smartReport

Control of redundant access and SoD risks for business and IT users

smartReport - reporting of SoD risks

The smartReport application enables reporting access in various IT systems (SAP ERP, SAP S/4 HANA, HCM, Active Directory, Teradata, IFRS15, SPECTRUM) in the context of generating risks for the secure execution of business processes.

When is it worth it?

Multiple IT systems (SAP) and users whose permissions were developed based on different approaches.
Decentralised rights management (project teams).
No clearly defined Security Officer function for permissions in IT / ERP / SAP systems.
Recurring auditing recommendations to control this sphere better / more attentively.

What the process may look like - ready solution

Summary - why is it worth using?

smartReport provides the means of determining the status of user rights in IT systems (ERP). A diagnosis allows to ascertain the direction needed to improve and restructure permissions, and subsequently conduct a reverification of the actions taken. The goal is a ZERO tolerance for redundant access and SoD risks. This is a simple task if the authorisation administrator is provided with tool support.

Main functionalities of smartReport

Built-in matrix of risks and SoD conflicts in SAP systems and the ability to import data from various field-specific solutions.
Presentation of results in various layouts: risk report for users, roles and profiles with the use of multiple dynamic filtering criteria (system, user, role, risk level, business process).
More than 10 different dedicated reports in the business layout (how the risk affects business processes) and a few in the technical layout (how to change profile to eliminate risk from permissions).
Access to data regarding transactions started by users.

smartReport screen gallery

References

FAQ – find out more about smartReport

1. Is smartReport a separate system or a native ABAP program?

The smartGRC application is a separate stand-alone system, which can be installed in your personal environment or made available from the cloud. Installation of the system requires preparing an application server (Windows) and a database server (SQL).

2. How does the application connect with SAP systems?

The smartGRC application connects through a SAP interface dedicated to JAVA systems – a JCo connection. Standard SAP programs are used to download data from the SAP system, launched for reading data with parameters set by smartGRC.

3. What is the average time needed to implement and install smartReport?

3-4 weeks, assuming a standard process and the use of the standard SoD matrix available in the tool.

4. How does this product differ from other products on the market? What advantages does it offer?

It offers a good library of SoD risks and sensitive access, and consultant expertise as to what to pay attention to when implementing SoD in an organisation. Our advantage is being familiar with the risks (auditing experience) and the technology (technical authorisations).

5. Does the smartGRC application support other ABAP systems as well?

Yes, it can support any given system, including ones not based on ABAP technology, but in such a case it is necessary to prepare a dedicated connector, which may extend the implementation and installation process. Currently the system includes connectors to: Active Directory, Remedy, and Service desk.

smartReport is an indispensable service from the perspective of security of processes and business actions executed in a SAP system. Below you may find the answers to the most frequently asked questions about our solution.