The digital economy has made a big impact on customers by offering ease and convenience while it requires a different orchestration for businesses to evolve and unleash their full business potential. With the emergence of agility, organizations are fast becoming more dynamic and are changing regularly to keep up with the pace. This has paved way for smaller and smarter businesses to innovate and bring out cost effective solutions to be able to offer GRC (Governance, risk management, and compliance) engagement, which otherwise businesses perceive as a high cost activity. GRC engagement delivers business agility where organizations can respond rapidly to changes in the business environment and communicate to employees about these changes.
A trend that we witness within SAP implementations is the shift to SAP (S/4) HANA and SAP Fiori. With the changes in the implemented SAP systems, it is implicit to ensure governance of these applications which allow the organizations to reap the following benefits:
- Cost savings in designing user roles in context of ERP changes
- Automation of access controls and SoD to improve efficiency
- Lesser spending on external consultants to do manual control validation and SoD monitoring
- Cost savings in internal audit testing and investigation of access controls
- Reduction in external audit fees as they rely more on the automation of access controls and SoD
- Efficiency in assigning and determining appropriate access
- Greater efficiency and savings in documenting user access reviews
- Efficiency in technology processing and overall reporting time in which an audit of 10,000 users takes only about 15 minutes
It is essential that GRC solution elements (such as rule sets) are easily adjustable with these ongoing changes. Therefore, CSI tools do 5 analysis separately. Transaction codes and / or authorization objects and / or authorization object field values and / or menu access and / or transaction code usage. By analyzing all different layers separately only CSI tools can identify conceptual weaknesses in the roles AND/OR weaknesses in the rules. Changes made to an element of the rule set are inherited automatically to all related layers of this element to maintain consistency.
CSI tools is ahead of the market; with the upcoming European data protection law it will be necessary for companies to protect the personal data. CSI tools is ahead of this new law and our solutions can be used to get and stay compliant for GDRP
CSI tools are designed to be used on every level within the organization and changes can be easily implemented. GRC reporting is not only about SoD (segregation of duties) conflicts. It is also about the remediation of these conflicts. You can’t mitigate risk without insight into its underlying causes. CSI tools provide the answers to questions like, is the access appropriate, how is the user getting access to these conflicts, via which roles and is the user really using this critical functionality?
The organizations that are using CSI tools reported the following agility in their compliance and broader GRC processes through working with CSI tools:
- The organization is now able to rapidly find and correct access control and SoD issues
- Once queries are built and customized they can be readily used at any time
- Authorizations are more transparent
- Capability to present conflicting roles to the business in a way they can understand and respond to
- Ability to manage action items to fix authorization problems
- Streamlined authorization audits and consultations
- Ability to continuously monitor role and SoD changes throughout year and not just annually
CSI tools is constantly keeping eye on the market and in contact with their customers and prospects to hear their needs and uses this information with developing new and improving
CSI tools’ applications. This year CSI tools is extending their product range with Mass user Maintenance support in the CSI Mass User Maintenance (CSI MUM) application, and the
latest newest CSI HANAlysis Cockpit can be used to audit and analyze the complex HANA security structure.