smartReport

Reporting of redundant access resulting from SoD risks and critical transactions

smartReport - reporting of SoD risks

The smartReport application allows reporting on various IT systems (SAP ERP, SAP S/4 HANA, HCM, Active Directory, Teradata, MSSF15, SPECTRUM) accesses in the context of generating threats to the secure execution of business processes.

When is it worth it?

Multiple IT systems (SAP) and users whose permissions were developed based on different approaches.
Decentralised rights management (project teams).
No clearly defined Security Officer function for permissions in IT / ERP / SAP systems.
Recurring auditing recommendations to control this sphere better / more attentively.

What the process may look like - ready solution

Summary - why is it worth using?

smartReport provides the means of determining the status of user rights in IT systems (ERP). A diagnosis allows to ascertain the direction needed to improve and restructure permissions, and subsequently conduct a reverification of the actions taken. The goal is a ZERO tolerance for redundant access and SoD risks. This is a simple task if the authorisation administrator is provided with tool support.

The main functionalities of smartReport:

Built-in matrix of risks and SoD conflicts in SAP systems and the ability to import data from various field-specific solutions.
Presentation of results in various layouts: risk report for users, roles and profiles with the use of multiple dynamic filtering criteria (system, user, role, risk level, business process).
More than 10 different dedicated reports in the business layout (how the risk affects business processes) and a few in the technical layout (how to change profile to eliminate risk from permissions).
Access to data regarding transactions started by users.

smartReport screen gallery

References

FAQ – find out more about smartReport

1. Is smartReport a separate system or a native ABAP program?

The smartGRC application is a separate system that can be installed in your environment or be available in the cloud. Installation of the system involves the preparation of an application server (Windows) and a database server (SQL).

2. How does the application connect with SAP systems?

The smartGRC application connects via a dedicated SAP interface for JAVA systems – the JCo connection. Standard SAP programs run to retrieve data from SAP are used to read data with the parameters indicated by smartGRC.

3. What is the average time needed to implement and install smartReport?

3-4 tygodnie, przy założeniu wykorzystania standardowego proces oraz standardowej matrycy SOD dostępnej w narzędziu.

4. How is this product different from others on the market? What is its advantage?

A good library of SoD risks and sensitive accesses and knowledge on the consultants’ side of what to look for when implementing SoD in an organization. Our advantage is knowledge of risks (audit experience) and technology (technical authorization).

5. Does the smartGRC application support other ABAP systems as well?

Yes the system can handle any system, including those based on ABAP technology, but in such a situation it is necessary to prepare a dedicated connector which can prolong the implementation and installation process. At this point, the system has connectors for: Active Directory, Remedy and Service desk.

smartReport is an indispensable service from the perspective of security of processes and business actions executed in a SAP system. Below you may find the answers to the most frequently asked questions about our solution.