We make it incredibly easy to improve access security in SAP®

Our automated solution eliminates the mystery of controlling risks, improving overall security, and achieving compliance related to SAP access.


See Access Analyzer

End-to-End Automated Access Controls in One Simple Platform

Best-in-Class, Audit-Ready Reporting

Audit-Quality SoD
Reporting Out of the Box

No more spreadsheets and manual audit prep! Quickly identify segregation of duty (SoD) conflicts by user or role and dig into risks down to the authorization object level.

Access Analyzer - Automatic Updates

Cloud-Based Emergency Access and Provisioning

Automate tedious tasks related to provisioning or changing access while minimizing risks. You can even test the impact of changes to access before going live.

Backed by Audit and Industry Expertise

Developed with
SAP and Big 4 Audit Expertise

Our included customizable rulebook template reflects our unique industry expertise, producing less false positives and better audit outcomes.





Across Industries, our Customers are Seeing Real Results

General Electric


Zulily


Tyco


Warburtons

Jack Link's

Pep Boys

PeroxyChem

Amyris

FARO Technologies

Dominion Diamond

See More Customer Successes




What Customers Are Saying About ERP Maestro

Dominion Diamond and American National Insurance Company


"It was a great solution for us and gave us that visibility within two weeks to see exactly what we couldn't see before."

See the Full Story

FARO
Technologies


"We have a very clear understanding of the SoD conflicts that we have. We also have a very precise ranking of those conflicts."

See the Full Story

TYCO
Integrated Security


"To date, we've been able to reduce our critical Segregation of Duties (SoD) conflicts by over 80% and our high SoD conflicts by over 60%."

See the Full Story




Some of Our Partners

KPMG

Deloitte

 Grant Thornton

 SOXHUB





Latest SAP Access Security Resources  

Top 5 Reasons Companies Fail SAP Access Audits
10 Most Common SoD Conflicts
PeroxyChem case study

Increased External Audit Scrutiny Puts Spotlight on Access Controls





ERP Maestro News

 

ERP Maestro Introduces Next-Generation Access Risk Analysis Capabilities at SAPinsider GRC and IIA GAM Conferences

Date_Icon
March 22, 2017

Financial Impact Analysis, Online Drill-Down Dashboard Among New Features Enabling Quicker Detection and Understanding of Access Risks


LAS VEGAS, NEVADA – March 22, 2017 – ERP Maestro, a leader in cloud-based automated controls for access to SAP®, announced today significant enhancements to its Access Analyzer software as a service platform. The new capabilities are being introduced to attendees at the annual SAPinsider GRC and IIA GAM conferences this week and give enterprises unprecedented visibility into the causes of SAP access risk and security weaknesses.

Online drill-down reporting lets companies visualize their risk with a beautifully enhanced, simple interface. Customers can dig deeper to understand the root causes of authorization issues by simply clicking – then determine the users that have actually executed on that risk. Financial Impact Analysis allows further drill-down capabilities to understand actual modifications made. It also allows compliance teams to associate a monetary value to associated risk and any potential fraud.

Financial Impact Analysis

Financial Impact Analysis is a new add-on module of Access Analyzer that empowers IT, Audit and business process owners with the ability to quickly see and search modifications made to data in SAP that indicate potential fraud or other access-related risks. This allows a laser-focus into only those actions that pose the highest risk for an organization, and accelerates the time for remediation.

  • Deepest level of access utilization detail available: Exposes not just what a user can change, but what a user actually did change using the access granted.
  • Determine financial relevancy of risks: A monetary value can be assigned to the modifications made to help identify instances of fraud. This information is often requested by auditors but is also very valuable in understanding the tangible risk to the business.
  • Powerful query tool: Users can search the SAP change log by transaction code, user, business function or rule and filter results to show only records reflecting changes during the period analyzed.
  • Longer change data storage: Because Access Analyzer is powered by the cloud, SAP change log data may be stored for longer than what is typical with existing solutions – as long as 18 months.

Online Dashboard and More Reporting Features

Access Analyzer’s reporting features become significantly more powerful when backed by the change data and intelligence provided by Financial Impact Analysis. Beautiful, high level dashboard reporting provides a meaningful picture of risk at-a-glance, with the added ability to drill all the way down to specific changes made that triggered the risk, and who executed those changes.

