Reduced their Segregation of
Duties (SoD) risks by 50%
Achieved 100% response
from the reviewers
Reduced access footprint, with significant improvement in user experience
Endeavor (formerly known as WME | IMG) is a global leader in sports, entertainment and fashion, operating in more than 30 countries. Named as one of Fortune’s 25 Most Important Private Companies, Endeavor specializes in talent representation and management; brand strategy, activation and licensing; media sales and distribution; and event management. Endeavor owns the Ultimate Fighting Championship and Miss Universe.
Request YOUR Soterion demo DOWNLOAD SUCCESS STORY Watch video
Endeavor’s IT teams are working with increasingly stringent audit requirements against a backdrop of a growing functional footprint.
Their SAP installation was originally implemented in the mid-1990s, resulting in a ‘snowball effect’ of user access over time. Typical user requests were along the lines of “please mirror Joe’s access”. Also, the problem was exacerbated by long-term users gaining additional access over time, and retaining access that was no longer required in their current business role.
The team conducted Periodic User Access Reviews (UARs), but it was largely an IT-centric process, reliant on manual Excel-based extracts and email. It was a very time-consuming process, and difficult to repeat. Being a manual process, it was also prone to error. It was difficult to track, consolidate responses and audit results. Because it was such a challenging process to manage, getting engagement from the business was difficult. The focus for the UARs was on a small subset of people, largely within the finance department. The team would typically have around 25 people to review the access of around 2,000 people.
Endeavour’s primary goal was to implement a centralized and easily repeatable methodology for conducting UARs, governed by a defined, stable and system-based ruleset.
They needed to:
Their secondary goal was to improve the efficiency, transparency and reportability in their access provisioning processes.
We have had very good results on our Access Review Management,
which is now performed by our line managers with much less effort.Nick Achteberg, Senior Director Technical Services (SAP), Endeavor
Endeavor didn’t want to get dragged into a lengthy and complex GRC configuration project with ongoing maintenance overheads for their SAP team. After various discussions with different suppliers, they opted to implement Soterion for SAP as a cloud-based hosted solution. This was considered by Endeavor’s team as the best fit, and the most user-friendly solution for their GRC goals.
No bespoke SAP development or configuration was required; only standard Soterion transports were used.
With Soterion, we identified that many people had risk-bearing access that they no longer needed. Now, we have reduced our access risk footprint significantly.
Nick Achteberg, Senior Director Technical Services (SAP), Endeavor
The expected benefits in terms of risk and role management were better than they expected.
Endeavor has managed to reduce their risk profile significantly, by 50%. They are continuing on this journey and expect to see further reductions over the next months.
In parallel, the visibility of inactive users and unused access has been improved, which helps the team to make informed decisions in their role maintenance and development. With the reduced access and retiring of dormant users, Endeavor has gained efficiencies in their SAP user license utilisation.
Get a free Soterion risk assessment Learn more about SOTERION
© 2024 EPI-USE Labs
Trafford House, 11th Floor, Chester Road, Stretford, Manchester, United Kingdom, M32 0RS •Other Office Locations