SAP GRC
KelltonTech
14,404 views
25 slides
Mar 14, 2017
Slide 1 of 25
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
About This Presentation
Software AG was top ranked in current offering and received among the highest scores in the strategy category in the Forrester Wave. webMethods Hybrid Integration Platform combines traditional on-premise integration with cloud integration capabilities to support a wide range of integration patterns ...
Slide Content
SAP GRC Access Control
HOW SAP GRC ACCESS CONTROL WILL IMPROVE YOUR BUSINESS DECISIONS
3/7/2017
HOW SAP GRC ACCESS CONTROL WILL IMPROVE YOUR BUSINESS DECISIONS
3/7/2017
KEY FACTS
2
2
FOUNDATION FOOT PRINT CLIENTELE CORE STRENGTH OWNERSHIP TEAM SIZE
Reston, VA
Princeton, NJ
Delhi
Hyderabad
Guwahati
Lucknow
Cupertino, CA
Chicago, IL
Dublin, Ireland
Houston, TX
London, UK
1993: 24
years young
Startups to
Fortune 500
People and
process (ISO
9001:2008
and CMMi
Level 3)
Public limited.
BSE|NSE :
KELLTONTE
C
1200+
employees
globally
USA,
Canada,
Ireland , UK &
India
2
2
FOUNDATION FOOT PRINT CLIENTELE CORE STRENGTH OWNERSHIP TEAM SIZE
Reston, VA
Princeton, NJ
Delhi
Hyderabad
Guwahati
Lucknow
Cupertino, CA
Chicago, IL
Dublin, Ireland
Houston, TX
London, UK
1993: 24
years young
Startups to
Fortune 500
People and
process (ISO
9001:2008
and CMMi
Level 3)
Public limited.
BSE|NSE :
KELLTONTE
C
1200+
employees
globally
USA,
Canada,
Ireland , UK &
India
1
The Gilded Armory
Certifications. Alliances. Recognition.
The Gilded Armory
Certifications. Alliances. Recognition.
Digital
Transformation
Harness the power of
digital technologies
and data to create
competitive advantage
Digital Connected
Enterprise
Connecting the dots in
your digital systems of
engagement, insight,
records and core IT
Enterprise
Solutions
Delivering end-to-end
SAP solutions as a
certified SAP Gold
partner
Professional
Services
Promoting strategic
agility with cutting-
edge technology
consulting and
professional
services
Outsourced Product
Development
Ensuring high quality
and high
performance product
development via agile
SDLC model
WHAT WE DO
Transformation
Harness the power of
digital technologies
and data to create
competitive advantage
Digital Connected
Enterprise
Connecting the dots in
your digital systems of
engagement, insight,
records and core IT
Enterprise
Solutions
Delivering end-to-end
SAP solutions as a
certified SAP Gold
partner
Professional
Services
Promoting strategic
agility with cutting-
edge technology
consulting and
professional
services
Outsourced Product
Development
Ensuring high quality
and high
performance product
development via agile
SDLC model
WHAT WE DO
PARTIAL CUSTOMERS BY INDUSTRY
Others
Financials
Services
Energy
Utilities
Manufacturing
Retail
Others
Financials
Services
Energy
Utilities
Manufacturing
Retail
Speaker Bio-
Feroz Mohammed is a Senior consultant for Kellton Tech, the leading provider of
Security & GRC solutions for customers running SAP. He has over 9 years of
experience in Security & GRC Implementation, Upgrades and Support. Feroz
has served in multiple industries like manufacturing, oil & gas, energy, chemicals
and many more.
Feroz Mohammed
Sr. SAP Security & GRC
Kellton Tech
Feroz Mohammed is a Senior consultant for Kellton Tech, the leading provider of
Security & GRC solutions for customers running SAP. He has over 9 years of
experience in Security & GRC Implementation, Upgrades and Support. Feroz
has served in multiple industries like manufacturing, oil & gas, energy, chemicals
and many more.
Feroz Mohammed
Sr. SAP Security & GRC
Kellton Tech
AGENDA
1.Introduction – Kellton Tech
2.What is GRC?
3.Four Components of GRC Access Control
4.Mobile Apps
5.Customer’s Success Story
6.QA
1.Introduction – Kellton Tech
2.What is GRC?
3.Four Components of GRC Access Control
4.Mobile Apps
5.Customer’s Success Story
6.QA
Governance Risk Compliance
SAP Governance, risk and Compliance (GRC) offers solutions that enable you
to make better business decisions by visualizing and predicting how risks may
impact performance. You can reduce complexity and cut costs – while protecting
your company’s reputation and financial wellbeing by integrating key GRC
activities into your existing business processes.
