SAP Business Transformation Study | Oil and Gas | Essar Oil

Picture Credit | Essar Oil Limited, Mumbai, India Used with permission.

Essar Oil: Implementing Best Practices

for Access Management Controls with
SAP Software
Today, energy companies must adopt better governance and risk management
practices. But how can a company continuously monitor user-access risk violations
with manually maintained spreadsheets? Leading oil and gas company Essar Oil
Limited uses the SAP BusinessObjects Access Control application to effectively
manage the segregation of duties and user access.

Quit
2 SAP Business Transformation Study | Oil and Gas | Essar Oil

Executive overview
Company BUSINESS TRANSFORMATION TOP BENEFITS ACHIEVED
Essar Oil Limited

50%
The companys top objectives:
Headquarters Improve visibility of user-access risk violations and provide real-time access
Mumbai, India for management and audit teams
Achieve compliance for segregation of duties governance Fewer risk violations
Industry per user
Oil and gas The resolution:

95%
Implemented the SAP BusinessObjects Access Control application within
Products and Services the companys legacy SAP ERP application
Exploration, production, and Assigned a project team to work with PwC Consulting Services
marketing of petroleum-based Customized the standard risks and rules set with specific roles, risks, rules, Reduction in risk
products approvals, and workflow processes violations per role
Employees The key benefits:
1,300

Revenue
Real-time assessment capabilities to control user-access permissions and
the segregation of duties
All business managers empowered to block potential access violations
30%
Improvement in
Approximately INR 472.5 billion Automation of the hire-to-retire user lifecycle management process
(US$10.3 billion)
processing user requests

Web Site Read more See more metrics

www.essar.com

Implementation Partner
PricewaterhouseCoopers
International Limited (PwC)
SAP BusinessObjects Access Control gives us real-time assessment and
governance capabilities, empowering business managers to map key
fraud risks while substantially lowering risk violations.
Raahil Burhaani, CIO, Essar Oil Limited

Copyright/Trademark | Privacy | Impressum Quit

3 SAP Business Transformation Study | Oil and Gas | Essar Oil

Executive overview
Improve control of user-access
Company objectives permissions
Resolution India-based Essar Oil Limited is a leading integrated
oil and gas company with end-to-end operations.
Offering a portfolio of onshore and offshore oil
Business transformation and gas blocks in Asia, Africa, and Australia, Essar
Oil is also a leader in the exploration of coal bed
methane gas. Its refinery at Vadinar in Gujarat
Future plans currently produces 300,000 barrels of oil per day.
The company is also a leading oil retailer in India,
building a network of 2,500 filling stations across
the country.
Like all listed companies, Essar Oil must comply
with numerous corporate governance regulations.
But with no real-time internal governance controls
in place to handle user-access permissions and
manage the segregation of duties (SoD), the
company was facing compliance risks.
Previously, employees were using manual processes
such as e-mail and telephone calls to assign user
permissions, so it was difficult to tightly control SoD
and keep track of all user-access authorizations. Yet
effective segregation of duties and access control
over key information is a prerequisite for sound
corporate governance. To achieve this, Essar Oil
staff would engage with risk advisory firms to assess
various users risk profiles and identify violations.
Employees then manually resolved the issues that
were raised as a result of these audits.
Key stakeholders at Essar Oil realized that this
approach was time consuming, labor intensive,
expensive and not foolproof. They concluded
that the company needed a tool to automatically
analyze conflicts and manage user provisioning and
authorizations, one that could provide real-time
assessment capabilities to map key fraud risks.

We needed to unify our access control capabilities on a standardized platform

to solve our issues around access risk management compliance.
Raahil Burhaani, CIO, Essar Oil Limited

Copyright/Trademark | Privacy | Impressum Quit

4 SAP Business Transformation Study | Oil and Gas | Essar Oil

Executive overview
SAP software fuels best practices for
Company objectives user-access controls
Resolution With SAP software forming the backbone of Essar
Oils streamlined internal systems, the company
knew where to turn to improve its governance, risk,
Business transformation and compliance. The SAP BusinessObjects Access
Control application was the ideal solution to reduce
access risk across its enterprise and achieve real-
Future plans time visibility into access risk.
First, a synergistic cross-functional team was put
in place to drive the project. The team members
included IT staff, business process owners, as
well as internal auditors who were supported by
implementation partner PricewaterhouseCoopers
International Limited.
To automate the entire hire-to-retire user lifecycle
management process, the team adopted new
rules. These ensure that individual users within the
business can receive only the access rights they
require for their daily work.
Implementation team members also conducted
classroom and on-the-job training to establish the
new user-access provisioning process. They also
prepared comprehensive documentation to meet
ongoing compliance requirements as a part of the
implementation process.

This multidisciplinary project team leveraged the

applications standard risks and rules set and By implementing the SAP application, we have
customized it to support Essar Oils unique business
risks. Defining the rules to identify SoD violations successfully automated the entire hire-to-retire
that occur when two or more business functions user lifecycle from an access management
are in conflict, the team mapped transactions, perspective.
roles, and risks and configured rules, approvals, and Raahil Burhaani, CIO, Essar Oil Limited
workflow processes. Working with key stakeholders,
team members identified critical transactions and
violations for continuous access control and SoD
management.

Copyright/Trademark | Privacy | Impressum Quit

5 SAP Business Transformation Study | Oil and Gas | Essar Oil

Executive overview
Collaborative, continuous control of SoD
Company objectives

Having automated its access management, Essar
Resolution Oil has real-time assessment capabilities for SoD
compliance. The implementation team modified
the process for accessing the legacy SAP software
Business transformation system with a new workflow that streamlines
approvals a great help to all appropriate
managers. The softwares real-time connection to
Future plans the core SAP system continuously monitors access
risks and user assignments across the enterprise.
By simulating intended user-role changes,
nontechnical business managers are now
empowered to block potential access violations and
map key fraud risks. And should a violation occur,
the solution automatically mitigates controls and
alerts business managers.
Automated user provisioning has replaced phone
calls, e-mail exchanges, and manual user-access
request forms. Integrating compliance measures
into this process has significantly reduced the time
it takes to process user-access instructions and to
manage password reset requests.

KEY BENEFITS

50% 30%
Fewer risk violations Improvement in
per user processing user requests

95% 95%
Reduction in risk Faster response to
violations per role password reset requests

Copyright/Trademark | Privacy | Impressum Quit

 6 Essar Oil

Executive overview
Unifying access
Company objectives controls to vertical
Resolution
operations
Business transformation Essar Oil is planning to extend the SAP
BusinessObjects Access Control application
rollout to its vertical business operations in steel,
Future plans engineering projects, and power. Investing in a
uniform integrated platform will enable Essar Oils
business managers to become more responsible for
risk management and the overall security process.
With real-time access, the company will eliminate
conflicts more readily and manage user provisioning
more effectively to meet its compliance obligations
and manage key fraud risks.

Picture Credit | Essar Oil Limited, Mumbai, India Used with permission.
CMP16022 (11/10)

Copyright/Trademark | Privacy | Impressum Quit