Access Conflict Monitor: find and remediate Segregation of Duties (SoD) conflicts and critical access violations. Analyse down to authorization object field level.

1
Online Risk Analysis

Find and remediate SoD conflicts and critical access violations. Analyse down to the authorization field level.

  • Connect multiple SAP systems to ACM and perform online Risk Analysis to real-time reports.
  • Prepare SoD, Critical access reports at User and Role level and publish
2
Access Risks Simulation

Perform risk analysis simulation before applying changes on user authorizations

  • Avoid introducing new SoD risks in SAP system by performing risk simulation
  • Works as pro-active implementation of preventive SoD controls
3
Cross System Risks Analysis

Perform the risk analysis to view the user risks spread across the systems. Example : Shopping Cart Create (SRM) / PO Approval (ECC)

  • Authorizations are distributed to several systems, example ECC & SRM
  • ACM helps to find the risks associated to a user ID across systems
4
Org Level Risks Analysis

Perform Risk Analysis on Organizational Level.

  • Organizational rule analysis can be enabled to avoid false positives and to limit the risk analysis to specific organizational entities in the SAP system
  • Flexible option of Mass upload, import of organizational rules in to ACM via excel.
5
SoD Matrix, Rule Book

Master data for ACM are risk defenitions and are input for running risk analysis.

  • Define SoD Conflict risks, Critical access risks in rulebook
  • Best practice Rulebook has been incorporated.
6
Ruleset Converters

Use the inbuilt conversion programs to translate third party rule sets in to ACM format.

  • Upload the other rule sets and convert them easily in to MARC format
  • Avoid manual creation of rule sets which can lead to errors, false positives or false negatives.
7
Offline Risk Analysis

Enables to perform the risk analysis by uploading the SAP authorization data obtained via data download from the SAP system under review

  • In case SAP integration to MARC not possible due to lower versions or not (yet) preferred for any reason, offline analysis option can be used.
  • Extract the data by using the MARC Data Extractor to a MS Access File and upload to ACM.
  • Best solution for independent auditors and external consultants.
8
SoD simulation with User Managemnet

ACM is integrated with Compliant Access Management (CAM).

  • Perform risk analysis before provisioning any user changes in to SAP system.
  • Risk Analysis reports are stored in reports catalogue and can be checked whenever needed.
9
Mitigation Controls Monitoring

Create mitigation controls when SoD risk can’t be remediated.

  • Business can setup mitigation controls where risk can’t be remediated, avoided.
  • Create Mitigation controls per system level and Mitigate users.Users mitigated can be excluded from risk analysis results.
10
Dashboards

Management view of dashboards enables quick identification of risk status and helps in decision making.

  • View SoD conflict information / Statistics on interactive dashboards.
  • Historical information view in dash boards.
  • Summary drill down option like risks by business process, criticality ,number of active uses, expired users of a selected system.
11
Notification

Configurable notification templates help to send information to respective risk owners, mitigation owners, in following cases:

  • Sending notifications on critical SoD executions.
  • Mitigation expiry notification, assignment notifications.
12
Role Change Impact Analysis

Avoid introducing new SoD , critical access conflicts with role updates in production system.

  • Perform intended role change in ACM prior to effectively changing the role in SAP.
  • Execute impact analysis to see to analyse if intended role change leads to new user level SoD conflicts.