Multimedia designer at ERP Maestro
Inside ERP Maestro: A Conversation with Jay Druv
At ERP Maestro, we truly believe our product is more than just cloud software. Our offering would not be complete without the top-notch service and support we provide – day in, day out – 24/7 – to ensure our customers are successful with our full suite of governance, risk and compliance (GRC) tools for SAP. Of course, this level of support would not be possible without awesome experts to provide it. In this post, we introduce you to Jay Dhruv, director of solution delivery at ERP Maestro. A Certified Information Systems Auditor (CISA) with SAP GRC and Project Management Professional (PMP) certifications, Jay spends his days on the front line of technical support resolving issues, onboarding new clients, and, above all, keeping our customers delighted.
Here’s what Jay shared about his time so far with ERP Maestro and insights he’s gained from working with customers:
What are some common challenges that customers face when it comes to access controls and segregation (SoD) of duties?
There are numerous challenges if you do not have the right automated access control tools. However, these are some key issues that IT leadership must consider: end of the task, there is al
Automating internal controls for transaction monitoring
I have seen companies that have manual processes spend days with their analysts to ascertain SoD issues. This method is cumbersome and time-consuming and at the end of the task, there is always the possibility of errors in the process and in the data. The second major challenge with manual methods is lead time. Every time you need a new set of reports, there is a considerable time delay. Hence, the reports are never current. The third major challenge is that companies limit themselves to monitor a small set of 25 or fewer risk rules, and with a larger set, it becomes near to impossible to carry out user analysis.
Identifying SoD risks for users/roles
Smaller organizations that use manual methods for SoD analysis limit the frequency of user analysis and lack a systematic approach to risk analysis. Role cleanup, optimization, and analysis are often ignored as well.
Companies using manual methods also rely on manual approvals. However, collecting approval evidence can become tedious. It is always a reactive environment, and it can lead to exceptions and various audit findings.
Keeping a central log for the annual audit
Lack of a central system for an access control log is another challenge with organizations. The benefit of having all approvals in one place means peace of mind for the CIO and IT leadership.
Automated process for role reconciliation/access recertification
One of the key processes under access control umbrella is access recertification/consolidation or role reconciliation. Some companies use manual methods and lots of tedious excel worksheets to go through this exercise, making it a nightmarish process. Data becomes stale quickly and is highly error-prone.
Monitoring risks arising from custom transactions and programs
There is awareness about standard risks, but one area which often gets ignored is custom SoD risk arising from Z transactions and the like. Companies who use manual processes often ignore this area completely. It’s very possible that one of your developers or functional experts knows of Z programs which can basically allow them to bypass all security checks that we have in standard SAP transactions.
What are some trends or new practices in this space?
Some trends I’ve noticed are that solutions are striving to be more intuitive, easy-to-use, faster, and less intrusive. Most of them now have cloud, big data, and analytics as part of their platform, so professionals are incorporating these features into their processes.
What advice would you give customers to help them manage their access controls?
See the solution in action before purchasing by getting a POC (proof of concept) or a trial. I have heard from customers who invested heavily in enterprise solutions that end up requiring too much effort and time to use. In addition, keep at least one cloud-based option on your top three vendor shortlist. Cloud is continually driving down enterprise IT costs considerably, and with employees working from home, having a cloud solution ensures that your company stays safe regardless of where your employees are working.
What do you like about working with customers?
Connecting with customers in multiple countries is always fun. You get to hear different voices and also get exposure to different ways of working. You are then in a position to understand different environments and recommend best practices.
What do you like to do when you’re not working?
I love long-distance swimming when I can, whether it’s a beach, a Florida spring or a lake in a national park. I love to explore different water bodies with family and friends when I can.
If you would like to get to know more of our superb ERP Maestro experts, make sure you are following all our social media: LinkedIn, Twitter and Facebook so you are notified when a new Inside ERP Maestro blog is posted. Or you can register for our newsletter to stay in the know and get the latest blogs right in your mailbox.