A journey that begins with invisible risks

When an organization decides to migrate to a new ERP, such as SAP, it is not just switching systems. It is rewriting the foundations of its governance, control and security. In many cases, this also means looking at the legacy that has been left behind. And that was exactly the starting point of this case.

Our client, a large business group, faced a disorganized environment, with manual processes, lack of traceability and invisible risks accumulated over the years. Before the move to SAP, something even more critical needed to be solved: to establish a structured, auditable and clear access governance base.

Thus arose the first challenge of our journey: to build a Function Segregation Matrix (SoD) from scratch. But not a common matrix. It needed to be robust, technically accurate and adapted to the new digital reality of the company.

What was at stake was much more than access

During our diagnosis, we found an inherited system that hid critical risks. No formalized SoD matrix. Profiles granted on the basis of manual requests, without standardization. Lack of visibility into critical activities and an IT environment vulnerable to liability conflicts.

In practice, this meant that the old model directly compromised compliance, raised the risk of internal fraud and made it difficult for audit and compliance times to work. So, rather than drawing a matrix, it was necessary to redesign the logic of access governance. And that's exactly what we did.

SoD Discovery: Proprietary AI at the service of governance

We adopt a five-step approach, combining business process mapping, risk analysis, benchmarking and, above all, automation with our proprietary AI: SoD Discovery. This unique Vennx tool was developed to accelerate and qualify the construction of segregation matrices, transforming a time-consuming process into a structured, technical and auditable delivery.

We mapped 39 key processes, grouped by function and criticality. We then conducted interviews with internal customer experts to understand how each activity connected to real business responsibilities. With the support of SoD Discovery, we were able to cross systemic data, identify hidden patterns and recommend critical transactions based on real risks and previous experiences.

The result? We identified 80 high-risk transactions and extracted 297 Fiori Apps directly from SAP. This gave us grants to consolidate 56 new SoD risks and propose a living, flexible and ready matrix to scale with the customer.

Zero to twenty SoD arrays in seven days

With organized data and structured risks, we were able to deliver 20 custom and auditable SoD arrays in just 7 days, all produced with the support of SoD Discovery. It was not just a document, but a real technical basis for the next stages of the project: the implementation of the RBAC model and the complete revision of the IAM and ITGC processes.

Validation with the client's internal times was essential to guarantee adherence. The rules were revised, refined and clearly documented, allowing for the formal approval of the matrix and its integration with access approval flows.

This delivery not only solved an immediate problem, but raised the level of maturity of the company's digital governance to a new level. The SoD matrix began to be treated as a strategic resource and not just an audit requirement.

A transformation that continues to evolve

The SoD Matrix was not an endpoint. On the contrary: it was the beginning of a new journey. With the structure created, the customer can evolve to more sophisticated access management models, with less reliance on manual processes and greater ability to respond to the demands of regulators.

With the support of SoD Discovery, governance response time was drastically reduced, risks became visible and manageable, and the organization gained confidence to continue with the SAP rollout without setbacks or impromptu.

This case shows that, with the right strategy and the intelligent use of proprietary technology, it is possible to transform access governance into a competitive advantage. And more: it is possible to do this in record time.

Do you want to know how to apply this model in your company?

If you are facing a new ERP, face access challenges or need to improve your risk control, talk to one of our experts. We can show you, in practice, how SoD Discovery can be your ally in building efficient, auditable and ready to scale governance.

Get in touch now

‍