SIVIS Mitigation Manager
Mitigate audit conflicts in the SAP system through compensatory controls
With the SIVIS Mitigation Manager, unavoidable audit conflicts can be mitigated. The smart tool automatically creates compensatory controls based on previously defined rules if audit conflicts arise in the SIVIS Compliance Manager.
Unavoidable critical conflicts in the SAP system
Administration of compensating controls
The SIVIS Mitigation Manager administers the execution of so-called compensatory controls. Compensatory controls may become necessary if critical audit conflicts cannot be avoided.
To perform their tasks, some users require a number of authorizations that lead to audit conflicts (SoD).
Since this cannot always be avoided, a responsible person must approve the conflicts.
When it comes to very critical authorizations, the management may need to control whether the user uses the critical authorizations for unauthorized activities.
The SIVIS Mitigation Manager
The SIVIS Mitigation Manager automatically recognizes, on the basis of defined roles, when an audit conflict arises and communicates this automatically to the persons responsible.
The tool simplifies the administration of compensatory controls. The persons responsible are automatically reminded periodically of the controls. The performed controls are documented.
The SIVIS Mitigation Manager provides security when normal security mechanisms, such as Segregation of Duties (SoD), are not applicable.
Mitigate critical conflicts
How does the SIVIS Mitigation Manager work?
The SIVIS Compliance Manager detects that audit conflicts occur with a user.
A responsible person has the possibility to remove the audit conflict or, if not otherwise possible, to approve the conflict. If a conflict is approved, the SIVIS Mitigation Manager uses preset rules to determine whether a specific audit conflict should lead to a compensatory control or not. If this is the case, the persons responsible for this are now periodically reminded by the SIVIS Mitigation Manager by email that a certain check must be carried out.
If a responsible person has performed the check, e.g. viewing the settings in the system or transaction data that could be generated by the user through critical authorizations, he reports this back in the SIVS Mitigation Manager.
Here, a comment can be entered and documents can be attached. The performed checks are stored by the system and can be called up at any time.
Compensating controls in the SAP system
What are compensating controls?
Compensating controls replace security mechanisms that are difficult or impractical to implement. For example, it is not always possible to implement clear separation of functions and tasks as a safety mechanism. A compensating control offers an alternative to the safety mechanism.
Frequently asked questions about the SIVIS Mitigation Manager
Yes, the SIVIS Mitigation Manager creates compensatory controls automatically on the basis of previously defined rules if an audit conflict arises.
The SIVIS Mitigation Manager manages additional controls designed to prevent abuse by users who have many authorizations.