Intelligent risk review. Periodic verification of the state of permissions
User-friendly verification of access and SoD risks
The smartReview application allows for an intelligent review of user access and authorizations in various IT systems (SAP ERP, S/4 HANA, HCM, Active Directory, Teradata, Oracle, Billing, Spectrum, IFRS). The main focus in on segregation of duties risks that exists in users system access. The application documents a history of decisions made, and monitors the changes of user access in connected end- systems. It supports the review process by informing the decision-maker which instances of access were used often or rarely.
When is it worth it?
What the process may look like - ready solution
Summary - why is it worth using?
smartReview will carry out a quick, simple, and cyclical recertification of permissions held by users in systems, taking into account their current role in business processes.
Main functionalities of smartReview
smartReview screen gallery
FAQ – find out more about smartReview
A review of authorisations in the system has so far required a great amount of work and time to carry out, and posed a heavy burden on the organisation as a result. Thanks to smartReview, a process of complete analysis can now be fully automated, and conducted according to individually set criteria – the application supports the user during every step of the review process.
The smartGRC application is a separate stand-alone system, which can be installed in your personal environment or made available from the cloud. Installation of the system requires preparing an application server (Windows) and a database server (SQL).
The smartGRC application connects through a SAP interface dedicated to JAVA systems – a JCo connection. Standard SAP programs are used to download data from the SAP system, launched for reading data with parameters set by smartGRC.
Implementing the application to review user rights in a SAP system takes an average of 6-8 weeks. This often depends on the expectations and input of the organisation (implementing the organisation’s own SoD risk matrix / using our standard matrix defined on the basis of experience and the best GRC practices gained during numerous projects). Implementing the application for reviewing authorisations in a non-SAP system generates additional complexity in the implementation process (defining of risks, import of data, additional programming work), which extends the duration of the review process.
The application supports the entire process from the preparation of data to the review, to assigning persons for verifying access, and after a decision for access has been reached it allows tracking the progress of implementing the decisions in end systems. The application supports decision-makers throughout the authorisation review process via the ability to display the frequency of starting transactions in the SAP system, the ability to display decisions taken in past reviews, and copying decisions between positions, which gives the application an advantage over alternative products. It is intuitive in use, based on the familiar environment of a web browser. It is intuitive in use, based on the familiar environment of a web browser.
Yes, it can support any given system, including ones not based on ABAP technology, but in such a case it is necessary to prepare a dedicated connector, which may extend the implementation and installation process. Currently the system includes connectors to: Active Directory, Remedy, and Service desk.