Every authorizations concept, no matter how good, can be polluted over time. Without adequate change processes and regular monitoring procedures, the risk of pollution is very real. The complexity of SAP authorizations, with different authorization mechanisms depending on the system in your landscape, turns having adequate monitoring applications, controlled change procedures and automated approval flows into a necessity. Expertum can assist you in establishing a clear monitoring and control roadmap.
Over the years, Expertum has gained considerable expertise in translating these control and automation requirements into SAP Access Control implementations. Activating the risk analysis module, supported by an extensive Expertum ruleset, is usually the starting point. Implementing and automating the so-called firefighter accesses (actually we prefer the term extended accesses over emergency accesses) are regular alternatives to start your road towards GRC maturity.
Automating the approval processes for assigning authorizations to users, including embedded and preventive risk analyses and automated provisioning is where the real efficiency gain and control effectiveness starts kicking in. Linking these processes with HR-data (HRM, SuccessFactors) and having them triggered by hiring, change position and termination processes in HR further professionalises your authorizations processes.
Automating the approval processes for your roles and authorizations changes will get you yet another step further. All role changes need to be controlled in order to avoid unwanted access to creep in through all sorts of change requests. Adequate role and ruleset ownership are a must to achieve this.
Finally, your periodic review procedures need to be performed, as well. These usually very labour intensive processes can be largely automated as well, saving you a lot of time and avoiding human error in taking away accesses. User access reviews, SOD risk reviews and mitigating control reviews are all possible automations where we can assist you