Mapping and Risk Profiling in an SAP ERP Environment
A client in the Consumer and Service industry recently asked Mobius to assist in mapping and risk profiling all integrations in their SAP ERP environment.
This client relies on their SAP ERP environment as the backbone of their operations and therefore ERP itself is regularly assessed and audited. However, less emphasis had been placed on assessing the risks and controls associated with the array of SAP integrations with third party applications including customers, suppliers and various other business partners.
We initially identified and mapped (with a graph platform) all the SAP integrations including internal and external connections. Thereafter, developed a simple risk profiling questionnaire and conducted pilot assessments (utilising Phinity’s Procensus tool) for a sample of the key integrations to determine the inherent risk of each integration.
Identifying High Risk Areas
Knowing the inherent risk of the integrations enables the client to focus their attention and resources on the areas in their environment which pose the highest risk to their business operations.
The engagement helped the client increase awareness and understanding of the volume and criticality of the numerous SAP integrations. They were especially delighted by the visual representation of these integrations with the graph platform utilised.
In addition, the pilot assessment highlighted the importance of assessing all SAP integrations and the value of establishing ongoing periodic risk assessments for new and existing SAP integrations.
In the next phase of the project, we plan on completing a profile risk assessment for all the identified integrations and more detailed control assessments for high-risk integrations.