After going live with SAP Fiori, we found that users had significantly too much access, which opened us up to a great deal of risk. Users found that their Fiori load times were long, it was extremely difficult to find the apps they needed, and almost impossible for managers to tell what access to request for new users. We built new SAP business roles from scratch, using data from ALM and Signavio, to ensure that users had the access appropriate to their jobs. These were rolled out with a high level of engagement with our users and their managers, so that everyone in the business has understood what was happening, the methodology used, and how to get support. A recent report from our audit partner has shown a significant improvement in our risk levels over a 12 month period. We can now run Segregation of Duties reports out of SAP GRC to better understand our current risks. Our users report that they can find the apps they need, and managers are better equipped to know the accesses their team members need, and any risks associated with these. Key Takeaways: - How we can use tools and data to speed up the requirements gathering process and reduce support tickets - The importance of having business knowledge and risk perspectives when building/changing roles - The importance of great change management and user engagement