Access Control Management

Analyse and manage Segregation of Duties and Sensitive Access across on-premise and cloud business ​

applications in your landscape with one easy-to-use platform.

  • Leading practice Risk Framework consisting of 250+ Segregation of Duties and 80+ Sensitive Access risks. ​​
  • Analyse risks across all key business areas including Finance, Purchasing, Manufacturing, Logistics, Production Planning, Sales, HR and IT.
  • Support for all major on-premise and Cloud Enterprise Applications including SAP®, SuccessFactors®, Ariba®, Oracle®, JDE® and Navision®.
  • Flexible Deployment Models - SAAS, Cloud and on-premise implementation or Managed Services.​​
  • Insightful reports, simulate what-if and if-used scenarios, trend and usage analysis.​
First slide

Access Controls

Access Control Policy sets out the organisation’s philosophy for granting access. Important entity-level control to ensure confidentiality, integrity and availability of information

Elements of Access Control
  • ERP Systems and other enterprise applications are the backbone of any organisation and contain information vital to the survival of the business.
  • Access to these should be controlled from the perspective of:
    • Segregation of Duties Conflicts
    • Critical Access
    • Access to Customised functionalities
QuickAudit: A Complete

QuickAudit allows you to effectively manage the
access security of your ERP, encompassing all
aspects of an Access Control Audit​.

  • Report
  • Remediate​
  • Prevent​

Report with QuickAudit

Segregation of Duties
  • Pre-built SOD Conflict definition based on COSO Internal Controls Framework​
  • Customisable SOD Conflict definition as per business need​
  • Rich reporting capabilities with Management Dashboard and 4-level Drill Down Reports​
  • Usage Reports
Critical Access
  • Continuous monitoring of Critical Access in ERP System​
  • Usage information on Critical Activities
Excessive Access
  • Periodic review of User Access including authorisation for Custom Activities
  • User Authorisation review with detailed root cause analysis

Remediate with QuickAudit

Segregate Access

  • Object level root cause reports​
  • Reporting of inherent Role Conflicts​
  • Highlight on Top 5 Users/ Roles/T-codes in conflicts
  • Usage Analytics Reports for Quick wins

Mitigating Controls

  • Document and assign Mitigating Controls​
  • Maintain Control Owners and Approval Documentation
  • Separate Reporting of Mitigated Conflicts​

Prevent with QuickAudit

Along with remediation, enforcing a preventive control is essential for maintaining clean state. QManage helps implement a preventive control by simulating potential risks in the user and role provisioning process.

User Access Change

  • Preventive Simulation of SOD and Critical Access Risks in User Access Provisioning using QManage​

New User Access

  • Mimicking access of existing user with ‘Copy From User’ Functionality​

Role Changes

  • Preventive Simulation of SOD risks in Role Creation and Role Modification Process using QManage

Case Study

A Leading Pharmaceutical Company

  • Client was manually approving user access requests through email. This was a roadblock while finding the audit trail for user access given during the audit period.​​
  • The management was unaware about the current state of affairs with respect to SOD/SA risks and conflicts. This was flagged during audits and rectified as a response instead of a proactive approach.
  • Risks and conflicts generated because of custom transactions were not readily available for the management to review.
  • Due to lack of visibility on the existing SOD/SA risks and conflicts, periodic review of user access was not being conducted​​.
  • ​The client needed a system in place to document and monitor the mitigating controls.
Our Role And Value Delivered​
  • QuickAudit tool was implemented to extract and analyse the user and role-related data from the SAP system.
  • It provided diverse reports and key analytical figures in the form of dashboards for easy and quick decision making.
  • ​Implemented a solution to manage the new user access requests as well as granting additional access to existing users.
  • Periodic Access review module was developed and implemented.
  • Hybrid request – User selects transactions, technical level to assign role.(User is usually not aware of what role is needed.)​​
  • Manager data is pulled directly from SAP.​​