SAP audits

Follow up on SAP audit recommendations and prove it to the auditors

SAP Audit: Continuously monitor access rights

As soon as the user is created in SWAWE, the proposal of the rights or Business profiles to be assigned to the user is limited via his attachment to an organization.
A filter on the role proposals is therefore already in place in the upstream phase (SWAWE IAM).

Read more

Then, still in the user creation phase, a SoD analysis can be performed or requested in order to highlight the risks of segregation of duties (SWAWE RISK).

These SoD analyses can be performed whenever new user rights are requested.

Thereafter, to ensure that users have the appropriate rights in relation to their business function, it is recommended that user rights be reviewed periodically.
SWAWE CCM allows you to schedule these checks periodically, indicating which organization performs the check and who validates it, in what way (described and detailed procedure), and on what periodicity.

The proof of control is entered in the CCM and the information is traced and permanently available (Auditable).
Dashboards allow for real-time monitoring of the status of controls related to these reviews (SWAWE REPORT).

Demonstrate access rights compliance

As explained above, SWAWE CCM stores all controls. It is therefore possible to find all reviews related to user rights in the form of lists or dashboards.
In this way, it will be possible to demonstrate at any time who carried out the control, who validated it, what procedure was followed to do so and the proof of the control.

Audit SAP : Démontrer la conformité des droits d’accès
Communiquer sur les remédiations effectuées

Communicate on the remediations performed

In the context of a user rights redesign project, the number of SoD risks decreases as the project progresses. SWAWE RISK is used to highlight this decrease. To record/trace the evolution of these risks, we will use SWAWE CCM where we will be able to find, at each review date, the details of the risks by business line, by organization in the form of graphs/tables... We can also use SWAWE Report to show the evolution of the number of risks over time.

Contents related to this use case

User case

Adova Group

The Adova Group, the leading French industrial group in bedding, seating and sofas, was created in the 1990s. It owns brands with a strong reputation (Simmons, Treca, Bliss, Steiner...) sold in France and abroad.

Following an audit conducted in 2020, which revealed a large number of users with extended rights and a high risk of fraud, ADOVA Group decided to undertake a process of optimization of SAP rights management

Solution CCM

The auditors regularly point to shortcomings in the performance and monitoring of ITGC controls in the 4 categories: Access to systems, Access to data, Change management and developments, Operations.

One of the main challenges of ITGC controls concerns the perfect mastery of the user management process: having the ability to prove that this process is clearly described in the appropriate procedures, respected and traced!

Contact US

A demonstration is better than a long speech...