Additionally, paste this code immediately after the opening tag:

Case Study – Managing SOD Access Risks

Problem Statement


Massive numbers of single, derived, composite roles, roles did not match positions, excessive access an issue.​ Ruleset did not contain custom transactions and gaps had been highlighted by big4 benchmarking exercise.​ Controls were weak and did not fit for purpose, Risks were unmitigated in live system​


Problem metrics​

2 key systems, 6000 users using SAP, 20,000+ single roles. Users in some departments required up to 200+ roles for their job.​

Client Information

Business vertical/type​

FTSE 100 customer in the Luxury Retail sector​


Business size & complexity​

10k employees globally, 60% SAP users, 2 ERP systems, S/4 HANA, GRC, BW, Ariba and SuccessFactors


Xendl’s approach​

Working with Group Financial Compliance, Xendl assessed and updated RuleSet with all Big4 gaps where appropriate. Assessed custom t’codes and the need for inclusion to the RuleSet. Carried out assessment of Fiori and non-SAP (3rd party procurement and manufacturing systems) impacts on the RuleSet.​ ​Provided technical support in a business led review of mitigating controls and helped establish the appropriateness and effectiveness of each.​

Designed and provided guidance for new mitigations including risk materialisation reports to mitigate SoD risks and built a roadmap for full automation leveraging existing tools with customised Xendl bolt-on.​

Supported a small selection of critical automated controls using a Xendl CCM bolt on to GRC. ​

What was delivered​

Established quick wins for SoD remediation, leveraging transactional usage​
Created, documented 20 new strong semi-automated detective controls leveraging custom reports developed by Xendl (see below)​
GRC Continuous Control Monitoring (CCM) to strengthen / protect existing automated controls​
Took the client on a journey to ≈ 0 unmitigated conflicts​

Xendl accelerators / IP​

Rapid mitigating report generation​

Reference available

​ – Yes