Transport & Logisics
Implementation of SAP GRC Access Controls 5.3 at a major UK Transport operator*
The UK branch of Turnkey Consulting assisted this major UK transport provider in the remediation of segregation of duties (SoD) issues and the implementation of SAP GRC tools to support ongoing SoD compliance.
A key deliverable of this project was the development of a business ownership model for the new roles and the implementation of this model in the business. Our consultants worked with representatives from across the business to gather their extensive input into the new role design. Business ownership of the new design was then ensured by the development of business owners with defined responsibilities at every stage of the role design and access allocation process. The new business ownership model was supported by a comprehensive training course outlining roles and responsibilities and how to use the new SAP GRC tools.
The project also included a complete review of support user access and the documentation of risks and controls in the support process. The SAP GRC Super user Privilege Management (SPM) module was leveraged to control access to sensitive access and to improve emergency access procedures.
To document and monitor the client’s risk environment the SAP GRC Risk Analysis and Remediation (RAR) module was implemented. Risk workshops were held with all key stakeholders and through extensive consultation with business representatives a complete picture of the client’s business risks was documented in the RAR tool. A simplified SAP Security role design was then developed using a risk based approach together with system usage statistics and existing access allocations.
Controls workshops were also held to document the client’s existing mitigating controls and to understand the holistic control environment, beyond SAP access controls.
The result was a much more straightforward SAP role design with a well defined business ownership model and the appropriate SAP GRC tools in place to keep the system clean of segregation of duties conflicts.
Industry Solutions
- Aerospace & Defense
- Banking
- Consumer Products
- Defense & Security
- Engineering, Construction & Operations
- Higher Education
- Insurance
- Media
- Oil & Gas (1, 2)
- Public Sector & Local Authorities (1, 2)
- Pharmaceuticals
- Professional Services
- Retail
- Telecommunications
- Transport & Logisics
- Utilities
*Specific client references are available upon request.
