A Productive and Effective Solution

In the world of GRC and SOX regulations, organizations must work very hard and efficiently to keep their systems clean from violations. ProfileTailor Dynamics GRC lets you easily locate violations and then quickly solve them.

Want to see
the ProfileTailor™
In action?

With ProfileTailor Dynamics GRC, you can identify and solve existing violations, be notified when a new violation occurs, and keep your status clean with ongoing processes.

Take Control over Segregation of Duties Rules

When you start an SoD project, you start with rules. The rules define what combinations of activities will conflict with SOX regulations. Only after a sound rule definition can you proceed to find the violations to these rules.

In ProfileTailor Dynamics GRC you will be able to:

  • Easily define SoD rules with only a browser, or an uploaded Excel document
  • Manage rules so you can separate them to groups, and activate or deactivate them together
  • Start with best-practices, so you don’t have to start from scratch

Quickly Identify Violations to SoD

In any good SoD project, speed is a factor. You need to identify the violations to SoD rules quickly in order to maintain a suitable level of satisfaction and maintain compliance. ProfileTailor Dynamics GRC generates many different types of reports and matrices, all of which serve to quickly identify violations and all of which can be downloaded into Excel for further analysis, or sent via scheduled periodic emails.

You will be able to identify SoD violations by authorization roles or by specific user. If a violation is pre-approved, you can create a remediation (mitigation) quickly so this violation will not appear again in the reports.

Solve SoD Violations Based on Usage

The best way to handle violations is to solve them clearly and quickly. Xpandion’s unique tool, Conflict Resolver, solves SoD violations by pointing out the best combinations of authorization roles to change in order to solve the violations.

Conflict Resolver can assist you to:

  • Solve SoD violations by getting the best solution and up to 5 additional possible solutions
  • Focus only on used activities and remove redundant authorizations which are not in use
  • Execute the solution directly from Conflict Resolver into the SAP system

With Conflict Resolver, you will be able to genuinely solve conflicting violations in matter of minutes. You’ll save a huge amount of resources compared to the average SoD project

In additional to SoD rules, sensitive authorizations also need to be controlled. After enhancing the pre-configured sensitive object list and adding your own development, you will be ready to see who is really using their sensitive authorization roles, and who is not using them at all. The authorization roles that are granted but not being used, should be removed. This way you significantly reduce risk and lessen your resources required for authorization maintenance.

If a user manages to get a sensitive role, an authorization that violates an SoD rule, or a rule changes in a way that it creates violations, ProfileTailor Dynamics GRC will immediately alert by email. This allows the SOX manager to react as soon as possible and eliminate the risk at its source.

The alerting infrastructure allows you to:

  • Know about new SoD violations immediately when they are created
  • Start a workflow process to solve SoD violations when they are created
  • React when a user is granted a sensitive role or profile

How do you keep the situation clean and avoid seeing new violations in each audit report? To keep it clean, ProfileTailor Dynamics GRC includes a set of workflow processes and features that can be used to:

  • Prevent a new situation of violating SoD – using pre-defined workflow process of requesting authorizations. This process of approvals includes a built-in SoD violation check, and if it’s found that the requested authorization violates any of the SoD rules, it will be automatically redirected to the SOX manager, who can take further action.
  • Read more about authorization request workflow
  • Conduct a periodic process of authorization recertification – as part of the SOX regulations, managers need to recertify their employees’ authorizations on a periodic basis. This can be done quickly with the pre-configured process for authorization review, included in ProfileTailor Dynamics GRC. Managers just love the simplicity of the process and the lack of hassle, while SoD managers are amazed by the level of control that they have over the process.
  • Get more details about authorization review process here
  • Allow emergency access to production, carefully – use a comprehensive workflow process to allow power-access to production environments by IT people. ProfileTailor Dynamics GRC includes a uniquely detailed process, that complies with GRC regulations, allows granting timely access, while tracking the performed activities
  • Learn more about Emergency Access process here