How snapshot-based access reviews simplify audit preparation
By Cyril Hauppert & Mark Stanley
“Audits look backward. If you can’t show what access looked like three months ago, you’re flying blind.”
— Cyril Hauppert, Founder of Access Informer
The problem with traditional audit prep
Most SAP teams approach audit prep like a fire drill:
- Collect role assignments manually
- Re-run GRC reports
- Scramble to validate access after the fact
- Try to explain away exceptions and inconsistencies
We’ve seen this in companies with strong GRC systems and experienced teams. The issue isn’t effort. It’s architecture.
Traditional methods are reactive, fragmented, and time-intensive. They don’t give you clear visibility into how access evolved over time—or what changed since your last audit.
And that’s exactly what auditors want to know.
Why snapshots change the game
At Access Informer, we designed our snapshot model based on a simple question Cyril kept hearing from clients and auditors alike:
“What did access look like at the time of the incident?”
The reality is, most teams can’t answer that. Logs expire. GRC data is overwritten. Excel exports disappear. And when the auditor comes knocking, you’re left trying to reconstruct the past.
Snapshots fix this. Here’s how.
What is a snapshot?
A snapshot is a complete, read-only capture of your SAP user access at a point in time.
- No ABAP code required
- No performance impact on production
- No reliance on live data queries
- Fully compliant with ITGC standards
It includes:
- All users and role assignments
- Authorization object-level detail
- SoD violations
- Exceptions and mitigations
- Usage tracking and history (if available)
In other words, it gives you a forensic view of who had what, when, and why.
5 Ways snapshots simplify audit prep
1. Time-Based Visibility
Audits don’t ask what access looks like now. They ask what it looked like during the audit period.
With snapshots, you can:
- Go back to any audit-relevant date
- Compare current access to past baselines
- Prove access removal timelines
- Justify retained access during carve-outs or TSAs
“I once had a client who divested a business unit and retained access under a TSA. Auditors flagged it as a control failure—until we showed the snapshot and the TSA terms side-by-side. Issue closed.”
— Mark Stanley
2. Faster Evidence Collection
Instead of chasing multiple teams for screenshots, logs, and approvals, snapshots let you generate a full compliance report in hours—not days.
- Filter by user, role, system, or violation type
- Generate detailed reports for auditors
- Provide traceability for any rule match
Auditors want clarity. Snapshots deliver it without noise.
3. Risk Delta Reports
Most audit findings come down to change:
- Who gained access?
- When was it removed?
- What changed in the rule set?
With snapshots, you can generate delta views showing:
- New violations since the last review
- Resolved risks
- Rule changes and policy evolution
- System-wide comparisons over time
This allows you to limit audit scope by focusing only on what changed.
4. Simulation-backed explanations
Role changes, exceptions, or reassignments can be validated before they go live. And if something risky was introduced, you can show:
- It was simulated first
- It was approved based on reasonable justification
- It was removed as part of a mitigation cycle
That audit story becomes a strength, not a weakness.
“The difference between a finding and a footnote is whether you can show it was reviewed proactively.”
— Cyril Hauppert
5. Auditor confidence
When you can show a structured, point-in-time access review—with full traceability and simulation—you change the tone of the audit.
You’re not reactive. You’re in control. And that matters.
We’ve seen auditors reduce testing, narrow scope, and skip follow-up reviews entirely when clients could provide snapshot-based evidence within 24 hours.
A practical scenario
Let’s say an auditor finds a user with critical access that shouldn’t have existed.
With a snapshot:
- You show the access was granted during a high-priority upgrade window
- You confirm it was part of an emergency role with approval
- You validate it was removed within SLA
- You demonstrate that access wasn’t used, based on usage logs
- You show the change in the delta report
Without a snapshot? You scramble for logs, hope the system still has the data, and pray the narrative holds.
Why it works for CISOs
If you’re a CISO, here’s what snapshots really buy you:
- Credibility with auditors
- Speed for your team
- Clarity on where risk truly sits
- Proof when things go wrong
They eliminate guesswork and reduce audit prep from weeks to days.
Final thought: build an evidence engine
Audit prep shouldn’t be an event. It should be a continuous capability.
Snapshots turn your SAP environment into an evidence engine—one that protects your credibility, saves time, and exposes risk before anyone else does.
And with the right methodology behind them, they become your most powerful control.
“You can’t fix what you can’t see. Snapshots make it visible—and fixable.”
— Mark Stanley
Let’s make it simple
If you’re preparing for an audit—or just want to make sure your team is actually in control—we can help.
Access Informer delivers full visibility and risk analysis in just 8 days.
- No disruption to production
- No time wasted in manual downloads and spreadsheets
