SOFY GRC

Effective governance, risk and

compliance management for

your ERP system

Overview SOD Conflicts Data Access

Security

Configuration

Risk Simulation

User Cockpit

26K

‘’Experience the newest

technologies in ERP analytics’’

Downloads Data

Role Cockpit

How can we overcome the lack in transparancy on

who can do what within the system?

What are my options for detecting conflicting

authorizations?

How can I gain insights in the general security

configuration and the confidentiality of data?

Where can I find support for analyzing segregation

of duty conflicts?

Managing your GRC issues

Better manage the risks in your organization

Detect and prevent compliance breaches

Reduce compliance desk efforts with efficient operations

Rely on high-end audit knowledge

Minimize expenses for GRC consulting

Migitate risks from conflicting roles

Make governance and compliance enjoyable

Leveraging efficient solutions

Introducing the SOFY GRC App

SOFY GRC solves a variety of business

problems regarding governance, risk and

compliance in Oracle, SAP and Microsoft

Dynamics and NAV ERP systems. Using an

unique cloud based approach data streams

are analyzed and exceptions identified in

real time. The solution is an accelerator to

implement solid GRC processes and

configuration.

The intuitive, transparent, and simple tool

has been developed for effective compliance

management in your ERP system. Real time

insights and alerts have can be used for the

benefit of detecting and preventing

compliance breaches.

The cloud service can be directly integrated

to your existing ERP backend and requires

minimal deployment and maintenance effort.

The integrated KPMG knowledgebase

makes user adoption and implementation

seamless.

How it works

GRC dashboards & analytics

Data access monitoring

Duty segregation monitoring

Authorization conflict checks

Security configuration analysis

SOFY GRC

Segregation of duties monitoring

24SoD conflicts

User configurationanalysis

Overview

GRC dashboards & analytics

The GRC summary dashboard offers a

quick insight to the key statistics of the

different modules. The dashboard

displays several powerful analytical

tools that provide exceptions on an

aggregated level for management.

SOD reporting supports managers in

the search for control over the

authorization setup. All SOD violations

are provided in detailed overviews.

Dynamic reporting capabilities allow

managers to investigate SOD violations

in-depth.

A tool that will assist in understanding

your user configuration. With this tool

the role (super-)user configuration within

the ERP system can be easily

assessed. User configuration statistics

are provided over a time-frame, thereby

exhibiting the occurrence important

changes.

Security

configuration

User - androle cockpit

Confidential data access monitoring

In our cockpits all results of the various

reports for a specific user or role are

functionally combined in a single

overview. For every user in your

organization you will now be able to see

which roles, conflicts, access to

confidential data apply to them. For

every role you will see the users with

that role and conflicts.

With this tool managers can analyze

user access requests and prevent

segregation of duty conflicts. Assigning

conflicting authorizations can be

prevented by using the risk simulation

tool. The simulation tool will support you

in the consideration of authorization

requests and prevents the alignment of

conflicting roles.

A tool designed help the management

understand how their confidential data is

secured within the organization. This

tool increases the security surrounding

your confidential data by learning which

people have access to most confidential

data in your ERP system. An overview

presents potentially confidential data

objects with the number of users with

access.

Authorization conflict simulation

With this tool managers can analyze

user access requests and prevent

segregation of duty conflicts. Assigning

conflicting authorizations can be

prevented by using the risk simulation

tool. The simulation tool will support you

in the consideration of authorization

requests and prevents the alignment of

conflicting roles.

User - and

role cockpit

Risk

simluation

Data access

Contact Information:

Rob PetersPartner, Management Consulting

T: +31 (0) 651546465E: Peters.Rob@kpmg.nl

Tony KantersManager, Management Consulting

T: +31(0) 651291619E: Kanters.Tony@kpmg.nl

© 2015 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG

Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative

(‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through

complexity’ are registered trademarks of KPMG International.

Service & Implementation

Professional services

We believe that a combined offering of

our innovative solutions and services

from our experienced business

consultants further increases our added

value to your organization.

In short and focused advisory projects

we can quickly make a lasting impact

on your organization and realize

tangible improvements.

In addition our on-, near- and off-shore

delivery centers can provide various

managed services for the different

business apps we have available. By

trusting complex and non-core

processes to our skilled teams you can

focus on the things that directly

contribute to your business goals.

Implementation

The SOFY implementation process is

simple and straightforward. The effort

required to set up the data exchange is

limited, based on standard Microsoft/

SAP technology and well supported by

documentation and our support team.

Implementing SOFY can be done in just

a few days.

This service has been designed with

high security requirements and

standards. In addition a penetration test

has been performed as part of our

security policy.

The data centers that are used for our

cloud service comply with various

industry standards.

Security