SlideShare a Scribd company logo

34514_Process_Control_e-book_interactive

ROMI Associates
ROMI Associates

The document discusses SAP GRC Process Control, which is a software solution that helps companies manage governance, risk, and compliance. It acts as an organization's "controls hub" by enabling documentation of controls and policies, managing control testing and scope, evaluating control design and effectiveness, monitoring controls automatically, and providing reporting and insights. SAP GRC Process Control provides a comprehensive and integrated way for companies using SAP systems to manage controls, reduce costs, and improve visibility of risks.

1 of 24
Download to read offline
An Integrc guide for business leaders and GRC professionals THE DEFINITIVE GUIDE TO SAP GRC PROCESS CONTROL PAGE TURN
Contents Introduction: Why we’ve developed the definitive guide to SAP GRC Process Control Section 1: What is SAP GRC Process Control? Section 2: Why is there a need for better process control? Section 3: How organisations are benefitting from SAP GRC Process Control Section 4: How different functions benefit from SAP GRC Process Control Section 5: Building the business case for SAP GRC Process Control Section 6: Implementing SAP GRC Process Control – three things you must know In summary References PAGE TURN INTRODUCTION SECTION 1 SECTION 2 SECTION 3 SECTION 4 SECTION 5 SECTION 6 SUMMARY
The successful companies of tomorrow will be those that are transparent and can be seen to be doing good, whilst making a profit. Leading companies now recognise the importance of practising strong business ethics and that doing so still enables them to deliver a healthy margin. Whilst integrity in business may have a short-term cost, the long-term value it brings is certainly worth it. Increasingly, the value attributed to an organisation will be based not just on the wealth they create, but on how they go about creating it. Effective internal controls and compliance programmes are a key component of an organisation’s code of conduct and ethical framework. Auditors continue to raise the bar with increasingly tougher internal control examinations and at the same time, pressure on compliance continues to build with constant regulatory change. Despite these drivers, when it comes to managing internal controls many organisations still take a sophisticated, yet manual approach. This is despite the recognition that significant operational effectiveness and efficiencies can be gained through a more automated and centralised control model. Introduction: Why we’ve developed the definitive guide to SAP GRC Process Control INTRODUCTION PAGE TURN SUMMARYSECTION 1 SECTION 2 SECTION 3 SECTION 4 SECTION 5 SECTION 6 RETURN TO CONTENTS
For SAP customers, SAP GRC Process Control is a comprehensive solution that can bring major benefits to key functional areas within a business, including operations, compliance, risk management, controls and internal audit. Once in place it acts as a controls hub, providing a single, core internal control system ensuring effective controls and ongoing compliance right across an organisation. Because of its depth of capability, SAP GRC Process Control is sometimes unfairly perceived as being big and complicated. Yes, it is a very powerful solution but it doesn’t need to be complex to implement or to run. We’ve developed this concise ‘everything you need to know’ guide, to help you understand SAP GRC Process Control better and to show you how it could make life a whole lot simpler. If the time is right for you to evaluate SAP GRC Process Control, this guide is the perfect starting point. INTRODUCTION PAGE TURN SUMMARYSECTION 1 SECTION 2 SECTION 3 SECTION 4 SECTION 5 SECTION 6 RETURN TO CONTENTS
SAP GRC – ‘it’s like a high performance home surveillance and security system’ Understanding how the various components within SAP GRC fit together can be a little difficult. The following home surveillance and security analogy should help: Access Control ensures all your doors and windows within your home are locked and only certain people have keys and know the right passcodes. Process Control makes sure the alarm is on (as and when required), and ensures the motion detectors, smoke and heat sensors, warning lights and security cameras are all working. Fraud Management will assess what is being recorded on the cameras along with other data sources, identify patterns and take precautionary measures, such as securing the front gates if an unexpected visitor approaches along the drive way. Finally, Risk Management helps you assess the various potential risks of someone or something breaching your security, as well as the likely impact – so you can make more informed decisions to counter any possible threats. These complementary components work together to create a highly secure environment, ensuring less chance of an incident and that you are better placed to manage should an