2025-08-15
sod remediation ai

MTC Skopos: AI-Powered SoD Remediation That Actually Works

You identify a user with an SoD conflict. You remove their access. Your phone rings 10 minutes later because they can't complete month-end closing. You restore access. The auditor isn't happy. Rinse and repeat.

Why Traditional SoD Tools Fall Short

Traditional GRC tools are great at one thing: finding violations. But they leave you hanging when it comes to the hard part: actually fixing them. They'll tell you "User X has a conflict," but they won't tell you:

  • Has User X ever actually used these transactions?
  • If I remove this role, what else breaks? Who is impacted?
  • Are there 50 other users with the same issue?
  • Which violations can I fix today without anyone noticing? This is where MTC Skopos's Remediation Report comes in, It provides any AI agent with all required information to understands the situation.

What Makes MTC Skopos Different

It Knows What Users Actually Can Do and Do Instead of just showing you theoretical risks, MTC Skopos tracks:

  • Every transaction execution with timestamps
  • Which transactions users need vs. which they just happen to have
  • Usage patterns (daily, monthly, never)
  • Alternative access paths users have available

The AI That Gets It The AI assistant doesn't just process data, it understands context. Feed it your SoD data, and it will:

  • Separate the "never used it" users from the "use it daily" users
  • Identify when removing a role would break other needed functions
  • Suggest practical alternatives that actually work

Real Example: How It Actually Works

Let me show you exactly how this works with a real SoD violation we recently analyzed.

The Problem

Risk F071: 84 users can both post accounting entries and process treasury payments. Classic financial control weakness. High risk. The traditional approach? Manually review 84 users, guess who needs what, pray you don't break anything. Time required: weeks.

Step 1: MTC Skopos Generates the Data

Remediation Report
MTC Skopos Remediation report

The system automatically creates a comprehensive JSON file with everything the AI needs:

{
  "name": "F071",
  "risk_level": "High",
  "functions": [{
    "name": "FI08",
    "actions": [{
      "name": "FAGL_FCV",
      "statistics": [{
        "user_name": "CHDSDLDI",
        "total_execution_count": 0,
        "included_by_single_roles": [{
          "role_name": "ZS:FI:MTCTL:AP-PERIODENDCLOSE:C",
          "usages_summary": {
            "number_of_executed_actions": 3,
            "number_of_non_executed_actions": 0
          }
        }]
      }]
    }]
  }]
}

This shows not just who has access, but who uses what and how often. Game changer.

Step 2: AI Analysis Magic

Here's where it gets interesting. The AI discovered:

  • Finding #1: The Easy Wins
    32 users (38% of the problem) have NEVER touched the conflicting transactions, Not once. Other transactions from the same role are available through othter role. These are your quick wins, remove access, nobody notices, auditor happy.
  • Finding #2: The Gotcha We Almost Missed
    Remember user CHDSDLDI above? Zero executions of the conflicting transaction, so we could just remove the role, right? WRONG. The AI caught that this user actively uses 3 OTHER transactions in that same role. Remove the role, break their access to needed functions. This is the kind of mistake that gets your phone ringing.
  • Finding #3: The Periodic Users
    Some users only run these transactions during month-end. Instead of permanent access, they could use emergency access or temporary access procedures. The AI spotted this pattern from the timestamps.

Step 3: Getting Specific Actions

The AI doesn't give you vague recommendations. It gives you exactly what to do:

For the Never-Users (Safe to Remove)

ACTION: Remove Role
User: DEFOLEOO
Role: ZS:FI:MTCDG:AP-PERIODENDCLOSE:C
Why it's safe: Zero usage of ANY transaction in this role
Impact: None - user never used any transaction available from the role

For the Tricky Cases (Like CHDSDLDI)

ACTION: Create Modified Role
User: CHDSDLDI
Problem: Needs 3 transactions from the role, but not the conflicting ones
Guidance:

  1. All users assigned to the same composite role face the same situation.
  2. Copy role ZS:FI:MTCTL:AP-PERIODENDCLOSE:C
  3. Remove transactions: FAGL_FCV, FAGL_FC_VAL, F.05, OB08
  4. Save as new role: ZS:FI:MTCTL:AP-PERIODENDCLOSE-NO-FX:C
  5. Assign new role to user
  6. Remove original role

Impact: Users keep needed access, loses conflict

Step 4: The Results

The results speak for themselves. What would have taken 4–6 hours manually was resolved in just 30 minutes. In the first phase alone, 32 users were remediated immediately without a single business disruption, clearing 38% of the audit finding in one go.
By the end of the second week, another 15 users were addressed with simple, low-effort changes, just a couple of confirmation emails needed, pushing the resolved total past 50%.
In months two and three, the team tackled the more complex cases requiring role redesign for active users. Even then, there were no major disruptions, and overall remediation reached the 70–80% range.

The Benefits (In Plain English)

You Save Massive Time

  • Manual analysis of 84 users: 1–2 weeks
  • With MTC Skopos AI: 30 minutes

You Don’t Break Things

  • AI knows exactly who uses what
  • No more guesswork, no more angry calls

Auditors Actually Get Answers

  • “We’ve remediated 70% of violations”
  • “Here’s the evidence for why the rest need access”

Your Team Can Handle More

  • One person can do what used to take a team
  • Focus on strategic work, not Excel gymnastics

Common Scenarios Where This Shines

Scenario 1: Post-Merger Cleanup Just inherited 5,000 users from an acquisition with horrible role design? The AI will quickly identify:

  • Duplicate access patterns
  • Unused authorizations
  • Quick consolidation opportunities

Scenario 2: Audit Fire Drill Auditors found 200 SoD violations and want answers by Friday?

  • Run the Remediation Report
  • Get actionable plans for each violation
  • Show evidence-based remediation timeline
  • Actually make the Friday deadline

Scenario 3: Role Redesign Project Need to clean up years of role sprawl?

  • AI identifies which roles create the most conflicts
  • Shows which users actually need which transactions
  • Provides blueprint for cleaner role architecture

The Bottom Line

MTC Skopos's AI-powered Remediation Report doesn't just find SoD violations, it helps solving them. It transforms SoD remediation from a dreaded, risky, time-consuming mess into a systematic, evidence-based process that actually works.
You know that feeling when you remove a user's access and pray your phone doesn't ring? With MTC Skopos, you don't pray, you know. You know they haven't used it. You know what else might be affected. You know exactly what to do.
That's the difference between detection and remediation. That's the difference between traditional GRC tooling and MTC Skopos.

Stop letting SoD violations ruin your quarters. Let AI do the heavy lifting while you focus on what matters, keeping your systems secure AND functional.

Ready to experience the difference? [Learn more about MTC Skopos] or [contact our team] to schedule a demonstration.

« All posts