Académique Documents
Professionnel Documents
Culture Documents
Agenda
SAP GRC Overview SAP GRC Access Control 10.0 Introduction SAP GRC Access Control 10.0 Features
GRC Defined
understand and prioritize stakeholder expectations; take a holistic approach to risk management; set objectives congruent with values and risks; achieve objectives while optimizing risk profile and protecting value; operate within legal, internal, and social boundaries; provide relevant, reliable, and timely information to appropriate stakeholders; and enable the measurement of the performance and effectiveness of the system
People
Process
Technology
GRC Defined
management approach through which senior executives direct and control the entire organization
Risk: Effect of uncertainty on objectives Risk Management: set of processes through which management identifies, analyzes, and, where necessary, responds appropriately to risks
Governance
Risk
Complianc e
GRC Defined
MANDATED BOUNDARY
boundary established by external forces including laws, government regulation and other mandates.
BUSINESS MODEL
strategy, people, process, technology and infrastructure in place to drive toward objectives
OBSTACLES
OBJECTIVES
strategic, operational, customer, process, compliance objectives
VOLUNTARY BOUNDARY
boundary defined by management including public commitments, organizational values, contractual obligations, and other voluntary policies.
Minimize risk Tightens up business process Helps drive innovation Increases agility Eliminates costly, repetitive tasks in the ERP landscape Can be implemented in stages
Fragmented Mostly reactionary Individual projects Separate from mainstream process and decision making
Before GRC
Strategy
Simulation Budgeting
Project Reporting
Data Warehouse
Execution
Integrated management and performance Integrated capability Embedded with mainstream process and decision making Coordinated transactions and shared data
After GRC
Access Control
Global Trade Services
Business Intelligence
Query, Reporting, and Analysis Search and Navigation
Information Management
Data Integration
Advanced Analytics
Agenda
SAP GRC Overview SAP GRC Access Control 10.0 Overview SAP GRC Access Control 10.0 Features
Manage by exception
Embed cross-function
FIN
HR
Embed cross-platform SoD Rules & Regulations Corporate Policies Best Practices Enterprise role management Identity Management
Manage by exception
Embed cross-function
FIN
HR
Embed cross-platform SoD Rules & Regulations Corporate Policies Best Practices Enterprise role management Identity Management
provide proof and reliability with control test and audit trail for SoD controls report and review key risk indicators for system access
Embed cross-function
FIN
HR
Embed cross-platform SoD Rules & Regulations Corporate Policies Best Practices Enterprise role management Identity Management
Approach
Effective Management Oversight and Audit
(Get Clean)
Risk Identification and Remediation Rapid, cost-effective and comprehensive initial clean-up Enterprise Role Management Enforce SoD compliance at design time
(Stay Clean)
Compliant User Provisioning Prevent SoD violations at run time Superuser Privilege Management Close #1 audit issue with temporary emergency access
(Stay in Control)
Periodic Access Review and Audit Focus on remaining challenges during recurring audits
Approach
Minimal time for compliance
setting up of right access controls through the use of comprehensive library of SoD rules out-of-the-box Continuous access management
enforcing SoD compliance from the start with enterprise-wide role design, documentation and maintenance; prevents reintroduction of SoD violations; perform emergency activities in a controlled manner Effective management oversight and audit
through user access reaffirmations and reviews of access-risk, SoD rules, mitigating controls and roles; provides audit trail
Approach
Benefits
Access Control protects information and prevents fraud Automatically eliminates access and authorization risks with out-of-the-box rules Enforces segregation of duties across applications and departments Optimizes operations Minimizes time and cost for compliance
Agenda
SAP GRC Overview SAP GRC Access Control Overview SAP GRC Access Control 10.0 Features
Access Control 10.0 is part of the GRC 10.0 Suite Previous version of Access Control is 5.3 (for PC and RM, 3.0) Access Control 10.0 highlights improvements in six (6) key focus areas:
Access Control Harmonization Unified Compliance Platform Streamlined User Access Management Business Role Governance
Feature Highlights
Harmonization is a key strategy of the GRC 10.0 release and Access Control 10.0 will undergo its own harmonization with each of its four capabilities Access Risk Analysis, User Access Management, Emergency Access Management, and Business Role Management GRC 10.0 has been reengineered onto an ABAP platform allowing for new benefits such as object level security, environment transportability, and data archiving This harmonization within the four components lowers total cost of ownership by eliminating redundancy in administration, configuration, setup, training, and increase the ease of supportability
