The Challenge

Ipiranga identified increasing risks related to the absence or outdated of profile maps in legacy systems, which generated inconsistency in access governance and increased exposure to non-compliance risks, especially in audits related to the Sarbanes-Oxley Act (SoX).

The absence of standardized Base Positions and Profiles hampered the continuous monitoring of access adherence, in addition to compromising the fluidity of the processes and the operational response time in answering calls.

‍

Objective of the Project

‍

The purpose of the project was to create and update Profile Maps in the defined systems, focusing on:

• Eliminate interrupted flows pending approval;
• Reduce the time and cost of processing calls;
• Mitigate non-compliance risks in external audits (SOx);
• Ensure adherence to access and standardization between Base Positions and Profiles;
• Enable continuous compliance monitoring by the Oracle, a tool already integrated with the BPO and Access Center processes.

Achieved Results

‍

• Creation of Profile Maps for 8 applications, including Base Positions and non-existent Profiles;
• Profile Maps update for 22 applications, with mapping and creation of missing elements;
• Structuring a more robust access governance model, supporting initiatives already implemented within the scope of BPO and Access Center;
• Significant improvement in the assertiveness of management and access control, with greater traceability and responsiveness to compliance and auditing requirements.

The project directly contributed to raising the maturity level of identity and access management in Ipiranga, by promoting the standardization and updating of a critical component for internal control: Profile Maps.

The alignment with established governance and the support for SoX compliance reinforce the organization's commitment to safe, efficient, and auditable performance.

‍