QuickManage

Seamless User Access, Streamlined Workflows and Effective Mitigation

QuickManage is a workflow-based user access management system that integrates preventive access control mechanism,

mitigation performance and access review.

  • Template workflow for User Access Provisioning (with integrated preventive Segregation of Duties and Sensitive Access check). User Access Review and Firefighter Access.​​
  • Drive operational efficiency by deploying an automated Access Management Solution that simplifies request handling, accelerates role assignment, and reduces manual intervention.​
  • Leverage out-of-box Multi-Stage Approval Processes based on Company, Department and Location.
  • Suggestion for Best Fit roles with minimum conflicts.
  • Functionality includes SLA timelines, delegation, request forward, auto approval and rejection for inactive requests.​
  • Inbuilt reports, dashboards and system generated audit trail ensures compliance status.
First slide
Continuous Preventive Control

QuickManage implements a Continuous Preventive Control mechanism by enforcing a pre-review of every new access or access change request. It helps to make an informed decision and save time and effort in post facto corrective actions.

User Access Change​
  • QuickManage allows prevention of conflicts due to access changes by integrating SOD Conflicts and Critical Access Check in the User Provisioning Process​.
New User Access​​
  • ‘Copy from User’ functionality allows mimicking access of an existing user for a new user added to the system and provides a snapshot of the conflicts that the new user will carry into the system.​
User Access Review​
  • QuickManage schedules and documents User Access Reviews. Managers can be notified to perform access reviews for users reporting to them based on user-manager mapping. Results are sent to the basis team for any required action.

Features

Flexible Approver
Levels

Design different approver workflows to match risk type and severity.

Easy to Deploy

Quick configuration process for immediate out-of-the-box usage with minimal user training.

Efficient Access
Provisioning​

Best Fit roles with minimum conflicts for requested access. Get timely elevated access to address emergencies.

Manage Mitigation
Effectively

Create and apply Mitigating Controls on a real time basis. Document and monitor performance.
End-to-End Access Management Solution
  • Allows Role-based and Hybrid (TCode) based requests.
  • Metadata filters enables role selection for end user requests.
  • Best Fit role suggestions for Hybrid (TCode) requests.
  • Option to enforce creation and application of mitigating controls prior to granting access to users.
  • Auto approval / rejection for inactive requests and functionality to split requests.
  • Auto provisioning of access post approvals reducing the effort of basis team.
  • Separate workflow for Access Removal, User Termination, Periodic Access Review, Control Performance, Firefighter Access.
User Access Review
  • Schedule periodic User Access Reviews with QuickManage.
  • Automated email notifications to be sent when the review is due.
  • Retrieve access details and usage information before reviews.​​
  • Send reviewer response to basis team for further action.​

Case Study

Listed And Diversified Non-Banking Financial Company In Indian Market

Context​
  • Client was effectively using the QuickAudit tool for monitoring and controlling their existing access control risks for SAP ERP. There was a requirement to fine tune the risk identification and monitoring process by updating the ruleset to reflect latest compliance requirements and make it client specific​​.
  • In addition to SAP ERP, client was using SAP TRM module, BPC and Ariba Cloud solution and had a requirement to design a ruleset for TRM and BPC to monitor SOD/SA risks for these business areas. The PTP ruleset was to be updated to include only Ariba and cross-system risks.
  • Suggestions for Role Design and Mitigating Controls were needed to Remediate and Mitigate the risks reflected in the latest risk analysis report.
  • As a listed company and a NBFC access to UPSI (Unpublished Price Sensitive Information) through rulesets had to be monitored.​​
Our Role And Value Delivered​
  • Performed a walk through of the business processes and identified SOD /SA risks relevant to be monitored for NBFC. Accordingly updated the existing SAP ERP rulesets and created rulesets for TRM module, BPC and Ariba. Client processes were documented in flowcharts to help identify mitigating controls and highlight SOD risks.
  • ​Developed a unique user and activity wise matrix report to identify whether existing access were in line with job profiles. It became the base for removal of excess access and role design activity.
  • Identified and curated a list of T-codes to be monitored for access to UPSI.
  • Developed QuickAudit modules for TRM and BPC as well as cloud based Ariba application to perform stand-alone and cross system risk analysis.​​
  • Developed QuickManage module to simulate SOD/SA risks for user access provisioning in Ariba.​​