Continuous Controls Manager
Continuous Controls Manager
Soterion’s Continuous Controls Manager enables organisations to identify risks where an SAP user has not only performed the conflicting functions but has done so for the same document. This ability to continuously monitor materialised risk violations enables the organisation to move from manual controls to an automated and alert-based approach.
By extensively scrutinising the SAP transactional data, continuous control monitoring enables organisations to monitor access risks that materialise, ensuring a more effective access risk management capability.
Key Benefits
Traditional Access Risk Reporting
Traditional SAP access risk reporting highlights Potential Risks, in other words, the access risks based on the roles assigned to the SAP users.
Access risk reporting has evolved over the years, moving from Potential Risks to identifying and highlighting risks based on the actual use by an SAP user of the conflicting actions or functions.
Continuous Controls Reporting
Soterion’s Continuous Controls Manager enables organisations to identify risks where an SAP user has not only performed the conflicting functions but has done so for the same document. This ability to continuously monitor materialised risk violations enables the organisation to move from manual controls to an automated and alert-based approach.
To provide more focussed reporting, Soterion’s Continuous Controls Manager allows the organisation to configure the control for relevant fields and data, such as selecting only the Purchasing Document Types that are associated with Standard Purchase Orders, such as Document Type ‘NB’. This will then exclude all non-relevant Purchase Orders such as Internal Stock Transfers.
Each occurrence of a materialised risk is flagged as a Case in Soterion and sent via workflow to a Risk Owner. Each Case will then be reviewed, and the Case Status will be updated. Further documentation can be linked to the Case for Audit purposes, such as a Follow-up Dates, Comments or attaching associated files.
By extensively scrutinising the SAP transactional data, Soterion enables organisations to continuously monitor those access risks that have materialised, ensuring a more effective access risk management capability.