Feature Highlights
Access Control 10.0 will also harmonize with applications across the GRC Suite Process Control, Risk Management, and Global Trade Services
The GRC Suite will share a single user interface and an integrated data model allowing for sharing of key data such as business processes and subprocesses, organizations, and controls Provides ease in administration by eliminating the need to recreate shared administrative and master data for each application
Feature Highlights
Harmonization in two ways -- within AC and across the entire GRC Suite AC-PC-RM harmonization both at the user interface and data layers Introduction of Organization Compliance Hierarchy allowing sharing of business processes and controls Ability to analyse risks in AC and mitigate with documented, tested, monitored and certified controls in PC
Feature Highlights
Feature Highlights
Feature Highlights
Feature Highlights
Unified Inbox
Feature Highlights
Access Controls user provisioning capability will standardize on SAPs Business Workflow engine providing support for dynamic, multi-stage approval routing based on information such as user, role, or system Provides customizable access request forms which allows customers to tailor end user forms dynamically based on user and system accessed ensuring only relevant data is requested of the end user Streamlined access requests and periodic reviews will enable approvers to make more informed decisions by presenting usage details and more information about what else the requestor is authorized to access
Feature Highlights
Access requests enhancements: New customizable access request forms New template based access requests New position-based role assignment requests New end-user display of profile, access assignments, and request history
Enhanced search for roles, groups, and system based on authorization New customizable approver views New multiple rule set support Enhanced periodic reviews for user access and access risks
Feature Highlights
Business Role Management bridges the gap between complex system authorizations and business functions and delivers simplified assignment of access, reduced compliance risk, and improved operational efficiency BRM will centralize compliant role administration with all roles being stored centrally within BRM and analysed for access violations Provides a new impact analysis simulation report utilizing what-if logic to allow customers determine if role authorization changes will introduce access risk to all users assigned the role, before implementing in production
Feature Highlights
New centralized business role management with embedded access risk analysis Enhanced process for mapping technical access authorizations to business functions New role design and flexible role building workflows, including preventative simulations New ability to analyse role usage for optimal assignment and to keep role definition up to date
Improved role comparison to detect backend changes provides role consistency, synchronization, and compliance
New process for periodic role certification
Feature Highlights
By unifying the configuration and administration of superusers into a centralized process, the customer will now be able to assign and define firefighter and supervisor relationships for all EAM systems from a single interface This reduces administration redundancies and greatly enhances visibility of all superuser assignment and supervison Benefit from improved log reporting of system events and a new workflow for ensuring that log reports have been analysed and processed by superviosrs
Feature Highlights
New options for group owners and controllers and improved provisioning
Firefighters centrally access their assignments
New ability for firefighters to update the activity log with unplanned firefighting tasks
Access specific log reports from transaction report New workflow driven firefighter log report New categorization of firefigther access signifies criticality and drives workflow logic
Feature Highlights
Feature Highlights
Customers that provision user access via Identity Management (IdM) will be able to embed compliance in this provisioning process through integration with Access Control IdM will be able to call risk analysis prior to user provisioning and then initiate remediation events in Access Control when access risks are found IdM customers will also be able to provision BRM roles, which will enable customers to eliminate access risks from both the user provisioning and role management process
Feature Highlights
New support for IdM to perform access risk analysis prior to submitting for remediation Enhanced communication services, including callback and look up, between IdM and AC Enhanced infrastructure to support standard SPML 1.0 protocol for all outbound communication from AC Enhanced support for audit tracking of requests and events
Training Institute
Questions?
Training Institute
Thank you.