The client operates trams, trolleybuses and buses for the Canton of Geneva and also serves some regions in neighboring France. Vehicles in circulation carry about 200 million passengers each year.
The transporter wanted to take advantage of the migration from SAP R3 to SAP ECC6, to perform a full review and redefinition of their SAP composite and simple roles.
The client has previously worked with an integrator to define a theoretical model of their SAP roles and they needed to ensure that this new model allows the users to perform their work without “segregation of duties violations” (SOD) issues.
We used Brainwave iGRC to carry out an audit of the SAP system.
This audit consisted in retrieving current usage of SAP transactions and associate modeling of composite and simple roles. The transactions usage was aggregated for the last 14 months to clearly identify what users used the most.
Then simulations were performed with Brainwave iGRC to check the capabilities to use these transactions each time a new theoretical model was defined.
Decision matrix were published in Brainwave iGRC portal to present the simulation results to help Deloitte to conduct business change management workshops and define the appropriate role theoretical model. Additionally SOD controls proposed by another integrator were integrated in Brainwave iGRC to check SOD violations issues in the model and in the actual role affectation to end users.
This project has been led for 4 months.
The project was led by a team including:
- 1 Expert Brainwave iGRC
- Brainwave iGRC