SAP Solution Brief
mySAP ERP
SAP® Compliance Calibrator
by Virsa Systems software
automates the real-time detec-
tion and prevention of security
and controls violations to
deliver continuous compliance
with regulatory mandates and
prevent internal fraud. The
software reduces IT and audit
costs and makes possible high
standards of corporate gover-
nance. The only solution of its
kind embedded in SAP systems,
it enhances the extensive
compliance capabilities already
found in mySAP™ ERP.
SAP® COMPLIANCE
CALIBRATOR BY VIRSA
SYSTEMS
Meeting the Challenge of Regulatory Mandates
Through Continuous Compliance
Acts of fraud, data tampering, privacy violations, theft of
intellectual property, and exposure of trade secrets have become
commonplace in today’s corporate world. These acts, whether
large or small in scale, are taking a tremendous toll on businesses
worldwide. They reduce profitability, destroy shareholder trust,
undermine the company’s ability to compete, and erode market
capitalization. In some cases, top executives are faced with
criminal punishment.
Governments have responded by enacting a series of legislative
mandates. While the Sarbanes-Oxley Act is the highest-profile
mandate for businesses working in the United States, it is just one
of a growing list of current and proposed regulatory requirements.
The healthcare industry must now comply with the U.S. Health
Insurance Portability and Accountability Act (HIPAA) to protect
patient privacy rights, and financial firms are faced with the U.S.
Gramm-Leach-Bliley Act and Basel II. Increasingly stringent
corporate governance policies and privacy regulations are leading
companies to conduct more careful analyses of business risk and
tighten internal controls.
The CIO and members of the IT organization play an essential
role in helping the enterprise meet the requirements of these
mandates. They are the people who put in place the tools, sys-
tems, and control mechanisms to ensure corporate compliance.
But there are problems. For example, most IT organizations are
faced with tight budgets – and Sarbanes-Oxley compliance is not
inexpensive. In fact, U.S. companies will spend well over
US$6.5 billion in 2005 on Sarbanes-Oxley compliance, according
to AMR Research. In many enterprises, major development
projects will be put on hold while IT focuses on meeting this
mandate.
As your business evolves, the interrelationships between finance,
sales, and operations can grow in complexity, while the number
of employees, departments, and business units are expanding.
The combination of these two factors can make your internal
auditing procedures very demanding.
For that reason, some companies assess risk after the fact through
detection solutions that operate on downloaded data. Others
invest in incomplete segregation of duties (SoD) solutions that
can’t cope with the logic of enterprise resource planning (ERP)
systems and the subtle moves of a motivated perpetrator. Also,
compliance solutions sitting outside the ERP system cannot
detect transactions hidden in custom code, or vulnerabilities
in custom tables that give users unauthorized access.
At the most fundamental level, you must be able to secure data
across the enterprise, control access to applications and databases,
secure and monitor critical transactions, and guard against SoD
violations. An SoD violation might involve something as seem-
ingly innocent as allowing an employee to execute conflicting
transactions – for example, creating a vendor record in the system
and then paying the same vendor. What you need are ways to
automate the ongoing process of complying with Sarbanes-Oxley
and other externally imposed mandates.
Ideally, your solution should provide a low-cost, sustainable
automatic process that ensures compliance and protects your
organization in real time, 24 hours a day. This level of protection
allows you to reduce the cost of compliance, freeing up funds
for strategic developments that contribute to your company’s
competitiveness.
Your 24/7, Real-Time Solution
SAP® Compliance Calibrator by Virsa Systems software is one
of the only solutions on the market today that is embedded in
SAP systems to provide real-time, 24/7 security and controls
compliance. The software automates the real-time detection and
prevention of ERP security and controls violations by delivering
round-the-clock, continuous compliance with regulatory
mandates. SAP Compliance Calibrator by Virsa Systems helps
you reduce internal fraud, lower IT and audit costs, and reinforce
high standards of governance.
Your SAP landscape is constantly in motion, an environment
characterized by dynamic data and a high degree of flexibility
and scalability. As a result, real-time interfaces are the only way
to ensure compliance integrity. With SAP Compliance Calibrator
by Virsa Systems, you are able to test your entire SAP landscape
for SoD violations and monitor critical transactions, continuously
and in real time. The software’s simulation capabilities allow you
to take a proactive approach to compliance.
SAP Compliance Calibrator by Virsa Systems enhances the
compliance solutions already found in the mySAP™ ERP solution.
The software enhances the mySAP ERP audit information system
by adding the following capabilities:
• Automatic SoD testing as part of your internal-control
testing program
• Object-level SoD analysis
• Authorization administration
• Simulation (proactive compliance)
• Risk mitigation and remediation
• Real-time, drill-down analysis and reporting
• Management reporting
• Analytical reporting
SAP Compliance Calibrator by Virsa Systems enhances
mySAP ERP management of internal control capabilities by
adding the following functions:
• Automated tests of SoD controls and reporting
• Simulation of SoD controls
• SoD mitigation and remediation
Key Product Highlights
Here’s how SAP Compliance Calibrator by Virsa Systems can
turn your compliance headaches into a highly automated,
routine application that frees up your time for other more
proactive IT activities:
• Real-time risk assessment. Risk assessment is executed in
real time with live data; you don’t have to wait for downloads.
Conflicts are identified immediately at both the transaction
and authorization-object level. This reduces false positives and
allows your administrators to resolve conflicts on the spot.
You clean your system with real-time scanning and keep it
clean with real-time simulation. SAP Compliance Calibrator
by Virsa Systems executes cross-systems analysis to assess risk
across multiple systems, such as customer relationship manage-
ment, human capital management, and so forth.
• Remote simulation with cross-system analysis. Any changes
due to remediation or role creation can be simulated in the
production system and across multiple systems before a role
is generated or an assignment is made to a user. Your adminis-
trators can identify potential new SoD conflicts throughout
the SAP landscape before changes are migrated to production
by conducting “what-if” analyses at the development stage.
• Automated rule building. SAP Compliance Calibrator by
Virsa Systems automates the SoD rule-building process to match
system configuration settings, eliminating manual work and
significantly accelerating the process and reducing error.
• Comprehensive analysis. Includes automated cross-system
analysis of customer code and custom tables that can give users
unauthorized access to the system. The compliance solution
also identifies another risk: reference user violations.
• Effective reporting tailored to all audiences. You can
provide regularly scheduled, simple status reports for auditors,
e-mail alerts for management, and detailed drill-down for IT,
including SAP transaction codes for the more technically
minded. Top executives responsible for the entire corporation,
or business unit managers concerned with a particular geo-
graphic and functional area, are able to receive and analyze
pertinent information without getting deluged by data.
• Library of best-practices SoD rules. You have access to the
largest and most comprehensive database of SoD rules at the
transaction and authorization-object levels for SAP solutions.
The library is constantly updated.
• Simple, efficient implementation. Because SAP Compliance
Calibrator by Virsa Systems is embedded in your SAP system,
no additional hardware or software is required. Installation is
complete in a manner of minutes, and the entire deployment,
including configuration and training, takes less than a week.
The compliance software consumes a minimum of resources
and has been optimized to ensure that there is no impact
on mySAP ERP performance. In addition, you can expect
significant savings from reduced human resources costs due
to automation.
Why SAP Compliance Calibrator by Virsa Systems?
Among the many business benefits that your company will
realize with SAP Compliance Calibrator by Virsa Systems are
faster internal-control testing cycles and reduced time to
compliance. If your organization is like many other enterprises,
you have more than 50,000 internal control processes that require
testing, evaluation, and remediation. Many of these might be
authorization and access controls. Automation of the testing
procedure for these controls makes it easier to achieve complete
Sarbanes-Oxley compliance.
 www.sap.com /contactsap

