Recommended
Recommended
More Related Content
Similar to Case Study: How a global cosmetics company met increased audit requirements during an SAP GRC install.
Similar to Case Study: How a global cosmetics company met increased audit requirements during an SAP GRC install. (20)
Recently uploaded
Recently uploaded (20)
Case Study: How a global cosmetics company met increased audit requirements during an SAP GRC install.
- 1. Looking to Automate Your Access Controls? Case Study: Global Cosmetics Company
- 2. Learn how other companies are eliminating SoD conflicts and soaring through their internal audits Chemical Security Cosmetics How PeroxyChem nearly eliminated SoD conflicts with Access Analyzer How a fortune 500 global security company reduced SoD Auditing by 700+ hours How a global cosmetics company met increased audit requirements during an SAP GRC install.
- 3. “Access Analyzer produced very targeted and accurate SAP access and utilization data we needed to provide our external auditors. They were very happy with the tool and kept asking us for more data, eventually using it themselves when we got too busy.” - SENIOR DIRECTOR OF INTERNAL AUDIT GLOBAL COSMETICS COMPANY Case Study 3: Global Cosmetics Company
- 4. The client is a global cosmetics and beauty care products company. Its well- known brand is synonymous with beauty and its products are distributed in more than 100 countries. The Company
- 5. The ProblemThe company was faced with an upcoming year-end audit which included a review of the company’s SAP® access controls and utilization data. They had a list of requests from their external auditors and they did not have an automated tool to efficiently capture and present this information. The company was also starting to implement SAP’s Governance, Risk and Compliance (GRC) platform, however the project would not be complete in time to help with the 2015 year-end audit process.
- 6. THE SOLUTION Upon reviewing the reporting capabilities of Access Analyzer, the team decided to move forward with the Reporting Plan subscription, which includes a suite of executive-level Segregation of duties (SoD) and Sensitive Access analysis reporting capabilities. The initial installation of Access Analyzer took less than 30 minutes, which allowed the Senior Director of Internal Audit to begin running the needed reports almost immediately.
- 7. THE RESULTS
- 8. The company was able to complete their year-end audit tasks by providing accurate data from Access Analyzer to the external auditors while the Director of Global IT Compliance and her team were able to continue to focus on the implementation of SAP GRC across the company. W W W . E R P M A E S T R O . C O M 01 02 03 RESULTS The Senior Director of Internal Audit primarily relied on the User Conflict Matrix and BPO Conflict reports utilization reporting to demonstrate utilization of access and segregation of duties (SoD) controls over the course of the year, which was then shared with their external auditors. Using Access Analyzer, he was also able to document any mitigating controls. Besides the reporting capabilities which work well in place of or alongside SAP GRC, the flexibility of ERP Maestro’s cloud-based subscription model was another plus for the Director of Global IT Compliance and her team. With no long-term commitment, they could easily decide to stop or continue the service after the GRC implementation.