Global Life Sciences Company Enhances Compliance and Risk Management Using SAP BusinessObjects GRC Access Control 10.0

Global Life Sciences Company Client Story

Key to Success

Change Requested:

Our client faced challenges with having a unified SAP environment & ability to maintain visibility & insight into user access risk across the business

Change Envisioned :

Our client saw an opportunity to enhance and enforce globalized processes with the implementation of SAP BusinessObjects GRC Access Control 10.0.

Change Delivered:

Our implementation began with a series of workshops to obtain a better understanding of the client's SAP environment

Change Requested:

As a leading life sciences company with a footprint that stretches around the world, this client faced challenges with having a unified SAP environment and the ability to maintain visibility and insight into user access risk across the business. In addition, several acquisitions had been integrated into the SAP environment in recent years, with inconsistent approaches to designing and implementing user access. While global policies and procedures existed, local offices at times managed their user accounts differently.

Change Envisioned

With the implementation of SAP BusinessObjects GRC Access Control 10.0, this client saw an opportunity to enhance its compliance and risk management capabilities and enforce globalized processes, with a focus on:

Proactively managing user and role access risks prior to provisioning
Maintaining a central repository of mitigating controls
Providing visibility and auditing of super user access
Globalizing user administration processes
Globalizing role management processes
Improving audit effectiveness and efficiency

Change Delivered

Our implementation began with a series of workshops to obtain a better understanding of the client's SAP environment - for example, how it is configured, managed, and the potential business impact of changes to access management processes. Based on the information and requirements discussed, this approach creates a foundation upon which to tailor the implementation of GRC Access Control 10.0 to the client's needs.

Our approach consisted of two phases. The first phase focused on controlling segregation of duties, sensitive access and super user risk. Advantages of this two-phased approach include:

The ability to generate segregation of duties and sensitive access risk reports from the client's actual SAP environment in the shortest amount of time, providing early insight into user access issues that require remediation
Roll-out of centralized emergency access - a "quick win" that can be recognized by the entire organization

Following the successful testing and implementation of that functionality, the second phase focused on embedding management of user access risk into the processes associated with user provisioning and the maintenance of user roles. Complete end-to-end automated workflows were created to automate the SAP user administration processes (for example, creation of a new account or a request to change an existing account). We worked with our client to design workflows that would enforce organizational and audit requirements globally. The workflow includes steps that simulate changes to user access and compare the proposed access to a set of business rules that have been defined to manage segregation of duties and sensitive access.

Concurrently with the automation of user provisioning, the business role management functionality was installed, based on the organization's user role management methodology. This is designed to enforce standardization across the entire system among the IT support users who create and change user roles (for example, standing role-naming conventions and mandatory identification of role owners).

Our client has achieved the following benefits as a result of this project:

Complete overview of the organization's SAP security environment to understand where the highest levels of risk exposure exist
Implementation of process to support monitoring and audit trails of powerful super user and emergency access
Globalized SAP user access administration to ensure all users across the world follow a uniform process
Globalized SAP security role management process to ensure all security administrators follow a consistent methodology
New tools to support the redesign of SAP security roles effectively and efficiently
Improved IT organizational performance driven by a clear definition of roles and responsibilities

Request for proposal

Article
Basic page
Careers
Client Stories
Company
Contacts
Content Groups
Documents
Events
Footer
Homepage
Insights
Jobs
Microsites
Offices
Panel
Press Releases
Solutions and Industries
Webform
protiviti_rnd

Video / Audio
-Audio
-Video
Webcasts
Publications
-White Papers
--Risk Solutions
--Industry
-Resource Guides
-Newsletters
--Compliance Insights
--Board Perspective: Risk Oversight
--Emerging Risks
--FS Insights
--Global Financial Crisis Bulletin
--The Bulletin
--TMC Industry
-POV
-Diagnostics and Benchmarks
-Flash Reports
--Information Technology
--General Business
--SEC
--PCAOB
--Financial Reporting
--Basel II
--J-SOX
-Survey Guides

Language neutral
English (US)
English (UK)
Dutch
English (NL)
English (AU)
English (BH)
English (CA)
English (IN)
English (KW)
English (AE)
English (CN)
English (OM)
PCC (IN)
Spanish
English (SA)
English (SG)
English (ZA)
English (QA)
Chinese
Japanese
French
French (CA)
German
Italian
Portuguese (BR)
Spanish (AR)
Spanish (CL)
Spanish (MX)
Spanish (PE)
Spanish (VE)

Global Life Sciences Company Enhances Compliance and Risk Management Using SAP BusinessObjects GRC Access Control 10.0