Sunteți pe pagina 1din 14

SAP GRC- ACCESS CONTROL

Submitted by :

Manas Choudhary (12030241142 ) C Group Leader

9665372521

Shankar Kendre (12030241159) C 9960899626

Raghavendra Aarole (Roll No) - C 7709998886

Ishan Mishra (12030241073) - A 7276899981

Rahul Vardhan Dinesh (12030241210) D 9420290268

Batch 2012-14

Submitted by : • Manas Choudhary (12030241142 ) – C Group Leader – 9665372521 • Shankar

Agenda

Fragmentation

01

Integrated GRC

02

SAP Solutions for GRC

03

Segregation of Duties Violations

04

Risk Analysis and Remediation

05-06

Access Management

07

Compliant Provisioning

08-09

Benefits of SAP GRC

10-11

• Fragmentation 01 • Integrated GRC 02 • SAP Solutions for GRC 03 • Segregation of

Fragmentation

Managing with confidence is difficult in an increasingly complex world

ASX Human ROHS Segregation Credit Project Principle CLERP 9 SOX Capital of duties Risk Risk WEEE
ASX
Human
ROHS
Segregation
Credit
Project
Principle
CLERP 9
SOX
Capital
of duties
Risk
Risk
WEEE
7
Risk
Board of
Australia
Directors
Compliance
Governance
Governance
Finance
U.S.A
Governance
Risk Mgmt.
Legal
Risk
Japan
Mgmt.
Sales
Compliance
Risk Risk Mgmt. Mgmt.
Contracts
U.K.
Compliance
Compliance
Compliance
HR
Compliance
France
Risk Mgmt.
Controller
Risk Mgmt.
Governance
IT
China
Compliance
Policy Mgmt.
Germany
Governance
Risk Mgmt.
Audit &
Compliance
India
Treasury
Proj.
Doc.
Security
Mgmt.
Mgmt.
Contracts
Planning Customers
ERP
Production
Billing

Integrated GRC

Forward looking organizations are seeking a unified approach to GRC

Human ASX ROHS Segregation Credit Project CLERP 9 SOX Capital Principle Of Duties Risk Risk WEEE
Human
ASX
ROHS
Segregation
Credit
Project
CLERP 9
SOX
Capital
Principle
Of Duties
Risk
Risk
WEEE
Risk
7
Board of
Australia
Directors
Compliance
Governance
Governance
Finance
U.S. A.
Governance
Risk Mgmt.
Legal
Risk
Japan
Mgmt.
Sales
Compliance
Risk Risk Mgmt. Mgmt.
Contracts
U.K.
Compliance
Compliance
Compliance
HR
Compliance
France
Risk Mgmt.
Controller
Risk Mgmt.
Governance
IT
China
Compliance
Policy Mgmt.
Germany
Governance
Risk Mgmt.
Audit &
Compliance
India
Treasury
Proj.
Doc.
Security
Mgmt.
Mgmt.
Contracts
Planning Customers
ERP
Production
Billing

SAP Solutions for GRC

A unified solution for GRC management

Business Process

SAP Solutions for GRC A unified solution for GRC management Business Process Industry-Specific GRC Life Sciences
Industry-Specific GRC Life Sciences Chemicals Oil & Gas High Tech Banking Cross-Industry GRC Risk Risk Management
Industry-Specific GRC
Life Sciences
Chemicals
Oil & Gas
High Tech
Banking
Cross-Industry GRC
Risk
Risk Management
Management
Access
Compliance
Process
Global
Environment
Control
Control
Trade
& Controls
GRC Repository
Business Process Platform
Business
Applications
  • Transparency to balanced global risk profile

  • Standardization on common GRC content and rules

  • Automates and embeds GRC into business processes

Segregation of Duties Violations

Minimal Continuous Time To Compliance Access Management Effective Management Oversight and Audit (Get Clean) (Stay Clean)
Minimal
Continuous
Time To Compliance
Access Management
Effective
Management Oversight
and Audit
(Get Clean)
(Stay Clean)
(Stay in Control)
Risk Identification
Enterprise Role
Compliant User
Superuser Privilege
Periodic Access
and Remediation
Management
Provisioning
Management
Review and Audit
Rapid, cost-effective
Enforce SoD
Prevent SoD
Close #1 audit issue
Focus on remaining
and comprehensive
compliance at
violations at
with temporary
challenges during
initial clean-up
run time
design time
emergency access
recurring audits
Risk analysis, remediation and prevention services
Cross-enterprise library of best practice segregation of duties rules

Risk Analysis and Remediation

Risk Analysis and Remediation Access Risks Services Risk Identification Elimination Reporting Prevention Real-time SoD Risk Analysis

