Advisory Excerpt from: Transform your SAP organization and deliver business value through IDM-GRC integration and role redesign initiatives Strictly Private and Confidential March 18, 2014 Peter Hobson PricewaterhouseCoopers
Advisory
Excerpt from:
Transform your SAP organization and deliver business value through
IDM-GRC integration and role redesign initiatives Strictly Private
and Confidential
March 18, 2014
Peter Hobson PricewaterhouseCoopers
Agenda
Page
1 Session Overview 1
2 Key Terms 4
3 Implementing the solution 10
4 Transforming the organization 17
5 Key Considerations 20
6 Value Delivered 27
7 Key Takeaways 30
PwC
March 18, 2014
Session Overview
1
Section 1
Transform your SAP organization and deliver business value - through • IDM-GRC integration and role redesign initiatives
PwC
March 18, 2014
Session Overview
In this session, we will discuss how to transform you SAP operations and drive business value through SAP role redesign and IDM-GRC integration. The discussions will include:
1. How to design a single set of SAP security roles to manage multiple business units, locations and SAP systems
2. How to deploy an integrated Identity Access Management – SAP GRC Access Control 10 (IdM-GRC) solution to standardize and automate the SAP access request, approval and provisioning processes across multiple business units, locations and SAP systems
3. How IdM-GRC and role redesign projects can lead SAP organization transformation efforts
4. A review of the business, compliance and IT benefits that can be realized from these efforts, such as reductions in user downtime and fraud risk.
2
Transform your SAP organization and deliver business value - through • IDM-GRC integration and role redesign initiatives
Section 1 – Session Overview
PwC
March 18, 2014
Key Takeaways
At the end of this session, you will understand how:
1. Effective role design and automated provisioning tools deliver value far beyond IT; the business and compliance also benefit
2. Global templates, tools and processes are possible and value-add for even the largest, most complex organizations
3. Role design and IdM-GRC can be the catalyst to achieve strategic, organizational goals
3
Transform your SAP organization and deliver business value - through • IDM-GRC integration and role redesign initiatives
Section 1 – Session Overview
PwC
March 18, 2014
Key Terms
4
Section 2
Transform your SAP organization and deliver business value - through • IDM-GRC integration and role redesign initiatives
PwC
March 18, 2014
Key Terms
The following slides will provide definitions for key terms used throughout this presentation, including:
1. Four tiers of SAP access
2. Task-based with enabler role design
3. SAP GRC Access Control 10.x (GRC 10)
4. Identity Management Tool (IdM)
5
Transform your SAP organization and deliver business value - through • IDM-GRC integration and role redesign initiatives
Section 2 – Key Terms
PwC
March 18, 2014
What you can do
Task roles
Enabler roles
New York Chicago Consumer Products
Services
GL Document Parking
GL Document Posting
AR Invoice Parking
FI Common Display
AR Common Display
User General
Where you can do it
End User Access
6
Transform your SAP organization and deliver business value - through • IDM-GRC integration and role redesign initiatives
Section 2 – Key Terms
Tier 1: General Access
Access that is common to all users. Examples include SAP inbox and printing.
Tier 3: Functional Access
Functional access is broken down into role groupings based on static system tasks. Task based roles are SOD free.
Tier 2: Display Access
Display access is comprised of transactions specifically scripted to view and report on data within SAP.
Tier 4: Enabler Access Control points provide access to intentionally controlled data within the system. Examples include Plant and Company Code specific data.
What are the four tiers of SAP Access?
PwC
March 18, 2014
What is the task-based with enabler role approach?
8
Transform your SAP organization and deliver business value - through • IDM-GRC integration and role redesign initiatives
Section 2 – Key Terms
Business Unit
Co Code
Tier 4
Use
r 1
Use
r 2
Use
r 3
Use
r 4
Use
r 5
FI Document Reversals
FI Document Processing
FI Common Display
User General
SB
WP
SU
53
FB
01
FB
02
FB
05
FB
08
F.8
0
F.8
1
FB
00
FB
03
FB
V3
Tier 1 Tier 2 Tier 3 Tier 3
What (Task Based Roles) Where (Enabler)
GL Supervisor
Virtual Job Roles
Location
Plant
PwC
March 18, 2014
Monitor emergency access and transaction usage
Certify access assignments are still warranted
Define and maintain roles in business terms
Automate access assignments across SAP and non-SAP
systems
Find and remediate SoD and critical access violations
SAP_ALL
X
Legacy
8
Transform your SAP organization and deliver business value - through • IDM-GRC integration and role redesign initiatives
Section 2 – Key Terms
What is SAP GRC Access Control 10.x (GRC 10)?
PwC
March 18, 2014
What is IdM?
