Mitigating controls – is this a cure for “all evil” in excessive authorizations risks in SAP?Mitigating controls – is this a cure for “all evil” in excessive authorizations risks in SAP?Mitigating controls – is this a cure for “all evil” in excessive authorizations risks in SAP?Mitigating controls – is this a cure for “all evil” in excessive authorizations risks in SAP?
  • News
  • Products & Services
    • SAP GRC Products
    • RSA Archer eGRC
    • smartGRC
    • GDPR compliance
    • Dedicated training
    • SAP Security & Authorizations
  • Blog
  • Company
  • Career
  • Contact
  • Career
    • Job offers
    • Apply
English
  • Polish
✕
  • Home
  • Blog
  • Expert's blog
  • Mitigating controls – is this a cure for “all evil” in excessive authorizations risks in SAP?

Mitigating controls – is this a cure for “all evil” in excessive authorizations risks in SAP?

24 October 2022
Kontrole mitygujące

The implementation of additional mitigating controls is a frequent response from the company management in order to limit the risk of excessive (redundant or unnecessary) authorizations in ERP (SAP) systems. Is it a good way to eliminate the excessive authorization risks or are we are just dealing with its side effects? Let’s debate whether it is the right and well-thought approach. What are the negative consequences of doing so, are there any? Is there one answer that is right for all organizations, situations, and markets? During the SoD (Segregation of duties) project, there are many myths about excessive user rights in SAP. The desire to dispel doubts and debunk the myths about mitigating controls and SoD challenges was the main motivation and inspiration for us to write this series of 5 articles. Today we give you heads-up it is coming.

We encourage you to read our series of articles and let us know about your thoughts after.

A properly conducted project of building or rebuilding user authorizations in SAP should be based on the matrix of division of duties in business processes developed during business workshops. It’s the matrix that is the ​key product of such project, often overlooked and forgotten during process implementation by companies, who’s clear focus is on other aspects of launching a new ERP class system. Within the last few years, GRC Advisory has carried out a number such workshops in wide range of private businesses as well as public organizations and administrative units. We had trainings in organizations of various sizes – medium companies led by small management team and large international corporations. Among many conclusions which came from these workshops and meetings, the topic of mitigating controls seems to be an interesting and a bit unfamiliar aspect. What are mitigating controls? When do they apply? In the case of many companies that we have had the opportunity to cooperate with by far, the mitigation control seems to be the most common

The mitigating controls are very wide subject, the material has been created and divided by two authors: Andrzej Partyka and Filip Nowak into 5 articles:

  1. Challenges for mitigating controls.(02-11-2022)
  2. When is it worth to create and when should we avoid mitigating controls? (16-11-2022)
  3. Control examples and repository – Review building best practice. (30-11-2022)
  4. How to implement mitigating controls in GRC systems? (7-12-2022)
  5. Summary and conclusions. (21-12-2022)

Every two weeks we will publish one part of it. Is the current market approach correct? We invite you to read the article and learn more on the subject of mitigating controls.

We invite you to read it

Andrzej Partyka & Filip Nowak

GRC & Security Enthusiasts

Related posts

26 January 2023

Mitigating controls – is this a cure for “all evil” in excessive authorizations risks in SAP? Part #2/5 – When is it worth creating and when should mitigating controls be avoided?


Read more
27 November 2022

Mitigating controls – is this a cure for “all evil” in excessive authorizations risks in SAP? Part # 1/5 – The challenge for mitigating controls


Read more
8 June 2020

A practical view on how to conduct effective IT risk analysis


Read more

SEARCH ON THE BLOG

✕

LAST POSTS

  • 0
    Mitigating controls – is this a cure for “all evil” in excessive authorizations risks in SAP? Part #2/5 – When is it worth creating and when should mitigating controls be avoided?
    26 January 2023
  • 0
    GRC Advisory becomes an official SAP Gold Partner
    12 January 2023
  • 0
    Mitigating controls – is this a cure for “all evil” in excessive authorizations risks in SAP? Part # 1/5 – The challenge for mitigating controls
    27 November 2022
  • Kontrole mitygujące0
    Mitigating controls – is this a cure for “all evil” in excessive authorizations risks in SAP?
    24 October 2022

FACEBOOK

GRC Advisory

GRC ADVISORY

Headquarters:
GRC Advisory Sp. z o.o.

Strzegomska 138 Street
54-429 Wrocław
Branch:
Sołtysa Dytmara 3/25 Street
30-126 Kraków


 kontakt@grcadvisory.com
 +48 12 352-11-35
 +48 71 726 24 87

GRC ADVISORY

Headquarters:
GRC Solutions Sp. z o.o.

Strzegomska 138 Street
54-429 Wrocław

_
_


 kontakt@grcsolutions.pl
 +48 12 352-11-35
 +48 71 726 24 87

COMPANY

  • News
  • Products & Services
  • Career
  • Privacy Policy
  • Contact

SHORTCUTS

ERP GDPR SAP Access Control 12.0 SAP ECC SAP GRC SAP HANA SAP S4/HANA SoD UAR

BLOG

  • 0
    Mitigating controls – is this a cure for “all evil” in excessive authorizations risks in SAP? Part #2/5 – When is it worth creating and when should mitigating controls be avoided?
    26 January 2023
  • 0
    GRC Advisory becomes an official SAP Gold Partner
    12 January 2023
  • 0
    Mitigating controls – is this a cure for “all evil” in excessive authorizations risks in SAP? Part # 1/5 – The challenge for mitigating controls
    27 November 2022
© 2018 Deluxe Pens International
powered by:  greenlogic
English
  • Polish
  • English