Johan Hermans, CEOMany organizations have found solace in the adoption of the SAP GRC (Governance Risk and Compliance) approach to alleviate routine audit challenges that myriad software products failed to mitigate over the years. However, almost twenty years ago, entrepreneur Johan Hemans realized that the GRC software for SAP systems, employed by most enterprises, possessed several shortcomings. Despite adoption of the latest technologies, clients were often at the receiving end of a cycle of deficient audits and experienced a lack of transparency in determining the number of authorized users. In addition, most SAP GRC software products offered almost zero compliance automation and clients ended up facing an unacceptably high level of legal risk. The lack of a holistic solution that addresses traditional setbacks existing in SAP Governance, Risk and Compliance spurred the inception of CSI tools, which has garnered the reputation of being a ‘go-to’ SAP GRC solution provider over the years. The organization is known for its industry-leading software solutions to address the needs of the SAP GRC realm. CSI tools delivers dynamic analytic solutions to audit and monitor SAP environments, manage and validate authorizations as well as define roles that adhere with the client organization’s security and business needs. The company’s software suite comprises of four applications that have found wide acceptance among enterprises worldwide, namely the CSI Authorization Auditor, CSI Automated Request Engine, CSI Role Build & Manage as well as CSI Emergency Request.
In its two-decade long journey, the organization has mitigated several woes for client organizations, one such resolve is effortless determination of the number of users authorized with access in critical SAP environments. “Installation of ash trays across the premises alone does not guarantee accurate identification of the number of smokers in an organization and in fact, the approach narrows the chances of estimation,” mentions Johan Hermans, Founder & CEO, CSI tools, drawing parallels between defining rule sets in identification of nicotine intake patterns and determining the number of authorized users in an SAP environment. The industry veteran emphasizes that from a GRC standpoint, reduction in the number of parameters in a rule set to determine the degree of vulnerability in an organizations, will expose more employees, processes or resources that are potential risks.
In a bid to help decision makers gain a better insight of the authorization structure in their SAP environments, CSI tools devised its flagship tool, CSI Authorization Auditor. This invention aims to help decision makers gain a clearer view of the authorization history in their organization and unearth impending risks by exposing inconsistencies between what individuals are allowed to do and have done in the past. Most importantly, the auditing tool can be installed within a few minutes and in an hour’s span, the decision makers can assess risks existing within their whole SAP environment.
The Automated Request Engine another noteworthy tool from CSI’s arsenal too is highly beneficial for enterprises striving to accomplish compliance in their SAP environments.
This invention aims to help decision makers gain a clearer view of the authorization history in their organization and unearth impending risks by exposing inconsistencies between what individuals are allowed to do and have done in the past and who has almost access.
The engine enables fully automated SAP user access provisioning with configurable workflow and emailing functionality. Most importantly, the tool ensures preventive checking on SoD conflicts, logs all user requests and ensures almost no occurrence of unwanted access to critical functionality. The organization helps enterprises accomplish efficiency by significantly reducing human and financial capital resources usually utilized in addressing the GRC aspect of business operations. The automated request engine is a great time-save that enables employees to gain permissions quickly without spending a significant time waiting for an IT admin to grant access during role changes. However, at the same time, managers and key decision makers are notified about the permissions granted to the employees. On top compensating controls can be assigned during the workflow process.
Adoption of CSI tools’ in their work environments has helped several clients enhance the effectiveness, efficiency and agility of their SAP environments. To illustrate the capabilities of his organization better, Hermans shares an example of an American multinational firm that had implemented around 25 SAP systems, each exclusively catered to a European region. Recently, the client envisioned the consolidation of these standalone systems into a single, holistic platform that addressed the whole of Europe. The challenges involved in migration of data from these myriad systems to a single platform were security, auditing and maintenance. CSI tools helped mitigate this challenge by adhering to Role-Based Access Control and Attribute Based Access Control approaches.
Many organizations that recently procured the SAP GRC also amalgamated the solution with CSI tools Role-Built Management solution, which is one of the organization’s many triumphs. It allows to build all SAP roles on a full automated way, as a consequence business reorganizations are reflected in all roles in hours except in months. The CSI tool can be accessed through myriad interfaces, including tablets, and can work as a SaaS solution too. “In the days to come, we intend to enhance the capabilities of our flagship auditing software and ensure many more languages can be supported and thus augment our user base,” concludes Hermans, revealing a glimpse of CSI tools’ roadmap.