Auditing and GRC Automation in SAP

buy now


Over the last few years, financial statement scandals, cases of fraud and corruption, data protection violations, and other legal violations have led to numerous liability cases, damages claims, and losses of reputation. As a reaction to these developments, several regulations have been issued: Corporate Governance, the Sarbanes-Oxley Act, IFRS, Basel II and III, Solvency II and BilMoG, to name just a few. In this book, compliance is understood as the process, mapped not only in an internal control system, that is intended to guarantee conformity with legal requirements but also with internal policies and enterprise objectives (in particular, efficiency and profitability). The current literature primarily confines itself to mapping controls in SAP ERP and auditing SAP systems. Maxim Chuprunov not only addresses this subject but extends the aim of internal controls from legal compliance to include efficiency and profitability and then well beyond, because a basic understanding of the processes involved in IT-supported compliance management processes are not delivered along with the software. Starting with the requirements for compliance (Part I), he not only answers compliance-relevant questions in the form of an audit guide for an SAP ERP system and in the form of risks and control descriptions (Part II), but also shows how to automate the compliance management process based on SAP GRC (Part III). He thus addresses the current need for solutions for implementing an integrated GRC system in an organization, especially focusing on the continuous control monitoring topics. Maxim Chuprunov mainly targets compliance experts, auditors, SAP project managers and consultants responsible for GRC products as readers for his book. They will find indispensable information for their daily work from the first to the last page. In addition, MBA, management information system students as well as senior managers like CIOs and CFOs will find a wealth of valuable information on compl

Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0

buy now

Although compliance standards can be helpful guides to writing comprehensive security policies, many of the standards state the same requirements in slightly different ways. Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0 provides a simplified way to write policies that meet the major regulatory requirements, without having to manually look up each and every control.

Explaining how to write policy statements that address multiple compliance standards and regulatory requirements, the book will help readers elicit management opinions on information security and document the formal and informal procedures currently in place. Topics covered include:

  • Entity-level policies and procedures

  • Access-control policies and procedures

  • Change control and change management

  • System information integrity and monitoring

  • System services acquisition and protection

  • Informational asset management

  • Continuity of operations

The book supplies you with the tools to use the full range of compliance standards as guides for writing policies that meet the security needs of your organization. Detailing a methodology to facilitate the elicitation process, it asks pointed questions to help you obtain the information needed to write relevant policies. More importantly, this methodology can help you identify the weaknesses and vulnerabilities that exist in your organization.

A valuable resource for policy writers who must meet multiple compliance standards, this guidebook is also available in eBook format. The eBook version includes hyperlinks beside each statement that explain what the various standards say about each topic and provide time-saving guidance in determining what your policy should include.

How to Achieve 27001 Certification: An Example of Applied Compliance Management

buy now


Offering tips, strategies, and basic explanations, this title provides an understanding of information security management standards and support for those implementing the ISO 17799 standard to pass an audit. It presents questions and answers to determine information security strengths and weaknesses with respect to the standard.New
Mint Condition
Dispatch same day for order received before 12 noon
Guaranteed packaging
No quibbles returns

Boys Girls Dinosaur Watch Environmentally Friendly Rubber 3D Strap Easy Read Time Teacher Face Japan Quartz Gift – Black

buy now


A simple and fun children’s analogue watch, this is a Environmentally Friendly Materials wrist watch that functions to a high capacity, serving any child well for every day use. New 3D Children’s Watch.Fantastic Detailed 3D Strap With Easy To Read Dial Makes This A Great Childs First Watch. Built To Take All The Knocks And Bangs Expected Of A Children’s Watch And Fully Adjustable Strap To Fit Smaller Wrist Sizes. Watch with 3D rubberised strap. Full Arabic easy read dial. Colour co-ordinated hour and minute time teacher hands. Quality quartz movement. Packaging: PVC hanging pouch. This watch is an ideal gift for kids.
Product Features:
* Quartz Movement.
* Time Teacher Feature.
* Strap With 3D Images.A good gift for Christmas,birthday.
Absolutely Environmentally Friendly Materials , suitable for children to wear,100% secure
This product is in full compliance with European environmental standards, different with other similar low-priced products
Round watch dial with easy-to-read Arabic numeral markers.
This watch has multiple series for you and your children choose