The real-time, continuous operation of SAP Compliance Compliance Made Easy

Calibrator by Virsa Systems stops authorization violations before Sarbanes-Oxley and other mandates impacting corporate gover-
they occur. The software’s extensive set of validated rules and nance are not going to go away any time soon. In fact, over time
detailed SoD analysis capabilities have been developed over there probably will be more legislation rather than less. That is
nearly a decade with deployments at hundreds of customer sites. why a proactive, real-time, 24/7 automated solution such as
These customers include some of the world’s largest companies. SAP Compliance Calibrator by Virsa Systems is essential to stop
authorization violations before they occur. SAP Compliance
ERP authorization compliance checking is simple, immediate, Calibrator by Virsa Systems brings years of SAP security domain
and extensive; violations are caught in development before experience into a product with the largest set of validated rules
you commit to production. Automated, detailed SoD analysis and detailed SoD analysis. The solution is a powerful supplement
and monitoring of critical transactions provide business users, to the extensive compliance capabilities provided by mySAP ERP.
auditors, and IT security with an instantaneous assessment
of authorization risk. SAP Compliance Calibrator by Virsa Systems allows you to
implement compliance practices that can result in better business
Because the automated analysis is complete and accurate, you practices, lower compliance costs, and the assurance that your
avoid wasting time on false positives and manual checking. company is proactively combating security and controls violations
Preventative measures keep your systems clean on a continuous on a 24/7, continuous, real-time basis.
basis.
Find Out More

Effective Corporate Governance/

To learn more about how SAP Compliance Calibrator by
Compliance with SAP® Solutions Virsa Systems can help ensure regulatory compliance at your
company, call your SAP representative or visit us online at
SAP® Compliance Calibrator by Virsa Systems www.sap.com/company/press/press.epx?PressID=2514.
Segregation of Duties Testing

mySAP™ ERP

Risk Management

Audit Management of
Information System Internal Controls

Consolidated Financial Reporting

Foundational Process Controls (ERP)

50 074 019 (05/04) Printed in USA.

2005 by SAP AG. All rights reserved. SAP, R/3, mySAP, mySAP.com, xApps, xApp, and other SAP products and services mentioned
©herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other
countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained
in this document serves informational purposes only. National product specifications may vary. Printed on environmentally friendly paper.
These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies (“SAP Group”) for
informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with
respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty state-
ments accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.