Access Risk Manager

The Access Risk Manager provides customers with the ability to identify their SAP access risk exposure using a user-friendly web application. Additional functionality includes risk remediation recommendations and the “What-if” Allocation Simulator. The Simulator will allow you to pre-empt risk bearing access prior to applying the change request in SAP, thus ensuring a pro-active approach to SAP access risk management. The Access Risk Manager includes core access risk control features to manage SAP access risk. These include identification (Identify Risk), risk remediation (Get Clean), user access change management (Stay Clean Simulations), and risk mitigation (Stay in Control).

Key Benefits

Website Assets for Braam_1 Oct-12

Enhanced business accountability of
access risk

Website Assets for Braam_1 Oct-13

Reduce access
risk exposure

Website Assets for Braam_1 Oct-14

Efficiently support the
SAP authorisation
environment

Website Assets for Braam_1 Oct-15

Improve compliance
and reduce audit effort

SAP Access Risk Analysis — Incorporating Transactional Usage

Soterion for SAP analyses users’ authorisations and incorporates the user’s historical transactional usage data to differentiate between the potential and the actual access risks. This allows business to focus on the real access risk in the SAP environment.

Business-friendly SAP Access Risk Reporting

Soterion for SAP allows data to be viewed from every angle using drag and drop functionality for grouping and filtering. Graphical overviews show the organisation’s access risk landscape, including high-risk areas, in relation to risk tolerance and appetite levels. Reporting on SAP access risks at department level enables business users to take ownership, and become accountable for access risk in their area of responsibility.

Business-Process Flows Reporting

Business process flow diagrams provide more context to the access risk, converting the technical GRC language into a business-friendly language to ensure better decision-making.

Resolution-driven Gap Analysis Reporting

Soterion performs a gap analysis between potential and actual SAP access risk in the authorisation solution, highlighting superfluous risk-bearing access. Removing this unused or inappropriate SAP user access significantly reduces the potential for fraud. Superfluous user access can then be remediated without business interruption and allows business to focus on the real access risk. Unused user access typically contributes to 80% of the access risks in an SAP environment.

SAP Access Risk Clean-up Projection

The risk clean-up projection estimates how much your SAP Authorisation solution can be cleaned up using Soterion for SAP’s methodology. The clean-up actions focus on the removal of unused access that contributes to risk, ensuring significant risk remediation with minimal impact on business.

Risk Clean-up Wizards

The Risk Clean-up Wizards provide clear, step-by-step suggestions on how to reduce access risk. Suggestions include the removal of superfluous allocations, as well as the splitting of roles based on role usage analytics.

User Risk Overview

The risk clean-up project reduces the potential for fraud through the removal of all unused risk-bearing access. This also significantly reduces the effort required by business users to carry out user access reviews. Soterion provides graphical tracking of clean-up progress.

Allocation Simulations and “What-If” Analysis

Soterion’s allocation simulator identifies whether SAP access change requests will introduce new access risk violations. Business users can review the impact and approve these changes using Soterion’s powerful workflow engine, ensuring only approved changes are applied in SAP. This entrenches business buy-in for new risk, and enhances the SAP user change management process through detailed audit logging.

Comprehensive Rule Set that is Fully Customisable to your needs

Soterion for SAP comes with an class-leading “out-the-box” access risk rule set based on best practice for all industries. The rule set covers segregation of duties (SOD), critical transactions and data privacy risks. The rule set is easily customisable to cater for an organisation’s specific needs.

Mitigating Controls

For access risk that are unavoidable, appropriate mitigating controls can be defined in Soterion for SAP. Business can graphically track the mitigation status of identified risks.

Control Execution

Soterion for SAP facilitates control compliance activities by prompting controllers to perform the controls within the prescribed frequency period.

What Our Clients Say

“I have not seen anything like it, and breathes fresh air into the automated/continuous control segment of the #GRC market. Great process diagrams in an access risk context. Very relevant reporting for #privacy like #GDPR and #CCPA access in SAP environments. Very impressive. 5 stars.”
Michael Rasmussen
“We are still in the early stages of the rule set customisation project having only covered Order to Cash and Procure to Pay, but we have already realised numerous benefits and there is no doubt that this is going to be an immensely valuable exercise. Soterion’s SAP Risk consultants are a cut above anything we have seen both locally or internationally.”
Craig Rankin
“Our primary object was to find an SAP access risk tool that matched our GRC capability, but that also allowed room for growth as our GRC maturity improves. Soterion not only ticked all these boxes, but their GRC Maturity Model will ensure our GRC Maturity is fast tracked.”
Hennie Steenberg
“The GRC process is a journey… Identify a partner such as Soterion, who understands your business requirements and can walk the journey with you.”
Jacolien Slabbert
“Soterion’s unique functionality of dynamic authorization management provided us with a new level of visibility into our SAP authorization solution. In addition, the simplicity and practicality of the software has allowed for a rapid reduction in segregation of duty risks, with minimal business interruption.”
Cuan Kloppers
“We needed to be able to view our SAP access risk exposure on a regular basis, but could not justify an on-premise solution. Soterion’s SaaS option allows us to acquire insights as frequently as we need them with minimal initial setup, on a payment basis that is under our control and just makes so much sense.”
Richard van Huyssteen
“We needed to be able to view our SAP access risk exposure on a regular basis, but could not justify an on-premise solution. Soterion’s SaaS option allows us to acquire insights as frequently as we need them with minimal initial setup, on a payment basis that is under our control and just makes so much sense.”
James Mason
“Where the SAP authorization outsourcing model is simply order taking, GRC as a managed service involves proactive risk management by the service provider. A much more value-add service.”
David Johnson
“Soterion consulting was an absolute pleasure to work with. They not only have incredible knowledge in the SAP authorization and SAP GRC space, but their professionalism shone through throughout the project.”
Peter Atkinson

Experience a better way of managing your GRC today

Speak to one of our GRC consultants to explore how we can help solve your GRC objectives

Terms of Use

How will we use the information about you? Here at Soterion we take your privacy seriously and will use your personal details submitted to email you the requested information. If you opt in to stay informed we will contact you from time to time with Soterion related content. You can unsubscribe at any time. Read our full privacy policy here.