SAP GRC Managed-Service implemented at Cashbuild

October 10, 2019 By Dudley Cartwright

Many companies who outsource their SAP security and authorisations are faced with the challenge of accountability. The question that needs to be addressed is: Who bears the responsibility for access-related changes that introduce risk?

Without an SAP access risk tool, the company as well as the outsource partner are flying blind when dealing with access risks. The company mistakenly assumes the outsource partner will flag potential access risks before implementing changes in SAP.

This led Cashbuild, South Africa’s largest retailer of building materials and associated products, to look for more than just an outsourced solution. They felt they needed the benefits of an on-premise access risk solution as well as access to Governance, Risk and Compliance (GRC) expertise in a cost-effective manner that was relative to their size and risk exposure. They found the right fit by upgrading their SAP authorisation outsource model to a GRC managed service model.

By implementing Soterion’s GRC Managed Service module, Cashbuild are now able to see the risk impact of each SAP access change request performed by the service provider prior to it being applied in SAP. This enhanced visibility provides reassurance to Cashbuild and the service provider that access risk is being managed effectively.

“Where the SAP authorisation outsourcing model is simply order taking, GRC as a managed service involves proactive risk management by the service provider. A much more value-add service,” says David Johnstone, Senior Manager – Financial Services.

Cashbuild Case Study

Companies are transitioning to a GRC managed service model for similar reasons:

Although on-premise GRC tools are prohibitively expensive, business nevertheless require some tool to allow visibility into their SAP access risk exposure.
Limited in-house GRC expertise, as well as challenges in retaining GRC specialists.
GRC is complex and needs to be pro-actively managed with clear accountability.
The need to limit exposure to fraud and address audit concerns in a way that is financially size-sensible.

For Cashbuild, this all came together in a GRC managed service relationship with Soterion allowing them to focus on their business, knowing that their SAP security is comprehensively taken care of.

To read the full case study, click here

For more information please email us at [email protected]

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

SAP GRC Managed-Service implemented at Cashbuild

You may find this interesting

Type [To] Search

SAP GRC Managed-Service implemented at Cashbuild

You may find this interesting

Why Organisational Level Controls are Important for Effective Access Risk Management.

Mastering SAP Conference – 22 to 23 May 2024

SAP Security & GRC Podcast (E17) – Security Risks and Opportunities of S/4HANA Transformations

Type [To] Search