Close
X

Exercitation ullamco laboris nis aliquip sed conseqrure dolorn repreh deris ptate velit ecepteur duis.

Get in touch

    Access Risk Pilot Project

    Client Profile

    Location: Singapore

    Industry: Technology and engineering

    The client is a publicly-listed company comprising of various divisions operating in different sectors within the technology and engineering industry.

    • The client operates worldwide, with their headquarters located in Singapore.
    • SAP R/3 and ECC has been used for the past 20 years, with its maintenance handled independently by each division.
    • The client maintained no corporate rules to manage segregation of duties (SoD) and critical access risks in the divisional SAP systems and lacked visibility of actual access risk compliance.
    • The client also did not have a procedure for managing corporate access risks and were considering the use of a tool to assist with this.
    • The project was carried out for two divisions which have approximately 7,000 and 5,800 SAP users respectively.

    Project Objectives

    • To present the client with a current view on their actual access risk compliance on two divisions.
    • To build access risk framework and rulebook (containing SoD and critical access risks) for the purpose of cross-division monitoring of SAP user access rights.
    • To evaluate the use of MARC software to manage access risk compliance across multiple SAP systems.
    • To use this exercise as a pilot project with the aim of establishing a practice for managing access risks across the group.

    Challenges and Opportunities

    • Each division had their own processes and user access practices.
    • There was a strong drive towards achieving synergy in management of access controls.
    • Before the project, access was reviewed manually at a high-level, based on user authorisation data downloaded from SAP.
    • The client intended to optimise the user access review process through the pilot use of the external software product MARC.

    Why XS Control

    • Solid knowledge and experience in SAP authorisations and segregation of duties.
    • Strong understanding of business processes and technical SAP authorisation concept; hence the ability to marry the two aspects.
    • Use of state-of-the-art expert software (MARC) to deliver in-depth reports in client-preferred formats.

    Project Highlights

    • Pilot installation of MARC software along with XS Control’s standard rulebook to perform SoD and critical access assessment.
    • Focus on very high and high standard risks, covering more than 80% of findings detected.

    Project Benefits

    • Visibility of actual compliance of SoD and critical access risks, along with specific next-step recommendations.
    • Efficient assessment process through the use of MARC.
    • Practical reporting formats, structured and prioritised as per the client’s needs.

    Related Services

    Access Framework

    Through close collaboration with you, we identify access risks in your SAP processes and design the controls for them.

    Find out more

    User Access Analytics

    We analyse how well your SAP access complies with segregation of duties and critical access requirements, then present you with reporting in a format that works for you

    Find out more

    GRC Tool Implementation

    Whether you choose SAP GRC or MARC, we help you identify the most suitable software for your organisation and help you implement it

    Find out more

    We would like to hear from you

    Send us a message and we will get in touch with you!