• Audit
• Authorizations
• SAP Workflow
• GRC Services
• Identity & Access Management
• Day-to-Day Support
• Trainings
• Webinars

GRC Services

Educational SAP GRC videos

- to view SAP GRC movies please click here
- to view SAP GRC Access Controls demo please click here
- to view SAP GRC Process Controls demo please click here

Since we have the knowledge for more then a decade in implementing security processes, we have the perfect insight and experience to assist you when you are implementing the automated solution.
Most projects fail because your colleagues think that technology will solve the problem. The critical success factor in implementing technology is understanding the problem and be able to translate the business requirements into rules that technology can understand.

Technology will work with rule sets that need to be modified to your needs to ensure that you are monitoring the risks that you want to monitor. Moreover we will ensure that all risks are identified and not filtered because you forgot to identify one out of the 100.000 transaction codes which are available in your SAP systems. Our "back to basics" principle ensures that you have a full insight in all your risks. Our approach will also enable you to prioritize in the most important risks to ensure that you can have quick wins and success stories in no time.

SOD rules are very important but cannot always be implemented due to organizational restrictions or due exceptional emergency cases. We will ensure that if you cannot rely on preventive procedures that you can rely on detective procedures like logging and compensating controls. You need to have assurance that if certain controls cannot be performed, that you business will still be able to operate without taking a huge risk.

Most companies have problems in defining what the real business requirements are. We have built a very easy methodology to map business requirements with actual - factual statistics. This enables us to identify where business requirements are possibly wrong defined. This will enable you to adjust the business requirements and thus to ensure that the implementation of the technology will go smoother.

Especially when automating the security processes, ownership is the key item since it will trigger all workflow items. Without ownership you will not be able to define the workflow items and you will never be able to manage the exceptions.

We can assist you in defining the controls, and monitor the automated and manual controls to ensure that your organization will get the necessary certifications to ensure your business continuity.

Drive Business Predictability with confidence.

Today’s business climate is complex and increasingly difficult to predict. Stakes are rising in a global market in which competition is fierce and brand loyalty is fickle. Across all industries, companies are grappling with high expectations and margin pressures. At the same time, businesses are facing a great number of legal, regulatory and business partner mandates. Looking ahead, you can expect more of the same.
Therefore the question is: given today’s highly regulated environment, how can you control risk, effectively manage drive performance, and ultimately inspire greater confidence?
An old management axiom says:  “You can’t manage what you don’t measure”

(© SAP AG)

An integrated approach to managing Governance, Risk and Compliance!

SAP® helps organizations to build an integrated GRC approach on the basis of a step-by-step approach. SAP® solutions for governance, risk and compliance help you leverage your SAP®  IT investments, and deliver the following business benefits:

• increased value. Good corporate governance is reflected in many intangibles, including brand and reputation.
• optimized risk / return portfolios. Greater transparency and insight enables your decision makers to select or reject projects based on risk impact and probability relative to potential return.
• reduced costs. Your GRC project will significantly reduce the number of people – and time – required to ensure and manage compliance and risk management.
• improved business performance and predictability. SAP solutions for governance, risk and compliance deliver enterprise wide transparency, a systematic process for anticipating risks and the tools to proactively determine proper actions.
• business sustainability., Businesses can more effectively mitigate risks stemming from myriads of legislations when using solutions delivered through automation, analytics, and alerts.
• business agility. Your organization can identify and assess alternative scenarios – and can gain greater business agility and competitive differentiation.

(© SAP AG)

axl & trax is SAP Silver Level Expertise GRC Partner

In 2008 axl & trax will focus on the SAP GRC Process Controls and Access Controls applications SAP GRC Risk Management will follow soon.

SAP GRC Process Controls is a solution for internal controls management that enables members of audit and internal controls teams to gain better visibility into key business processes and ensure a high level of reliability in financial statement reporting. Process Control uses a controls-based approach to managing risk associated with business processes and to comply with Sec.404 of the Sarbanes-Oxley Act of 2002. It provides the necessary capabilities to fully document the control environment, evaluate the controls, certify the state of controls, and report and analyze control information. The solution extends value to key user segments such as audit managers, compliance managers and business process owners.

The four major capabilities of the solution are:

1. Control documentation (Organization structure, Process catalog, Account groups, Control objectives and risks, Entity-level controls)
2. Control evaluation (Assessments, Effectiveness Testing, Automated control monitoring, Planning and Scheduling)
3. Certification provides the process of sign-off, which is the formal process of attestation by organization owners and officers of the company on the state of internal controls.
4. Reporting and analysis focuses on detailed and flexible reporting features that enable users to gain full visibility into the control environment and make data-driven decisions

With its combination of time-dependent data setup, robust workflows, detailed object-level security and analytic reports, Process Control meets the complex requirements of internal controls teams. Its configurability enables you to adapt easily to changes in your business and realize faster time-to-value. You can also improve visibility into compliance processes, reduce the overall cost of compliance, and gain a high degree of confidence in the quality of financial reporting.

SAP GRC Access Controls Solution consists of the following modules:

• Risk Identification & Remediation. Rapid, cost-effective and comprehensive initial clean-up.
• Enterprise Role Management. Enforce SoD compliance at design time. An application that allows role owners to document role definition, perform automated risk assessments, track change control, and facilitate maintenance.
• Compliant User Provisioning. Prevent SoD violations at run time. A Web-based application that enables compliant provisioning by automating the user access request and approval process with embedded risk analysis
• Superuser Privilege Management. Close ##1 audit issue with temporary emergency access. A superuser tool that allows emergency access in tandem with authorization, data, and access restrictions, along with an audit trail.
• Periodic Access Review and Audit. Focus on remaining challenges during recurring audits.
• Cross-enterprise library of best practice segregation of duties rules.

What is the Added value of axl & trax?

Our GRC Consultants have a solid experience in Business Administration and IT, especially regarding Risk Assessment, Authorization Architectures, Business Control Frameworks, Architectural Security Services, and, Tracking Methodologies. They can assist you during all the different phases of your project. Even better, with the axl & trax methodology and tools, costs will be cut dramatically during the sprint phase, reducing the man/days and the project’s elapsed time! axl & trax also guides you during the “stay clean” phase to put all in place at “state-of-the-art” level.

SOX Compliance Services

One of the most renowned compliance issues of recent years is beyond any doubt the Sarbanes-Oxley Act (SOX compliance). To achieve compliance in the SAP authorizations area, all internal control principles need to be applied to your authorizations setup. In order to meet your control objectives, efficiently designed and effectively operating controls have to be in place, on process level, but also on Segregation of Duties level.

axl & trax can accompany you through all the steps required to close your control gaps and reach compliance:

• Verification that the conceptual part of the authorizations contains no SOD conflicts,
• Resolution of SOD conflicts at Composite Role level (Business Function level),
• Design of compensating controls in case SOD issues cannot be solved through organizational changes, 
• Optimization of existing controls: transferring manual controls to automated ones, detective controls to preventive ones wherever possible, thus transferring the workload required for control activities from business people to the system, 
• Reporting of gaps identified by the controls, allowing proper monitoring by management.

axl & trax will take all the necessary actions to guarantee a higher level of confidence in the controls of each of your processes.
To fulfil your needs, our services range from supportive reporting cycles that allow self remediation, up to full remediation support. From isolated interventions to complex SAP® turnkey projects.