

Online webinar

Are you spending a significant amount of time operating controls? Do you have difficulty gaining assurance over your internal controls environment? Would you like to reduce the time and effort dedicated to controls, whilst at the same time being more confident over the robustness of your controls framework? For more information click here

Read more
Reform of the EU data protection regime workshop

Reform of the EU data protection regime workshop

London

The EU General Data Protection Regulation (GDPR) has been a long time in the making. Although its final form is not yet agreed, it is becoming increasingly clear which new concepts will make it through and where tightening of existing rules will occur. The final text will be agreed between the European Parliament and European Council over the winter of 2015 and quite possibly into the spring of 2016 – all businesses processing personal data in Europe or targeting European residents will need to comply 2 years later (there are no transitional provisions). In preparation there will be a half day conference taking place at Norton Rose Fulbright LLP, London on 15th September. This CPD accredited workshops is aimed at helping businesses to: 1.To start designing the long tail wordings, mechanisms, procedures and system changes they will need to implement to meet these requirements 2. To understand where pinch points are likely to be 3. To follow the final phase compromises as the GDPR legislative process concludes from an informed position. Turnkey Consulting’s MD, Richard Hunt will be helping attendees to understand the systems impact and business drivers of GDPR when implementing SAP HR. To register your interest in attending please click here. This is a free event, however places are limited.

Read more
SAP Security and Auditing Workshop

SAP Security and Auditing Workshop

Singapore

A 3-day SAP Security and Auditing training workshop will be conducted in Singapore by Turnkey Consulting on 30th September - 2 October 2015. The workshop will cover SAP BASIS and IT general controls; Authorizations and SoD in SAP; and Business Process Controls in SAP purchasing process. Please email us at  training.sq@turnkeyconsulting.com for more details or to register.

Read more
Tom Venables

Do you have trust issues?

6 Aug 2015

Posted by Tom Venables

 

 

 

So, knowing that trust is defined as “having confidence in the veracity, integrity or other virtues of someone or something”, how would you rate the trust you have in the following:

  • The accuracy of your data?
  • Integrity of the systems which store your data?
  • Security of communication between systems?
  • The integrity of the people in your organisation?
  • The organisations which work to support you?
  • The processes which are in place?

If any of the above gave you pause for thought, you are probably not alone! I have seen examples of all of these being called into question at some point and, like all of us, have worked to improve the trust in the people, companies, systems and processes involved.

Once trust or confidence has begun to be eroded, it can be extremely difficult to re-establish, if it can be regained at all. It is possible to handle a lack of trust, establishing proper governance and control processes, supported by tools can help us to continue to operate in environments where trust is an issue.

Trusting the people

We trust the employees in our company with the data they require to perform their job function. We do, however, still establish mechanisms to protect both the organisation and the employees themselves from the ability to realise risk. It is important that this protection is understood to work both ways – the company can have faith that “John Doe” cannot commit fraud and “John” is confident that he will be blameless in the event that fraud were to happen. Establishing the employees’ responsibilities in managing risk are key to achieving our governance and compliance goals.

Maintaining control of segregation of duties risks, whether through role design, or supplemented with GRC access controls, is one mechanism by which we can establish trust between the employer and the employee. This is even more relevant for managed service organisations, where they are being trusted as the custodians and protectors of their clients’ business-critical information and systems.

Trusting the systems

Ensuring the integrity of the systems and data your business relies upon is key. Anything which undermines confidence in those systems needs to be addressed and there are a number of procedures which can improve the reliability of, and confidence in, those systems.

Ensuring correct change controls are in place for enhancements should ensure that nothing untoward is introduced into the live systems, however this needs to be backed up by robust testing from the correct stakeholders, with particular emphasis on integration testing, as nothing will erode trust in new systems faster than negative UAT or live issues.

We often see cases where functionality tested (and working) in isolation in pre-production systems does not “play well” with live data, or other functionality. Making sure that issues with integration are addressed before go-live will increase business confidence in the IT systems and the organisation which supports them.

The bottom line is: Ensure you have the processes in place to protect the people and systems your business needs, supported by the appropriate tools and you will improve the trust, truth and confidence in those people, systems and your own organisation.

Please feel free to comment on your own trust issues, or examples of what’s worked well using the link below:

Make a Comment
Tom Venables

Don’t show your sensitive side

23 Jul 2015

Posted by Tom Venables

How sensitive is your data?

With data theft becoming more prevalent and a heightened media focus on loss of personal data affecting several notable companies in recent years, the protection of data has never been more relevant to systems administrators and governance functions. Whether it be protecting employees’ personal details, the financials behind shareholder statements, or critical customer information, it is essential that we understand the data stored in our systems and undertake implementation of processes and tools to protect this.

Make a Comment
Marc Jackson

Process Controls Webinar – Overview & Business Benefits

6 May 2015

Posted by Marc Jackson

Process Controls as a concept

Although the name may suggest, it isn't simply about providing control solutions for your business processes, rather it describes the concept of providing an overall control and compliance management solution for your organisation. This means having a single centralised solution to coordinate and manage all of your controls and compliance related activities.

Make a Comment

"The Key Insight sessions are an ideal way of sense checking your current ways of working."

Chris Haigh, Global SAP Security Specialist, Kimberly Clark Corporation & Chairman of SAP GRC User Group

"I found the session to be very useful, informative and well facilitated."

Olu Adeosun, Compliance Manager Enterprise Systems, BP plc

"The session I attended was indeed very interesting with a lively and stimulating round table discussion."

SAP Project Manager - Global Petrochemical company

"It was a well facilitated event, would happily recommend future events to others and would hope to attend again."

Mike Bonsor, Head of Project Management, SThree Plc

"I took away some good knowledge and would clear my diary to attend another one of the sessions."

Olu Adeosun, Compliance Manager Enterprise Systems, BP plc

"Key Insights added significantly to my knowledge of the topic discussed."

SAP Project Manager - Global Petrochemical company

"The points debated were most useful in applying to our own circumstances"

Mike Bonsor, Head of Project Management, SThree Plc

"Key Insights allows you to find out from others what does and does not work well."

Chris Haigh, Global SAP Security Specialist, Kimberly Clark Corporation & Chairman of SAP GRC User Group

"The points debated gave the opportunity to avoid pitfalls that others had made."

Mike Bonsor, Head of Project Management, SThree Plc

"The session I attended was indeed very interesting with a lively and stimulating round table discussion."

SAP Project Manager - Global Petrochemical company