Project Example: Consulting and Management Advisory Services

Project

Carry out an SoDScan, check the authorization concept and processes, standardized check of important authorizations/segregation of duties for 6 selected company codes

Customer environment/Tasks

• Established SAP system landscape with about 2,400 users
• Dynamic business environment (business acquisitions, reorganizations)
• SAP administration/application support geared toward flexibility and cost-effectiveness
• Employees require lots of time

The Project’s Goals

• Improve transparency: Which fields of conflict arise in which enterprise areas
• How important/clean are the user department roles and IT roles/authorizations
• Expert opinion/benchmarking on the level of the authorization concept and authorization processes
• Outlook: What has to be done/changed, what is the reasonable action to arrive at the optimized “authorization state”

Solution Approach/Implementation

For the SoDScan, a standardized procedure was used. In the initial step, the SAP data required was extracted by the customer. For this, a download guide was provided.
The data was analyzed offline to protect the software with regard to a selected company code and discussed in an initial workshop (2 days on location). Here, the initial findings were discussed and the checking rule sets were adjusted individually for the analysis of the other company codes. Using a questionnaire, the authorization concept and authorization processes were analyzed with the employees responsible in this area. Respective documents (manuals, documentation, report lists/sheets) were gathered and the initial approaches for improvement were discussed.
During a second workshop on location, the results of the other company codes were introduced, the design of the final report including the benchmarks was discussed and the expert opinion on the authorization concept/process was discussed. This was followed by the final report creation and transmission including the detail data of the analysis.

Customer’s benefits

• Competent dialog partner
• Standardized procedure – swift and professional results
• Clarity and transparency due to consistent report layout (status numbers for all cases of conflict and checks that also turn up in the detail data)
• Preparation of entrusted detail data with a separate analysis approach, so that the customer also can create own views, ad-hoc evaluations, and the like
• Burden to employees on site is minimal
• Benchmarking is based on over 40 analyses carried out in the meantime