Continuous Controls Manager

Soterion’s Continuous Controls Manager enables organisations to identify risks where an SAP user has not only performed the conflicting functions but has done so for the same document. This ability to continuously monitor materialised risk violations enables the organisation to move from manual controls to an automated and alert-based approach.

By extensively scrutinising the SAP transactional data, continuous control monitoring enables organisations to monitor access risks that materialise, ensuring a more effective access risk management capability.

CCM_Module-Video-Thumbnail
Background - Key Benefits

Key Benefits

Identify and highlight segregation of duty risks that have materialised

Continuous control monitoring of access risks

Enhanced access risk management capability

Implement a control orientated GRC framework

Traditional Access Risk Reporting

Traditional SAP access risk reporting highlights Potential Risks, in other words, the access risks based on the roles assigned to the SAP users.

Access risk reporting has evolved over the years, moving from Potential Risks to identifying and highlighting risks based on the actual use by an SAP user of the conflicting actions or functions.

Continuous Controls Reporting

Soterion’s Continuous Controls Manager enables organisations to identify risks where an SAP user has not only performed the conflicting functions but has done so for the same document. This ability to continuously monitor materialised risk violations enables the organisation to move from manual controls to an automated and alert-based approach.

To provide more focussed reporting, Soterion’s Continuous Controls Manager allows the organisation to configure the control for relevant fields and data, such as selecting only the Purchasing Document Types that are associated with Standard Purchase Orders, such as Document Type ‘NB’. This will then exclude all non-relevant Purchase Orders such as Internal Stock Transfers.

Each occurrence of a materialised risk is flagged as a Case in Soterion and sent via workflow to a Risk Owner. Each Case will then be reviewed, and the Case Status will be updated. Further documentation can be linked to the Case for Audit purposes, such as a Follow-up Dates, Comments or attaching associated files.

By extensively scrutinising the SAP transactional data, Soterion enables organisations to continuously monitor those access risks that have materialised, ensuring a more effective access risk management capability.

Background - Contact

Experience a better way of managing your GRC today

Speak to one of our GRC consultants to explore how we can help solve your GRC objectives

Terms of Use

How will we use the information about you? Here at Soterion we take your privacy seriously and will use your personal details submitted to email you the requested information. If you opt in to stay informed we will contact you from time to time with Soterion related content. You can unsubscribe at any time. Read our full privacy policy here.