SAP Access ControlsAlmost everyone struggles with SAP GRC these days. Many companies use outdated, document-centric review processes. They work for months just to compile audit reports, and by the time they remediate their SAP access controls, it’s time to start the whole process again.

 

Installing a product like the ControlPanelGRC Access Control Suite can be transformative. Suddenly, reports that used to take months are run automatically, and remediation processes that would require you to dig through thousands of pages of records can be handled with a few clicks.

 

For example, Carlisle Construction Materials was able to cut 80% off SAP security remediation costs, and 75% off annual SAP security administration costs, and save months of data gathering work every year. But is streamlining your SAP GRC process good enough?

 

The Case For Outsourcing SAP Access Controls

Even with modern SAP access controls, GRC is complex. SAP GRC SOX compliance requires you to implement finely-tuned segregation of duties controls, and remediate potential conflicts. This requires staff who understand the legal framework, technical requirements and business needs — and have time to keep up with constant change in all three domains.

 

Most organizations simply do not have this combination of skills in-house. But even if yours does, managing SAP access controls internally may not be a logical decision. An in-house SAP GRC program will always be costly compared to outsourcing, and you may be wasting highly-skilled employees on a task that gives you no competitive advantage.

 

Even from a compliance perspective, Access Control as a Service (ACaaS) is usually a better bet. It’s unlikely you’ll be able to find highly-experienced GRC staff, and there’s a certain amount of risk inherent in having your staff manage its own GRC. A managed services provider that specializes in SAP access controls will be able to leverage their experience more effectively, while reducing risk and administrative overhead by providing a complete SAP GRC solution.

 

SAP GRC, Security and Compliance — We’ll Take Care of It!

Symmetry provides a complete suite of SAP hosting and managed services, including ACaaS, SAP security and cyber security. Whether you’re looking for someone to install and configure SAP access controls and train your staff, a complete security and compliance solution, or something in between, we’re here to support you.

 

To learn more, check out our free customer success resource: Carlisle Construction Materials: Value Achieved in Automated Controls in an SAP Environment.

About Scott Goolik - VP, Compliance and Security Services

Scott Goolik is VP of Compliance and Security Services at Symmetry. A recognized expert in the field of SAP security and compliance, Scott has over 20 years of expertise in SAP security and is a regular presenter at SAP industry tradeshows and ASUG events. His experience includes working for one of the Big Four accounting firms and developing auditing tools, including those for segregation of duties (SOD). Scott is also responsible for architecting the ControlPanelGRC® solution which provides audit automation and acceleration of security and control processes.