Beruflich Dokumente
Kultur Dokumente
Our recent EY global information security survey of more than 1,700 senior information security
and IT leaders found that 46% of respondents ranked internal threats as a significant concern. Fully
deploying SAP GRC Access Control while focusing on improving access management fundamentals
will help address that risk while reducing cost and improving value.
Turning
risk into
results
Improve controls and Optimize risk management
processes Improve Optimize risk functions
controls and management
Better aligned risk coverage, processes functions Elimination of duplicate and
including the identification of fragmented risk management
stronger, more pervasive controls activities
Reduced level of effort associated Increased integration and
with performing and testing controls coordination among business,
IT and compliance
Increased control and process
efficiencies enabled through Sustainability of risk
automation and continuous monitoring management process
Improved control mix that addresses Effective top-down and bottom-
key business risks while driving up reporting
process efficiencies
• Increased integration and coordination • Reduced audit costs due to a reliable • Identification of access anomalies
among business, IT and compliance and automated access management indicating possible fraudulent activities
• Real-time notification of potential environment through alerts
access issues based on established • Cost avoidance associated with audit • Continuous access control and SoD
business rules failure management and monitoring
• Sustainability of access management • Efficiencies associated with preparation • Enhanced visibility to access-related
process and analysis of SoD reports risk exposure at the enterprise (i.e.,
• User-friendly reporting • Reduction in the number of manual cross-application, cross-business
controls required to be designed and process)
operated to mitigate access-related • Super-user access management
issues • Early detection of potential access
• Elimination of redundant and excessive issues through scenario analysis before
access management procedures performing changes to user and role
• Streamlined access approval process access
Next steps to improve your risk management landscape
Rapid SAP access diagnostic provides SAP GRC demo facilitates mapping
accelerated current state assessment of of business requirements to SAP GRC
your SAP access processes and technology, functionality and could be used to develop
allowing you to identify realizable value and an initial business case for implementing
develop a future state road map to achieve it. SAP GRC.
EY SAP GRC Accelerated Analytics Workbench: a SAP GRC demo environment: demo environment
tool that presents SoD conflicts in a business-friendly for all the latest versions of software, including SAP
format and helps identify key risks and pain points GRC 10.0 for Access Control, Process Control, Risk
and determine initial remediation. Management and Global Trade Services.
SAP role design benchmarking: key metrics EY RiskUniverse®: industry-specific risk universes,
enabling an organization to compare its SAP process-normative models and key business risks
role design against other companies and leading
Roles should be standardized and rationalized to better align with
linked to application-specific controls that can be
practices. Industrial Client’s business process design and organizational structure used to customize SAP GRC demos.
Comparison of SAP roles against initial design and similar
organizations
Proprietary & Confidential – not for use or disclosure outside Industrial Client
Page 2 All Rights Reserved – Ernst & Young 2010
DRAFT – FOR DISCUSSION ONLY
This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional
EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young advice. Please refer to your advisors for specific advice.
Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by
guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. ey.com