Access Control from ComplianceNow is a Segregation of Duties tool designed to analyze the risk occurrences in SAP. Access Control focuses on simplicity, fast implementation, strong user adoption and a low cost of ownership.

While we are very confident in the ability of Access Control to serve all your Segregation of Duties needs, we believe that there is always room for improvement. We have therefore identified an area where we can save time for the organizations that use Access Control, and thereby reduce their costs.

When a new role combination occurs, and it needs to be approved, the potential risks are only apparent when the appropriate approver receives the request for greenlighting the role combination. This is slightly problematic, as this can take many days before the approver even sees the request, and if it is then denied, the process starts all over.

To solve this issue, the new update in Access Control introduces a simulation module. The simulation module allows non-approver users to combine roles in a simulation environment and see if the functions in the role combinations pose any risks to the organization. The simulation module has three major strengths for your organization:

1. The simulation module pushes out some of the responsibility of role design into the organization, as it allows the requester to pre-emptively identify potential risks with role combinations before sending them to an approver. This also results in less unproductive time, as the new roles can be accepted faster by the approver – allowing the employee to get the required access faster.
2. The simulation module allows the requester to tinker with role combinations that grant the same required access for the specific employee. It might not be the needed access that triggers the risk; therefore, the requester can experiment with different roles that include the necessary access(es) and find a combination that is not a risk in the organization. This again streamlines the process and reduces unproductive time.
3. The simulation module can be pushed out into the organization so that potentially every SAP user in the organization can tinker with roles in the simulation module. This allows for the departments that need the new access to experiment with it themselves. The different departments are often a better judge of access needs from a business perspective than the IT department. Furthermore, this will also remove some of the workload of the IT department, as mentioned above. We believe that in addition to unburdening the IT department, the simulation module allows the IT side and the business side of the organization to come together to create an organization-wide better understanding of risks and wiser role implementation.

Access Control aims to prevent risks and not just make them visible after the fact; our simulation module aligns with this value proposition, as this update furthers the preventive risk management that is at the core of the vision behind Access Control from ComplianceNow. Additionally, the simulation module will further lower the total cost of ownership by reducing the amount of unproductive time in the role acceptance process, which is always an overarching mission for ComplianceNow – we believe that governance, compliance, and risk management should be simple, effective, and low cost.

Author: ComplianceNow

Follow us on LinkedIn and get instant access to our latest articles and posts on SAP and compliance.