Want to automate your access controls? Want to learn how other companies are doing it? In this case study you can see how a global cosmetics company was able to meet increased audit requirements during an SAP GRC install.
2. Learn how other companies are eliminating
SoD conflicts and soaring through their
internal audits
Chemical Security
Cosmetics
How PeroxyChem nearly
eliminated SoD conflicts
with Access Analyzer
How a fortune 500 global
security company reduced
SoD Auditing by 700+ hours
How a global cosmetics
company met increased
audit requirements
during an SAP GRC
install.
3. “Access Analyzer produced very targeted and
accurate SAP access and utilization data we
needed to provide our external auditors. They
were very happy with the tool and kept asking
us for more data, eventually using it
themselves when we got too busy.”
- SENIOR DIRECTOR OF INTERNAL AUDIT
GLOBAL COSMETICS COMPANY
Case Study 3: Global Cosmetics Company
4. The client is a global cosmetics and
beauty care products company. Its well-
known brand is synonymous with beauty
and its products are distributed in more
than 100 countries.
The Company
5. The
ProblemThe company was faced with an
upcoming year-end audit which
included a review of the company’s
SAP® access controls and
utilization data. They had a list of
requests from their external
auditors and they did not have an
automated tool to efficiently
capture and present this
information. The company was also
starting to implement SAP’s
Governance, Risk and Compliance
(GRC) platform, however the project
would not be complete in time to
help with the 2015 year-end audit
process.
6. THE
SOLUTION
Upon reviewing the reporting capabilities of Access Analyzer, the team
decided to move forward with the Reporting Plan subscription, which
includes a suite of executive-level Segregation of duties (SoD) and
Sensitive Access analysis reporting capabilities. The initial installation of
Access Analyzer took less than 30 minutes, which allowed the Senior
Director of Internal Audit to begin running the needed reports almost
immediately.
8. The company was able to complete
their year-end audit tasks by providing
accurate data from Access Analyzer to
the external auditors while the Director
of Global IT Compliance and her team
were able to continue to focus on the
implementation of SAP GRC across
the company.
W W W . E R P M A E S T R O . C O M
01 02
03
RESULTS
The Senior Director of Internal Audit
primarily relied on the User Conflict
Matrix and BPO Conflict reports
utilization reporting to demonstrate
utilization of access and segregation of
duties (SoD) controls over the course of
the year, which was then shared with
their external auditors. Using Access
Analyzer, he was also able to document
any mitigating controls.
Besides the reporting capabilities which work well in place of or alongside SAP GRC,
the flexibility of ERP Maestro’s cloud-based subscription model was another plus for
the Director of Global IT Compliance and her team. With no long-term commitment,
they could easily decide to stop or continue the service after the GRC
implementation.