Skip to Content
Author's profile photo Anand Nayak Rao Kotti

GRC Real-time Risk Enforcement

As companies grow and expand globally, there is an increasing number of enterprise application users, and with this growth, an ever increasing risk of security breaches and violations. As enterprises are becoming more susceptible to security risks and violations from internal users, businesses are moving towards implementing more preventative measures rather than staying in reactive mode.

SAP GRC enables organizations to establish effective internal controls, along with processes to make sure these controls remain consistent, updated and cost-effective to manage. Administrators can now use a single SAP GRC framework to monitor and enforce business, compliance and security policies across the enterprise. SAP has enhanced the GRC offering to include the SAP Dynamic Authorization Management by NextLabs to ensure that companies can quickly adapt to changing policies and streamline enforcement and administration of those policies.

GRC customers can now integrate more fine-grained contextual information about the user. This information can include location, project, cross-departmental access, territory, and real-time segregation of duties attributes. The tight integration provides real-time risk enforcement to prevent misappropriation of information before it happens. Customers can monitor and track all activity.

USE CASE:

Segregation of duties violation example:

  • Charles can maintain a vendor master and post a vendor invoice payment.

Risk:

  • Charles can maintain his own vendors and transfer money to the vendors at any time without external authorization.It poses a huge financial risk for business.

  RISK.png

With SAP Dynamic Authorization Management implementation:


Case #2.1 – There are no mitigating controls in place in GRC rule set for SOD Violation:

  • When Charles performs the action of paying the vendor he created, he is blocked.

Case #2.2 – There are mitigating controls in place in GRC rule set for SOD Violation:

  • When Charles performs the action of paying vendor he created, Charles has an option to move forward by signing an NDA (SAP DAM self attestation feature).

In all the use cases discussed above, the activity performed by Charles is recorded and reported back to SAP DAM Analytical Dashboard.

Anand Kotti

Assigned Tags

      5 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Madhu Babu
      Madhu Babu

      Hi Anand,

      Is there any document to understand more about SAP DAM functionality ? Looks interesting 🙂

      Regrards,

      Madhu.

      Author's profile photo Anand Nayak Rao Kotti
      Anand Nayak Rao Kotti
      Blog Post Author

      Hello Madhu,


      Thank you for your interest, to know more about SAP Dynamic Authorization Management (SAP DAM), Please refer to the link below for solution brief


      http://www.sap.com/pc/analytics/governance-risk-compliance/software/access-control-authorization-mgmt/index.html

      If you are interested to have a technical deep dive, I encourage you to contact

      Bill.Doss at NextLabs dot com.

      Thank You

      Anand Kotti

      Author's profile photo Madhu Babu
      Madhu Babu

      Hi Anand,

      Thanks for sharing the details 🙂 I will go through the link and sure if anything required will contact Stephens 🙂

      Thanks once again.

      Regards,

      Madhu.

      Author's profile photo Anand Nayak Rao Kotti
      Anand Nayak Rao Kotti
      Blog Post Author

      Thanks Madhu

      Author's profile photo Anand Nayak Rao Kotti
      Anand Nayak Rao Kotti
      Blog Post Author

      Hello Madhu,

      Did you get what you are looking for around SAP DAM?

      Anand Kotti