On January 26th, one of our SAP GRC consultants from the SAP department, Brath Miraz, gave a Webinar on “How to perform risk analysis in SAP without SAP GRC Access Control“.
In the Webinar we talked about the importance of fraud prevention in our SAP systems. This prevention can be done through a good access risk monitoring, in this case, without having SAP GRC Access Control or SAP Cloud Identity Access Governance.
During the presentation we reviewed the different types of existing risks and the importance of correctly defining our segregation of duties risk matrix. And after this, we presented the tool, SUIM (User Information System), which allows to perform access risk analysis, through a risk matrix adapted by Inprosec to the format required by this tool. The advantage of this tool is that it has no additional license cost and does not require any additional installation. In addition, this will allow us to maintain a Risk Matrix in the SAP system itself.
Finally, we carried out a practical case in our laboratory in which we executed a risk analysis through SUIM and compared it with the execution of the same risk analysis but in GRC, observing how we obtained the same result.