20230720 Elkjop Success story_banner

How Elkjøp gained control of their access risks in a few days

EPI-USE Labs’ partner Soterion provided an effective GRC solution to manage access risks

Implementation in
a few days

Less manual extraction
and Excel manipulation

Easy identification of redundant or unused functions

Reduced number of
inactive users

About Elkjøp Nordic

Elkjøp Nordic was founded in Norway in 1962. Since then, they have grown to become the market leader in consumer electronics and kitchen appliances retail in the Nordic countries. The group consists of around 11,000 employees, and more than 400 stores in Norway, Sweden, Denmark and Finland, Greenland, Iceland and the Faroe Islands.

Elkjøp Nordic has been being part of Curry’s UK (Dixons Carphone plc) since 1999.

They are currently running these SAP systems: ECC, TM, EWM, F&R, CAR, EM and SLT.


The challenge: Lack of control over roles and access

Elkjøp encountered difficulties in managing large projects with tight deadlines, including the extensive use of external consultants who required additional authorizations using broad-access transaction codes.

The use of consultants made it challenging for Elkjøp to gain a clear understanding of the full scope of the project, and resulted in loss of control over role additions. Challenges included:

  • unclear role ownership
  • a lack of active role assessment
  • neglect of Segregation of Duties (SoD) and the Principle of Least Privilege
  • organizational changes not being considered.

Another challenge they faced was a one-size-fits-all approach to roles, rather than creating roles tailored to specific needs, leading to inefficiencies and potential security risks.

Elkjøp concluded that they needed greater control over their systems, and support with setting up and managing these controls.

An implementation completed in only a matter of days resulted in an immediate return on investment.

Atle Myklebust
Teamlead IT SAP Technical Services, Elkjøp Nordic

An effective GRC solution for SAP authorisations

Elkjøp chose the solution from EPI-USE Labs’ partner Soterion, as it offered industry best practices for SAP roles and authorisations.

Soterion's compliance software solves GRC (Governance, Risk management and Compliance) for SAP clients. The GRC tool was an excellent starting point for risk identification and management, enabling the team to obtain analytical and statistical views of their access risks, including SoD categorisation, critical transactions and privacy risks. They could also identify superfluous functions and transactions, which facilitated identifying remediation opportunities.

Soterion's big data mining and drill-down utilities made it possible to perform an in-depth analysis, while its standard reporting functionality included online reporting with live drill-down capabilities on current data. This enabled Elkjøp to have a comprehensive and effective approach to managing access risks and maintaining control over authorisation processes.

The GRC solution from EPI-USE Labs and Soterion raised awareness in the company, and moved the responsibility back to the business, rather than being with the IT team.

Atle Myklebust
Teamlead IT SAP Technical Services, Elkjøp Nordic

Shift in risk approach with Soterion

The implementation of the solution initiated a risk remediation project that raised awareness in the company, and started moving the responsibility back to the business, rather than the IT team. Also, the company did an extensive clean-up process to address the Principle of Least Privilege.

Soterion is now configured to run a monthly deactivation process for inactive users, and all users and authorisations are centrally provisioned.

We were also pleasantly surprised by how efficient the EPI-USE Labs helpdesk team was, and the personal level of service.

Atle Myklebust
Teamlead IT SAP Technical Services, Elkjøp Nordic


20230720 Elkjop Success story_benefits

Agile GRC success stories


Aker Solutions

View Success Story

EndeavorFeature Image
1C_ForFamers_Client Study GRC in practice


View Success Story