2024 Mar 28 6:19 PM
Safeguarding Success: Navigating SAP Governance & Security with SAP IAG, Process Control & BIS
Introduction:
This blog is dedicated to the intricate world of governance, security, and controls within SAP environments. Delve into the realm where SAP Identity Access Governance (IAG), process control, and SAP Business Integrity Screening converge to fortify organizational integrity. Join us as we explore the critical intersection of technology and governance, ensuring compliance, risk mitigation, and operational excellence. Uncover insights, strategies, and best practices to navigate the complexities of SAP systems with precision and confidence.
SAP Cloud Identity Access Governance (IAG)
SAP Cloud Identity Access Governance (IAG) will enable organizations to achieve robust access control and governance across on-premises and cloud applications. Built on SAP Business Technology Platform (BTP) and SAP's proprietary HANA database, IAG integrates seamlessly with SAP Identity Authentication Service (IAS) and Identity Provisioning Service (IPS), offering a multi-tenant environment.
The various facets of SAP Cloud IAG in scope are depicted below.
Scope:
Services:
The below services have been considered in-scope are:
SAP Process Control
SAP Process Control, delivered as an add-on to SAP NetWeaver AS for ABAP 7.52, will enable to
The 2 facets of process control include:
Compliance Management: Manage and monitor their internal control environment to proactively remediate any identified issues, and then certify and report on the overall state of the corresponding compliance activities.
Policy Management: Manage the overall policy lifecycle, including the distribution and attestation of policies by target groups.
SAP Business Integrity Screening
SAP Business Integrity Screening is being proposed for detecting, investigating, and analysing irregularities in data, as well as preventing fraud.
The steps to be performed during implementation include
Design:
Setup:
Detect:
Investigate:
Analyze:
By virtue of being on S/4 HANA, BIS handles large volumes of payments, processing through real-time simulations. SAP BIS also integrates with different process areas like master data management, invoice processing, payment execution (payment runs),
BIS has a highly flexible detection and screening strategy for business partners where new rules can be added and it can make composite rule scenarios, resulting in an overall risk score being awarded.
For example, a weighted score may be determined based on individual Rules like:
Architecture
2024 Apr 08 1:44 PM
Hello
why in this scenario you didn't use SAP access Control instead of IAG? there could be an option to have single system with SAP GRC AC+PC+BIS. It is helpful to understand the reason for different scenario selection 🙂
Thanks
Samir