1.3. sa pience be tech day 2012   nationale-loterij presentation - cwagdp
Upcoming SlideShare
Loading in...5
×
 

1.3. sa pience be tech day 2012 nationale-loterij presentation - cwagdp

on

  • 254 views

 

Statistics

Views

Total Views
254
Views on SlideShare
254
Embed Views
0

Actions

Likes
0
Downloads
3
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

1.3. sa pience be tech day 2012   nationale-loterij presentation - cwagdp 1.3. sa pience be tech day 2012 nationale-loterij presentation - cwagdp Presentation Transcript

  • How to implement SAP GRC Access Control 10.0 successfullyThe National Lottery Belgium case Gert De Pauw Your logo The National Lottery Chris Walravens Expertum SAPience.be Tech Day 2012 1
  • Agenda Your logo Key Facts about the National Lottery Project challenges / major reasons Key Facts about Delaware / Expertum Project Approach / solutions Benefits for business & IT Success Factors Lessons learned / pitfalls Next steps SAPience.be Tech Day 2012 2
  • The National Lottery Your logo Wet van 19 april 2002 + het beheerscontract tussen de Belgische Staat en de Nationale Loterij: “sociaal verantwoordelijke en professionele aanbieder van spelplezier” met twee essentiële Kanalisatie doelstellingen : • het spelgedrag kanaliseren en zo een alternatief bieden voor privé en/of illegale spelen • de bestaande gebruikers van loterijen en kansspelen aantrekken met een modern en aantrekkelijk aanbod, zonder evenwel de omvang van de markt uit te breiden Financiële steun aan organisaties en manifestaties van publiek belang: Grootste • 225,3 miljoen euro aan subsidies rond de themas sociaal, sport, cultuur, familie, wetenschap en nationaal prestige worden door mecenas de ministerraad goedgekeurd. Sinds 2002 stort de Nationale van België Loterij 27,44% van het globale jaarlijkse subsidiebedrag rechtstreeks aan de drie (Vlaamse, Franse en Duitstalige) Gemeenschappen. • Sociale of naamsponsoring van initiatieven ten voordele van de integratie en het welzijn van minderbegoede bevolkingsgroepen (b.v. Restos du Coeur, eindejaarsdiners, bezoeken aan evenementen en tentoonstellingen aan verminderd tarief) Op een verantwoorde Actief en op een autonome manier bijdragen tot de preventie en manier behandeling van gokverslaving dankzij de steun aan initiatieven in die richting SAPience.be Tech Day 2012 3
  • The National Lottery Your logo Enkele kerncijfers RK VTE VTE ops/log sales RK Brussel (Jette) 3 6 RK Antwerpen 4 8 RK Brugge 3 6 RK Tienen 3 7 RK Gent 5 7 RK Namen 3 7 RK Mons 4 6 RK Liège 4 6 Totaal Decentraal 29 53• Eén van de grootste retailnetwerken van België• 5240 winkelpunten – zelfstandigen werken op commissie en verkopen onze producten SAPience.be Tech Day 2012 4
  • The Project Challenges Your logo Business • Access too broad with impact on performance / fraud / errors • No transparency regarding content of authorizations IT • Mainly manual processes • No prevention of access risk possible SOD (Segregation of Duties) • Hardly any segregation of duties enforced • No clear responsibilities defined • Difficult overview for Internal and External Audit SAPience.be Tech Day 2012 5
  • The Project Challenges Your logo Business • Reduce the accesses on a need to have basis • Enhance transparency to enhance understanding • Introduce role / risk ownership to allow a clear approval process IT • Automate user provisioning processes • Enforce preventive SOD checks Audit • Enforce segregation of duties • Obtain audit trail for user provisioning processes • Monitoring & Reporting tool for Internal and External Audit SAPience.be Tech Day 2012 6
  • Delaware Your logoHistory• Founded in 1981; has been part of Bekaert, Andersen and Deloitte• Independent partnership since 2003Today• 750 professionals• Belgium, China, Singapore, France, Luxembourg, The Netherlands & USRecipe• Aligning business and technology• Combining strengths, delivering solutionsPhilosophy• Entrepreneurship, Care, Respect, Team spirit, Commitment SAPience.be Tech Day 2012 7
  • Expertum Your logoHistory• Founded in April 2006 by 2 ex-SAP Belux employees• PartnershipsToday• Team of 50+ SAP Experts and Project ManagersMission• Exceed client expectations by providing top-quality expertise• Provide our people a safe environment for personal and professional growthStrength• Highly skilled & experienced SAP consultants in all SAP areas, combined with awide industry knowledge in several domains SAPience.be Tech Day 2012 8
