Staatsolie – 85 % risk reduction of SAP SOD and access risks via authorisation redesign and technology implementation

Staatsolie is one of the leading energy companies in Suriname, committed to sustainable development and operational excellence. In 2020, Staatsolie embarked on an ambitious improvement program aimed at professionalizing their IT function and optimizing Business and IT alignment. With the motto ‘business leads, IT drives,’ they defined several sub-projects, including IT control. Improving their control over their business processes was one of their projects. We were involved in the project to reduce the SOD and (critical) Access risks.

Staatsolie asked us to help in redesign SAP roles and authorizations for the SAP S/4 HANA production environment and reduce their SAP Security and SoD risks and to implement technology to stay clean.

When we started the project, Staatsolie was facing significant SAP Segregation of Duties (SoD) and critical access risks. To address these challenges, Staatsolie decided to mitigate the risks by redesigning its SAP authorizations. Their goal was to establish an SAP environment where key risks are managed effectively, and the authorization concept is strong and robust.

We began by conducting a baseline assessment to evaluate the risks within the existing SAP authorization design. This assessment helped us understand the areas that needed improvement and guided the redesign process.

Staatsolie recognized the value of using Soterion to support this project. To ensure Soterion was tailored to their needs, we first customized the SoD rule set according to Staatsolie’s specific risk profile. This allowed us to design and configure authorizations that are closely aligned with their organizational risks and compliance requirements.

Following this, we redesigned all authorizations for the entire SAP environment. Our approach was focused on creating a well-structured authorization framework that significantly mitigates SAP access risks, ensuring a solid foundation for Staatsolie’s authorization concept.

BR1GHT played a key role in supporting Staatsolie throughout this redesign, offering our services on a fixed-fee basis. This gave Staatsolie clear cost expectations upfront, thanks to our deep understanding of their SAP environment gained during Phase 1 of the project, and because Staatsolie had properly enabled the necessary logs.

The entire project was conducted 100% remotely, and Staatsolie experienced our approach as pragmatic and efficient, with no sense of missing physical presence. BR1GHT’s team was always available when needed, providing seamless support and maintaining close collaboration despite the remote setup.

Throughout the redesign, Soterion technology was used daily to create and implement risk-free single roles, simulate potential risks during business workshops, and evaluate the overall quality of the redesigned authorizations. Soterion was instrumental in achieving an efficient and effective authorization redesign.

During the project Staatsolie went through a tool selection process and selected FastPath to monitor their SoDs and critical access risks. BR1GHT has assisted Staatsolie in moving the SoD ruleset from Soterion to Fastpath.

The project took longer than initially expected, primarily due to Staatsolie’ s thorough User Acceptance Testing (UAT) procedures and competing business priorities that occasionally limited the availability of key stakeholders. However, Staatsolie prioritized quality over speed, and this focus was integral to the project’s success.

Ultimately, we delivered a redesigned authorization structure that resulted in an 85% reduction in SoD risks. This outcome reflects our commitment to providing Staatsolie with a secure, compliant, and robust SAP environment.