Who is Soterion?
Developed from the ground up, our plug-and-play Access Risk solution is easy to learn, S/4HANA ready and boasts an award-winning user experience. We provide immediate integration into SAP allowing you to keep up with the market while effectively managing risk.
EST YEARS AGO
Our Holistic GRC Offering
We assist our customers to achieve SAP security utopia through a combination of business-centric GRC software and expert SAP security consulting.
BUSINESS-CENTRIC GRC SOFTWARE
EXPERT SAP SECURITY CONSULTANTS
Our Approach to GRC
The threat of economic crime is a very real concern for all organisations, regardless of their size, sector or region. SAP security and Governance Risk and Compliance activities are technical and complex components of SAP, resulting often in a lack of business buy-in and accountability from management and the organisation’s business users, which diminishes the company’s GRC capability.
Access risk is business risk. At Soterion we believe that effective GRC is measured by how well the business users can carry out their access risk management activities. Soterion’s Effective GRC Pyramid illustrates the inter-relationship between the various components of SAP security and GRC. Deficiencies in any layer can negatively impact the organisation’s ability to manage their access risk.
Policies and Procedures
Well defined and documented Policies and Procedures form the foundation of SAP security and GRC. Without detailed Policies and Procedures, access risk management activities are performed with minimal understanding and intent which diminishes the organisation’s GRC capability.
The SAP role design is a crucial component of ensuring effective GRC. An inappropriate role design will result in added complexity to many of the access risk management activities, frustrating business users in their compliance tasks and hindering business buy-in and accountability.
The GRC solution needs to be user-friendly for the security administrators to ensure that the SAP Security / Authorisation solution provides appropriate access. It also needs to be business- friendly (i.e. convert the technical GRC language into the language the business users can understand) to enhance business buy-in and accountability.
It is crucial that the organisation’s rule set contains risks that are relevant and appropriate to the organisation. Deficiencies in the rule set will result in the organisation not monitoring relevant or critical risks which could lead to fraud.
Access Risk is business risk, yet in many cases this responsibility resides with the IT teams. Organisations need to implement the correct solutions and processes to obtain the appropriate level of business ownership and accountability of access risk for better decision making and effective access risk management.
Dudley Alan Cartwright
Chief Executive Officer
Johan Adriaan van Noordwyk
Business Unit Director
Software Development Manager
Receive news of events, webinars and SAP security and GRC related insights delivered to your inbox.