Materialised Risk Manager
Materialised Risk Manager
Access risk reporting has evolved over the years, moving from identifying and highlighting potential risks to actual risks based on the use by an SAP user of the conflicting actions or functions.
By extensively scrutinising the SAP transactional data, our Materialised Risk Manager enables organisations to continuously monitor those access risks that have materialised, ensuring a more effective access risk management capability.
Key Benefits
Identify and highlight segregation of duty risks that have materialised
Continuous control monitoring of access risks
Enhanced access risk management capability
Implement a control orientated GRC framework
Identify and highlight actual risks by an SAP User, not based on the roles assigned
Traditional SAP access risk reporting highlights Potential Risks, in other words, the access risks based on the roles assigned to the SAP users.
The Materialised Risk Manager enables organisations to identify risks where an SAP user has not only performed conflicting actions, but have done so for the same document. A common example would be a user that has created a Purchase Order and has also released the same Purchase Order.
More Focussed Reporting
To provide more focussed reporting, the Materialised Risk Manager allows the organisation to configure the query for relevant fields and data, such as selecting only the Purchasing Document Types that are associated with Standard Purchase Orders, such as Document Type ‘NB’. This will then exclude all non-relevant Purchase Orders such as Internal Stock Transfers.
Each occurrence of a materialised risk is flagged as a Case in Soterion and sent via workflow to a Materialised Risk Owner. Each Case will then be reviewed and the Case Status will be updated. Further documentation can be linked to the Case for Audit purposes, such as a Follow-up Dates, Comments or attaching associated files.
