Quarterly Update | Edition 02 | February 2021
Access control in the new normal
The year 2020 will undoubtedly go down in history as the year of the COVID-19 pandemic. The fear of this virus has engulfed the world in a fire of drastic changes. Movement restrictions have disrupted businesses in some industries up to the extent of an existential crisis. Other businesses managed to continue operations in a hugely revised format and some even found themselves benefiting from the new situation. Governments across the world have done their best to convince – if not force – citizens and businesses into a ‘new normal’ of safe distancing, wearing face masks and working from home as a standard.
With 2020 and the Year of the Rat left behind, we are not yet quite done with COVID-19 and its aftermath. It is yet to be seen how much of the ‘new normal’ is really going to stay as it is today, but we expect ‘working from home’ to definitely be among the elements to remain.
So how does this impact the view on business risks and controls, notably related to system access rights? Business owners who are in the middle of a battle for survival, likely care less about system access controls now. There are other, higher priorities at the moment!
For all other businesses, however, the new situation is one of increased reliance on digital communication, system transactions and system validations and controls. That certainly asks for a re-assessment of the balance between system controls and manual controls. Most probably this re-assessment results in a drive for increased emphasis on system controls.
Example: Up until now, the segregation of duties risk due to conflicting access rights could be accepted and mitigated with manual mitigation controls. Those controls will be less effective when face-to-face human communication is reduced. A more robust access control architecture with spot-on monitoring of access breaches will be more effective.
With our knowledge and cloud-based tools, we as XS Control were already well placed to assist businesses in evaluating their SAP system controls environment with minimal on-site presence. And in the new normal, we will be able to leverage this even more.
We invite you to our enhanced website, which contains more of our views and expertise, including a quiz for a self-assessment of your SAP access management. With our quarterly newsletters, we strive to keep you informed about actual topics and interesting cases that we encounter in our practice.
We wish you a Happy New Year of the Ox and we look forward to joining you in your journey of staying in control in the new normal!
Marcel Huijskens
Managing Director of XS Control Asia
The basics of SAP access
Are you a non-technical person who would like a high-level overview of how users access SAP? Click here to find out more.
The SAP authorisation concept
With this blog, we aim to demystify the world of SAP authorisations for our non-technical readers. We hope you’ll give it a go and, hopefully, find that it’s not as daunting as it seems.
Setting up purchase order approval workflows in S/4HANA
An SAP Functional Consultant tells us about his experience setting up BRF+ to support the workflows. Click here to read the interview.
The principles of role building
We tell you the big DOs when designing and building roles for your end users. This blog post gives you pointers to consider and apply in your unique situation.
Step-by-step role building in SAP
See how roles are built in SAP, complete with helpful screenshots. Click here to read the blog post.
The enabler role concept
Explore this concept to understand how it works and why some consultants prefer it to the standard SAP way of working. Read more here.
What to expect in our next newsletter
Don’t miss it.
We will be answering frequently-asked questions on using SAP GRC for access risk management and access provisioning. Sign up to be notified here.