smartReader

Entitlement analysis in SAP / ERP offline mode

Result

Process

Why you should

Gallery

1. a scan of the entitlement environment in SAP / ERP

Using this service, in a short period of time (2-3) weeks you receive a report with a summary of the status of authorizations in SAP systems. The report includes the identification of users and roles with the highest number of redundant authorizations and separation of duties conflicts. Included in the scope of the analysis is the business perspective (posting documents, payments, master data, etc.) and technical system accesses (access to tables, running programs, administrative functions).

Our report consists of two sections:

  • Management summary - here we focus on identifying areas that need ad hoc correction, as their current state causes risks and threats to the organization. In the report, we also identify priorities for ad hoc and long-term actions, which should be preceded by a solid analysis of the current use of SAP ERP by users.
  • Detailed results - a set of extensive reports in MS Excel format. It consists of several documents indicating specific problems in redundant privileges at the user level and roles operating on the system that should be corrected with information at the technical level how to do.

2. the process of downloading SAP data from smartReader

It is implemented using a tool that, after setting up a connection to SAP, allows you to download the necessary data in a matter of minutes. Then the data in CSV format is uploaded to our smartGRC environment, where it is analyzed by our Experts. The entire process takes up to 4 weeks and can be the basis for quick ad hoc actions to prepare your system for an upcoming audit, for example, or to help plan and prioritize a larger project to adjust SAP user privileges.

1.Downloading data from SAP with the help of smartReader

Downloading data from SAP using smartReader – downloading from more than 20 different data tables is fast and is done with ‘one click’. The user defines in advance the connection to the system from which the data is to be downloaded and the user on which the task is to be performed. Table reading privileges are sufficient to perform this operation, the process does not change any data on the SAP ERP side.

2.Uploading data to smartGRC application

Uploading data to smartGRC – is a dedicated system for auditing authorizations. It can be installed in the client’s environment or used based on solutions available from the cloud. For the audit, its algorithms are used, native mechanisms import data from files and run data analyses that generate results for analysis. Throughout the process, a model separation of duties matrix is important, which is the basis of the realized analysis for redundant authorizations. It was created as a result of our work on entitlement projects since 2010. During this time we have accumulated knowledge and experience, which we recorded in the model matrix of separation of duties.

3.Analyze permissions and generate reports

Detailed reports show the result in different layouts, so that a large amount of data can be analyzed efficiently. We look for high-level risks in the data, and consider whether they come from different roles or one and the same role. We formulate conclusions for reconstruction and further adjustment of the entitlement model.

4.Conclusion and presentation

Conclusion and presentation – we divide the actions we recommend to be performed in user roles and privileges into actions to be performed in the long term and ad hoc actions to be performed after the audit. Depending on your needs, we can help you perform these actions in the system. Recommendations must be specific enough to be easily implemented and general enough to be understood and prioritized.

Why you should

  • Short duration from ordering the work to receiving the results on average about 2-3 weeks.
  • Our benchmark Separation of Duties (SOD) matrix has more than 150 definitions of over-authorization risks from a business and IT perspective. These risks include more than 500 technical activity definitions. Ready-made technical risk mapping. Over the years of operation in various areas, it has been refined down to the smallest detail, so the results achieved with it can significantly improve the level of security at our customers.
  • No costs associated with acquiring a license for a GRC-class tool

Gallery

I want to see how smartReader works

Fill out the form below and we will contact you with a presentation of our offer and the capabilities of the module.

  • #fastERP scan #SAP audit
  • #SAP security
  • #Audit without a license