Ruralco has big plans for the future. They want to embark on a digital transformation journey, to be ready to meet future challenges and opportunities head on. Their rapid growth through mergers and acquisitions has led to a complex and varied business landscape.
“We wanted to get our back-yard in order, so we can move forward with our aspirations for our digital journey,” explains Jeni Pitman, Program Manager, Ruralco.
Ruralco has used SAP for many years, but the growth and acquisitions have resulted in many different business units, and the SAP security systems have not always kept pace with organizational and process change.
“I was looking for a SAP security expert to help us. I approached SAP, and also my network of contacts. Turnkey Consulting came highly recommended through both routes,” says Jeni.
Turnkey Consulting performed an initial scoping study which comprised being on site for a short period. During this time they interviewed key staff and reviewed processes and systems. This gave them the overview to highlight issues, make recommendations and produce a security roadmap, with short-term quick wins and longer-term strategic initiatives. The scoping study resulted in a year-long project to uplift SAP security across the business.
The first phase of the project focused on getting key GRC modules up and running, including:
Another key aspect of this phase was to review the rule-set for GRC, to apply the valid risks in their environment and make it more appropriate based on the rules that they should be operating.
Ruralco and Turnkey Consulting then turned their attention to the role definitions, to build in segregation of duties (SOD). By looking at Ruralco’s existing roles and responsibilities, the level of risk in the system and recent audit recommendations they were able to determine a proposed role redesign for the users. This phase was divided into four different sections:
“We clarified people’s roles to achieve appropriate segregation of duties. This ensures that the same person would not be able to create a new supplier, raise a PO, and then pay that supplier. It reduces the total risk profile of the business,” explains Jeni.
The role redesign was achieved through a series of workshops with key personnel from across the business – including process owners and key users. Overseeing the process was a newly established governance group. The redesign required getting into the detail of job functions and essential system access.
The chief challenge in this project was the size and scale of operations at Ruralco. With 1000+ SAP users and 50 different business units – all with different rules and roles – it made the project very complex.
An understandable concern for Ruralco was to implement these changes with minimal disruption to existing operations. It was essential that staff could operate effectively throughout the implementation. Turnkey Consulting phased the work to reduce disruption, and followed up issues and defects very quickly, usually within a few hours.
“We now understand our risk profile, and we have processes around protecting our SAP environment. We are meeting compliance and audit requirements. For us from a business perspective, we can have a starter come in and get the right access from the getgo. Previously new starters needed 3-4 access changes to get it right. That’s a real business benefit,” says Jeni.