Governance, Risk & Compliance

Compliance Enforcer

SUIM's Compliance Enforcer (CE) controls for rule violations and alerts risk owners to any potential infringements.
Solution is SAP certified - integration with SAP S4/HANA

Ensuring compliance with Sarbanes-Oxley (SOX) and other regulation is a heavy burden on any company's internal controlling mechanisms. Putting the right processes in place is just the first step: identifying, verifying and documenting violations is the hard part.

SUIM's CE helps to reduce and mitigate risks effectively. Compliance Enforcer not only checks and alerts for potential authorizations-related risks in real-time, it can also analyze information about actual risks that have occurred, using data recorded by SUIM's Application Tracer (AT) and Emergency Handler (EH).


Compliance Enforcer shortens and streamlines your controlling processes enormously. Instead of manually checking each system by an employee, CE analyzes complex sets of rules across your entire SAP portfolio and identifies violations without manual effort.


Individual sets of rules and guidelines can be stored in the ergonomic customizing workspace, to adapt risk checks to your needs. Any number of attributes can be maintained to categorize and document rules and risks. CE includes several preventive or reactive workflows for risk owners and managers.


Creating even complex sets of rules to perform risk checks is easy in CE. Risk mitigation is made efficient and simple through user-friendly workflows.

Authorizations related entitites

Authorization related entities represent elements of an IT solution/product that is delivered within this SUIM product and can be integrated  for generation, administration, provisionning and/or monitoring purposes.

Identity related entitites

Identity entities represent reource-related elements (identity, organization, user) of a solution/IT product that can be integrated in this SUIM product for administration, provisionning and/or analysis purposes.

Integration with 3rd parties products

Third-party products corresponds to all SAP and non-SAP, on-premises or cloud IT solutions/products for which this SUIM product has been interfaced / integrated. Each of theses connectors will be delivered within this SUIM product

Integration in other SUIM products

The other SUIM products are the other SUIM modules, which are not part of this solution, but for which integration adds value.
TOP 5 Features

Stop risks before they occur!

Prevent risks or apply mitigating controls. Integrate CE with SUIM's AM/IM solutions to prevent Sensitive Access/SoD conflicts during user provisioning (with workflow approvals process). Assess, mitigate and monitor risks in one single dashboard.
Read More
Workflow scenarios, and risk alerts

CE includes several preventive or reactive workflows for risk managers. The risk responsibility is clearly defined and the authorization and user administrator are assisted. Alerts can be configured if risks occur within an emergency access.

Customization Wizards

The ergonomic customizing workstation for configuring Compliance Enforcer makes creating rules and risks simple and intuitive. Furthermore it is possible to import existing rule or risk sets (e.g. EBS Schreiber, DSAG etc.).

Setting rules and risks for diverse entities

Rules and risks can be customized and combined using all kind of authorizations related entitites:

  • SAP authorization objects, SAP roles, SAP profiles, system parameters (RZ10).
  • AM/AMSO organizations, SUIM systems, AM/AMSO organization type - organization level.
  • AM/AMSO roles, BI authorizations.
  • Open API.
Automatic check for risk violations

In CE you can customize violations checks (triggers) that start automatically and send alerts/workflow items in case of:

  • Modification of roles in a client system.
  • Modification of user’s rights in a client system.
Structure your risk criteria

A comprehensive risk landscape can be overwhelming and difficult to manage. For a better understanding of your rule sets and risks, CE allows you to easily categorize and prioritize your risks based on the following criteria:

  • Risk impact: Define the impact of a risk on your business (e.g. marginal, high, critical)
  • Risk level: Specify color-coded risk levels (e.g. low, medium, high)
  • Risk likelihood: Assess the possibility of a potential risk occurring (e.g. rare, unlikely, certain)
  • Type of risk: Determine the type or risk (e.g. operational risk, strategic risk, financial risk)-- Module: Categorize the risk by modules (e.g. Accounts Receivable, General Ledger)

Such a structured risk landscape facilitates you own risk management.

Discover SAP services and solutions tailored to your business needs.

With dozens of tools at your disposal, we customise a best-fit solution to meet your business’s needs. Request a consultation with our expert team today.
Get in Touch