GRC 20/20
GRC2020 Report

This article contains highlights from the GRC 20/20 report.

If you would like to read the full report, click here to download.

Access control in the face of constant change


Change is the single greatest governance, risk management and compliance (GRC) challenge today. Organizations are in a continuous state of change with new employees being hired, changing of roles, whilst others leave or are terminated.

Organizations often fail to monitor and manage access controls efficiently and effectively in an environment that demands agility. Access control management is too often a periodic exercise that provides incomplete visibility into the organization’s people, processes and business systems.

Keeping up with controls in a changing workforce environment with access to ERP systems as regulations, risks, applications, priorities and business processes change is challenging. There is a need to automate access controls to bring real-time insight into what individuals are actually doing in ERP environments to mitigate user access and process risks.

Manual processes and document-centric approaches to SoD (Segregation of Duties), inherited rights and critical/superuser access is time-consuming, prone to mistakes and errors and leave the business exposed. Organizations often miss things, as there is no structure of accountability with audit trails. This approach is not scalable and becomes unmanageable over time. It leads to a false sense of control due to reliance on inaccurate and misleading results from errors produced by manual access control processes.

Technology for access control management, automation, and continuous monitoring now enable organizations to achieve a real-time, integrated view of enterprise access controls and risks. This not only enables an enterprise perspective of access risk, but also allows the organization to increase efficiency, effectiveness and agility in access control management and automation.

Organizations are establishing an access control and SoD strategy with process and technology to build and maintain an access control program. This approach balances business agility, control and security to mitigate risk, therefore reducing loss/exposure, satisfying auditors and regulators – whilst enabling users to perform their jobs. When evaluating solutions for SoD and access controls the organization needs solutions that are intuitive and easy to use.

Recognizing Soterion’s contribution to SAP access risk management


Soterion was established in 2011 with a defined focus in SAP Access Security and Risk. They have worked with organizations across multiple industries, geographies, and sizes with a highly agile and intuitive solution that fits a range of cultures and approaches.

Soterion delivers an intuitive, easy to use, robust, and future-ready SAP access risk management platform that simplifies and strengthens regulatory compliance and risk management in line with industry standards and best practices, while focusing on the end user’s ease of use and GRC administrator’s ease of change.

Some of the key differentiators that GRC 20/20 has noted in the Soterion solution is its ability to do business process modelling to define access rights in the context of business process flows and diagramming, understanding access risk in a business user context, and detailed privacy access risk functionality to manage access to personal information in a privacy context.

Most Soterion clients moved to the solution because they found their manual document-centric approaches for SAP access management consumed too many resources. Too
often things were getting overlooked in a continuous barrage of SAP access complexity,
as well as in regulatory and business change.

Others moved to Soterion as they found their previous SAP access risk solution was dated, cumbersome, too costly to own and maintain, and lacked the ease-of-use and intuitiveness that the business needed to understand SAP access risk and related processes.

Across these clients, there is consistent praise for the value of the ongoing cost of ownership of the Soterion platform, in the speed of deployment, return on investment, improved effectiveness, and agility to manage, monitor and enforce SAP access risk.

Soterion saves organizations time over manual processes for SAP access risk that also delivers greater effectiveness and agility to the organization. This enables organizations to meet audit requirements, better understand SoD and document mitigating controls.

Overall, it gives an organization a clear understanding of their SAP access risk throughout the business and does so in a context the business can understand without the overwhelming complexity IT often presents.

About GRC 20/20 Research, LLCGRC 20/20


GRC 20/20 Research provides clarity of insight into GRC solutions and strategies through objective market research, benchmarking, training and analysis.

Their research clarity is delivered through analysts with real-world expertise, independence, creativity and objectivity that understand GRC challenges and how to solve them practically.

If you would like to read the full report, click here to download.

  • Share

Back to Latest News list