Blog Posts

Features

Deep dives into MTC Skopos product features: automated remediation, AI Role Designer, did-do analysis, FUE optimization, and more.

AI Role Designer: SoD-Free SAP Roles in Weeks, Not Months

ai mcp sap role-design sod remediation s4hana authorization grc

2026-03-26

Role redesign projects typically stretch across months of consultant workshops, spreadsheet gymnastics, and back-and-forth validation cycles. The AI Role Designer collapses this into an iterative conversation: provide a functional blueprint, let AI analyze historical usage, generate a new role concept, run risk analysis, and refine until clean. Then build the roles, whether manually or through AI connected directly to SAP.

SAP Did-Do Analysis: Actual vs Theoretical Risk

grc sod risk compliance audit access violation monitoring

2026-01-22

Traditional SoD analysis identifies who has conflicting access. Did-Do analysis answers the critical follow-up question: Did users with risky access actually make changes? This evidence-based access violation monitoring approach transforms compliance from theoretical to actionable.

Advanced Remediation: Automated SAP Risk Resolution

sod remediation

2026-01-01

If you've worked in Segregation of Duties remediation, you know the drill. You run your analysis, get a list of conflicts, and then... you're on your own. Most tools are great at telling you what's wrong but figuring out how to fix it is left as an exercise for the reader. We built something different.

MTC Skopos

About the MTC Skopos product: positioning, case studies, and how it fits into your access risk analysis workflow.

SAP SoD Analysis for Freelance Consultants: Why We Built a Freelance Edition

freelance sap-sod independent-consultants mtc-skopos

2026-05-08

SAP SoD tools have historically been licensed for enterprises, leaving independent consultants stuck with spreadsheets and borrowed access. The MTC Skopos Freelance edition is a modular plan with the same engine as the Business edition: pay for the core platform and pick the modules you need. Up to 3 seats, full feature parity, no enterprise sales cycle. This article explains what it includes, why we built it, and the engagements where it pays for itself in a single project.

Planning SAP GRC or Pathlock? Start With MTC Skopos.

grc sod sap-grc pathlock risk-analysis remediation

2026-04-05

SAP GRC and Pathlock implementations take months. Your SoD risks are not waiting. MTC Skopos runs risk analysis and remediation from day one, with no infrastructure and no configuration project. Clean your authorization landscape before you automate it, stay clean during rollout, and transfer your validated ruleset to SAP GRC or Pathlock when it goes live. Then keep Skopos for the systems your GRC suite does not reach.

Automated SoD Remediation: From Risk Detection to Resolution

sod remediation white-paper grc

2026-03-05

SoD remediation has long been the bottleneck of GRC programs. This white paper explains how MTC Skopos automates the process with a four-phase algorithm that prioritizes least-disruptive fixes, protects business continuity, and validates every recommendation before implementation.

SAP FUE Optimization: Cut RISE License Cost 30-50%

sap grc s4hana compliance fue license-cost rise-with-sap star-report fue-optimization

2026-02-06

SAP's FUE measurement model assigns every user a license tier based on their authorization profile, not their actual behavior. That gap between assigned and used access is where organizations hemorrhage money. Learn how the FUE calculation works, what the STAR ruleset actually measures, and how to use MTC Skopos to bring your license position back in line with reality.

SAP Access Risk Analysis: SoD Conflict Detection & Remediation

access-risk-analysis ara grc sod risk sap-grc segregation-of-duties access-risk

2025-07-01

SAP Access Risk Analysis (ARA) is the process of evaluating user permissions to identify SoD conflicts, critical access, and over-provisioning. MTC Skopos delivers fast, on-premise ARA with step-by-step remediation and flat-rate pricing — an alternative to SAP GRC Access Control, Pathlock, and cloud-based access risk tools.

SAP Authorization

Technical SAP authorization topics: role design, critical access, SoD rulesets, S/4HANA specifics, and authorization best practices.

Over-Privileged Users in SAP: Finding and Fixing Privilege Creep

over-privileged-users privilege-creep access-risk-analysis sap-authorization sap-security did-do access-review

2026-04-17

Over-privileged users are the quiet third category of access risk, behind SoD and critical access. They hold authorizations that expand their fraud surface, inflate FUE licensing, and create audit findings, even though nothing about their daily work requires the access. This guide explains how privilege creep happens, how to detect it with access risk analysis, and how to remediate without breaking business operations.

Critical Access in SAP: Sensitive Transactions & High-Risk Authorizations

critical-access sensitive-access access-risk-analysis sap-security sap-authorization grc audit

2026-04-17

Critical access is a category of access risk separate from Segregation of Duties: transactions that cause damage on their own, without needing a conflicting partner. This guide lists the critical transactions every SAP environment should monitor, explains how to detect them with access risk analysis, and shows how MTC Skopos catches them in the same pass as SoD.

