Saviynt SoD Services Offering

Developed by Grant Thornton

Overview

In the pursuit of digital transformation, organizations encounter new identity and access management (IAM) risks arising from three primary sources:

  • Inadequate segregation of accounting or business access privileges.
  • Excessive access due to the absence of least privilege security.
  • Complex ERP and EHR access processes are time-consuming and prone to errors.
Many organizations discover significant risk exposure when they implement governance, risk, and compliance (GRC) software suites with access security and monitoring modules. This indicates that past confidence in Segregation of Duties (SoD) may have been misplaced. The importance of SoD is often underestimated, leading to it being regarded as having equal importance to other transaction-level internal controls. Consequently, system access rights are poorly designed, and SoD is not effectively prioritized or utilized

Nevertheless, effective SoD enforced by an ERP security system is one of the fundamental controls. By establishing appropriate SoD, organizations can significantly bolster their risk management capabilities. Grant Thornton offers SoD-As-A-Service using the Saviynt Identity Cloud platform. This service reduces security risks, ensures compliance, and streamlines audit processes by enabling critical use cases for ERP solutions, including SAP, NetSuite, Oracle EBS, Salesforce, PeopleSoft, and Workday.
 

Read Full Solution Brief

Features

Grant Thornton’s SoD services encompass the effective implementation and enablement of the Saviynt SoD feature, combined with the following services for a comprehensive approach to IAM security:

  • Identify weak links in your organization’s security and prevent individuals from having conflicting control over multiple critical functions by leveraging Saviynt’s rulesets and out-of-the-box SoD features.
  • Facilitate smooth access transitions between ERP system datasets (Account, Object, TCode, and Access) to Saviynt rulesets. The ERP system’s accounts and access are then analyzed against the SoD ruleset to identify potential conflicts.
  • Enable clients to implement detective and preventative SoD solutions that comply with regulations, best practices, and company objectives.
  • Mitigate risk across enterprise applications and reduce SoD risks with out-of-the-box risk and security controls.
  • Enable reporting over SoD compliance across the IT landscape and provide stakeholders with timely updates on SoD alerts and compliance.
  • Customize SoD solutions to align with the organization’s unique business requirements and access management processes.

Benefits

  • Identify out-of-the-box Segregation of Duties (SoD) rulesets and policies.
  • Establish a risk ruleset by defining the baseline of the current risk environment and conducting a risk assessment.
  • Execute an SoD risk assessment and document mitigation controls based on the organization’s risk appetite and audit requirements.
  • Map the documented mitigation controls and approved user risks to address risks identified in SoD reports.

About the Developer

Grant Thornton Advisors LLC is the U.S. member firm of Grant Thornton International Ltd (GTIL). GTIL is an international umbrella entity composed of independent member firms with over 700 offices across 130+ countries. It is represented by more than 68,000 personnel worldwide and is structured with individual country partnerships, much like the Big Four member-firm structures. GTIL does not operate an “alliance” or “affiliate” network—a structure used to supplement a global network utilized by some “global” firms. Instead, Grant Thornton member firms use the same methodologies and innovative technology platforms and share a joint commitment to personalized, seamless client service. GTIL and each member firm are separate legal entities.

Visit GT.COM for more information about the provider.

Solution Type Accelerators