Will MCA’s new amendment drive up the cost of compliance for SAP users?
The short answer is yes.
Earlier this year, the Ministry of Corporate Affairs, released an amendment requiring companies that use accounting software to provide an audit trail. However, the ministry soon acknowledged the challenges companies would face in order to meet the requirements so they postponed the effective date from 1 April 2021 to 1 April 2022.
Some may feel that their SAP ERP platform keeps an audit trail of all material transactions. They are right, but they are also wrong. SAP ERP platforms capture and keep material business transactions and documents, but there are many important and even sensitive transactions that are captured but not kept for more than a few weeks. While user activity data is captured initially, unfortunately, SAP does not retain many material user activities. SAP ERP platforms purge data older than 90 days (sometimes only as old as 7 days) because of the incremental storage costs and performance impact the data causes. Consequently, companies may not have the required audit trail and may not have what it takes to pass their annual audit.
Keep reading to learn about best practices for ensuring you have the data you need for the upcoming audits MCA is requiring.
What best practices will enable companies to meet MCA guidelines?
The new amendment from MCA has four primary requirements:
- All transactions must be logged and compulsory audit trails maintained.
- Any edit made to the books must have a recording date.
- The audit trail must not be disabled.
- Logs need to be maintained throughout the financial year.
Any set of good practices will meet these four requirements, but the best practices will do more. In addition to ensuring the MCA requirements are met, best practices will also ensure the requirements are met at little or no additional costs. Best practices will enable companies to streamline annual audits so that the costs, time, and staff disruptions are trivial. Best practices will not stop at just meeting requirements and reducing the costs of audits, but best practices will also find ways of using the audit trail data so that administrators and business managers are actually benefited from the requirement.
The outcome companies should seek is both compliance and operational benefits. For example, Security Weaver customers are able to prove compliance efficiently, and they are also able to use the data required by the MCA amendment to improve business operations, IT processes, and to lower the costs of SAP licensing. Security Weaver customers can use data from the required MCA audit trails to improve SAP role designs, to lower the costs associated with managing SAP sensitive access, and to lower SAP user licensing costs.
Those IT organizations who are able to apply best practices for meeting the new MCA audit requirements will not only avoid fines and penalties but will also find they have a competitive advantage operationally and that they have a lower cost structure than those competitors who do not.
Once having an integrated and secure audit trail, the logs you collect, and aggregate can be used for different business purposes.
Information Security
Identify that something wrong has happened. This happens only in case you are using a secure way to store and track activities related to information security
Regulatory Compliance
Keyword “Secure”: to ensure your logs comply with most of the standards and regulations, you need to have tamper-evident, secure audit logs in place.
Digital Forensics
Find out who did what and when and be able to prove it. This is especially crucial where lawsuits are involved.
Data Integrity
When using the right technology, the audit trail can allow you to reconstruct the data that was modified and the time it was modified, so that you know which backup to use, relying on the data provided in it.
Business Analysis
When generated and collected properly, logs contain all the necessary data for business processes because most business processes take place or are reflected in information systems nowadays.
Fraud & Anomaly Detection
When using the appropriate secure audit trail solution, that captures all business-related activities from all systems, any organization can make fraud detection easy in real-time.
How can more compliance requirements be a blessing?
At Security Weaver, we believe the MCA amendment to The Company Act is a blessing in disguise for those enterprises who are smart enough to seize the opportunity.
Greater control and demonstrated compliance combine to protect Indian companies from fraud, But, for some, more importantly, it signals to the world that India is a great place to invest. Foreign direct investment opportunities increase for those companies able to demonstrate good governance and strong audits. This amendment can help any Indian company demonstrate it is more disciplined and trustworthy than its competitors or other global enterprises. It can compete better for shareholders looking to benefit from emerging economies.
In addition to satisfying compliance requirements and improving access to capital, the compliance data required by the MCA amendment can be used by companies to improve their operations, streamline and accelerate processes, and lower their cost structure.
Lowering the cost of operations while simultaneously improving operating results is undoubtedly one of the primary priorities of any company. The compliance data required by the MCA agreement can help achieve this priority. Here are a few examples of how Security Weaver provides a solution that not only meets the MCA compliance requirements but enables companies to improve performance and lower costs.