Kellton Tech can help organizations identify, remediate, monitor, exploit and
manage enterprise risks in addition to coordinating the utilization of people,
process and technology to improve GRC effectiveness and help manage costs.
SAP Governance, risk and Compliance (GRC) offers solutions that enable you
to make better business decisions by visualizing and predicting how risks may
impact performance. You can reduce complexity and cut costs – while protecting
your company’s reputation and financial wellbeing by integrating key GRC
activities into your existing business processes.
Kellton Tech can help organizations identify, remediate, monitor, exploit and
manage enterprise risks in addition to coordinating the utilization of people,
process and technology to improve GRC effectiveness and help manage costs.
Governance Risk Compliance
In a Sarbanes Oxley Act (SOX) regulated environment, a business needs to
define their access controls based on Segregation of Duties (SoD).
Segregation of Duties: SoD is the concept of having more than one person
required to complete a task. In business the separation of sharing of more than
one individual in one single task shall prevent from Fraud and Error.
Example: if user X can create a vendor & then pay the same vendor.
Risk: When an employee in a company is assigned with Task that could provide
them with an opportunity to commit fraud. Tasks are assigned to the employee in
form of Roles which are made up of Actions/T-codes.
In a Sarbanes Oxley Act (SOX) regulated environment, a business needs to
define their access controls based on Segregation of Duties (SoD).
Segregation of Duties: SoD is the concept of having more than one person
required to complete a task. In business the separation of sharing of more than
one individual in one single task shall prevent from Fraud and Error.
Example: if user X can create a vendor & then pay the same vendor.
Risk: When an employee in a company is assigned with Task that could provide
them with an opportunity to commit fraud. Tasks are assigned to the employee in
form of Roles which are made up of Actions/T-codes.
SAP GRC Access Control
SAP GRC Access Control
1.Access Risk Analysis aka (ARA)
2.Emergency Access Management aka (EAM)
3.Business Role Management aka (BRM)
4.Access Request Management aka (ARM)
1.Access Risk Analysis aka (ARA)
2.Emergency Access Management aka (EAM)
3.Business Role Management aka (BRM)
4.Access Request Management aka (ARM)
Access Risk Analysis
The Access Risk Analysis is the core module of SAP GRC and is used for
preventive and ongoing monitoring of SoD risks, critical transactions and
Mitigating Controls.
ARA Life cycle:
Risk
Identification
Rule Building
& Validation
Analysis
Remediation/
Mitigation
Continuous
Compliance
1.Risk Identification
2.Rule Building & Validation
3.Analysis
4.Remediation/Mitigation
5.Continuous Compliance
The Access Risk Analysis is the core module of SAP GRC and is used for
preventive and ongoing monitoring of SoD risks, critical transactions and
Mitigating Controls.
ARA Life cycle:
Risk
Identification
Rule Building
& Validation
Analysis
Remediation/
Mitigation
Continuous
Compliance
1.Risk Identification
2.Rule Building & Validation
3.Analysis
4.Remediation/Mitigation
5.Continuous Compliance
Access Risk Analysis
How to eliminate the risk?
There are two approaches
1.Remediate
2.Mitigate
Continuous
Compliance
How to eliminate the risk?
There are two approaches
1.Remediate
2.Mitigate
Continuous
Compliance
Emergency Access Management
•EAM enables end-users to perform emergency activities outside the
parameters of their standard role, but within a controlled and fully audit-able
environment. The application assigns a temporary Firefighter ID that grants
end user (Firefighter) broad yet regulated access, and logs every activity
he/she performs using the temporary ID.
•Benefits:
Resolve SoD conflicts.
A controller monitors all the activities executed by the firefighter and is also responsible
to audit the usage by reviewing and signing off on firefighter log report.
Audit documentation is immediately prepared after the event which eliminates time and
resources needed to prepare it making it cost effective.
•EAM enables end-users to perform emergency activities outside the
parameters of their standard role, but within a controlled and fully audit-able
environment. The application assigns a temporary Firefighter ID that grants
end user (Firefighter) broad yet regulated access, and logs every activity
he/she performs using the temporary ID.
•Benefits:
Resolve SoD conflicts.
A controller monitors all the activities executed by the firefighter and is also responsible
to audit the usage by reviewing and signing off on firefighter log report.
Audit documentation is immediately prepared after the event which eliminates time and
resources needed to prepare it making it cost effective.