Authorization-Level vs Transaction-Level Access Risk Analysis

authorization-level-analysis transaction-level-sod access-risk-analysis sap-sod sap-authorization false-positives

2026-04-17

Most access risk tools analyze SoD at the transaction code level: if a user has tcode A and tcode B, flag a conflict. Authorization-level analysis goes deeper. It checks whether the user's authorization object values actually overlap, so conflicts that share no company code, plant, or organizational unit are filtered out. The distinction matters: transaction-level analysis on a large SAP landscape typically produces 3-10x more false positives than authorization-level analysis.

SAP Authorization Best Practices: Role Design

sap authorization s4hana sap-security grc role-design

2026-04-06

A practical guide to SAP authorization design that holds up in production. Covers role architecture, naming conventions, organizational value strategy, least privilege enforcement, critical access monitoring, and the change governance process that keeps your landscape clean over time.

G/L Account Authorization in SAP: F_BKPF_BES, BRGRU & FS00 Setup

sap s4hana authorization grc risk sap-security access-risk compliance audit

2026-03-03

Payroll postings, treasury transactions, executive compensation - some G/L accounts need tighter access control. Here's how to configure authorization groups with F_BKPF_BES and F_BKPF_BLA in SAP S/4HANA, step by step.

AI Risks in SAP Authorization: The New Threat Model

sap grc security ai authorization risk s4hana sap-security access-risk mcp

2026-02-26

Exploiting SAP used to require both system access and years of domain expertise. AI collapses that second requirement. An attacker with a basic SAP login and a language model can now navigate the system, understand authorization structures, and find exploitation paths that previously took specialists weeks to uncover. What does that mean for how you manage access risk?

177+ SAP SoD Conflicts: Full List, Tcodes & Detection

sod sap grc risk authorization

2026-02-08

A technical reference for SAP SoD conflicts: specific transaction code combinations, authorization objects that drive conflicts, and practical detection methods for SAP ECC and S/4HANA.

Building an Effective SoD Ruleset for S/4HANA

sod sap s4hana grc risk

2026-01-20

Your ECC SoD matrix won't work in S/4HANA. Learn how to build a ruleset that covers Fiori apps, OData services, and the new authorization architecture - without starting from scratch.

Risk and Compliance

IT audit, internal controls, and compliance fundamentals: Segregation of Duties concepts, matrices, and templates.

Accounts Payable SoD Matrix Template (Free SAP Excel)

sod sap grc risk accounting

2026-02-08

A guide to building an accounts payable segregation of duties matrix for SAP, with specific transaction codes, authorization objects, and common AP SoD conflicts.

SAP SoD Matrix Template Excel: Free Download & Guide

sod sap grc risk

2026-01-09

A complete guide to building and maintaining your SAP Segregation of Duties matrix, with a free downloadable Excel (XLS) template and best practices for automation.

What is SoD? Segregation of Duties Meaning & Matrix

grc sod risk

2025-07-31

Protect your organization from fraud with proper Segregation of Duties. Learn how to distribute critical functions across personnel to eliminate single points of control.

Perspectives

Industry perspectives and opinion pieces on AI, SaaS, data ownership, and the evolving GRC landscape.

The SaaS Trap: Why Data Ownership Matters in GRC

ai saas data-ownership grc

2026-01-31

SaaS GRC tools trade operational convenience for data sovereignty. Your SAP authorization data lives on someone else's servers, analyzed their way, exported in their formats. In the AI era, where agents need raw data and local processing matters more than dashboards, these constraints become deal-breakers. MTC Skopos takes a different approach: your data never leaves your infrastructure.

SAP SoD Tools 2026: 8 Solutions Compared (Pricing & Features)

sod grc segregation-of-duties sap-sod sod-tools sod-software

2026-01-13

A comprehensive comparison of Segregation of Duties tools and SoD software for SAP environments. Discover what makes an effective SoD solution and where MTC Skopos fits in the market landscape.

AI & the Future of GRC Consulting

ai consulting grc

2025-11-28

For years, GRC tools have been designed with complexity that required consultants to operate effectively. AI is changing that equation. Organizations that can feed clean data to AI agents are getting results in minutes that used to take weeks.

AI Meets SAP Security: How MCP Transforms MTC Skopos

sod remediation ai mcp

2025-10-05

The future of SAP security analysis isn't about choosing between specialized tools and AI, it's about using MCP to make specialized tools like Skopos work through AI interfaces.

SAP Access Risk Report: What to Include and How to Build One

access-risk-report access-risk-analysis grc sod risk power-bi sap-reporting

2025-08-05

An access risk report documents the access risks in an ERP landscape — SoD violations, critical access, and over-privileged users — plus recommended remediation. MTC Skopos delivers the underlying risk data as structured models ready for Power BI, Tableau, or any BI tool, so your access risk report reflects your priorities rather than a vendor's fixed template.

Practical SAP Security: A Collaborative Approach...

grc sod risk assessment sap

2025-07-17

Segregation of duties: Right team working with the right tool, what normally takes weeks of review without the proper tool, we knocked out in a few days.