Start Clean…Stay Clean
History has shown that the number of fraud cases increases in times of recession. With internal threats already on the rise, tripling in the last four years, the devastating economic effects of the COVID-19 pandemic will likely drive an exponential increase in fraud. That makes remote work a concern. How do you protect your SAP system from dangers stemming from a virtual workforce? Additionally, with the rise in risks, how can companies looking to start their S/4HANA journey protect themselves from SAP risks now and past their migration?
In a recent ERP Maestro webinar, we spoke with itelligence’s Principal Expert in GRC LoB Nordics Nikolas Dragsdorff who said: “While most of us can continue to work and collaborate remotely, the lack of physical presence amongst people requires an increased trust in our processes to mitigate the increased internal risk we are now facing.” However, because many companies continue to manage their Segregation of Duties (SoD) and access management manually, trust is not be enough, and they are putting themselves in a precarious situation. Companies should instead adopt a zero-trust policy if employees work from home or from a company office.
Manual processes are error-prone, inefficient, costly and add to security or audit teams’ workload. Ultimately, they do not adequately mitigate risk and can put a company’s S/4HANA migration in jeopardy. According to an IDC report, SAP Customers on the Move to SAP S/4HANA, 54% of SAP customers are planning on deploying S/4HANA within three years. As Dragsdorff explains in the webinar, the best time to start cleaning up access risks is now to make sure you don’t include existing risks, outdated access permissions or obsolete roles, rules or business processes in your migration.
When moving to a new environment and a new architecture that is more complex like S/4HANA, it is imperative that a company has adequate planning and that its roadmap prioritizes access controls to be complaint from the outset instead of finding deficiencies later and going back to fix them. According to KPMG, failing to discover and remediate SoD and access risks in SAP before your move to S/4HANA can be costly. The audit firm estimates that a company may pay up to 30 times more for rework than if access controls were included from the start.
Automated, cloud-based access controls allow companies to quickly become compliant and to see their risks in real-time, using that information to successfully mitigate SoD violations and clean up their processes – all with quick deployment and low cost of ownership. This not only alleviates the burden on security teams but also provides the best way to ensure that no matter how long employees continue working from home or when companies start their journey to S/4HANA, they are audit compliant and secure from internal threats.
To learn more about Controlling Rising Risks in SAP Now, Through S/4HANA Implementation & Beyond, watch the full webinar on-demand now: https://sap.erpmaestro.com/ControllingRisingRisks