  • The Project Approach Your logo Transition plan • SAP GRC Access Control 10.0 • AMR (Analyse & Manage Risk) • EAM (Emergency Access Management) • PMU (Provision & Manage Users) TO BE Monitoring / Reporting Business Role Business Roles Situering: Monitoring SAP GRC Reporting Access Control 10.001/11/2011 01/05/2012 08/11/2012 01/05/2013 SAPience.be Tech Day 2012 9
  • The Project Approach Your logo Effective Minimal Continuous Management Oversight Time To Compliance Access Management and Audit (Get Clean) (Stay Clean) (Stay in Control)Analyze & Manage Risk Business Role Provision & Manage Emergency Access Periodic Access Review (AMR) Management (BRM) Users (PMU) Management (EAM) and Audit Customizing “PFCG” Provisioning Fire fighters: who ? Focus on remaining Master Data (existing authorization Approval Approval: who ? challenges during Rule set vs used concept remains) Procedures Access: what ? periodic audits functionality Workflow GRC AC 10.0 authorizations SAPience.be Tech Day 2012 10
  • The Project Approach - AMR Your logo Create understanding & ownership of the rule set Validation workshops for the rule set: • Business processes (department / ECC module / owners) • Risks (classification / owners) • Segregation of Duties conflicts • Critical functionality • Integration of own developed transaction codes Input from key users was crucial Validation of the rule set from internal audit SAPience.be Tech Day 2012 11
  • The Project Approach - AMR Your logo Results workshops: • Review user lists with rule set violations • Indicate remove / keep • Parts of the Segregation of Duties conflicts • Critical functionality • Detailed testing of the rule set • Preparation for the remediation activities Remediation activities • Remove / update roles • Assign a mitigating control (« access accepted ») • Split roles  postponed until the business roles setup SAPience.be Tech Day 2012 12
  • The Project Approach - EAM Your logo Workshops for identifying: • What Firefighter IDs are needed • What specific authorizations are needed per firefighter • Which users can use which firefighter • What the Firefighter owners & controllers are • What the allowed Reason Codes are Input from key users was crucial SAPience.be Tech Day 2012 13
  • The Project Approach - EAM Your logo Central GRC Logging & dashboard Firefighter ECC ReportingEnd user FF user-ID 1 FF session 1 Report 1 FF user-ID 2 FF session 2 Report 2 FF user-ID 3 FF session 3 Report 3 Owner Approval SAPience.be Tech Day 2012 14
  • The Project Approach - PMU Your logo Automatic workflow provisioning • New user triggered by HR department • Role assignments / removals approved by role owner(s) • Requests / approvals / changes automatically logged Preventive risk analysis • Role assignment requests include risk analysis • Risk violations approved / mitigated / rejected by risk owner(s) SAPience.be Tech Day 2012 15
  • Benefits Your logo Business • Understanding • Transparency • Ownership • Approvals with (more) knowledge IT • Automation • Process is business driven • Ownership lies with business SAPience.be Tech Day 2012 16
  • Success Factors Your logo Key user / business involvement from the start Technical knowledge of the software Knowledge of user and role administration processes Combining technical and process knowledge into optimal solution and application setup SAPience.be Tech Day 2012 17
  • Lessons Learned / Pitfalls Your logo Usually existing authorizations concepts are not fully suited to allow: • Advanced remediation activities • Full transparency to fully allow ownership and understanding Don’t overestimate the possibilities • Firefighter log only logs what is in CDHDR & CDPOS tables • Webdynpro’s are customizable, but to a point • Portal integration (UWL) not fully possible SAPience.be Tech Day 2012 18
  • The Next Steps Your logo Business Roles • Redesign technical roles • Define business roles corresponding to positions • Setup BRM module Automate HR trigger • Currently user creation triggered by manual request • Automated request will be implemented Approval Delegation SAPience.be Tech Day 2012 19
  • Your logoContact Details Chris Walravens Gert De Pauw GRC Competence Lead Senior SAP Manager T. +32 474 47 59 83 T. +32 475 22 49 56 E. Chris.Walravens@expertum.net E. Gert.depauw@nationale-loterij.be www.nationale-loterij.be www.expertum.net 20
  • Thank you! Your logo SAPience.be Tech Day 2012 21