Embed Size (px)
DESCRIPTION
XDFD
Citation preview
Maximising the real value of SAP GRC
ACCESS contro
l
ACCESS contro
lRouteONE SAP GRC Access Control
Contents
Business context:
Governance, risk and compliance
Implementation:
A challenge in itself
Integrc:
Innovative thinking for an advanced approach
RouteONE:
The faster, better, more affordable option
RouteONE:
For Access Control
Access Control:
RouteONE Toolkit
INTERNAL AUDIT
THE BOARD
Governance, risk and compliance (GRC)
Effective management of risk is not only a
regulatory requirement, but is increasingly
seen as a crucial element in enhancing
performance and driving competitive
advantage – however it can appear a complex
and demanding challenge. During a recent
survey of companies that run SAP as their core
ERP system, 75% of respondents expressed
a desire to improve their management of
governance, risk and compliance (GRC) across
their business.i
As audits become more stringent and demands for
compliance grow, organisations that take security and
compliance seriously know that they must put in place
integrated systems to manage GRC. Often this means
transitioning from manual risk management processes
and spreadsheets to an automated solution, and for
many SAP users the implementation of SAP’s GRC suite
starts with the Access Control module.
A challenge in itself Once your organisation has decided to move forward
with SAP Access Control, the next challenge is the
implementation process. Different businesses have
different requirements, and with multiple stakeholders
bringing their demands to the table, traditional
implementations can become time-consuming,
disruptive to operations and expensive to run. There are
various rapid deployment options available to expedite
the transition, but using a template-style process will
usually only deliver a standard, ‘vanilla’ solution that falls
short in meeting your specific requirements. Such an
approach often results in a system that isn’t accepted by
the end users it was chosen for in the first place.
ACCESS control
ACCESS control
i Annual GRC Performance Survey 2013, Integrc, September 2013.
SAP GRC Access Control
As well as replacing manual GRC processes,
Access Control offers real-time visibility
into your risk position, minimises
unauthorised access and fraud, and reduces the overall
cost of compliance.
Key features
Automatically detect and remediate access risk
violations across SAP and non-SAP systems
Embed compliance checks and mandatory risk
mitigation into business processes
Empower users with self-service, workflow-
driven access requests and approvals
Automate reviews of user access, role
authorisations, risk violations and control
assignments
Better manage superuser access controls
with a centralised, closed-loop process
Create a comprehensive audit trail of user
and role management activities
INTERNAL AUDIT
THE BOARDAccess Control
3rd floor
ROUTEONE SAP GRC ACCESS CONTROL
Innovative thinking for an advanced approach
Integrc is a specialist GRC consultancy. We work
globally with organisations that run SAP to help them
turn their GRC strategy into reality. Our 80 highly
experienced GRC experts are continually striving to
find new ways to make life easier for our clients and
to raise the quality standards of GRC delivery.
We also invest heavily in our award-winning
Innovation Team who are focused on breaking the
boundaries of conventional thinking for the industry.
To address the difficulties often associated with
deploying GRC, we challenged the Innovation Team
to completely rethink the process from end-to-end,
with the ultimate aim of developing a completely new
approach. Not satisfied with minor improvements
and tweaks, we channelled all the knowledge and
experience of our experts, along with the lessons learnt
from over 300 successful projects, into finding the
optimum way of implementing SAP GRC. And once it
had been developed, trialled, tested under laboratory
conditions and applied across a range of scenarios,
we then searched for a transformational method of
achieving the same outcome, but in half the time.
The result is RouteONE.
Before Now
Impact of RouteONE for SAP GRC Access Controls
bespoke implementation
Go-live & Support
Realisation & Test
Blueprint
Project Prep
Tim
e F
ram
e
The faster, better, more affordable option
Offering a much faster route to the tailored solution
you’re looking for, RouteONE from Integrc combines
a robust yet streamlined methodology with advanced
automated tools and an extensive library of prebuilt,
best practice content. RouteONE enables us to
automate many deployment tasks and therefore focus
more time on real value-added activities. This includes
a continual emphasis on benefits realisation and on
ensuring your business users embrace the new
system. Built into the RouteONE approach is our
Engaging Risk methodology and portfolio of fresh,
elegant technologies such as mobile apps and
dashboards. Engaging Risk creates a more engaging
user experience, which leads to greater adoption and
therefore better outcomes.
