Information GRC Tool: SAP Role Management 50000 foot view

Information GRC Tool:  SAP Role Management 50000 foot view

Problem:  Capturing requirement for the transactions to roles and change management are not properly maintained

1.       Audit Failures documenting, testing, process control, and sign-off requirements mandated by Sarbanes-Oxley sections 302, 404, and 409

2.       Lost productivity and waste of resources.

3.       Throwing money at the problem

Example:  Transactions or roles added / removed without approval and testing

Tool Information:  Work flow based automation so the manual process can be eliminated and approvals can be tracked and verified

Implementation:   Changes initiated locally but approved globally

Implementation Strategies:

1.       Local Site SAP Security power user should be trained so they can handle as first level of defense in situations where the user has questions if needs to have access to certain transaction or role

2.       Role changes should be initiated at the organizational and approved at the global level as adding transactions will have global change

3.       The approval should be periodically reviewed by audit group

Advantages:

1. Lot of security errors can be reduced as user may not aware of the new business process
2. Audits will be passed with 100 % confidence as role designed will match what is in SAP
3. Resources can be work efficiently and save time & money

4.       Changes will be processed and can assign responsibility to the appropriate group

Caution: The tool should not be used as substitute for poor job to role mapping

Selva Kumar

Vice President- SAP Practice

OneAccess-UserManager for SAP

SAP Certified-Powered by Netweaver

http://www.softsquare.biz/oneaccess/

selva@softsquare.biz

Phone: 1 877 717 5487

Automate and Meditate