Customer Advisory Group

Think Big - Start Small - Work Smart with CAG

  • Home
  • About
    • Mission
  • Services
    • SAP & CAG Project Rise - ​Resilient Access Governance for the Transition to the Cloud
    • SAP Compliance Assessments and Roadmap Development
    • GRC - Access Control Implementations
    • GRC - Process Control Implementations
    • SAP Security Role Remediation and Re-design
    • GRC & Security Support Services (SmartSourcing)
    • SAP S/4 HANA Upgrade Services
    • Pathlock AVM Implementation Services
  • Testimonials
  • Events and Discounts
  • Contact Us
  • Blog
Let's Talk!

info@customeradvisorygroup.com

Call Toll Free: +1-888-477-4950
MENU
  • Home
  • About
    • Mission
  • Services
    • SAP & CAG Project Rise - ​Resilient Access Governance for the Transition to the Cloud
    • SAP Compliance Assessments and Roadmap Development
    • GRC - Access Control Implementations
    • GRC - Process Control Implementations
    • SAP Security Role Remediation and Re-design
    • GRC & Security Support Services (SmartSourcing)
    • SAP S/4 HANA Upgrade Services
    • Pathlock AVM Implementation Services
  • Testimonials
  • Events and Discounts
  • Contact Us
  • Blog

Our Blog

How to gain more business value on your upgrade project

9/17/2014

1 Comment

 
Most customers usually react when a new version of their product is available and while there are technical and business reasons to act on new versions, the question is always raised, “How does this add value?”  The obvious reason is to maintain support for the product so you can get bugs and fixes when they arise.  However our experience has produced several ways to improve the value you can gain on an upgrade.  There are three cases and examples that might apply to you.  Consider these items while building your case for an upgrade project.

Implement new features with the upgrade and eliminate manual processes

One customer had the bare bones SoD analysis and emergency access features of their GRC operating.  However, most products have components that enable customers to automate their user access reviews and automate the security request process.  In this case the additional functionality was added to the upgraded system and enabled the customer to reduce expensive manual methods for resolving manual analysis and mitigation options.  They also replaced the arduous manual access certification process. 

Rethinking how things operate

Sometimes the chance to upgrade provides the opportunity to ask how can we make our current process more efficient.  Or in this case, can we use the upgrade to resolve some repetitive audit issues.  There was currently no formal process to approve mitigating controls used to resolve SoD conflicts.  As a result mitigating controls were often used to eliminate conflicts however, auditors found the procedures mentioned were not followed.  In addition, many acquisitions and reorganizations had made the process even more complex because many changes to roles and assignments often created more conflicts.  The existing reorg and consolidation process was not expected to change.  In this case, there were limited resources to keep up with security changes and also resolve conflicts among users in a timely manner.  By implementing the provisioning features with the upgrade, the team was able to use the feature to keep up with organization changes as well as automate a standard approval process for resolving conflicts. 

Improving Rule Maintenance Process

The realization that GRC is not a project but a journey came to a customer who had not done anything to their rules since their initial installation project was implemented 2 years earlier.  Unfortunately the implementer had not included a maintenance process to keep their business rules for access updated with business and technical changes.  As a result the rule set had no custom transactions or new transactions incorporated since their initial project was over.  There was no process in place to identify the magnitude of new transactions or business changes.  In some cases there were important changes made and significant risks were not being identified.  An upcoming audit started to raise the priority of this issue.  When the upgrade was performed, the rule set was analyzed and updated.  In addition, a rule maintenance process was put in place which enabled them to avoid audit deficiencies and keep up with business and technical changes in the future without consulting support.    
1 Comment
victoria lisa link
10/29/2015 12:49:14 am

thank u for giving ..this blog consisting of great information..we are giving...<a href="http://smartmindonlinetraining.com/sap-grc-online-training/">SAP GRC ONLINE TRAINING</a> .

Reply

Your comment will be posted after it is approved.


Leave a Reply.

    RSS Feed

    Picture

    Authors

    Assorted Members of the CAG Team providing insightful information on current topics related to GRC, Security, and Audit.

    Archives

    July 2016
    February 2016
    September 2014
    June 2014
    March 2014
    February 2014
    November 2013
    November 2012
    October 2012
    March 2012

    Categories

    All

Navigation

About Us
Our Mission
Our Services
CAG Blog
CAG Customer Forum

Contact Us

Picture

Customer Advisory Group © 2022  All Rights Reserved