Transcription
SAP User Access Managementfor S4HANAPrivate and Confidential2020
SAP User Access Management for S4HANASAP User Access Management for S4HANAWhy weneedS4HANA?S4HANA technology offers innovation, and businesses areincreasingly adopting these. With the deadline for S4HANAadoption ending in 2025, many customers have either alreadymoved to S4HANA or are in the process of building their roadmap.While organisations are embarking on the journey of S4HANA-leddigital transformation, one cannot ignore the impact of thesetrends on the business process and the underlying risk andcompliance lens.Some of the most popular trends during this digital transformationjourney and their impact on risks and controls are listed below:What is the power of S4HANA Digital code?New user experience SAP Fiori enabled byHTML5Flexible deploymentoptions - on-cloud,on-premises, hybridReal-time data analytics- simplified data modelwith enhanced processingspeed, optimisedprocesses, and real-timeanalytics capabilitiesEmbedded solutions –S4HANA offers embeddedsolutions like planning,analytics, warehouseMobility and handhelddevices – Provides accessto information anytime,anywhere from anydevice.New dimensiontechnologies - SAPLeonardo providesintegration of technologies(ML, AI, iRPA, etc.) openingup newer possibilities forprocess redesignBuilding blocks forSAP user accessmanagement inS4HANA-led digitaltransformation:The journey to SAP GRC 12.0 will startwith a technical upgrade of the existingSAP GRC platform. It is important totake a holistic view of SAP user accessmanagement by ensuring that all impactareas are identified and designed in sucha way that they complement each otherand aligned to the overall access riskmanagement strategy of the S4HANAdigital platform. The following diagramdepicts areas that need to be considered.2SAP GRCtechnicalupgradeSAP GRCfunctionalupgradeUpdate SoD riskdefinitionsOptimizingSecurity designin S4HANAand otherapplications3
Potentialimpact onRisk ControlSAP User Access Management for S4HANAImpact on process controls due totransformed processes, additionalfeatures & functionalities and embeddedsolutionsImpact on Interfaces due to multipleABAP and non-ABAP applications talkingto each other, possibility of interfacing IoTdevices, etc.Impact on access controls due toadditional transaction codes, access toSAP using mobility devises and Fiori, crossapplication SoDs, access to HANA DBAligning GRC upgrade with S4HANA projectsS4HANA GO-LIVE DURINGYEAR 2020DEC 2020SAP User Access Management for S4HANAS4HANA GO-LIVE POST 2020Clients migrating to S4HANAduring year 2020Clients migrating to S4HANAafter year 2020Clients migrating to S4HANAafter year 2020 SAP GRC Technical Upgradeand Optimisation Study can becompleted on Priority – estimatedduration 6-10 weeks.GRC 12.0 Technical upgrade hasto be completed before Dec 2020along with SAP GRC Functionalupgrade.SAP Security Redesign andalignment of SAP GRC with S4HANAshall be completed along withS4HANA go-live SAP GRC go-live along with SAPSecurity re-design to go-live alongwith S4HANA go-liveImpact on IT general controls ascompanies adopt flexible deploymentoptions, mobility solutions, etc.How SAP GRC12.0 can help youto gear up?As organisations embark on digital transformation initiatives, it is critical that they focuson access management efficiency while prioritising key areas such as security, privacy,and compliance. Upgrading or implementing SAP Access Control 12.0 presents theperfect opportunity to modernise and transform identity and access governance asit comes with many new features and functionalities. In addition, a client should alsoconsider that by 31 December 2020 the support would be ending for SAP GRC 10.1.While an upgrade from version 10.1 of Access Control may seem like more of atechnical process, it will create opportunities to revisit current configuration, identifynew functionality, and optimise SAP GRC.Some of the key features offered by SAP GRC 12.0 are as follows:SAP GRC 12 - key ImprovementsHow Deloitte can erChangesPerform diagnostic study of current SAP GRC 10.x andidentify optimization opportunities (2-3 weeks)4 End-to-end integrationwith SuccessFactor Cloud applicationsupport via CloudIdentity AccessGovernance Risk Analysis for SAP FioriApps in SAP S/4 HANAon premise EAM for SAP HANA DB SAP SuccessFactorCentral Payroll More flexible ContinuousControls Monitoring(CCM) CCM business rulescan be run standalonewithout assigning themto any business controls New SAP Fiori-basedreports such asMonitor Issue Statusand enhanced MonitorControl Status Enterprise RiskEnhancements –Operational RiskAggregation is automated.When an underlying riskchanges, the aggregatedamounts change PerformanceEnhancements Visual harmonisation Synchronisation jobperformance hasimproved Workflow Enhancements– Manual KRI has aworkflow now Web-based EAM forSP04 Probability, Impactanalysis guidance addedto offline forms (SP04) Background Risk Analysisafter approval stages inAccess ControlAssist in SAP GRC 12.0 technical upgrade (6-10 weeks) orre-implementation (all GRC service packs can’t be upgraded)Implement recommendation – SAP GRC optimization5
SAP User Access Management for S4HANAContact usRohit MahajanPresident – Risk Advisoryrmahajan@deloitte.comGaurav ShuklaAbhijit KatkarMuthukumar KaruppiahPartner, Risk oitte.comPartnermkaruppiah@deloitte.comManas KetkarNitin JagtapSachin deloitte.comDirectorsacharora@deloitte.com67
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UKprivate company limited by guarantee (“DTTL”), its network of member firms,and their related entities. DTTL and each of its member firms are legallyseparate and independent entities. DTTL (also referred to as “Deloitte Global”)does not provide services to clients. Please see www.deloitte.com/about for amore detailed description of DTTL and its member firms.This material has been prepared by Deloitte Touche Tohmatsu India LLP(“DTTILLP”), a member of Deloitte Touche Tohmatsu Limited, on a specificrequest from you and contains proprietary and confidential information. Thismaterial may contain information sourced from publicly available informationor other third party sources. DTTILLP does not independently verify any suchsources and is not responsible for any loss whatsoever caused due to relianceplaced on information sourced from such sources. The information containedin this material is intended solely for you. Any disclosure, copying or furtherdistribution of this material or its contents is strictly prohibited.Nothing in this material creates any contractual relationship between DTTILLPand you. Any mutually binding legal obligations or rights may only be createdbetween you and DTTILLP upon execution of a legally binding contract. Byusing this material and any information contained in it, the user accepts thisentire notice and terms of use. 2020 Deloitte Touche Tohmatsu India LLP. Member of Deloitte ToucheTohmatsu Limited
consider that by 31 December 2020 the support would be ending for SAP GRC 10.1. While an upgrade from version 10.1 of Access Control may seem like more of a technical process, it will create opportunities to revisit current configuration, identify new functionality, and optimise SAP GRC. Some of the key features offered by SAP GRC 12.0 are as follows: Potential impact on Risk Control Impact on .