Business Role Management
•Business Role Management (BRM) is the identification and mitigation of risks
at an early stage, even before the creation of the roles. Risks can be identified
as a conflict within a single role and Composite role.
•Benefits:
Creates Single, Derived roles by pro-active avoidance of SoD risks.
Supports the definition and documentation of role information, authorization
and testing results.
Using GRC simulation functionality, it allows preventative measures to be
carried out far quicker than manual alternative.
•Business Role Management (BRM) is the identification and mitigation of risks
at an early stage, even before the creation of the roles. Risks can be identified
as a conflict within a single role and Composite role.
•Benefits:
Creates Single, Derived roles by pro-active avoidance of SoD risks.
Supports the definition and documentation of role information, authorization
and testing results.
Using GRC simulation functionality, it allows preventative measures to be
carried out far quicker than manual alternative.
Access Request Management
•Access Request Management (ARM) is the provisioning tool that will provide
the company with the ability to manage SAP user access management and
Role assignment within connected system.
•Provisioning access to users, involves the user completing the forms that
request access to backend system.
•Access Request are created in GRC box by requestors and submitted for
approval. The requestor would be responsible for selecting the roles required
by the user. Once submitted, the request is routed online by workflow to
relevant approvers.
•Access Request Management (ARM) is the provisioning tool that will provide
the company with the ability to manage SAP user access management and
Role assignment within connected system.
•Provisioning access to users, involves the user completing the forms that
request access to backend system.
•Access Request are created in GRC box by requestors and submitted for
approval. The requestor would be responsible for selecting the roles required
by the user. Once submitted, the request is routed online by workflow to
relevant approvers.
Access Request Management
Benefits:
ARM will help you stay clean and Stay in control.
Significant improvements in provisioning solution e.g. usability, workflow,
flexibility, maintenance, reduce man power and system performance.
A number of ready to use out of box workflows for ARM integration with
EAM, BRM and ARA.
Using Access Request you could create, change, lock, unlock and Self-
service password reset lifts another user administration burden from the
support team.
Benefits:
ARM will help you stay clean and Stay in control.
Significant improvements in provisioning solution e.g. usability, workflow,
flexibility, maintenance, reduce man power and system performance.
A number of ready to use out of box workflows for ARM integration with
EAM, BRM and ARA.
Using Access Request you could create, change, lock, unlock and Self-
service password reset lifts another user administration burden from the
support team.
GRC Access Approver for Mobile apps
Currently SAP Delivers the following Fiori applications for SAP Access Control
Request Access
Check Request Status
Access Approver/Compliance Approver
Firefighter Usage & Many More.
Currently SAP Delivers the following Fiori applications for SAP Access Control
Request Access
Check Request Status
Access Approver/Compliance Approver
Firefighter Usage & Many More.
GRC Access Approver for Mobile apps
Review Requests
Decide on the Fly – approve request from any where
Review and approve time-sensitive user and firefighter
access requests
Review risks associated with a request
Take Action
Call or email users to request additional information
Add comments before approving or rejecting requests
Forward requests to people in your contact list when
further information is needed
Review Requests
Decide on the Fly – approve request from any where
Review and approve time-sensitive user and firefighter
access requests
Review risks associated with a request
Take Action
Call or email users to request additional information
Add comments before approving or rejecting requests
Forward requests to people in your contact list when
further information is needed
.
Get Clean
Stay Clean
Get Clean
Stay Clean
Customer Success
PAR Pacific: GRC Implementation
Company
PAR Pacific Holding, INC
Headquarters
Houston, TX
Publicly traded - PARR
Industry
Oil & Gas
Products and Services
Refinery
Employees
1500+
Web Site
http://www.parpacific.com
Objectives
PAR has decided to implement GRC to identify governance and security issues that
need to be addressed.
Become better informed about best practices for remediation and mitigation of access
risk
Proactively identify risks prior to user provisioning
Why SAP
Central repository for mitigation controls
Comprehensive documentation of role management activities for audit purposes
Resolution
Expedited adoption of the SAP
®
Access Control application thanks to RBEI’s rapid
implementation methodology and value-adding best practices for security
Streamlined the role management process with risk-free roles and harmonized user
access administration
Future plans
Grow with and adapt to changes, thanks to future-proof, scalable technology
Improve monitoring and analysis or risks and controls with one-click access to
dashboards and reports
90%
Fewer SoD violations
50%
Less cycle time for access
management
30%
Reduction in composite
and single roles
Lower
Cost of compliance
Kellton Tech was also involved in S/4 HANA Implementation to PARR Pacific, Please follow
the link below for more details:
http://www.kelltontech.com/kellton-tech-case-study/leading-energy-provider-par-pacific-consolidates-
business-systems-sap
Company
PAR Pacific Holding, INC
Headquarters
Houston, TX
Publicly traded - PARR
Industry
Oil & Gas
Products and Services
Refinery
Employees
1500+
Web Site
http://www.parpacific.com
Objectives
PAR has decided to implement GRC to identify governance and security issues that
need to be addressed.
