-
SOFTWARE
SOFTWARESAP HCM & PayrollQuery Manager Query Manager Add-ons Document Builder Variance Monitor DSM for HCM HCM Productivity Suite FLOW GeoClockSAP Landscape & Test Data ManagementData Sync Manager (DSM) suite - System Builder/Shell Sync - Object Sync - Client Sync - Data Secure Archive CentralSupport & TrainingClient Central E-learning & trainingSAP Data Privacy & SecurityData Privacy suite - Data Secure - Data Disclose - Data Redact - Data Retain Cenoti (Splunk connector) Soterion (GRC)
-
SERVICES
SERVICESSAP HCM & PayrollPRISM for HR & Payroll SAP SuccessFactors Integration monitoring Payroll reporting Report writingClient-specific DevelopmentCustom development SAP BTPSAP Landscape & Test Data ManagementPRISM Migrations to S/4HANA System Landscape Optimization (SLO) Managed data refresh servicesSAP Data Privacy & SecuritySAP data privacy assessment serviceMass data removal services Data privacy consultingCloud and Application Managed ServicesFunctional AMS Cloud management services Cloud migrations Basis managed services Private cloud hosting SAP on AWS SAP on Azure Premium Support Services RISE BRIDGE Managed Services
- All Solutions
- Request Estimate
-
Resources
Resources Blogs Read the latest updates on SAP SLO, SAP HCM, Data & Privacy, and Cloud Webinars Access expert insights in live and recorded webinars Video library Watch videos and improve your SAP knowledge
- About
How Endeavor improved their GRC compliance for SAP with Soterion
Nick Achteberg, Senior Director Technical Services (SAP), Endeavor
Reduced their Segregation of
Duties (SoD) risks by 50%
Achieved 100% response
from the reviewers
Reduced access footprint, with significant improvement in user experience
Who is Endeavor?
Endeavor (formerly known as WME | IMG) is a global leader in sports, entertainment and fashion, operating in more than 30 countries. Named as one of Fortune’s 25 Most Important Private Companies, Endeavor specializes in talent representation and management; brand strategy, activation and licensing; media sales and distribution; and event management. Endeavor owns the Ultimate Fighting Championship and Miss Universe.
Request YOUR Soterion demo DOWNLOAD SUCCESS STORY Watch video
Endeavor faced multiple GRC challenges
Endeavor’s IT teams are working with increasingly stringent audit requirements against a backdrop of a growing functional footprint.
Their SAP installation was originally implemented in the mid-1990s, resulting in a ‘snowball effect’ of user access over time. Typical user requests were along the lines of “please mirror Joe’s access”. Also, the problem was exacerbated by long-term users gaining additional access over time, and retaining access that was no longer required in their current business role.
The team conducted Periodic User Access Reviews (UARs), but it was largely an IT-centric process, reliant on manual Excel-based extracts and email. It was a very time-consuming process, and difficult to repeat. Being a manual process, it was also prone to error. It was difficult to track, consolidate responses and audit results. Because it was such a challenging process to manage, getting engagement from the business was difficult. The focus for the UARs was on a small subset of people, largely within the finance department. The team would typically have around 25 people to review the access of around 2,000 people.
What were Endeavor’s main objectives?
Endeavour’s primary goal was to implement a centralized and easily repeatable methodology for conducting UARs, governed by a defined, stable and system-based ruleset.
They needed to:
- Reduce manual preparation effort
- Remove the risk of manual error
- Make risk visible and transparent by type and severity
- Improve UAR end-to-end process efficiency
- Engage and drive business ownership in risk management
Their secondary goal was to improve the efficiency, transparency and reportability in their access provisioning processes.
We have had very good results on our Access Review Management,
which is now performed by our line managers with much less effort.Nick Achteberg, Senior Director Technical Services (SAP), Endeavor
The solution: Soterion for SAP
Endeavor didn’t want to get dragged into a lengthy and complex GRC configuration project with ongoing maintenance overheads for their SAP team. After various discussions with different suppliers, they opted to implement Soterion for SAP as a cloud-based hosted solution. This was considered by Endeavor’s team as the best fit, and the most user-friendly solution for their GRC goals.
The implementation process entailed:
No bespoke SAP development or configuration was required; only standard Soterion transports were used.
What's next?
- Endeavor’s IT teams are currently planning the next UAR.
- They now hold rolling 365-days of user history, to give comprehensive information on usage and potential vs actual risk.
- Reduced access means there is less for their business to review in the next UAR.
- They are refining the risk rule-set to their specific needs, and building out their mitigation controls.
- From 2021, they plan to conduct quarterly UARs.
- They are aiming to deploy Soterion’s system-based access provisioning workflow, and automated provisioning, later in 2020.
With Soterion, we identified that many people had risk-bearing access that they no longer needed. Now, we have reduced our access risk footprint significantly.
Nick Achteberg, Senior Director Technical Services (SAP), Endeavor
What has been achieved?
The expected benefits in terms of risk and role management were better than they expected.
Endeavor has managed to reduce their risk profile significantly, by 50%. They are continuing on this journey and expect to see further reductions over the next months.
In parallel, the visibility of inactive users and unused access has been improved, which helps the team to make informed decisions in their role maintenance and development. With the reduced access and retiring of dormant users, Endeavor has gained efficiencies in their SAP user license utilisation.
Get a free Soterion risk assessment Learn more about SOTERION
