GRC
HR
SCM
CRM
BI
Expand +


Article

 

Quantify the Impact of Segregation of Duties on Your Business

Measuring the Financial Exposure of Your Controls Environment

by Susan Stapleton | SAPinsider, Volume 16, Issue 4

October 9, 2015

To get the most from your governance, risk, and compliance (GRC) initiatives, explain segregation of duties (SoD) risk in terms the business can understand: dollar values. Organizations understand that eradicating all SoD violations can actually hinder productivity, but manual controls to mitigate this risk add little value to the business. Learn how exception-based SoD monitoring provides a true enterprise approach to governing access.

 

Companies are at varying stages of segregation of duties (SoD) management. Some still manually analyze risk with rudimentary methods, while others have moved to solutions such as SAP Access Control to automate their SoD analysis and implement preventive checks during their user and role maintenance processes.

Regardless of where companies are in their SoD journey, the last mile is almost always the same. Eradicating all SoD violations is nearly impossible and in many cases doing so hinder business productivity. Where SoD violations cannot be removed, businesses put controls in place to mitigate risks. However, these controls are often manual and hastily implemented, which can prevent risks from being reported, and results in a time-consuming, tedious process that adds little to no value to the business.

The driver behind requiring SoD — as well as other internal controls, for that matter — is to protect the business from fraud, but manual, ineffective controls are not reliable. A compelling way not only to protect but also to engage your business is to expose SoD risk in terms that the business can clearly understand: dollar values.

Measure Your Financial Exposure from SoD

Greenlight and SAP offer a solution that helps quantify the financial impact that SoD can have on your business. The SAP Access Violation Management application by Greenlight continuously monitors SAP and non-SAP systems to identify SoD conflicts and expose violations by user, business process, and risk (see Figure 1). You can identify your highest areas of exposure and determine a clear path to course correct. Perhaps most important, you finally have transparency into your financial exposure based on unresolved access violations, which can drive organizational change where the level of exposure may be too great, or uncover areas of internal fraud or loss of revenue due to employee error.

Figure 1: SAP Access Violation Management by Greenlight allows you to monitor access violations and assign real dollar values to them

Automate Mitigating Controls with Exception-Based SoD Monitoring

SAP Access Violation Management provides exception-based monitoring, alerting control owners only when an actual violation has occurred. This approach reduces — and in some cases, eliminates — the manual controls that too many companies use to mitigate SoD. This approach also provides more comprehensive controls coverage by enabling the analysis of business transactions and user activities across business applications, allowing a census-based approach that is more complete than a sample-testing approach and gives management greater confidence in the overall process.

Solutions That Scale

SAP and Greenlight solutions enable your organization to take a true enterprise approach to governing access. With more businesses investing in best-of-breed solutions and making the move to the cloud, Greenlight’s advanced integration platform ensures that you can scale as your business changes and grows. Greenlight’s ability to integrate with and correlate data across multiple business applications, coupled with powerful analytics aimed at business users, delivers enterprise visibility of risk exposure and regulatory compliance from a single platform. Learn more at www.greenlightcorp.com.

An email has been sent to:





 

Susan Stapleton
Susan Stapleton

VP Customer Advisory
Greenlight Technologies



More from SAPinsider



COMMENTS

Please log in to post a comment.

SAPinsider
FAQ