Available for a range of SAP GRC solutions, not just
Access Controls, RouteONE removes many of the
obstacles to a smooth GRC implementation project.
Instead of manually configuring the solution for your
company, or forcing your organisation to fit a standard
template, RouteONE maps out a strategy based on
proven implementation projects, then customises
it specifically for you. RouteONE can even show
you a draft version of your system, using available
content and defaults, within 24 hours of project
commencement to give you the unique benefit of
hindsight – in advance. The detailed design blueprint
approach of RouteONE also enables the automation
of several elements of the process, saving time and
money, and improving accuracy for a better overall
outcome.
A genuine breakthrough in deployment, RouteONE
is now the foundation for all our projects, equipping
our skilled and experienced consultants with the most
advanced toolkit in the industry – enabling them to
deliver better results on every project.
ROUTEONE SAP GRC ACCESS CONTROL
Integrc’s experience has been channelled into
successful GRC projects
300Over
highly- experienced GRC practitioners
80of GRC best practice
In-depth knowledge
Ensure your solu�on is built and configured to your requirements in the shortest �me possible.
Equally effec�ve at configuring complex customised solu�ons as standard op�ons.
Enable rapid deployment with correct results first �me.
QuickBuilder Engine
Tools, U�li�es and Accelerators
U�lises knowledge from past projects, combined with the latest thinking, to provide comprehensive content.
Excellent prebuilt material enables you to get more complete outcomes more quickly.
Con�nuously improving as Integrc encounters further concepts, experiences and best prac�ce.
Minimise the manual tasks involved in deployment, such as data entry and tes�ng, to save �me and increase accuracy.
Reduce the required tes�ng and valida�on �mes as a result.
Analyse current situa�ons to ensure op�mum change projects are scoped correctly.
GRC Content
‘IMPLEMENT AND OPERATE’ TOOLKIT
in running GRC operations and
support
Experience man-years of
experience
500
ROUTEONE SAP GRC ACCESS CONTROL
The RouteONE methodology enables you
to successfully deploy SAP GRC Access
Control in a much-reduced timeframe,
while also saving costs and improving the end result.
Faster:
• Rapid yet reliable methodology to reach go-live
quicker - usually half the time it would take a
more traditional approach
More affordable:
• Savings typically as high as 50% of the total
cost of deployment
• Fixed scope and fixed price agreed upfront to
remove the risk of running over budget
Key benefits
Better:
• A tailored solution that does not compromise
on specific business requirements and is
focused on realising benefits
• Engaging risk expertise, training and
consumer-like interfaces to help ensure
end-user adoption and innovation
• Greater accuracy through automated
data entry
• A guaranteed go-live date
For Access Control ACCESS control
ACCESS control
ROUTEONE SAP GRC ACCESS CONTROL
RouteONE Toolkit
QuickBuilder Engine
GRC Content Tools, Utilities and Accelerators
SAP GRC
Access
Control
• RouteOne for
Access Control
• Integrated SAP+ SoD Rule Set • Mitigating Control Library • Test Scripts • Dashboards
• Mitigating Control and Firefighter
• Master Data Uploader • Transaction Data Uploader
The RouteONE methodology is available to
implement SAP Access Control, SAP Process Control,
SAP Risk Management and Security for SAP.
ROUTEONE SAP GRC ACCESS CONTROL
Why Integrc?
For companies running SAP who take security and GRC
seriously, Integrc is the GRC specialist with the experience
and innovation to turn strategy into reality.
Integrc provides GRC services, from small enhancements
to large and complex roll-outs, for organisations running
SAP. We specialise in the full lifecycle of GRC consultancy
and support services. This includes audit, strategy and
planning, implementation, operational control and fully
managed services.
We do all this for many of the world’s leading
organisations. We can do the same for you.
Visit our website www.integrc.com
Integrc, operating globally from bases in the UK, Netherlands,
MENA and India
