We audit SAP authorisation risks and segregation of duties conflicts
With the help of our experienced colleagues and globally recognised authorisation auditing software CSI Authorization Auditor, we can solve your issue with SAP authorisations quickly and reliably. We are also SAP GRC module experts. Governance, Risk & Compliance features provide potential solutions to authorisation management, access control and the risks associated with new hires, changes in the scopes of duties and the departure of employees from the company.
Which tasks can we support you in?
- Setting up or upgrading the monitoring control systems related to segregation of duties and sensitive access within the GRC module;
- Process review and analysis of mitigation controls;
- Redesigning SAP roles;
- Creating an efficient operational module for the firefighter process (EAM module); and
- Setting up the Process Control module when defining automated control functions in business processes.
To whom do we recommend this?
- CEOs, CTOs and CFOs responsible for ensuring that SAP risks are under control.
- Heads of internal controlling departments who would like to make sure that employees have the necessary authorisations to conduct an audit in their fields.
- Accountants who need to be certain that the SAP authorisation controls are suitably designed and work efficiently.
Why is our service useful to you?
It lets you know what SAP users can do in the system, which actions they have taken and what risks are associated with the following process steps:
- starting and accepting transactions;
- monitoring funds.
The separation of authorisations can significantly mitigate the risk of fraud, irregularities and errors. We also identify users with critical/sensitive authorisations that are already inherently risky. The identified risks can be remediated or mitigated, and a more stable authorisation concept can be mapped along with its related processes.
What do we do?
First, we discuss your requirements related to the SAP authorisation concept and its associated processes. Then, we analyse the behaviour of SAP users and create a report. In the case of auditing, our work ends here. In the case of consultation, however, we move on to further steps. We create a design concept on the recommended changes and discuss this with key people. We then create the final design based on that feedback.
Our consultants record the changes in the development environment and conduct development tests. We organise user acceptance tests throughout the entire test environment. In accordance with the change management processes, we assist in making the changes go live.
We also provide a warranty period that covers the correction of everything that does not work perfectly.
Thanks to these measures, you will have a much safer SAP system (possibly including the GRC module) at your disposal.
Your personal contact:
