Simplified SAP GRC UAR Fiori App

The basic objective of configuring the UAR (User Access Review) process with Fiori is that Approvers (Reviewers) should be able to approve/reject the requests that show only relevant and minimal information, and they should be able to submit all the requests waiting in their inbox in one go.

Why User Access Review (UAR) is essential.

Organizations have been asking their business users to review SAP access change requests for quite some time now. However, even with regulations such as SOX / JSOX / IFC being in existence for many years, the obligation to perform a User Access Review is a more recent requirement for many organizations.

It's crucial to emphasize the consequences of not performing the reviews to encourage a shift in organisation thinking. If the User Access Review is perceived as a complex process, the initial step is to simplify it and set up the right protocol for managing access through regular review procedures. The overall process shall ensure identifying users with unnecessary/ Elevated authorizations. Furthermore, it unveils insights for restructuring and streamlining the authorization processes.

Background

We identified a need with many of our existing clients to redefine the UAR process to be simpler and more effective and encourage them to adopt this practice of performing UAR at least once a year.

One of the reasons they could not accomplish their UAR activities is its somewhat complex UI, making it difficult for the Reviewers to understand the process completely, take necessary actions or complete the review in time. Some of the challenges due to complex UI are highlighted below.

• Save button: The save button is intended to save progress, but reviewers often mistake it for completing their review activity.
• Submit Button: Clicking the submit button triggers the appearance of a new approver button, which is confusing as reviewers believe they have completed the action. However, final approval is still pending until the approve button is clicked.
• Number of line items: Line items default to a blank status, requiring manual status changes and a save click for each item. With hundreds or thousands of line items, this becomes cumbersome, and any session timeout risks losing progress.
• High number of requests: Reviewers must individually review each request, leading to significant time consumption and increasing UAR's overall Turnaround Time (TAT).

The main goal in creating this UAR Fiori app for the UAR process is to enhance the efficiency and effectiveness of approvers in managing their UAR request items.

Simplifying existing UAR Functionalities

After conducting numerous workshops and engaging in multiple rounds of detailed discussions with business process owners and application administrators who thoroughly understand the process, we have streamlined the functionalities provided by SAP GRC for UAR. These have been configured within this Fiori App based on their insights and pain points.

• Simplifying the Screen: After careful review, unnecessary features have been identified and removed from the user interface. The interface becomes cleaner and more intuitive by decluttering the screen and focusing on essential elements. This simplification ensures that users can easily navigate the app without being overwhelmed by unnecessary options or distractions.
• Precise Information on Screen: The user interface has been optimized to present only the most relevant information to the user. By carefully selecting and displaying essential data points, users are provided with a clear and concise overview of the task at hand. This precision allows users to quickly understand the status of pending requests and make informed decisions without sifting through extraneous details.
• Faster Decision-Making: With a streamlined user interface and simplified procedures, the time required to review and approve requests is significantly reduced. The improved user experience and reduced process complexity contribute to faster turnaround times (TAT). Users can navigate the app more efficiently, resulting in quicker decision-making and a more responsive workflow. Overall, these enhancements lead to greater productivity and operational efficiency within the organization.

Benefits:

The simplified and streamlined process provided by this Fiori App yields several benefits for the reviewer, including:

• Reduced Follow-ups: Eliminating confusion surrounding multiple saves, submit, and approve buttons leads to fewer follow-up queries and smoother processing.
• Increased reviewer participation: Reviewers are more actively engaged due to the enhanced user experience and simplified process, leading to higher participation rates.
• Decreased Turnaround Time (TAT): Observations indicate a significant reduction in overall TAT, with clients completing reviews within a shorter timeframe. Specifically, TAT has decreased from 4-5 months to just 1 month, enabling timely completion of reviews within specified deadlines.

Conclusion:

Safeguarding organizations against internal and external threats is paramount, particularly in adhering to compliance regulations such as SOX/JSOX/IFC. While SAP User Access Reviews are instrumental in achieving these objectives, a shift in mindset is necessary to view them not merely as audit checkboxes but as powerful tools for effective access risk management.

By implementing Protiviti’s Customized GRC Fiori App, your organization can effectively tackle these challenges encountered during User Access Review (UAR) processes. Our app simplifies the reviewing process and enhances the overall reviewer experience, ensuring smoother and more efficient operations. We invite you to contact us for an in-depth discussion on how our app can be customized to address your organization's unique requirements. Together, we can tailor a solution that perfectly aligns with your needs and maximizes the benefits of UAR.

#WhenItsGRC #ItHasToBeProtiviti

Credits: Ankit Sharma , Yuvaraj Y. , Lovejeet Gaur , Nikhil Saxena