Access Risk Controls module manages segregation of duties (SoD) - a powerful approach to managing access risk. By requiring that certain activities be performed by different people, errors and conflicts of interest can be avoided, and transparency is improved.

Activity-Based SoD Model

Segregation of duties (SoD) is a critical element of identity and access governance. However, not all SoD models are the same. Access Risk Controls uses an innovative activity-based SoD model, which drastically reduces management costs.

Activity-based SoD defines SoD conflicts among business activities instead of between roles. This conflict model is much more manageable and more intuitive for business people. Also, IDEAS' activity-based approach decouples SoD management from role management, allowing these processes to be managed by different business units.

Risk-Weighted SoD

In the real world, not all SoD conflicts carry the same risk. Low-risk conflicts may be acceptable in some situations, or with appropriate monitoring. IDEAS allows conflicts to be assigned a risk level, and permits conflicts to be handled appropriately according to their risk levels.

SoD Risk Remediation

IDEAS Access Risk Controls integrates seamlessly with IDEAS' native support for access risk remediation. Compliance managers may define remediation policies for particular SoD conflicts or according to conflicts' risk levels. Thereafter, in user authorization workflow, a manager will be automatically prompted to assign a risk remediation process appropriate for the conflict.

SoD Domains

IDEAS Access Risk Controls supports SoD domains to partition an enterprise into logically separate business areas. SoD domains reduce occurrences of false positive SoD conflicts and simplify SoD administration.

"What-If" Analysis

Changes to the production SoD model may produce new SoD conflicts in subtle or unpredictable ways. Therefore, Access Risk Controls supports multiple SoD environments, separate from the production SoD model, in which to test changes to the SoD model. After testing, an environment can be switched into or out of production, making deployment and roll-back fully predictable. This directly supports best-practice change-management procedures.

Advantages:

• Activity-Based SoD offers lower implementation costs and greater management flexibility than role-based SoD.
• Risk-Weighted SoD supports real-world business processes by distinguishing between high and low risk SoD conflicts.
• SoD Domains distinguish between separate business areas, to avoid false SoD conflicts being flagged.
• SoD Risk Remediation allows SoD risk to be managed in practice through support for monitoring SoD conflicts, instead of forbidding them.
• What-If Analysis supports best-practice change-management procedures.

Related Products:

• Access Risk Controls for SAP