For organizations wishing to establish a dynamic compliance & governance framework or those faced with external regulations such as Sarbanes-Oxley, EZ-Compliance has been developed. Business Controls and Business Risks can not only be defined and deployed corporate wide, they can also be associated directly to the related Business Processes they play a part in. To ensure operations consistency and reduce significantly the efforts related to the on-going governance management, multiples alerts and notifications can be configured. In addition, the Segregation of Duties (SOD) validation, critical to any certifications, can be fully automated. Key to any external and internal compliance, organizations can inquire at all time who is able to access what applications/systems, as this list is dynamically kept updated. Scanning all employees cross-applications authorizations, the EZ-Compliance SOD engine automatically identifies any existing SOD conflicts and can even perform what-if scenarios in a preventive manner to alert appropriate SOD Compliance Administrators. Finally, SOD conflicts can also be resolved and/or mitigated electronically based on user-defined rules.

Functions & Features

Business Controls & Risks Management

• EZ-Compliance Portal (corporate deployment of Business Controls & Risks details via secured Portal to unlimited users)
• Dynamic navigation indexes: Business Controls by Dept, by Segment, by Owner, By Tester, By Objective Code (SOX, COSO, Cobit), by Release Status, by Audit Rating, by Code/Desc, etc...)
• Business Controls mapping to related Business Risks
• Business Controls & Business Processes relationships
• Availability of the SOX / ISO library of  Business Controls (including 600+ pre-defined Business Controls mapping to related Risks)

Integration with EZ-Publisher / EZ-Modeler

• Relationships between Business Controls and Business Processes (any format: Visio, PPT, DEM, EZ-Process processes)
• Business Controls mapped to Business Process and/or Process Activities

EZ-Compliance Reporting

• Dynamic generation of Auditing/Auditors manuals (e-Book format)
• Web-based inquiry of Business Controls/Risks/Processes

SOD: Employee/Application Access Management (who has access to what)

• Cross-applications authorizations (ability to import user authorizations data from unlimited sources (Baan Tools/DEM, other ERP/applications)
• Employee/Applications Access Scan
• Ease-to-use data mining capabilities to enable dynamic Employee Authorizations reporting
• Extended authorization structure: Employee => Roles => Processes => Tasks => Applications
• Employee / Applications Access inquiries via web Portal (HTML or Excel output)
   

SOD: Business Conflicts Management (who should access what)

• Driven by a SOX-SOD rules-driven library and engine
• Ability to create unlimited Conflict Rules (SOX-SOD Separation of Duties, Authorizations Integrity/Dependency rules, etc...)
• Availability of a pre-defined Baan Conflicting Sessions SOD Rules library (for Baan versions Triton, IV, ERP-5, LN)
• Applications & Application Groups
• Pre-scan validation + rules integrity check
• Dynamic SOD Conflicts Identification Scan
• Ease-to-use data mining capabilities to enable dynamic SOD Conflicts inquiries and reporting
• Conflict notifications to appropriate Business/Role Owners
• Conflicts reporting & Corporate Dashboard
• Management Dashboard presenting the SOD Conflicts statistics via grids & charts
   

SOD: Conflicts Resolution Management (mitigating identified SOD conflicts)

• Ability to create unlimited Conflict Resolution Rules (to automate conflicts documentation, classification, resolution and mitigation)
• Automated Conflicts Resolution Scan & Update
• Compensating/Mitigation controls
  • Conflict level
  • Conflict Rules level
  • Business Controls level
• Conflicts reporting & Corporate Dashboard

SOD: Preventive Scan Capabilities

• Critical to prevent SOD conflicts (rather than resolving them in a reactive manner). Required to become SOX certified.
• Preventive SOD Conflicts scan: dynamic what-if analysis enabling your organization to simulate unlimited access change scenarios (adding/removing a Role, an Application or an Application Group to a elected user)
• Generating and saving the analysis results to the Authorization Change Request audit trail

SOD: History and Audit Trail

• Scan logs (what scans were performed, by whom and when)
• Scan history reports (archiving of scan results enabling auditors to inquire past Authorizations, SOD Conflicts and Resolutions)
• SOD Rules modification log: (detailed log showing all modifications/enhancements done on SOD Rules, when and by whom)

Business Controls Testing/Revision

• Dynamic Testing/Revision Schedule (listing Business Controls currently in revision/testing, due within 15 days or overdue)
• Business Controls Testing/Revision alerts & notifications
• Business Controls Testing/Revision history
• Initiating a new Business Controls Testing/Revision
  • Semi-automatic mode (act upon an alerts/notifications by initiating the Testing/Revision)
  • Fully automated mode (Testing/Revision Workflow route used to notify electronically all people to be involved in the execution of the Testing/Revision steps). EZ-Workflow required

Request for more information

To Request more information by E-Mail, mail to