incident still occur. The Open Compliance and Ethics Group (OCEG) defines Governance, Risk and Compliance (GRC), as ‘the capability to achieve objectives (governance), whilst addressing uncertainty (risk management) and acting with integrity (compliance)’. SAP’s integrated GRC suite is a comprehensive solution that helps you manage each area in a unified way using automation, with powerful monitoring and reporting in real-time. SAP GRC Process Control is a key part of SAP’s comprehensive governance, risk and compliance (GRC) software. It sits alongside SAP Access Control, SAP Risk Management and SAP Fraud Management. Contrary to popular belief, although all are complementary solutions, none of these modules are a prerequisite to implementing SAP GRC Process Control and it can be used in full without already having any of these modules in place. Section 1: What is SAP GRC Process Control? PAGE TURN INTRODUCTION SUMMARYSECTION 2 SECTION 3 SECTION 4 SECTION 5 SECTION 6SECTION 1 RETURN TO CONTENTS
In simple terms, SAP GRC Process Control acts as an organisation’s controls hub. Broadly, it covers five key areas: DOCUMENT: Enabling you to document controls, tests of controls and policies in one place, covering all risks and regulations impacting your organisation. SCOPE: Allowing you to manage risk and compliance by control tests to determine scope and test strategies. EVALUATE: Ensuring you can evaluate control design and effectiveness, test policy compliance, as well as raise and remediate issues using a wide range of tools and content. MONITOR: Equipping you with tools to perform automated, exception-based testing and monitoring of controls. REPORT: Providing you with actionable insights through analytics and supporting the increased accountability of individuals through social GRC. SUMMARY DOCUM E NT R EPORT EVALUATE SCOPE MONITOR PAGE TURN INTRODUCTION SECTION 1 SUMMARYSECTION 2 SECTION 3 SECTION 4 SECTION 5 SECTION 6 RETURN TO CONTENTS
With increased automation and continuous monitoring comes reduced cost, more effective use of resources and better coverage and visibility of risks. As many findings from external auditors confirm, the best way to enhance your business operation is to improve your mechanism for both monitoring controls and reporting risks. Investing more in this area will result in lower costs. Investments can be made to reduce the number and volume of manual control activities that people undertake, as well as to improve the coverage and assurance of the controls. This brings down the real cost of control operations, whilst also increasing the business benefit likely to be achieved. It’s a win-win scenario. For those organisations using SAP as their core system, SAP GRC Process Control provides a comprehensive solution that is straightforward to adopt. Robust interfaces are available to connect SAP GRC Process Control with both SAP ERP and non-SAP systems, without introducing further complexity. Not only does it minimise any integration challenges, SAP GRC Process Control offers highly effective control management functionality with the added benefit of strong operational and management reporting. It runs on a ‘management by exception’ basis, which means the controls are continually monitored with management by exception and with audit logs. This also means business process owners are only alerted when their actions are needed. 3 MYTH-BUSTING FACTS ABOUT SAP GRC PROCESS CONTROL It is much more than a document management system – but it does have a central repository with audit trails within the system and version control that is able to store controls content in a highly structured, easy-to-use way. It is more than an ‘IT police’ and analytics tool - as it goes beyond detective, reactive analysis by enabling a more preventative, proactive controls framework. It doesn’t re-design or stifle current working processes – but thorough testing and controls can help you identify ways to make internal processes more efficient and effective and you can also reduce the risk of human errors by introducing more automation. PAGE TURN INTRODUCTION SECTION 1 SUMMARYSECTION 2 SECTION 3 SECTION 4 SECTION 5 SECTION 6 RETURN TO CONTENTS
In today’s constantly changing environment the need for robust operational processes, regulatory compliance and effective risk management keeps increasing at an unprecedented rate. Expansion into growth markets overseas, diversification into new sectors or product categories and the adaptation to an increasingly digital marketplace, have all driven this trend. Furthermore, in today’s more ethically-responsible environment, stakeholders, auditors and now even customers are also demanding greater transparency and more adaptive management practices. Again and again we see business values significantly impacted by a loss of quality or financial risk-related issues. When risk events occur they are often the result of processes that weren’t able to adapt quickly enough and keep pace with a company’s growth agenda. Typically, this happens in the finance, reporting and quality assurance arena, the supply chain and in manufacturing production lines. The systems in place to control risks are pushed to their limits and can’t react to the way the organisation is changing. All of these risk events can be significantly reduced, if not avoided all together, by strong and effective control operations. Section 2: Why is there a need for a more adaptive Process Control framework? PAGE TURN SUMMARYSECTION 1 SECTION 3 SECTION 4 SECTION 5 SECTION 6INTRODUCTION SECTION 2 RETURN TO CONTENTS
