Companies are at varying stages of segregation of duties (SoD) management. Some still manually analyze risk with rudimentary methods, while others have moved to solutions such as SAP Access Control to automate their SoD analysis and implement preventive checks during their user and role maintenance processes.
Regardless of where companies are in their SoD journey, the last mile is almost always the same. Eradicating all SoD violations is nearly impossible and in many cases doing so hinder business productivity. Where SoD violations cannot be removed, businesses put controls in place to mitigate risks. However, these controls are often manual and hastily implemented, which can prevent risks from being reported, and results in a time-consuming, tedious process that adds little to no value to the business.
The driver behind requiring SoD — as well as other internal controls, for that matter — is to protect the business from fraud, but manual, ineffective controls are not reliable. A compelling way not only to protect but also to engage your business is to expose SoD risk in terms that the business can clearly understand: dollar values.
Measure Your Financial Exposure from SoD
Greenlight and SAP offer a solution that helps quantify the financial impact that SoD can have on your business. The SAP Access Violation Management application by Greenlight continuously monitors SAP and non-SAP systems to identify SoD conflicts and expose violations by user, business process, and risk (see Figure 1). You can identify your highest areas of exposure and determine a clear path to course correct. Perhaps most important, you finally have transparency into your financial exposure based on unresolved access violations, which can drive organizational change where the level of exposure may be too great, or uncover areas of internal fraud or loss of revenue due to employee error.
Automate Mitigating Controls with Exception-Based SoD Monitoring
SAP Access Violation Management provides exception-based monitoring, alerting control owners only when an actual violation has occurred. This approach reduces — and in some cases, eliminates — the manual controls that too many companies use to mitigate SoD. This approach also provides more comprehensive controls coverage by enabling the analysis of business transactions and user activities across business applications, allowing a census-based approach that is more complete than a sample-testing approach and gives management greater confidence in the overall process.
Solutions That Scale
SAP and Greenlight solutions enable your organization to take a true enterprise approach to governing access. With more businesses investing in best-of-breed solutions and making the move to the cloud, Greenlight’s advanced integration platform ensures that you can scale as your business changes and grows. Greenlight’s ability to integrate with and correlate data across multiple business applications, coupled with powerful analytics aimed at business users, delivers enterprise visibility of risk exposure and regulatory compliance from a single platform. Learn more at www.greenlightcorp.com.