.png)
Transforming SAP security for modern business compliance
iNova Pharmaceuticals is a global organization headquartered in Singapore, with a diverse portfolio of market-leading consumer health brands and prescription medicines. The company focuses on therapeutic areas such as respiratory health including throat, cough, cold and flu, allergy and sinus, pain management, weight management, and dermatology.
Today iNova’s products are distributed in over 75 markets across Asia, Australia, New Zealand, the Middle East, Africa and Europe.
“
The professionalism and expertise of Turnkey’s consultants were outstanding. They ensured that the project was completed on time and within budget, leaving our team upskilled and self-sufficient post-implementation."
Challenge
iNova sought to enhance its SAP security posture by undertaking a comprehensive SAP ECC Role Redesign and upgrading its SAP Governance, Risk, and Compliance (GRC) system. iNova used a decade-old legacy SAP ECC Role design, which no longer aligned with evolving business processes and led to excessive or inappropriate access privileges. Additionally, the absence of automated user access reviews and effective Segregation of Duties (SoD) management posed potential risks. This lack of automated processes made it difficult for the organisation to proactively address security risks and maintain the necessary audit trails.
iNova also experienced limited visibility and control over access risks due to the underutilization of its existing SAP GRC system. This hindered real-time monitoring and impacted response times to potential security threats. Furthermore, the existing SAP GRC 10.1 platform had reached the end of its support lifecycle, depriving the organisation of critical updates. Its outdated features made access management more cumbersome, affecting data quality and daily operations.
The legacy system also posed resourcing challenges and increased administrative overhead. The approval structures within SAP ECC were hard-coded, necessitating manual updates whenever organizational changes occurred. Moreover, it required frequent troubleshooting, straining IT resources and reducing operational efficiency.
Recognising the need for a strong, efficient access control framework, iNova aimed to redesign the approval roles to be more scalable, allowing for flexible, role-based assignments and improving maintainability and streamlining future updates.
Solution
In partnership with Turnkey, iNova embarked on a journey to enhance its SAP landscape through a robust security framework and improved access management solutions. The project began with a comprehensive assessment of existing roles and user authorizations. By analyzing 16 months of transaction usage data and conducting stakeholder workshops, Turnkey designed a new, task-based SAP ECC role framework that accurately mapped access across the solution.
The role redesign effort simplified and consolidated roles to reflect iNova’s current business processes, eliminating redundancies and ensuring users had only necessary access privileges. The redesign addressed both business user and thirdparty access, replacing previously broad, unrestricted access with stricter controls based on specific user responsibilities. Turnkey also overhauled iNova’s Segregation of Duties (SoD) ruleset to eliminate conflicts and prevent users from holding conflicting access privileges that could lead to errors or fraud.
Another significant enhancement involved reimplementing approval processes within the SAP GRC system. The previous approval process was centralized and often assigned to a single individual. The new solution decentralized approval workflows, allowing role owners (e.g., finance, HR, IT) to approve access requests specific to their functional areas, which improved governance and aligned access approval with domain expertise.
Turnkey maintained strong stakeholder engagement throughout the implementation with regular communication and comprehensive discovery sessions. This hands-on approach was particularly valuable during the hypercare period when issues were promptly tracked and resolved. This comprehensive project streamlined iNova’s SAP security framework and ensured scalability for future growth, aligning their SAP systems with best-inclass governance standards.
Results
Turnkey overhauled iNova’s SAP Security Role framework, including its SoD framework, and upgraded its SAP GRC tool. This enabled iNova to streamline role administration, leading to faster, more accurate user access provisioning and strengthened defenses against potential security threats.
A key outcome was the establishment of a structured administrative oversight function within the SAP GRC system. Previously, iNova lacked a formal process, with user access requests authorized in bulk without a thorough review. The new solution provided efficient administrative controls, ensuring the right level of oversight for all user access activities.
The upgraded SAP GRC system also enhanced compliance and risk management, enabling iNova to meet regulatory requirements. Automated User Access Review (UAR) and Access Risk Analysis (ARA) processes aligned user authorizations with roles and responsibilities, reducing the risk of unauthorized access.
Turnkey facilitated multiple training sessions for key stakeholders to ensure smooth adoption and the sustainability of the solution. The Turnkey team’s expertise in explaining complex concepts and providing thorough documentation not only ensured successful implementation but also enhanced iNova’s internal capabilities with the new SAP Security framework and GRC processes. iNova’s improved control over user access and licensing is expected to bring efficiencies in future annual reviews, helping the business avoid costs due to over-licensing and ensure compliance with SAP’s licensing agreements.
“
Turnkey addressed our compliance gaps and revamped our GRC system, making it auditready and far more efficient. The smooth transition and lack of post-go-live issues wereimpressive, making this one of the best implementations I’ve experienced.”
Benefits
- Enhanced Operational Efficiency: The simplified and well-defined roles reduced administrative overheads, increased operational agility, and streamlined user access management, making the system more efficient.
- Reduced Risk of Unauthorized Access & Improved Compliance: The role redesign minimized unauthorized access risks by aligning user access with specific job roles. User Access Review (UAR) and Segregation of Duties (SoD) management provided regular visibility into access rights, reducing risk exposure and improving compliance by proactively managing potential access conflicts
- Scalability and Future-Readiness: The redesigned security roles and upgraded SAP GRC system are scalable, enabling iNova to adapt easily to future growth and evolving business needs.
- Real-Time Risk Monitoring and Automated Processes: Continuous access risk monitoring, along with automated workflows for Access Request Management and Emergency Access, led to quicker identification of potential compliance issues, minimizing the chances of violations and increasing process accuracy.
- Audit Readiness and Improved Access Visibility: With enhanced auditability, access logs and role assignments are easily accessible, simplifying audit preparation. The User Access Review module ensures permissions align with job roles, providing iNova with a clear view of access control across systems.