Aker Solutions reduced access risk by 85% with Soterion

A growing SAP access risk problem

Aker Solutions implemented SAP in 2004 to 2006. Over the years, employees accrued more roles and authorisations to do transactions. The problem had escalated to the point where they had introduced 1.5million potential access risks to their system.

The Finance Process Improvement & Systems team was looking for a solution to create visibility and transparency. They struggled to know where to begin to address such a large challenge. They already had SAP GRC, but didn’t use it.

Soterion's GRC solutions expose and reduce risks

When EPI-USE Labs demonstrated alternative SAP GRC solutions provided by their partner Soterion, Aker Solutions immediately realized that these could solve their challenges.

They were especially interested in the Access Risk Manager product. This provides a dashboard to identify where the SAP access risk exposure is located, and identifies employees with access to sensitive data, a critical factor to support their GDPR initiatives. The “What-if” Allocation Simulator allowed them to proactively identify risks before applying the changes in their SAP system.

The second solution they use is Basis Review to inspect their SAP Basis configuration against a set of rules based on industry best practice. This product helps them to establish complete compliance to avoid adverse audit findings.

New levels of efficiency through reduced access risks

Aker Solutions realised immediate benefits from Soterion’s solutions, and are now working continuously to bring the risks down further.

The implementation included a week of on-site working with a consultant. In the first day of the project, they reduced their access risks from 1.5 million to 336,000 (78% reduction).

After six months, they had brought potential access risks down to 221 000, a reduction of 85%.

Through implementing Soterion for SAP, Aker Solutions achieved:

• Efficiency
  They reduced the resource-hours spent (both internally and externally) in monitoring the roles
• Effectiveness
  They shortened the process for monitoring user access reporting
• Quality
  They are focusing on high-risk transactions and increasing time spent on analyses rather than extracting data
• Regulatory compliance
  Increased compliance and improved auditor trust
• Risk mitigation
  Increased integrity of key business processes and reduced risk for fraud

About Aker Solutions

Aker Solutions engineers the products, systems and services required to unlock energy. Their goal is to maximize recovery and efficiency of oil and gas assets, while using their expertise to develop the sustainable solutions of the future.

From subsea to surface and concept to decommissioning, their technical expertise and strong partnerships provide energy companies what they need to succeed. Combined with their long history of engineering for the most challenging environments, their approach delivers superior performance for customers and shareholders worldwide.

Aker Solutions traces their origins back to a small mechanical workshop founded on the Aker River in Oslo nearly 200 years ago.