how a global cosmetics company met increased audit requirements during an sap grc install
TRANSCRIPT
Looking to
Automate
Your Access
Controls? Case Study: Global Cosmetics Company
Learn how other companies are eliminatingSoD conflicts and soaring through their
internal audits
Chemical SecurityCosmetics
How PeroxyChem nearlyeliminated SoD conflicts
with Access Analyzer
How a fortune 500 globalsecurity company reducedSoD Auditing by 700+ hours
How a global cosmeticscompany met increased
audit requirementsduring an SAP GRC
install.
“Access Analyzer produced very targeted andaccurate SAP access and utilization data we
needed to provide our external auditors. Theywere very happy with the tool and kept asking
us for more data, eventually using itthemselves when we got too busy.”
- SENIOR DIRECTOR OF INTERNAL AUDITGLOBAL COSMETICS COMPANY
Case Study 3: Global Cosmetics Company
The client is a global cosmetics andbeauty care products company. Its well-known brand is synonymous with beautyand its products are distributed in morethan 100 countries.
The Company
T h eP r o b l e mThe company was faced with an upcoming year-end audit whichincluded a review of the company’sSAP® access controls andutilization data. They had a list ofrequests from their externalauditors and they did not have anautomated tool to efficientlycapture and present thisinformation. The company was alsostarting to implement SAP’sGovernance, Risk and Compliance(GRC) platform, however the projectwould not be complete in time tohelp with the 2015 year-end auditprocess.
THESOLUTION
Upon reviewing the reporting capabilities of Access Analyzer, the teamdecided to move forward with the Reporting Plan subscription, whichincludes a suite of executive-level Segregation of duties (SoD) andSensitive Access analysis reporting capabilities. The initial installation ofAccess Analyzer took less than 30 minutes, which allowed the SeniorDirector of Internal Audit to begin running the needed reports almostimmediately.
THE RESULTS
The company was able to completetheir year-end audit tasks by providingaccurate data from Access Analyzer tothe external auditors while the Directorof Global IT Compliance and her teamwere able to continue to focus on theimplementation of SAP GRC acrossthe company.
WWW . E R P M A E S T R O . C O M
01 02
03
RESULTS
The Senior Director of Internal Auditprimarily relied on the User ConflictMatrix and BPO Conflict reportsutilization reporting to demonstrateutilization of access and segregation ofduties (SoD) controls over the course ofthe year, which was then shared withtheir external auditors. Using AccessAnalyzer, he was also able to documentany mitigating controls.
Besides the reporting capabilities which work well in place of or alongside SAP GRC,the flexibility of ERP Maestro’s cloud-based subscription model was another plus forthe Director of Global IT Compliance and her team. With no long-term commitment,they could easily decide to stop or continue the service after the GRCimplementation.
W A N T T OL E A R N M O R E ?
http://www.erpmaestro.com/resources/case-studies