- Improved Role Designs - Because the Transaction Archive software module from Security Weaver shows which transactions were executed by users, the number of interactions by each user with each transaction, and the date and time information of each interaction, every material transaction is logged (meeting MCA requirements), but more importantly SAP user roles can be improved. Improved roles mean less time spent by IT administrators on access requests and less time waiting for access by end-users.
- Faster Incident Resolution - With Transaction Archive's detailed user analytics, IT can trace the exact steps a user took before experiencing system issues and resolve them more readily.
- Better Role Design - With Transaction Archive, architects have the data necessary to both understand the impact of their design decisions and adapt their design easily, often without users even noticing.
- Unrivaled Forensics - With Transaction Archive, administrators have a rich history to understand in detail every suspicious activity of any user at any time. But, Transaction Archive is also able to detect immediate issues and alert whenever sensitive actions are taken by a user. Consequently, Transaction Archive supports forensic activities both by having a complete user transaction history, but can also prompt immediate forensic investigations when sensitive activities are initiated.
- Lower SAP User Licensing Costs - With Transaction Archive, SAP license administrators can make more informed decisions on how licenses should be allocated to end-users. Improved license allocations can materially reduce the costs of growing organizations. Savings from improved license allocations can save enough money to pay for incremental compliance-related activities many times over. Click here to learn more about Security Weaver License Management.
How is it possible for Security Weaver to accomplish so much with Transaction Archive?
Transaction Archive from Security Weaver has a few characteristics that make it unrivaled as a solution to achieve compliance and to simultaneously improve operations.
- Data Compression Architecture - Unlike other solutions which fail to compress detailed user transaction history, Transaction Archive compresses the data it captures. This allows Transaction Archive to scale across large environments and across time. As data accumulates, even for large organizations, Transaction Archive ensures almost no incremental investment in storage is required. So instead of purging data periodically, Transaction Archive can provide an unmatched audit trail whenever auditors need one, and detailed data is available to IT administrators or business managers, whenever they need it to make informed decisions.
- Hybrid Data Architecture - Transaction Archive is not only about “old data” it is equally about immediate production data. Transaction Archive reports are not stale, corrupted, nor out-of-date. Transaction Archive combines the immediate production data showing how users are interacting with the SAP ERP environment with legacy data so that trends can both be captured and shown to be relevant today.
- Customizable Report Options - Each report in Transaction Archive is highly configurable and can focus on individual users, sets of users based on department, user group, or company, an arbitrary list of users, or users only residing on certain systems.
April 23, 2020 - 5 Ways User Activity Data Improves Security & Compliance by Isaac Kimmel
Understand how user activity data can be used to support a variety of security and compliance processes. Also learn how user data can help streamline role assignment, role retention, and role recertification decisions.
Watch Full VideoRequest your free trial.
Join our 30 days free trial program and experience how Transaction Archive can be a cost-efficient solution to meet the new mandates.
Empowering enterprises with actionable insights.
Security Weaver enables enterprises to put measures in place to ensure compliance, reduce the cost of compliance, and improve operations. To meet compliance mandates, and more importantly to improve operations and to lower costs by providing leaders with actionable insights requires the right tools. No one expects to compete in today’s marketplace using manual accounting practices and paper ledgers, likewise, no one should expect to meet regulatory requirements manually and still be competitive.
Enterprises can comply with the MCA amendment by enabling an audit trail in a variety of ways. However, Security Weaver can enable compliance mandated investments to also benefit the business by lowering the overall cost structure and improving operational performance. Security Weave can turn gigabytes of logs into useful reports that enable better management decisions.
With Security Weaver, companies can efficiently control access to their SAP landscape, optimize license allocations that will lower SAP licensing and support costs, delight auditors, and save IT administrators time while protecting them from tedious distractions.
At Security Weaver, we care about making companies more efficient while simultaneously helping them to pass audits. For those enterprises seeking to meet the new MCA compliance requirements, we are offering a special free trial of our Transaction Archive software to selected accounts as part of a pilot program. Let’s connect and explore the scope of what a pilot might look like for your team and how we can improve your readiness for your next audit.