Identity Management (IdM) tools are enterprise-wide, cross-application solutions that automate and increase the transparency around user access and entitlement administration. IdM tools offer a wide range of functionality, including:
• Automated provisioning to new and existing users
• Automated password resets
• Single-sign on
• Ability to customize forms and functionality to enhance the user experience
Example IdM solutions:
• SAP IdM
• CA Identity and Access Management (IAM)
• Oracle Identity Management
• IBM Tivoli Identity Manager
• Microsoft Forefront Identity Manager (FIM)
9
Transform your SAP organization and deliver business value - through • IDM-GRC integration and role redesign initiatives
Section 2 – Key Terms
PwC
March 18, 2014
Release 5: LAR 5,063 Users 88% Role Reduction 1% SOD Reducation
Release 4: Ireland 1,125 Users 76% Role Reduction 64% SOD Reduction 431 IDM-GRC Requests
Pilot: Jordan 254 Users 75% Role Reduction 58% SOD Reduction 109 IDM-GRC Requests
Release 6: Middle East 1,636 Users 85% Role Reduction 45% SOD Reduction 109 IDM-GRC Requests
Release 7: Europe 1,103 Users 80% Role Reduction 14% SOD Reduction
Release 2: Eastern Europe 2,355 Users 88% Role Reduction 24% SOD Reduction 960 IDM-GRC Requests
Example Project Impact
29
Transform your SAP organization and deliver business value - through • IDM-GRC integration and role redesign initiatives
Section 6 – Value Delivered Overall 7 releases 13,007 Users 90% Role Reductions 44% SOD Reduction 2,088 IDM-GRC Requests
Release 3: Asia-Pacific 1,725 Users 96% Role Reduction 47% SOD Reduction 588 IDM-GRC Requests
PwC
March 18, 2014
Key Takeaways
At this point, you should have an understanding of how:
1. Effective role design and automated provisioning tools deliver value far beyond IT; the business and compliance also benefit.
2. Global templates, tools and processes are possible and value-add for even the largest, most complex organizations.
3. Role design and IdM-GRC can be the catalyst to achieve strategic, organizational goals
31
Transform your SAP organization and deliver business value - through • IDM-GRC integration and role redesign initiatives
Section 7 – Key Takeaways
PwC
March 18, 2014
Questions
Peter M Hobson PwC | Director 646 471 0203 [email protected] [email protected]
Section 7 – Key Takeaways
32
Transform your SAP organization and deliver business value - through • IDM-GRC integration and role redesign initiatives
2:30 pm - 3:45 pm | Raymond Mastre, PwC SAP Security Part 2: Advanced concepts for SAP Access Control and SAP ECC security and design Thursday, March 20 8:30 am - 9:45 am | Gordon Roland, PwC Creating controls to monitor purchasing and accounts payable processes in SAP 12:45 pm - 2:00 pm | Ram Gopalakrishnan, PwC Creating a single version of truth: Leading practices for integrating SAP Business Planning and Consolidation with multiple back-end sources 2:34 pm - 4:00 pm | Taylor Hassan, PwC How to successfully use the business rule engine (BRF+) in SAP Process Control to assess system usage and improve system performance 4:15 pm - 5:30 pm | Kyle Lindquist, PwC Designing a chart of accounts that supports fast closes and smoother reporting 4:15 pm - 5:30 pm | Mayur Iyyanki, PwC How to enhance the credit approval process using documented credit decision functionality Friday, March 21 8:30 am - 9:45 am | Manish Dharnidharka, PwC A step-by-step guide to leveraging Inter-and Intra-company processing in SAP General Ledger
Tuesday, March 18 10:15 - 11:30 am | Brian Perrotto, PwC Mitigate financial risks and automate the testing of financial controls using SAP Process Control 12:00 pm - 1:15 pm | Jonathan Levitt, PwC Glean greater value from your SAP audits: It’s not just about compliance 12:00 pm - 1:15 pm | Sundeep Gupta, PwC Leading practices to manage transfer pricing in SAP with and without the SAP Material Ledger 12:00 pm - 1:15 pm | Peter Hobson, PwC Transform your SAP organization and deliver business value through IDM-GRC integration and role redesign initiatives 4:15 pm - 5:30 pm | Roberta Wang, PwC Effective methods for maintaining compliance with Foreign Corrupt Practice Act (FCPA) 4:15 pm - 5:30 pm | Sundeep Gupta, PwC How to solve overhead cost allocation challenges without the need for enhancements or custom coding Wednesday, March 19 8:30 am - 9:45 am | Prasad Boddupalli, PwC Solve critical asset management challenges utilizing standard SAP integration techniques 11:45 am - 1:00 pm | Raymond Mastre, PwC SAP Security Part 1: A beginner’s guide to SAP Access Control and fundamental security concepts within SAP ECC
Thank you
Not for further distribution without the permission of PwC
The information contained in this document is shared as a matter of courtesy and for information or interest only. PwC has exercised reasonable professional
care and diligence in the collection, processing, and reporting of this information. However, data used may be from third-party sources and PwC has not
independently verified, validated, or audited such data. PwC does not warrant or assume any legal liability or responsibility for the accuracy, adequacy,
completeness, availability and/or usefulness of any data, information, product, or process disclosed in this document; and is not responsible for any errors or
omissions or for the results obtained from the use of such information. PwC gives no express or implied warranties, including, but not limited to, warranties or
merchantability or fitness for a particular purpose or use. In no event shall PwC be liable for any indirect, special, or consequential damages in connection with
use of this document or its content. Information presented herein by a third party is not authored, edited or reviewed by PwC and PwC is not endorsing third
parties or their views. Reproduction of this document or recording of its presentation, in whole or in part, in any form, is prohibited except with the prior written
permission of PwC. Before making any decision or taking any action, you should consult a competent professional adviser.
This document contains information that is confidential and/or proprietary to PricewaterhouseCoopers LLP and may not be copied, reproduced, referenced,
disclosed or otherwise utilized without obtaining express prior written consent from PricewaterhouseCoopers in each instance.
© 2014 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. PwC refers to the United States member firm, and may
sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. This document is for
general information purposes only, and should not be used as a substitute for consultation with professional advisors.
PwC
To learn more, visit
www.pwc.com/us/sap
PwC
March 18, 2014
Disclaimer
SAP, R/3, mySAP, mySAP.com, SAP NetWeaver®, Duet®, PartnerEdge, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Wellesley Information Services is neither owned nor controlled by SAP.