Access Conflict Monitor: find and remediate Segregation of Duties (SoD) conflicts and critical access violations. Analyse down to authorization object field level.
Find and remediate SoD conflicts and critical access violations. Analyse down to the authorization field level.
- Connect multiple SAP systems to ACM and perform online Risk Analysis to real-time reports.
- Prepare SoD, Critical access reports at User and Role level and publish
Perform risk analysis simulation before applying changes on user authorizations
- Avoid introducing new SoD risks in SAP system by performing risk simulation
- Works as pro-active implementation of preventive SoD controls
Perform the risk analysis to view the user risks spread across the systems. Example : Shopping Cart Create (SRM) / PO Approval (ECC)
- Authorizations are distributed to several systems, example ECC & SRM
- ACM helps to find the risks associated to a user ID across systems
Perform Risk Analysis on Organizational Level.
- Organizational rule analysis can be enabled to avoid false positives and to limit the risk analysis to specific organizational entities in the SAP system
- Flexible option of Mass upload, import of organizational rules in to ACM via excel.
Master data for ACM are risk defenitions and are input for running risk analysis.
- Define SoD Conflict risks, Critical access risks in rulebook
- Best practice Rulebook has been incorporated.
Use the inbuilt conversion programs to translate third party rule sets in to ACM format.
- Upload the other rule sets and convert them easily in to MARC format
- Avoid manual creation of rule sets which can lead to errors, false positives or false negatives.
Enables to perform the risk analysis by uploading the SAP authorization data obtained via data download from the SAP system under review
- In case SAP integration to MARC not possible due to lower versions or not (yet) preferred for any reason, offline analysis option can be used.
- Extract the data by using the MARC Data Extractor to a MS Access File and upload to ACM.
- Best solution for independent auditors and external consultants.
ACM is integrated with Compliant Access Management (CAM).
- Perform risk analysis before provisioning any user changes in to SAP system.
- Risk Analysis reports are stored in reports catalogue and can be checked whenever needed.
Create mitigation controls when SoD risk can’t be remediated.
- Business can setup mitigation controls where risk can’t be remediated, avoided.
- Create Mitigation controls per system level and Mitigate users.Users mitigated can be excluded from risk analysis results.
Management view of dashboards enables quick identification of risk status and helps in decision making.
- View SoD conflict information / Statistics on interactive dashboards.
- Historical information view in dash boards.
- Summary drill down option like risks by business process, criticality ,number of active uses, expired users of a selected system.
Configurable notification templates help to send information to respective risk owners, mitigation owners, in following cases:
- Sending notifications on critical SoD executions.
- Mitigation expiry notification, assignment notifications.
Avoid introducing new SoD , critical access conflicts with role updates in production system.
- Perform intended role change in ACM prior to effectively changing the role in SAP.
- Execute impact analysis to see to analyse if intended role change leads to new user level SoD conflicts.