Materialised Risk Manager

Materialised Risk Manager

Access risk reporting has evolved over the years, moving from identifying and highlighting potential risks to actual risks based on the use by an SAP user of the conflicting actions or functions.

By extensively scrutinising the SAP transactional data, our Materialised Risk Manager enables organisations to continuously monitor those access risks that have materialised, ensuring a more effective access risk management capability.

Background - Key Benefits

Key Benefits

Identify and highlight segregation of duty risks that have materialised

Continuous control monitoring of access risks

Enhanced access risk management capability

Implement a control orientated GRC framework

Identify and highlight actual risks by an SAP User, not based on the roles assigned

Traditional SAP access risk reporting highlights Potential Risks, in other words, the access risks based on the roles assigned to the SAP users.

The Materialised Risk Manager enables organisations to identify risks where an SAP user has not only performed conflicting actions, but have done so for the same document. A common example would be a user that has created a Purchase Order and has also released the same Purchase Order.

More Focussed Reporting

To provide more focussed reporting, the Materialised Risk Manager allows the organisation to configure the query for relevant fields and data, such as selecting only the Purchasing Document Types that are associated with Standard Purchase Orders, such as Document Type ‘NB’. This will then exclude all non-relevant Purchase Orders such as Internal Stock Transfers.

Each occurrence of a materialised risk is flagged as a Case in Soterion and sent via workflow to a Materialised Risk Owner. Each Case will then be reviewed and the Case Status will be updated. Further documentation can be linked to the Case for Audit purposes, such as a Follow-up Dates, Comments or attaching associated files.

Background - Contact

Experience a better way of managing your GRC today

Speak to one of our GRC consultants to explore how we can help solve your GRC objectives

Terms of Use

How will we use the information about you? Here at Soterion we take your privacy seriously and will use your personal details submitted to email you the requested information. If you opt in to stay informed we will contact you from time to time with Soterion related content. You can unsubscribe at any time. Read our full privacy policy here.