 

  • Change-Data Utilization Overlay: The current overlay of actual utilization that exists in several Access Analyzer reports is now augmented with actual change data behind the utilization, further isolating Executed Risk to allow simplification and reduction of a remediation program.
  • Simple online, drill down reporting: Beautiful dashboards, built using ERP Maestro’s award-winning best practices-based reporting.
  • Periodic Analysis and reports: Ability to schedule recurring Analysis jobs and recurring One-Click Reports.


Additional Enhancements to Preventative Controls

  • Deep dive into periods of elevated access: Modifications made by users while they had elevated access is now integrated. Search based on dates, user, specific transaction codes, and set up recurring searches.
  • Compliant provisioning supports job based designs: Role tagging allows administrators to annotate Roles, making them very easy for non-SAP users to find and select for provisioning. This is a key feature that empowers task-based role grouping in the provisioning process.

“Our mission is to save companies running SAP time, effort and expense when it comes to managing controls for access by building beautifully simple, turnkey solutions to solve their problems,” said Jody Paterson, CEO and Co-Founder of ERP Maestro. “These enhancements are a huge step towards fulfilling that mission, and reflects all the learnings we’ve had from our customers these last four years. It will make people’s lives easier, and I couldn’t be more excited to introduce it to the market.”



About ERP Maestro
Using the power of the cloud paired with in-house SAP® and audit expertise, ERP Maestro takes the complexity out of managing access risk and security in SAP environments with a software-as-a-service that provides risk-based, business-ready segregation of duties and sensitive access reporting, automated emergency access and secure provisioning. Expert hands-on guidance along the way empowers organizations to accelerate fraud prevention, audit preparation and governance, risk and compliance
(GRC) maturity. Learn more at www.erpmaestro.com.



Read our official press release here: http://www.prweb.com/releases/prweb14174256.htm


risk overview dashboard

Grant Thornton Leverages ERP Maestro to Enhance Audit and Advisory Services for Clients

Date_Icon
March 22, 2017
LAS VEGAS, NEVADA – March 22, 2017 – ERP Maestro announced today at the SAPinsider GRC 2017 conference that the company has teamed up with Grant Thornton, LLP to enhance audit and advisory services for its clients running SAP® ERP applications. The globally-recognized audit firm has begun utilizing ERP Maestro’s cloud-based Access Analyzer solution in client audit and advisory projects, which accelerates identification and remediation of access risks in SAP.

Grant Thornton is the latest in a growing group of external audit firms with which ERP Maestro has engaged in the last year. From boutique, industry-specific consultancies to a global Big 4, these companies have looked to ERP Maestro for the technology needed to meet the increased completeness and accuracy standards being enforced by the Public Company Accounting and Oversight Board (PCAOB) and other regulatory bodies.

Through the agreement, Grant Thornton utilizes Access Analyzer with clients to run a one-time segregation of duties (SoD) and sensitive access risk analysis. After the audit or advisory project concludes, the solution is then available to the client as an annual ERP Maestro subscription. This option enables continuous monitoring of SoD conflicts, sensitive access and the automation of controls around access to the SAP environment, thereby reducing the burden of remaining compliant.

“The usage of automated audit technology to detect risks is essential as SAP environments become more complex and vulnerable to breaches,” said Ben Harder, Managing Director, IT Assurance, Business Risk Services at Grant Thornton. “ Leveraging the ERP Maestro technology enables Grant Thornton to provide our clients with a higher level of accuracy in our findings and do it more quickly.”

Jody Paterson, Co-founder and CEO of ERP Maestro adds, “We are thrilled to be able to add Grant Thornton to our list of audit partners and add value to their audit, advisory and SAP-focused security assessment services. We share the vision of improving their clients’ security and risk environments, and are completely committed to helping them succeed in that endeavor.”


About ERP Maestro
Using the power of the cloud paired with in-house SAP® and audit expertise, ERP Maestro takes the complexity out of managing access risk and security in SAP environments with a software-as-a-service that provides risk-based, business-ready segregation of duties and sensitive access reporting, automated emergency access and secure provisioning. Expert hands-on guidance along the way empowers organizations to accelerate fraud prevention, audit preparation and governance, risk and compliance
(GRC) maturity. Learn more at www.erpmaestro.com.


