Managing Separation of Duties in Ariba Using SAP Access Control

Why Managing Separation of Duties in Ariba is a Challenge

SAP Ariba is one of the most efficient cloud applications to streamline procurement processes. It’s no surprise that many SAP customers manage vendors and purchases of goods or services through Ariba. Though Ariba is an SAP application, one key differentiator is that it functions as a separate application outside the scope of SAP Access Control. As a result, managing separation of duties (SoD) risks in Ariba has become a significant challenge for Ariba customers.

The Evidence is in the Audit

Auditing Ariba is usually on the top of the list for most external auditors because of the type of financial transactions that are processed. The risk of financial fraud in the Procure to Pay business process is simply too high – making Ariba any auditor’s priority.

While your ABAP-based SAP applications can be monitored and controlled using SAP Access Control, cloud SAP apps like Ariba remain excluded from native SAP GRC functionality. Though Ariba does provide some out-of-the-box SoD reporting, it lacks the ability to view the same users’ access in SAP ECC and S/4HANA, which leaves the door open for cross-application SoD risks to go undetected.

For example, a customer faced a situation where several approvers of purchase requisitions in Ariba were also responsible for downstream action of receiving goods in SAP. Previously, identifying this cross-application risk required manually pulling PR approver information from SAP ERP and comparing it against reports from Ariba – a cumbersome and error-prone process. This highlights the limitations of relying on out-of-the-box Ariba SoD reports that lack visibility into SAP access.

These challenges increase the probability of compliance violations that lead to audit findings and greater financial risks.

The Solution? Consolidate your SAP Risk Management Under One Roof – SAP Access Control

Usually, when organizations want to implement SoD, they look for an SoD solution that is compatible with their ERP application. In the case of SAP Ariba, Pathlock offers a simple yet efficient solution to manage risk across your non-ABAP SAP applications. With Pathlock’s integration, you can extend your existing SAP Access Control capabilities to Ariba.

Unified View of User Risk: Pathlock extends SAP Access Control to SAP Ariba to provide a complete overview of risk across multiple applications on a single pane. This also enables auditors to view, analyze, and report on the risk status in real time.

Consistent Compliance: The integration enables enforcement of access control and SoD policies across SAP and Ariba applications. This reduces the time and effort needed to build separate policies and rulesets for Ariba and brings Ariba under the scope of your organization-wide compliance initiatives.

Robust Ruleset: Pathlock offers the industry’s most robust out-of-the-box ruleset for SAP Ariba. The integration enables you to identify and mitigate SoD risks using rulesets that have been built as per global compliance standards.

Pathlock ensures quick time-to-value by reducing risk and costs using an automated, cross-application approach to risk analysis. Beyond SoD, the integration also enables SAP Access Control users to provision Ariba users and conduct periodic access certifications. And all this can be done within SAP Access Control, a system that is familiar to your current users.

Want to know more? Get in touch with us for a demo. 

Related reading: How Pathlock Extends SAP Access Control Capabilities to Ariba