SAP GRC Access Control

SAP Access Control is one of most widely used application and common amongst customers using SAP solutions.

We have been assisting our customers to leverage the benefits of Access Control application. Have lead projects comprising an implementation, application support, upgrade or migration in cloud.

We specialise in below components of SAP GRC Access Control.

Access Risks Analysis (ARA):

This component helps to maintain the access risks using rulesets. We have deep understanding about the core modules of SAP S4 HANA application. And assisted customer to standardised the risk library using SoD (Segregation of Duties) risks, Sensitive Access Risks (Critical Action and Permission). We also help clients to identify and setup custom risks for complete coverage from audit perspective.

  • Ad-hoc risk analysis at user and role level for audit preparation
  • Preventive control setup for access provisioning
  • Periodic SoD Review process setup and execution support

Mitigating Controls Library

Lack of control document poses significant risks from audit perspective and often highlighted as one of the key finding in an annual report. We extend our services to build the mitigating control library in line with financial risk and controls matrix so that it provides the wider coverage of risks across the business process.

  • Mitigating Control matrix
  • Definition of mitigating controls, frequency, monitor
  • Periodic Review of Mitigating Controls
  • Standard Operating Procedure for mitigating controls

User Access Management

Automated user lifecycle management is one of the most prominent requirements for any organisation using SAP solution and other applications. Below are the areas where we supported and offers the services to our clients.

  • Access request approval workflow setup
  • Optimisation of workflows to reduce the manual approval steps and increase the turnaround time
  • Integration of nonSAP applications for Manual Provisioning
  • Audit support for access provisioning

Emergency Access Management (Firefighter Access)

Well controlled emergency access is one of the main audit requirements and often considered one of the key controls during annual audit. We understand how critical it may be if one of the activities performed without having a controlled environment in production system.

  • Firefighter ID, Controller and Monitor setup
  • Streamlining firefighter log review process
  • SLA’s setup for FF Log review
  • Segregation of business process specific emergency roles
  • Periodic log review and FF ID optimisation services

Business Role Management

Having a centralised repository of roles of various business applications help business to standardised and streamline the faster maintenance of roles.

  • Harmonisation of business roles across the applications for access requests to provision the roles for multiple applications simultaneously
  • Role mining
  • Periodic role reviews per audit requirement