Become better informed about best practices for remediation and mitigation of access
risk
Proactively identify risks prior to user provisioning
Why SAP
Central repository for mitigation controls
Comprehensive documentation of role management activities for audit purposes
Resolution
Expedited adoption of the SAP
®
Access Control application thanks to RBEI’s rapid
implementation methodology and value-adding best practices for security
Streamlined the role management process with risk-free roles and harmonized user
access administration
Future plans
Grow with and adapt to changes, thanks to future-proof, scalable technology
Improve monitoring and analysis or risks and controls with one-click access to
dashboards and reports
90%
Fewer SoD violations
50%
Less cycle time for access
management
30%
Reduction in composite
and single roles
Lower
Cost of compliance
Kellton Tech was also involved in S/4 HANA Implementation to PARR Pacific, Please follow
the link below for more details:
http://www.kelltontech.com/kellton-tech-case-study/leading-energy-provider-par-pacific-consolidates-
business-systems-sap
H&E: GRC Implementation
Company
H&E Equipment services.
Headquarters
Baton Rouge, LA
Publicly traded –HEES
Nasdaq
Industry
Construction equipment,
rental and leasing service.
Products and Services
Heavy Equipment's
Employees
1700+
Web Site
http://www.he-equipment.com
Objectives
Adapt segregation-of-duties (SoD) rules to meet company’s needs
Standardize, automate, and accelerate all governance, risk, and compliance (GRC)
processes
Work with internal Audit & Business to review the default rule set
Why SAP
Need more visibility towards end user access.
Flexible and scalable role management framework
Risk Remediation & Mitigation
Resolution
Successfully being using Access request workflow & Firefighter as well.
Tailored the SoD rule set to the company’s business scenarios and rationalized naming
conventions
Future plans
Plan to switch to S/4 HANA soon to utilize the Mobile Apps functionality
Encourage and empower employees with enhanced self-services
90%
Improvement in visibility of
Risks
20%
Savings in cost through
effective risk management and
better resource management
10%
Reduction in auditing costs
Kellton Tech has been involved with H&E’s SAP ECC 6.0 implantation since the beginning.
Our primary focus originally was the implementation of the Sales and Distribution for their
equipment Sales, Rental, and Parts business. Kellton Tech has since expanded to become the
preferred vendor for support of all SAP products, Support and integrations
http://www.kelltontech.com/sites/default/files/inline-images/HE_Reference_2015.pdf
Company
H&E Equipment services.
Headquarters
Baton Rouge, LA
Publicly traded –HEES
Nasdaq
Industry
Construction equipment,
rental and leasing service.
Products and Services
Heavy Equipment's
Employees
1700+
Web Site
http://www.he-equipment.com
Objectives
Adapt segregation-of-duties (SoD) rules to meet company’s needs
Standardize, automate, and accelerate all governance, risk, and compliance (GRC)
processes
Work with internal Audit & Business to review the default rule set
Why SAP
Need more visibility towards end user access.
Flexible and scalable role management framework
Risk Remediation & Mitigation
Resolution
Successfully being using Access request workflow & Firefighter as well.
Tailored the SoD rule set to the company’s business scenarios and rationalized naming
conventions
Future plans
Plan to switch to S/4 HANA soon to utilize the Mobile Apps functionality
Encourage and empower employees with enhanced self-services
90%
Improvement in visibility of
Risks
20%
Savings in cost through
effective risk management and
better resource management
10%
Reduction in auditing costs
Kellton Tech has been involved with H&E’s SAP ECC 6.0 implantation since the beginning.
Our primary focus originally was the implementation of the Sales and Distribution for their
equipment Sales, Rental, and Parts business. Kellton Tech has since expanded to become the
preferred vendor for support of all SAP products, Support and integrations
http://www.kelltontech.com/sites/default/files/inline-images/HE_Reference_2015.pdf
Questions
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 14,404
- Slides 25
- Favorites 4
- Age 3184 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
28 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
30 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
28 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
26 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
27 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
29 views