Risk management tool
SWAWE RISK
Keep control of your risks and meet the expectations of your auditors in terms of security.
Define and implement a risk matrix and have a powerful risk management tool.
Reduce your risks and prove that you put them fully under control.
Risk Matrix
SWAWE incorporates a matrix proposal that will be easy to customize according to your wishes. It can easily be used at implementation of SWAWE and then improved over time.
Granularity level of the analysis guarantees the reliability of the result and quickly delivers the information you need to make the right decisions
Tracking and monitoring your risks becomes simple and effective.
Risk Management Tool: Remediation Methodology
Our approach not only reduces risks as much as possible (on average, more than 60% observed after a redesign of roles and users), but also proves at any time that residual risks are under control.
The library of customizable and adaptable to our clients' management processes mitigating controls ensures that each of the critical risks or SoD is perfectly framed by procedures and periodic controls.
Main benefits of a risk management tool
Understanding risks
The graphical representation of the SoD matrix in the form of a tree structure makes it possible to group risks by business process allowing a better understanding of the typology of these risks. (Risk grouping by P2P process – Procure To Pay, OTC – Order To Cash, project management ...)
Drastic risk reduction
SWAWE Risk highlights risks on actions/transactions that are not used, thus facilitating the rights remediation phase. On average, 70% of risks are eliminated after a role review project with SWAWE Risk.
Control of residual risks
Once the risks have been minimized, the residual risks must then be controlled. A library of Mitigating controls and reports can be set up in SWAWE to ensure that each of the Critical Accesses or SOD risks is compensated by control procedures.
Main features of SWAWE RISK,
risk management tool:
Customizable risk matrix
The SWAWE RISK risk management tool integrates a standard matrix proposal that can be easily customized according to the company's specificities. (SAP specific transactions in Zxxx or Yxxx to be included in the risk matrix)
Impact simulation engine
Before performing the action of assigning rights to a user, it is possible to simulate via SWAWE RISK a SoD analysis to understand its impacts. This becomes a decision-making tool based on the SoD results obtained by simulation.
Granularity of analysis
To avoid reporting many unproven SoD risks ('false positives'), the composition of the actions within the risks must be as detailed as possible. To rachieve this, our SoD matrix proposal is based on permission objects that are the finest elements at the permission level.
Reports and dashboards
Depending on the needs, SoD analyses can be represented in various forms. Indeed, for a authorization administrator, it will be useful to have a detailed list of users with the associated risks, the impacted transactions and their uses whereas for a financial controller, it will be more synthetic graphs in the form of histograms, pie charts allowing him to quickly make decisions on the actions to be implemented in terms of SoD ...
Reliability and speed
SWAWE performs real-time reading of permission-related information in SAP. The information is therefore always up-to-date and reliable. In addition, SWAWE makes it possible to reprocess this information quickly to have a synthetic vision in the form of reports, graphs or dashboards.