The smartGRC application was developed in 2010 and has since significantly reduce the effort required to work with excesive authorisations in over 20 companies in Poland.
Our GRC team of more than 20 people specialises in the authorisation and security area for ERP systems.
Our knowledge and experience allows us to continuously develop the smartGRC application to solve real project challenges.
The purchase of a smartGRC licence provides access to a knowledge repository (SoD separation of duties risk matrix) and premade solutions to challenges in the field of SAP authorisation.
About the application
The smartGRC application was created as a response to the challange related to mass data processing in ERP systems (SAP) by users with segreagation of duties conflicts resulting from excessive authorisations.
Properly configured access authorization and user permissions can be an effective management solution to cyber security threats. Correctly adjusting user authorisations is not easy, however, as it requires deep understaning of the weaknesses of ERP class (SAP) systems.
These weaknesses create the risk of losing control over the accuracy, correctness and integrity of processed data in ERP (SAP) systems in the company.
The smartGRC application evens the odds for the company in this battle. It was designed with the goal of automating processes related to authorisation management in SAP systems in mind, and is currently being successfully used in other systems as well.
WHAT MAKES US SPECIAL?
Expert and hands-on expirence with sap security and authorization area gathered during the realization of the largest GRC implementation projects in Poland as well in EU regions.
We have obatined in 2022 a “Recognized expertise” title in GRC area from SAP, which makes a right expert to consult in area of SAP security and authorizations domain.
Business case – what kind of problems do we solve?
Our customer reviews
The smartGRC application implemented an overhaul for 10 partitioned systems and 6 SAP systems within 4 weeks. More than 300 auditors participated in the review, who occasionally shared their opinions with other auditors. Despite its large scale, the review process was fully automatic and fully transparent for the participants. This would not be possible without the support of smartGRC.
The automatic implementation of permissions in SAP and the preventive risk analysis of task allocation have improved our certification process. It is implemented more quickly and at the same time we comply with the guidelines of the external audit.
The smartGRC application has provided us with management information on current risk exposure segregation of duties and redundant SAP system accesses, which, combined with useful information on usage statistics became the basis for us in terms of deciding on the direction of improvement of the situation. The GRC team provided us with knowledge of the separation of duties risk base and helped smoothly lay out the project and then supported us in its implementation. All within the agreed deadline and budget. Definitely recommend to work together.
The ongoing analysis of the risks of task allocation conflicts (SoD) and the reporting of the causes of task allocation conflicts have facilitated the process of converting certificates.
GRC Advisory provided us with experts with many years of experience in roles and authorizations which translated into the high quality of the authorizations developed.
The GRC team provided us with knowledge of the risk base of separation of duties and helped to smoothly lay out the project and then supported us in its implementation.
All within the agreed time and budget.
Strongly recommend to work together on these complex and complicated issues in SAP roles and permissions.