Mitigating controls – is this a cure for “all evil” in excessive authorizations risks in SAP?Mitigating controls – is this a cure for “all evil” in excessive authorizations risks in SAP?Mitigating controls – is this a cure for “all evil” in excessive authorizations risks in SAP?Mitigating controls – is this a cure for “all evil” in excessive authorizations risks in SAP?
  • News
  • Products & Services
    • SAP GRC Products
    • smartGRC
    • GDPR compliance
    • Dedicated training
    • SAP Security & Authorizations
    • SAP FCM
  • Blog
  • Company
  • Career
  • Contact
  • Career
    • Job offers
    • Apply
English
  • Polish
✕
  • Home
  • Blog
  • Expert's blog
  • Mitigating controls – is this a cure for “all evil” in excessive authorizations risks in SAP?

Mitigating controls – is this a cure for “all evil” in excessive authorizations risks in SAP?

24 October 2022
Kontrole mitygujące

The implementation of additional mitigating controls is a frequent response from the company management in order to limit the risk of excessive (redundant or unnecessary) authorizations in ERP (SAP) systems. Is it a good way to eliminate the excessive authorization risks or are we are just dealing with its side effects? Let’s debate whether it is the right and well-thought approach. What are the negative consequences of doing so, are there any? Is there one answer that is right for all organizations, situations, and markets? During the SoD (Segregation of duties) project, there are many myths about excessive user rights in SAP. The desire to dispel doubts and debunk the myths about mitigating controls and SoD challenges was the main motivation and inspiration for us to write this series of 5 articles. Today we give you heads-up it is coming.

We encourage you to read our series of articles and let us know about your thoughts after.

A properly conducted project of building or rebuilding user authorizations in SAP should be based on the matrix of division of duties in business processes developed during business workshops. It’s the matrix that is the ​key product of such project, often overlooked and forgotten during process implementation by companies, who’s clear focus is on other aspects of launching a new ERP class system. Within the last few years, GRC Advisory has carried out a number such workshops in wide range of private businesses as well as public organizations and administrative units. We had trainings in organizations of various sizes – medium companies led by small management team and large international corporations. Among many conclusions which came from these workshops and meetings, the topic of mitigating controls seems to be an interesting and a bit unfamiliar aspect. What are mitigating controls? When do they apply? In the case of many companies that we have had the opportunity to cooperate with by far, the mitigation control seems to be the most common

The mitigating controls are very wide subject, the material has been created and divided by two authors: Andrzej Partyka and Filip Nowak into 5 articles:

  1. Challenges for mitigating controls.(02-11-2022)
  2. When is it worth to create and when should we avoid mitigating controls? (16-11-2022)
  3. Control examples and repository – Review building best practice. (30-11-2022)
  4. How to implement mitigating controls in GRC systems? (7-12-2022)
  5. Summary and conclusions. (21-12-2022)

Every two weeks we will publish one part of it. Is the current market approach correct? We invite you to read the article and learn more on the subject of mitigating controls.

We invite you to read it

Andrzej Partyka & Filip Nowak

GRC & Security Enthusiasts

Related posts

8 June 2025

Case study: How a chemical company achieved a double-digit reduction in SAP license costs through FUE analysis before migration

Read more
25 May 2025

SAP RISE FUE Is not just a new metric—It’s a whole new way to price license in SAP

Read more
19 May 2025

How can a Segregation of Duties Audit in SAP be effectively conducted?

Read more

SEARCH ON THE BLOG

✕

LAST POSTS

  • 0
    Case study: How a chemical company achieved a double-digit reduction in SAP license costs through FUE analysis before migration
    8 June 2025
  • 0
    SAP RISE FUE Is not just a new metric—It’s a whole new way to price license in SAP
    25 May 2025
  • 0
    How can a Segregation of Duties Audit in SAP be effectively conducted?
    19 May 2025
  • 0
    AI meets smartGRC – intelligent risk and compliance just got real
    12 May 2025

FACEBOOK

GRC Advisory

GRC ADVISORY

Headquarters:
GRC Advisory Sp. z o.o.
Strzegomska 140A Street
54-429 Wrocław
Branch:
Sołtysa Dytmara 3/25 Street
30-126 Kraków

 kontakt@grcadvisory.com
 +48 12 352-11-35
 +48 71 726 24 87

GRC ADVISORY

Headquarters:
GRC Solutions Sp. z o.o.
Strzegomska 140A Street
54-429 Wrocław

_
_

 kontakt@grcsolutions.pl
 +48 12 352-11-35
 +48 71 726 24 87

COMPANY

  • News
  • Products & Services
  • Career
  • Privacy Policy
  • Contact

SHORTCUTS

10lat archer GRC Bezpieczeństwo SAP Controler cyberbezpieczeńśtwo cybersrcurity emergency access ERP Firefigther GDPR GRC GRCAdvisory GRCSolutions IAM Privileged access SAP SAP Access Control 12.0 SAP ECC SAP GRC SAP HANA SAP S4/HANA SAP Security SoD UAR Zarządzanie ryzykiem

BLOG

  • 0
    Case study: How a chemical company achieved a double-digit reduction in SAP license costs through FUE analysis before migration
    8 June 2025
  • 0
    SAP RISE FUE Is not just a new metric—It’s a whole new way to price license in SAP
    25 May 2025
  • 0
    How can a Segregation of Duties Audit in SAP be effectively conducted?
    19 May 2025
© 2018 Deluxe Pens International
powered by:  greenlogic
English
  • Polish
  • English