SAP Security project at the Swiss giant

25 August 2020

GRC Advisory conducted a 3-month project to evaluate the maturity state of the processes in the Security and Compliance area (focus on SAP systems) for the international leader in the sanitary technology industry.

In the project scope, the current method of implementing key processes in the SAP Security area was investigated and then benchmarked with the best industry practices (audit and compliance). As a result, key areas worth to invest (ROI) in new technology or process change were identyfied. The scope of the project work included:

segregation of duties matrix (its content and operational processes) for the entire group of SAP systems (ECC, HCM, PI) ,

access role architecture in the SAP system and processes related to authorization lifecycle management,

user access rights management in SAP (scope, key risks and processes that support this area),

AP system security (key parameters and settings).

During workshop sessions, SAP Key users provided detailed information about their areas, based on the questions prepared by GRC Advisory. As a result, challenges in particular areas were identified. These challenges have been described in detail, with their impact on the organization and the resources needed to implement changes.

Identified challenges were discussed and assessed by the Key Project Stakeholders during a closing workshops located in Switzerland. The meeting was attended by the Finance Director, IT Director, Audit Director and the person responsible for global sales applications. The last element was the preparation of Roadmap for initiatives related to SAP Security / Compliance and planning activities in this area for the next 12 months.