Access Risks Services

Risk Identification

Elimination

Reporting

Prevention

Real-time SoD Risk Analysis

Critical Transaction Monitoring

Cross-Application Integration

Remediation Management

Mitigation Management

Alerts Framework

Reporting
Reporting

Real-time Simulation

Mandatory Prevention

Risk Analysis and Remediation Access Risks Services Risk Identification Elimination Reporting Prevention Real-time SoD Risk Analysis
Access Risks Library Cross-Enterprise Rules Database Cross-Enterprise Rules Architect Rules
Access Risks Library
Cross-Enterprise Rules Database
Cross-Enterprise Rules Architect
Rules

Common services across all SAP GRC Access Control capabilities

Prevention Services Delivers 24/7, real-time compliance by stopping security and controls violations before they occur

“SAP GRC Access Control, with its

comprehensive preconfigured rule

set, reflected deep expertise within SAP that would have taken us a

very long time to replicate.”

Synopsys Inc.

Risk Analysis and Remediation Contd.

Risk Analysis and Remediation Contd . Getting clean Initial Risk Analysis and Remediation Risk Identification Risk
Getting clean Initial Risk Analysis and Remediation Risk Identification Risk Elimination End-to-End Automation Reporting Prevention
Getting clean
Initial Risk Analysis and Remediation
Risk
Identification
Risk Elimination
End-to-End
Automation
Reporting
Prevention

Facilitates collaboration between Business and IT to clean up access risks

“The clean-up process has brought a tremendous

degree of discipline to the

way we think about and manage user access and

authorizations.”

Synopsys Inc.

Access Management

The only compliance-focused emergency access solution

Key Functionality ID Administration Date Restrictions Log-in Restrictions Single User per ID Specific Authorization Access Alert
Key Functionality
ID Administration
Date Restrictions
Log-in Restrictions
Single User per ID
Specific Authorization Access
Alert Framework
Reporting
Audit Logs
Reporting
Notification
Security

Compliant Superuser Access

New Session New Session Access New Session New Session Superuser Privileged Firecall ID Firecall ID Firecall
New Session
New Session
Access
New Session
New Session
Superuser
Privileged
Firecall ID
Firecall ID
Firecall ID
Firecall ID
.
.
.

SD

  • MM FICO

Compliant Superuser Access New Session New Session Access New Session New Session Superuser Privileged Firecall ID

Log

Log

Log

Log

Pre-assigned firecall IDs Access restrictions Validity dates Field-level changes tracked in audit log

Compliant Provisioning

Current Approach—Inefficient, Not Compliant Access email Request Manager Approval email Role Owner spreadsheets, paper forms spreadsheets,
Current Approach—Inefficient, Not Compliant
Access
email
Request
Manager
Approval
email
Role
Owner
spreadsheets,
paper forms
spreadsheets,
IT Security
paper forms
Manual
Provisioning

Enables Compliant End-to-End Provisioning

“hire to retire”

Compliant Provisioning contd ..

Compliant Provisioning with Dynamic Workflow Request 100% Automated HR Event Generated Employee Hired/Retired Path Workflow—based on
Compliant Provisioning with Dynamic Workflow
Request
100% Automated
HR Event
Generated
Employee
Hired/Retired
Path Workflow—based
on request type and
user attributes
Mgr
Approval
Via e-mail
Escalation
Workflow
Risk
1 “Click” Preventive
Analysis
Simulation
Exception
Workflow
Automated
Provisioning
100% Automated

Embed cross-enterprise preventive compliance into business process

Reduce cost of user administration

Improve productivity of end users

Auditable tracking for

auditors

Benefits of SAP GRC

Key Solution Capabilities and Benefits

Identifies and prevents access and authorization risks in cross-enterprise IT systems to prevent fraud and reduce the cost of continuous compliance and control

Provides end-to-end automation for detecting, remediating, mitigating, and preventing access and authorisation risk across the enterprise

Allows for true cross-enterprise SoD risk mitigation by integrating into SAP and non- SAP systems

Common Customer Challenges Addressed

Need to comply with SOX regulations for section 404, or similar regulations

Weak support for the audit process to ensure the right measures are in place to prevent fraud

Manual or people-intensive compliance processes involving emails, spreadsheets

and/or paper Costly, manual remediation Uncontrolled role management Excessive super-user access

Inefficient and un-auditable user provisioning

Reactive vs. preventative

Benefits of SAP GRC • Key Solution Capabilities and Benefits – Identifies and prevents access and
• Establish approach and process to manage risk rules • Gain alerts on potential violations •

Establish approach and process to manage risk rules

Gain alerts on potential violations

Identify business functions which produces risks when executed by same individual

Focus on prevention vs. “a point in time” detection

Simplify compliant enterprise level role administration

Enforce compliant security for Privileged Access

Increase visibility through timely notification

Deliver audit ready, detailed reporting

Lower risk and save money through proactive compliance

13

Thank You