With ISPICIO_GRC you get the full functionality of our desktop version: this includes checking rules for authorizations includin SoD-checks, access controls, IT general controls, journal entries and statistical analyzes. A predefined set of rules is available. You can modify and extend the checking rules. The data extraction from the ERP is done by ISPICIO_GRC automatically. Analyses can be performed on an ad hoc basis or at intervals. All results and reports are stored and managed centrally. A real highlight is the ability to link SAP®-queries and SQL-queries with ISPICIO_GRC to be performed automatically.
The control management is the heart of ISPICIO_GRC. It enables you to design the control structure of your business, regardless of your operational / legal organizational structure. Combine organizational structure elements (e.g. national companies, retail organizations, etc.), identified risks, the associated controls and responsibilities to a unified control environment. For automated controls, a rule-based analysis in SAP® is provided. All other systems can be linked via SQL. Manual controls are assigned to control owners to the four-eyes principle. The necessary control activities are assigned to control owners in a workflow, also per e-mail, if wanted. In a SOX-environment the management testing can be covered by ISPICIO_GRC, too.
It is regulary a real challenge to store and retrieve control bushings of your Internal Control System. In practice there often exist various locations of stored control activities and hard to understand spread sheets. ISPICIO_GRC is shipped with a standard Business Intelligence solution including an interactive dashboard. You can create your own charts and lists easily per drag & drop. This gives you an overview of the efficiency of your control environment within seconds! And if you already use a BI-Solution, the data can also be transferred to all popular BI systems. With ISPICIO_GRC you get the transparency you need!
In practice, awarded permissions in SAP® ERPs rarely comply with all regulatory requirements. Organizational changes, job changes, etc. can blur authorization concepts. As a result, costly cleanup projects are required from time to time. With the user management of ISPICIO_GRC you can actively confront this danger. For this, ISPICIO_GRC provides a workflow-based user management with a mandatory precheck regarding possible SoD-conflicts before assigning the appropriate permissions.
– SoD-conflicts can be avoided in advance
– Reduced costs for authorization monitoring
Emergency User Management
Far reaching permission in the system (SAP_ALL) must not be assigned to operational administrators but only to dedicated emergency users who are logged in the security audit log (SAL). To control, monitor and document the use of the emergency user, ISPICIO_GRC provides an emergency user management. In our application, designated employees can request an emergency user and will automatically receive an unique user ID and password. All susequent activities are logged. After successful deployment, the emergency user logs off the ERP and ISPICIO_GRC will automatically lock this emergency user. In the aftermath a specified reviewer receives a message with the protocol and must endorse the operation.