Here’s five key factors that typically expose process risk as organisations go through change: 1 2 3 Audit pressure Every year auditors raise their standards and expectations. They are increasingly concerned about the internal control deficiencies that exist in many of their clients’ organisations. Whether it’s the number of sign-offs required to process a purchase order or controlling access to a sales system, auditors are looking for more complete controls – due in part to a history of poor practices across many industries. Manual, reactive control testing For many organisations, the testing of data and system controls as well as the management of compliance policies are sophisticated, complex practices performed manually. Reporting is done on an ad hoc basis and the emphasis is on detective controls. As companies change, this level of complexity becomes harder to manage – particularly when you consider the massive amounts of information, the volume of complex processes and the multiple locations involved. Limited visibility of risk Infrequent control monitoring based on small sampling means you are more likely to miss key issues, whereas automated control monitoring detects all issues so they can be dealt with immediately. Without effective monitoring and reporting it’s unlikely that your risks and controls are being captured and overseen.  This ‘fear of the unknown’ creates continued anxiety and leaves many organisations vulnerable to issues such as fraud. Such narrow insight also prevents you from fully assessing the risk impact of key business decisions. 3 WAYS SAP GRC PROCESS CONTROL HELPS YOU ADAPT TO CHANGE Enables you to have a continuous view of all compliance activities across all business processes during intense periods of transformation Provides a solid platform from which you can roll-out effective controls activity quickly and at scale De-risk change by identifying, prioritising and focusing on key risk areas PAGE TURNRETURN TO CONTENTS SUMMARYSECTION 1 SECTION 3 SECTION 4 SECTION 5 SECTION 6INTRODUCTION SECTION 2
Cost efficiencies Most, if not all, organisations today are committed to driving greater efficiencies across their business. It’s no different for those departments responsible for GRC. Centralising, standardising and automating the control of processes can help you significantly reduce the growing costs of compliance, whilst putting you more in control of your risks. Improving operational performance Ensuring controls are working effectively usually involves reporting after the fact. Teams of people spending time trawling through data and an internal audit process that is akin to looking for a needle in a haystack. Improving operational performance means streamlined testing, increased control coverage, automated tasks and a more strategic approach to allocating resources. And moving to a more preventative approach to controls means you’ll have reduced dependency on rear-view analytics. 4 5 The key word here is change. Today it’s unprecedented. SAP GRC Process Control not only protects your organisation from key risks. It can also ensure your business can embrace change, whilst feeling confident that the right processes are in place. It will keep you compliant on an ongoing basis and gives you solid foundations from which to scale the management of your controls more easily, as and when your business needs it. A good example is how acquisitive companies harness SAP GRC Process Control to minimise the risk involved in integrating new organisations. “When the winds of change blow, some people build walls and others build windmills.” Chinese Proverb PAGE TURNRETURN TO CONTENTS SUMMARYSECTION 1 SECTION 3 SECTION 4 SECTION 5 SECTION 6INTRODUCTION SECTION 2
