SAP Licensing and Authorizations Managers: How do you know that your final report is not relying on corrupted data? Maybe you have a software tool that analyses the data for you – but is any data missing or corrupted to…
If you’re in the GRC field and you’re asked to join a GRC project as a professional consultant, a team leader or a project manager – avoid these 5 major mistakes. If you don’t identify these situations beforehand, you might…
Many small and medium sized companies struggle with this challenge. Let’s say they have a sales representative who’s located in another country. Which authorizations should he get? Should he have access to the SAP system at all? If so, should…
Even though Authorization Objects are the most basic components in the SAP authorization world, they make SAP much more secure. Many organizations argue that you should use Authorization Objects like you spice food: If spices are used properly, there’s total…
True Story A customer from a large enterprise came to us and said, “Our company has an ‘open policy.’ We trust our employees, so we grant all of them SAP_ALL. We know that SAP_ALL includes all authorizations in the system…
Here are 5 amazing facts based on our vast experience with SAP customers required to maintain SOX compliance, GRC consultants and auditing firms. 1. The focus is on compensating controls much more than on eliminating risk. …and it should be…
Here are 6 harsh realities that we discovered from our customers: 1. Users are still using SAP_ALL Power Profiles Although SAP doesn’t recommend using the power profile SAP_ALL, many organizations are still using it. They should definitely not. This authorization…
In 1914, American judge Louis Brandeis coined the famous quote “Sunlight is said to be the best of disinfectants,” and it has proven to be most accurate in 2014 too. Many of our current and potential clients fear what may…
In many organizations, the access to the sensitive SAP T-Code SU01 is much wider than needed. Let’s explore why. SU01 is used for different purposes, most commonly to create new user accounts, reset users’ passwords and Lock/Unlock user accounts. System…
A couple of years ago, we included a “Lock User” button feature into our security product. If you received a “very high” alert, you could log into the system, catch the fraud in action, press the “Lock User” button and…