Many organizations are looking at how to improve and gain efficiencies in their SAP business processes with robotics. It feels like a similar wave and buzz around this is now repeating itself like it was with outsourcing. However, now it is the wave of RPA, robotics process automation. RPA is simply automation of simple repetitive tasks that a robot is taught to repeat. Triggered for example by a human input, the robot performs certain steps in a similar manner.
In our world at GRC Nordic, we are involved in these projects supporting our customers in finding the optimal balance for security and compliance in their SAP systems. There are two main aspects to think about; obviously you will need to think about controls on the input side as well, but this thinking takes place on your SAP system side.
1 Controlling Accesses for the robot to perform the right things
- What is your concept in granting, approving, changing and removing access of the robot user ID?
- What type of user IDs and what type of roles will you use for the robots?
- What is your review and housekeeping process for these user IDs?
2 How do you make sure the robot has done the right things?
- If the robot is supposed to create sales orders for example, you should ensure the sales orders are correctly created.
- You have two options to do this, you place your controls around the script creation, approval and maintenance process as you can lay trust that your robot does not have the human factor playing in, ie if your scripts are correct your robot will perform the right things. He or she is not tempted to make errors or commit fraud. Or you place your controls in your SAP system once those sales orders are created.
The complexity comes from the constantly changing world. A robot may be programmed today to create sales orders but tomorrow we have a change and something else is needed. All your tediously setup processes for compliance need to easily adapt to different types of changes and respond to business needs. It is utterly important to be responsive and adapt to this pace of change if we want to be part of it, as the business moves on with a high pace in today’s world.
By choosing a smart set of controls from the above examples you can achieve a properly secure defense in depth model. Governance and controls around the scripts, around the outputs of the robots and around the accesses of the robots will give you a good balanced solution.
If you need help securing your SAP system in your robotics project, please talk to us !