SAP

Achieve Seamless, Efficient SAP GRC Access Control Operations Through Managed Services

Sajib Biswas
August 4, 2022
4 min read

With organizations transitioning to unlock the full potential of S/4HANA and SAP cloud solutions, GRC functionalities and operations also need to be updated. For example, updating the Segregation of Duties (SoD) ruleset to support S/4HANA transactions including Fiori apps, or to run risk analysis on HANA database users. While an implementation or upgrade project would typically include the relevant set of Fiori apps in the ruleset, the continued effort of keeping the ruleset up to date with newly implemented Fiori apps is equally important.

What is GRC Managed Services?

In addition to identifying and deploying incremental changes on demand, GRC Managed Services provide the specialized workforce for ongoing operational activities such as managing daily or periodic GRC reporting, review, and monitoring. For many organizations, having a GRC administration resource pool dedicated to these types of activities is not feasible, or simply not necessary as an outsourced managed services team can provide greater value and drive efficiency through specialized skillsets.

SoD/Sensitive Access Management

The day-to-day operations of access risk analysis (ARA) vary from one organization to another. However, there is a common theme of reporting out risk analysis results on a periodic basis, as well as helping executives and reviewers interpret the issues in a business context to ensure appropriate risk remediation or mitigation of the risks. Occasionally, it involves leveraging data visualization software like Power BI or Tableau.

A few other key daily or periodic activities related to GRC risk analysis are:

  • Monitoring synchronization and batch risk analysis jobs
  • On-demand ruleset updates, including new Fiori apps and custom transactions to the ruleset
  • Optimizing risk analysis results by maintaining excluded objects and critical roles/profiles
  • Continued remediation and mitigation efforts to improve compliance
  • Ensuring optimum performance through periodic clean-up jobs and appropriate usage

Elevated temporary access

Also known as the firefighter module, emergency access management (EAM) can mostly be set to autopilot through firefighter access provisioning and firefighter log review workflow. A managed services team can be leveraged to provide:

  • Proper master data maintenance to support the workflows
  • On-call support to address or workaround any unexpected errors
  • Supervision of workflow SLAs and follow-ups as needed
  • Trend analysis reviews and optimization of firefighter usage
  • Monitoring of EAM jobs and workflows are completed timely

User provisioning and role management

The access request management (ARM) workflows facilitate compliant SAP user access and auto-provisioning. While business role management (BRM) has its own workflow and methodologies for role maintenance, it is more commonly used as the role repository to support ARM workflows. Leveraging a managed services team can help identify the proper ARM and BRM implementation scope based on the organization’s needs and complexity. Once implemented, some of the key tasks of a GRC-managed services team would be:

  • Maintaining an up-to-date BRM library, including new business roles
  • Providing trend analysis and optimization of workflow usage
  • Addressing workflow enhancement needs
  • Monitoring background jobs and workflows

User access review and SoD review

These two workflows address the periodic SAP user access review (UAR) and SoD/sensitive access review (SoDR) needs. Organizations typically execute these reviews at least semi-annually and successful execution of the review rounds is one of the most important responsibilities for a GRC managed services team. After sending the review requests to the reviewers through GRC, the team would typically perform the following activities:

  • Daily monitoring of review completions, including providing technical support to the reviewers
  • Managing rejected request items
  • Ensuring timely reminder emails
  • Managing escalations
  • Ensuring appropriateness of UAR decisions made by the reviewers
  • Identifying optimal SoD resolution based on SoDR

Putting it all together

In addition to access control module-specific tasks noted above, support pack upgrades, resolving newly identified bugs, evaluating and solutioning new functional requirements, ensuring up-to-date user training materials based on functionality or process enhancement, etc., can lead to IT support bottlenecks or unforeseen consulting costs. Protiviti’s GRC Managed Services offerings are designed to address such needs in a cost-effective manner, enabled by a team with years of GRC implementation and support experience. The service model is scalable and flexible to be customized based on customer-specific needs. Team operations are driven by KPIs ensuring optimum cost and integration with the clients’ overall IT support model.

Example GRC Access Control KPIs 

Protiviti’s GRC experts can help with your SAP GRC needs. To learn more about our SAP capabilities, contact us, visit SAP Consulting Services or our SAP Resource Center for Protiviti’s SAP thought leadership, client stories and service offerings.   

 

Sajib Biswas

View all posts

You may also like

Subscribe to Topics

Protiviti Technology Follow

Protiviti leverages emerging technologies to innovate, while helping organizations transform and succeed by focusing on business value.

ProtivitiTech
protivititech Protiviti Technology @protivititech ·
18 Apr

Learn more about what GRC Managed Service is and what it can do for SAP S/4HANA and SAP cloud solutions in the latest #SAP Blog post. https://ow.ly/OMaL50RfsHw #ProtivitiTech

Reply on Twitter 1781035159438954997 Retweet on Twitter 1781035159438954997 Like on Twitter 1781035159438954997 Twitter 1781035159438954997
protivititech Protiviti Technology @protivititech ·
17 Apr

Protiviti is a proud sponsor of ServiceNow Knowledge 2024—a three-day conference all about #AI. Stop by our booth (#2503) to visit with our team and learn how the #ServiceNow platform makes business transformation possible. https://ow.ly/qa6p50Rh9wf

Reply on Twitter 1780627914964308382 Retweet on Twitter 1780627914964308382 Like on Twitter 1780627914964308382 Twitter 1780627914964308382
protivititech Protiviti Technology @protivititech ·
16 Apr

What is #DesignThinking? Could it help your organization? Find out how Protiviti uses it to help clients build net new applications and modernize legacy systems. https://ow.ly/fMK550Rfsoi #ProtivitiTech

Reply on Twitter 1780204913663873376 Retweet on Twitter 1780204913663873376 Like on Twitter 1780204913663873376 Twitter 1780204913663873376
protivititech Protiviti Technology @protivititech ·
15 Apr

Join our May 2 webinar designed for privacy and security professionals seeking to navigate the intricate nuances of data governance within the ever-evolving global regulatory landscape. Register today! https://ow.ly/hzrG50R4fTX #ProtivitiTech #DataPrivacy

Reply on Twitter 1779872392535212145 Retweet on Twitter 1779872392535212145 2 Like on Twitter 1779872392535212145 1 Twitter 1779872392535212145
protivititech Protiviti Technology @protivititech ·
12 Apr

The latest Technology Insights Blog post offers insight into the unique risks associated with Large Language Models (LLMs) and how to establish strategies to mitigate them. https://ow.ly/q3w550RfbXm #ProtivitiTech #TechnologyInsights

Reply on Twitter 1778890996282982442 Retweet on Twitter 1778890996282982442 Like on Twitter 1778890996282982442 Twitter 1778890996282982442
Load More