Video: Imperial Brands Cuts Costs, Boosts Security with Role-based Access Redesign

Imperial Brands, one of the largest tobacco products companies in the world, saw an opportunity to reduce fraud risk and third-party IT costs by closing a gap in its segregation of duties (SoD) compliance. The gap become apparent when its auditors reported discrepancies between the company’s SoD audits and the SoD results coming from external audit. The company decided to update its processes and SoD ruleset to improve transparency of its reporting. 

The SoD update revealed that its existing role-based access design was outdated as well, so it undertook a redesign of its role-based access profiles to avoid a conflict with the new SoD ruleset. Imperial Brands used the data analysis provided by SAP Access Control to identify unused or infrequently used transaction codes (T codes). The company trimmed the number of T codes and ensured task roles aligned to SoD functions defined in its ruleset. 

Learn how Imperial Brands reduced costs, improved security, and enhanced accountability through its role-based access redesign project.  


Read the full story.


Dirk Tel Imperial Brands
Read More

Dirk Tel is a senior risk, internal control, and assurance manager with 19 years of experience in the fast-moving consumer goods (FMCG), telecom, and professional services industries, helping organizations manage risks through strategic planning, assurance, and control implementation. He currently serves as Group Internal Control Manager at Imperial Brands. He has a solid background in design, implementation, and assurance within large-scale and medium-sized commercial organizations. He is passionate for ensuring topics are addressed from different angles (commercial, operational, and technological) and across different stakeholders throughout all levels within the organization to ensure fresh perspectives and positive outcomes to complex problems. His specialties include ERP controls implementation and review, internal audit, IT strategy, SOX compliance, modelling, logical access control, and non-financial KPI assurance.