Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Managaement
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Partners
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social Responsibility
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Careers
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Blogs
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
FAQs
We've put together a comprehensive list of frequently asked questions - along with our responses - to the most common GRC and SAP security issues.
4 February 2013

Top 5 Customer Concerns Around Managing Access Risk - Part 3

Last week we looked at issues around managing emergency access to systems. This week I discuss the third major concern around managing access risk which is taking a piecemeal approach which does not address the ongoing risk.

Reactive and fragmented approach to managing risk resulting in recurring audit issues

Clients typically fall into 3 levels of maturity around managing access risk;

1. No process: The auditors will deliver their report and the client will address the issues which existed on that day which is only a short-term, band-aid fix. It is reactive and doesn’t constitute a process.

2. Manual process: Many companies manage their SoD's by extracting data from SAP and manipulating it in spreadsheets. What's wrong with doing this?

  • As soon as it is extracted it is out of date
  • It is subject to human intervention and is therefore error prone (or worse, manipulation)
  • It is very time consuming and not easily repeatable! May not capture all risks.
  • Auditors will not generally rely on this for the above reasons
  • Unless a process is able to be repeated continuously access issues will creep back into the system over time

3. Automated process: By having a central repository of agreed access risk rules, management of these risks becomes transparent. This enhances the collaboration by providing a common language between the business (who typically do not have enough technical understanding) and IT (who often don’t understand the risks in a business context).