About Grant Thornton LLP
Founded in Chicago in 1924, Grant Thornton LLP (Grant Thornton) is the U.S. member firm of Grant Thornton International Ltd, one of the world’s leading organizations of independent audit, tax and advisory firms. Grant Thornton, which has revenues in excess of $1.6 billion and operates 59 offices, works with a broad range of dynamic publicly and privately held companies, government agencies, financial institutions, and civic and religious organizations.

See more at: https://www.grantthornton.com/about- us


Read the official press release here: http://www.prweb.com/releases/prweb14174300.htm
ERPM and GT

ERP Maestro and SOXHUB Partner to Provide Fully Automated SAP User Access Reviews

Date_Icon
March 22, 2017

LAS VEGAS, NEVADA – March 22, 2017 – ERP Maestro, a leader in cloud-based automated access controls for SAP® and SOXHUB, the leading SOX software company used by Fortune 500 organizations, announced today at the SAPinsider GRC 2017 conference plans to cross-integrate functionality that will offer each company’s clients the ability to fully automate User Access Reviews and automate Sarbanes Oxley control testing for SAP.


User Access Reviews are pervasive controls that can be challenging for enterprise organizations to manage due to their largely manual nature. If they are not performed frequently enough, they can lead to material weaknesses found in corporate audits stemming from misstatement, fraud, misappropriation, or misuse of access. This is a common challenge faced by many organizations, requiring complex, often customized solutions to fix.


The partnership and integration between SOXHUB’s Workstream and ERP Maestro’s Access Analyzer will empower companies with game-changing, end-to-end control over user reviews. Tasks and processes related to User Access Reviews will be fully automated. For example, SOXHUB users will be able to see User Access Review listings, which will automatically populate into SOXHUB from ERP Maestro. Follow-up tasks will then automatically be created in SOXHUB’s workflow automation tool, and automatically assign preparers and reviewers their due dates.


Additional Benefits of this integration will include:

  • A Dashboard that funnels highlights up to the CFO/CTO on a day-to-day, real-time basis, showing the status of controls, including User Access Reviews, and who is responsible for the gaps.
  • Automatic Workflow and Notification Reminders. If the tasks are not completed by the due date, reviewers will automatically receive reminder notifications.
  • Desktop Procedures. All sign-off requirements for end users are included as well as accompanying desktop procedures and any questions or exceptions.
  • Full Visibility into the risk profiles of areas where the User Access Review is not being performed-by business entity, users, or departments.
  • Time Savings. SOXHUB and ERP Maestro’s integrated solution will eliminate the need for a Project Admin to administer the User Access Review process, leaving them to focus on more business-critical issues.

“SOXHUB is excited to team up with ERP Maestro to extend Workstream’s capabilities,” said Daniel Kim, VP of Product and Solutions at SOXHUB. “Our technologies are truly complementary, and we look forward to working together to improve GRC for our mutual customers.”

“ERP Maestro and SOXHUB both exist to make SOX and other similar regulatory compliance requirements easier for enterprises,” said Jody Paterson, CEO and Co-Founder of ERP Maestro. “This partnership fits right in with our objective to remove the barriers of complexity for managing access risk. Think of it as a powerful analysis and reporting engine now combined with a complete control documentation and workflow platform. We are excited for what’s ahead.”



About ERP Maestro
Using the power of the cloud paired with in-house SAP® and audit expertise, ERP Maestro takes the complexity out of managing access risk and security in SAP environments with a software-as-a-service that provides risk-based, business-ready segregation of duties and sensitive access reporting, automated emergency access and secure provisioning. Expert hands-on guidance along the way empowers organizations to accelerate fraud prevention, audit preparation and governance, risk and compliance (GRC) maturity. Learn more at www.erpmaestro.com.

About SOXHUB
SOXHUB was designed and purpose-built to make SOX and internal controls simple. Our product helps Internal Auditors work more efficiently by addressing their biggest pain points: spreadsheets volume, version control issues, and data redundancy, while empowering smarter collaboration between process owners to begin owning their controls. SOXHUB’s mission is to revolutionize how Internal Audit teams work while constantly striving to build the ideal experience for process owners. Every day, we help
companies by providing a solution that truly streamlines internal controls and SOX in a simple, effective way. Learn more at www.soxhub.com
.
 

Read the official press release here: http://www.prweb.com/releases/prweb14174308.htm
ERPM and Soxhub


Upcoming Events

 


All Access Blog