It’s not easy to get access management processes right. However, you might find the secret to achieving this can be found in the most unlikely of places - your HR system.
Deficiencies in the joiner, mover, leaver process are some of the most common findings in an SAP systems audit and with GDPR on the horizon, managing access to data effectively is more important than ever. Getting these processes right can be complicated. Users need to have the access required for their jobs quickly and efficiently when they join an organisation. As they move roles their system privileges will need to change accordingly and when they leave the company access should be removed without delay.
Throughout all of this it’s important to ensure that they only get the system privileges they need at that point in time. For these processes to be as seamless as possible, a regular and complete source of information about these activities is required.
Typically, the best place to find this information is in the corporate HR system, creating a key dependency between the completeness and accuracy of HR organisational data and system access provisioning within IT.
Efficient joiner, mover, leaver processes can save your organisation money
This is not just a nice to have in terms of keeping things neat and secure. Slick joiner, mover, leaver processes can save your company a lot of money. Consider the example of temporary staff in an accounts payable team. If a temp is hired to input a backlog of invoices into SAP, their productivity is going to be directly linked to how quickly this access can be provisioned to them. If the temp costs £300 a day and they have to wait ½ a day for their access, that’s a waste of £150. This (and similar scenarios) happen in every organisation, every day and the numbers add up to big savings if you can get these processes right.
There is also a potential saving in terms of risk avoidance. Last year businesses reported over £40m in losses from employee fraud [Source: an RSM freedom of information request]. And that’s just the employee fraud that was identified. Getting these processes finely-tuned is not just good practice, there is a tangible saving to be made in terms of reducing the cost of fraud to your organisation.
Regulatory fines should also be considered - the savings available to those who get their access management processes right will increase significantly from May 2018, with fines of up to 4% of worldwide turnover for non-compliance with the new GDPR legislation.
The tools to improve your joiner, mover, leaver processes are already in place
The good news is that most organisations already have the tools to improve their joiner, mover, leaver processes. They are available to them within their existing IT landscapes. For instance, SAP GRC Access Controls is a tool that has been deployed in the majority of SAP environments.
However, in many cases only a fraction of the potential value of this tool is actually being realised. Many SAP GRC deployments have stopped short of realising value from automation across joiner, mover, leaver processes. This is a situation compounded by the lack of integration to HR that, if in place, would really streamline these processes.
So what about SAP SuccessFactors?
Integrating SAP GRC with SAP HCM is something that Turnkey has deployed successfully for many customers. The benefits are proven and significant, especially where HR data is kept complete and accurate. However, for customers who have chosen to migrate their HCM platform to SAP SuccessFactors there has, until recently, been a number of gaps. Many companies have turned to third party integration products such as Greenlight in order to achieve the level of integration required with SAP SuccessFactors. Whilst this can offer a solution, it requires an additional software investment.
Managing risk in the HR process
Connecting SAP GRC to SAP HCM makes a great deal of sense from a risk management perspective. There are a number of Segregation of Duties (SoD) and sensitive access risks within the HR process itself and these need to be managed carefully - in the same way as any other access risks. One of the most commonly quoted SoD risks is the ability to manipulate bank account details or basic pay and then execute payroll. It is vital that this, along with a number of other HR and payroll-related SoD risks are managed effectively in order to reduce the risk of internal fraud. Whilst SoD and sensitive access analysis has been straight-forward in an SAP HCM, ABAP-based system, Greenlight or other alternative workaround processes are needed in order to help companies manage these risks in an SAP SuccessFactors environment.
Full integration between SAP GRC and SAP SuccessFactors is here
For the reasons already highlighted in this blog, Turnkey has been lobbying our contacts at SAP on behalf of our customers for some time. Our aim has been to influence SAP to deliver native integration with SAP SuccessFactors. I am pleased to say that this integration is now fully delivered with the implementation of the latest service pack release for SAP GRC 10.1, SP19. Further details of the latest improvements are available in SAP Note: 2538932 - Access Control (ARM, ARA, BRM) Integration with SAP SuccessFactors.
For more information on the benefits of integrating your HR systems with SAP GRC or further details on how to connect Success Factors to your SAP GRC landscape please contact us. We’d be happy to help.