smartReview

Intelligent risk review Periodic user access review

Info

Gallery

Request a demo

See references

smartReview - system access and SoD risks review

smartReview offers a review of authorizations and system access across various IT systems (including SAP ERP, S/4 HANA, HCM, Active Directory, Teradata, Oracle, Biling, Spectrum, IFRS). It specifically targets segregation of duties (SoD) risks among users. The application maintains an audit trail of decisions and monitors their implementation across end systems. It aids in reviews by highlighting frequently and infrequently used accesses to decision makers.

When is it worth it?

  • Frequent rotation of employees between jobs / departments in a company, resulting in assigning accesses which are no longer required for the user
  • Multiple IT / ERP systems, large number of users, which hinders effective and up-to-date control of access authorizations
  • Auditing recommendations to periodically review user authorizations in the SAP system
  • Necessity of monitoring the results of periodic reviews and ensuring that the recommendations and decisions from the business have been implemented in IT systems

What the process may look like - ready solution

Summary - why is it worth using?

smartReview will carry out a quick, simple, and periodical review of authorizations held by users in systems, taking into account their current role in business processes.

Main functionalities of smartReview:

  • Meeting audit requirements and guidelines through comprehensive tool support for an automated, user-friendly, and controlled periodical access review process
  • Clear and understandable presentation of user authorizations data in systems for business users
  • Control mechanisms built into the process (the ability to transfer the decision-making position only to persons chosen in the process).
  • Mechanisms facilitating the work of verifiers (the ability to display and copy a previously taken decision)
  • Adjusting user authorizations adequately to their duties (participation in processes)

smartReview screen gallery

References

FAQ – find out more about smartReview

A review of authorisations in the system has so far required a great amount of work and time to carry out, and posed a heavy burden on the organisation as a result. Thanks to smartReview, a process of complete analysis can now be fully automated, and conducted according to individually set criteria – the application supports the user during every step of the review process.

The smartGRC application is a separate stand-alone system, which can be installed in your personal environment or made available from the cloud. Installation of the system requires preparing an application server (Windows) and a database server (SQL).

The smartGRC application connects through a SAP interface dedicated to JAVA systems – a JCo connection. Standard SAP programs are used to download data from the SAP system, launched for reading data with parameters set by smartGRC.

Implementing the application to review user rights in a SAP system takes an average of 6-8 weeks. This often depends on the expectations and input of the organisation (implementing the organisation’s own SoD risk matrix / using our standard matrix defined on the basis of experience and the best GRC practices gained during numerous projects). Implementing the application for reviewing authorisations in a non-SAP system generates additional complexity in the implementation process (defining of risks, import of data, additional programming work), which extends the duration of the review process.

The application supports the entire process from the preparation of data to the review, to assigning persons for verifying access, and after a decision for access has been reached it allows tracking the progress of implementing the decisions in end systems. The application supports decision-makers throughout the authorisation review process via the ability to display the frequency of starting transactions in the SAP system, the ability to display decisions taken in past reviews, and copying decisions between positions, which gives the application an advantage over alternative products. It is intuitive in use, based on the familiar environment of a web browser. It is intuitive in use, based on the familiar environment of a web browser.

Yes, it can support any given system, including ones not based on ABAP technology, but in such a case it is necessary to prepare a dedicated connector, which may extend the implementation and installation process. Currently the system includes connectors to: Active Directory, Remedy, and Service desk.

Have another question - write to us!

I want to see how smartReview works

Fill out the form below and we will contact you with a presentation of our offer and the capabilities of the module.

  • smartReview
  • SAP security
  • Periodic review of entitlements
  • Review of entitlements
  • Access control
  • Certification of authority