sap-grc-access-control-e1470147512318I can tell a lot about how a new client handles governance, risk and compliance (GRC) by saying one word: audit. If I see despair or grim resignation, they’re using old, document-centric processes. Their team spends hundreds of hours gathering documents and compiling reports, only to end up with another poor audit, and more work.

It all feels pointless, because it is. A solution designed to provide SAP GRC Access Control, can log access automatically, organize the information effectively and allow you to spend minutes on remediation instead of weeks or months. Here’s how ControlPanelGRC®, winner of the 2016 GRC20/20 Value Award, can save you time, money and grief.

 

Life Without a Solution for SAP GRC Access Control

Audits aren’t a big source of stress at Carlisle Construction Materials these days, but it wasn’t always like that. With 2,400 employees at 29 plants in North America and Europe, Carlisle is a complicated business to keep audit-ready — particularly without a modern solution for managing SAP GRC Access Control.

Before implementing ControlPanelGRC Access Control, Carlisle would spend two months just gathering access data and other documentation for audits. And that doesn’t count time spent manually manipulating it in MS Excel, and printing and storing data for each role — a process that would have to be repeated if any changes were made to the workbook.

Attempts to make the process easier ended up backfiring. Their current manual process for managing Segregation of Duties (SoD) yielded output not even their auditors understood. Their manual remediation efforts often resulted in more errors, and their efforts to update their security model drastically increased the number of roles, making more work for everyone.

How ControlPanelGRC Saved the Day

In 2013, Carlisle decided enough was enough, and purchased Symmetry’s ControlPanelGRC solution for SAP GRC Access Control. To meet their short timeline (they needed to show substantial remediation progress before 2015) Symmetry provided Carlisle with an Accelerated Remediation Toolkit, and implemented the ControlPanelGRC Access Control Suite.

Setup was quick, and the benefits were immediate. With the Accelerated Remediation Toolkit, Carlisle replaced thousands of pages of supporting documentation with one simple monitoring system. This allowed them to radically simplify their security model, reduce SoD risks and quickly remediate existing security issues.

ControlPanelGRC Access Control Suite is designed to automatically notify the appropriate people with an intuitive workflow. The Risk Analyzer module continually monitors access, and routes risk reports to the appropriate manager automatically.

Integrated with the Risk Analyzer module, the User and Role Manager module automatically routes user and role change requests for approval and activation, only after checking them for security issues. All the parts work together, and the system logs every step, making Carlisle Always Audit Ready™. That’s how Symmetry’s ControlPanelGRC’s approach to managing SAP GRC Access Control has yielded ongoing benefits for Carlisle, allowing them to cut audit preparation time and security costs while continuously improving risk mitigation.

ControlPanelGRC brings compliance into the 21st century

Shuffling papers, compiling endless spreadsheets, and paging through logs are a waste of your time. ControlPanelGRC automates the 99% of GRC tasks, and puts the other 1% at your fingertips. Instead of spending months sweating over the security model, your team can fix the problem, your auditor can check the records, and everyone can get back to work.

Learn how Symmetry can make it even easier to reduce risk with Security Complete Plus GRC, our comprehensive security and compliance service.

About Ben Uher, Client Manager of Security & Controls

Ben Uher manages the SAP Security and Controls Practice at Symmetry where he leads a team of permanent Consultants in delivering SAP Security and GRC offerings to global organizations. His deep knowledge in everything SAP Security and GRC related has come from the opportunity to work with over 150 Organizations running SAP throughout various cycles of their implementations. Variation in industry, sector and size has provided a breadth of opportunity and experience in almost every facet of SAP technology spanning HANA, Fiori, ERP, BW/BI, HCM and SCM amongst others. Most importantly, Ben is driven based on results and continually strives to provide exceptional support for the organizations that rely on him and his team as trusted advisers for SAP Security and GRC support.