Deloitte Access Risk Intelligence
With the increasing complexity of businesses, exposure to cyberattacks, and new data privacy requirements, a simple solution for managing access risks in SAP environments has become a necessity for many organizations.
Increasing complexity drives the need for simple solutions
As organizations increasingly rely on an expanding SAP ecosystem and new technologies making application access available at the fingertips of users anytime and anywhere, globally integrated business processes have become more vulnerable to fraud, cyberattacks and other security inci-dents.
SAP systems today house much more than just financial information; they hold customer data, intellectual property and proprietary supply chain methods that could be important to ensure the organization’s competitive advantage and to its compliance with data protection regulation.
With the increased complexity and integration of SAP systems, sensitive data is at heightened risk if proper controls are not in place - thus increasing the potential for cyber threats, fraud and compliance violations.
A simple solution for managing access risks is essential to tackle the complexity and to bring you in control of access to critical data in your SAP system landscape.
With our Deloitte Access Risk Intelligence solution for SAP (DARI), you will get just that.
We have built DARI to support our clients in identifying, understanding, mitigating and monitor-ing Access & Segregation of duties (SoD) risks in their SAP systems throughout the entire sys-tem lifecycle – from blueprint to daily operation.
With DARI, you will get a number of unique tools that are all focused on analyzing and managing access risks and segregation of duties, as well as optimizing SAP role content and allocation.
”What if” analyses
Every change in SAP access rights can influence the quantity of business risks. Today, only a few companies are able to conduct a qualified risk assessment of introduced changes. DARI allows for a simple and quick analysis of the consequences of changes to access rights, before they are implemented. Accordingly, the introduction of new risks can be prevented, and this minimizes the need for time-consuming and troublesome access rights clean-ups.
DARI will, among other things, enable you to:
- Analyze the effect of introducing changes to existing role settings e.g. by adding or re-moving transaction codes from an existing role
- Analyze the risk of building new roles (single or composite roles)
- Analyze the effect of assigning roles to or removing roles from users
- Analyze the risks of all roles within a business area
Role & User Mining
DARI’s role mining tool provides a brief outline of whether the contents of the present role set-ting match the actual use of the users. The tool can be used for adapting the roles or the as-signment of roles in order to minimize access risks or optimize the use, as seen, for example, from a license perspective.
DARI features versatile reporting tools that make it possible to define and execute risk analyses at user level or role level.
All reports are generated on the basis of real-time data from SAP and contain the following in-formation:
- A graphical overview that provides statistics of the most frequent risks, users with the most identified access risks and segregation of duty conflicts, which allows you to focus on the high risk areas first
- A risk matrix that gives a quick overview of identified risks and any compensating controls, which will allow any unexposed risks to be easily identified
- Details about the users access to relevant transaction codes and authorization objects, which allow a technical interpretation of the identified risks and a decision as to any modi-fications to the access rights
- Information about the used risk catalogue, defined compensating controls, and other crite-ria used to prepare the report
Additionally, organizational demarcations can be defined for the individual reports e.g. to check which users have general ledger access to a certain cost-, profit center, or company code.
The DARI reports also contain the actual transaction codes used by the individual users and, in that way, they show not only theoretical risks, but also the access rights that have actually been used. You can thus target the risks that the individual users have used – e.g. during the last financial year.
All reports are saved in Excel and achieved, they can thus easily be retrieved at a later time; furthermore, it is possible to see the development of the access risks of the individual reports over time. Moreover, administrators or uses can save the SoD reports in such a way that modifi-cations or deletions cannot be made before the report has been enabled for editing again.
Furthermore, DARI can interact with Deloitte’s SharePoint solution DCI (Deloitte Control Intelli-gence),which can optimize the management, execution, and monitoring of controls.
Why choose DARI?
The fundamental idea behind DARI is to offer a simple and user-friendly solution that can be used by users without a thorough knowledge of SAP, and that solves the main challenges as regards the management and monitoring of SAP access risks.
After a brief introduction, users across the organization will be able to use DARI, which is ac-cessed via a web browser. This means that it is not necessary to install new software, when the users are granted access to the solution in the future.
DARI does not require further installation of components in your SAP environment either, and the technical installation and configuration ensure that you, within a short period, will be able to monitor and manage access risks and segregation of duty in your SAP systems.