Identify, remediate or mitigate segregation of duties risks before you make changes in your SAP^® production systems. Then, maintain a clean environment with tools for ongoing monitoring and exception based reporting of executed risks.

Segregation of duties (SoD) controls are designed to ensure that staff do not have access to a potentially risky mix of functions, like the ability to create vendors in the SAP system and initiate payments to vendors. However, for many organizations conflicting duties are unavoidable. That's why it is vital to have value-added tools that analyze user access against the enterprise's SoD rulebook and flag any executed risks for review.

Why spend time investigating when a buyer processes a purchase order to a vendor they have not maintained in the SAP system? Most auditors would agree that this was not a true risk. Automated mitigating controls provides continuous controls monitoring of all SoD executed risks at the transaction level to identify true risks (like creating a vendor and paying the same vendor) and eliminate false positives. With ControlPanelGRC you will be notified when a buyer actually processes a payment to a vendor that they have maintained in the past. This allows you to concentrate on the true risks to your organization and not spend time investigating a lot of "false positives".

Identify: SoD Risk Identification

ControlPanelGRC delivers a complete "risk based" set of the segregation of duty rules in SAP that are common to all industries and based on industry best practices. In order to reduce the amount of redundant information found in SAP SoD violation reports, make the reports faster to run, and easier to understand for risk owners ControlPanelGRC defines risks as conflicting functions versus conflicting transaction pairs.

ControlPanelGRC provides a detailed, plain English description of the potential risks, the reasons for the risk, and all remediation and mitigation options. The Rulebooks are extensible and can easily be customized to meet business process or auditor requirements offering a high level of granularity to define risks at the authorization object and transaction level.

Analyze: SoD Risk Modeling

ControlPanelGRC provides strong "what if" capability that allows for real time modeling of all requested user and role changes prior to the change actually being implemented. This functionality allows you to stay clean by identifying SoD risks and remediating or mitigating them on a continuous basis.

Monitor: Real-time notification of SoD issues in SAP

ControlPanelGRC is the solution for managing segregation of duties risks in real-time. ControlPanelGRC's strong "what if" capability allows you to model any potential change against current production data to determine what risks will be introduced if that change is made. It also provides an in-depth review of executed risks and provides details on which transactions were executed and when. Risk owners can review the documentation immediately and respond in time to prevent fraudulent activity rather than finding out about the issue when it is too late to take action. The detailed reporting also provides auditors with a documented history of mitigating controls.

Remediate: Fast Solutions for Risk Reduction

Make risk remediation fast and simple with integrated reporting functions that significantly reduce the burden of work. The detailed reports provide people in the business, the true risk owners, with all the information necessary to make judgments on appropriate remediation or mitigation options and then take action — all from within the ControlPanelGRC user interface.