Here are some examples of how other organisations have made SAP GRC Process Control work for them: Section 3: How can you benefit from SAP GRC Process Control? A company in the energy sector reduced control duplication by up to 30% and automated testing of more than 160 controls, resulting in significant operational savings A major retailer benefitted from enterprise-wide visibility of its compliance status to help plan and proactively assess the risks involved before executing its international expansion An oil & gas group enjoyed the shared repository of risks and controls across all its business areas, resulting in significantly reduced audit costs and audit preparation time A major electronics manufacturer improved business process effectiveness and efficiency through the adoption of consistent business practices An international telecoms company expanded its control testing capability allowing the internal audit team to embrace a wider remit, which resulted in significantly reduced audit fees The transformation of an internal audit department at a large bank increased the focus on continuous, automated monitoring as opposed to manual periodic sample testing. A healthcare group increased the speed at which deficiencies were resolved and gained better visibility on remediation activities for its control owners H PAGE TURNRETURN TO CONTENTS SUMMARYSECTION 1 SECTION 4 SECTION 5 SECTION 6INTRODUCTION SECTION 2 SECTION 3
Typically, when we first speak to people about internal controls they regard them as a necessary evil. Department and process leaders in particular highlight the waste of time, the burden on the organisation and the mundane task of regularly reviewing documentation and reports to confirm controls are being executed as designed. When internal controls exist without automation or workflow, they’re hugely dependent on people. People who need to remember to do something at the right time. People who may need to break from their day job and remember what procedure to follow. People who need to document everything in the right way. Today, there are still a lot of manually-operated controls that could easily be replaced by a ‘management by exception’ rule through automation. When you have people monitoring the same control day after day, week after week and they don’t find any exceptions, human nature can easily take over. Maybe they will get lazy and go through the control too quickly? Maybe they will make errors? Because of the over-reliance on people, the whole process in the pre-automation world is mundane, burdensome and highly prone to errors. Section 4: How different functions benefit from SAP GRC Process Control PAGE TURN SUMMARYSECTION 1 SECTION 5 SECTION 6INTRODUCTION SECTION 2 SECTION 4SECTION 3 RETURN TO CONTENTS
The‘artofthepossible’withProcessControl AREA CURRENT STATE DESIRED STATE WHO IT MATTERS TO? Compliance Focus • Audit issues / non-compliance • Changes in business operations / process impacting risk • Manual focus – auditors demand automation • Delays in remediation of issues and corrective actions • Increased automation • Central repository for audit data with ‘single source of the truth’ for all issues • Central reporting for all issues and corrective actions • Internal Audit • Risk Mangers • External Audit Risk visibility • 5% Sampling and test every 3 years. Potential to miss something key • Lack of confidence in test results and completeness • Lack of visibility and delays in reporting • Increase test frequency • Expand control tests • Focus moves from detective response to preventive and proactive position • Real-time online reports • Risk Managers • Compliance Teams • Finance • Board Operational Performance • Controls are a burden on the business • Reactive / adhoc, not making the most of your defined RACM • Manual and detective based • Controls are expensive to operate • More effective • More efficient • Saves money and test more • Mange by exception • Responses done by email – controls becoming part of the business day • Increased control focus without operational burden • Internal Audit (process / controls teams) • IT and Security • Operation Managers With SAP GRC Process Control life is very different. The automated system will remember the controls schedule. It will deliver tasks directly to the appropriate end-users. It will provide management by exception and retain the evidence. It also provides complete transparency in near to real time, so that any deviations from the norm can be spotted and dealt with immediately. The system lives and breathes internal controls, so that you don’t have to. Instead, you can look forward. Whatever your role - whether you’re a business leader or work in finance, risk and compliance, audit, control operations or IT – SAP GRC Process Control ensures you maintain your compliance focus, whilst significantly improving your risk visibility and operational performance. PAGE TURN SUMMARYSECTION 1 SECTION 5 SECTION 6INTRODUCTION SECTION 2 SECTION 4SECTION 3 RETURN TO CONTENTS
Section 5: Building the business case for SAP GRC Process Control Developing the business case for SAP GRC Process Control may not be as straight-forward as other technology investments. If the focus is purely on short-term cost savings, it is unlikely to have your Chief Financial Officer jumping up and down with excitement. It’s essential that you can make people see the bigger picture and visualise the longer-term benefits. Emotionally they will see that it is the right thing to do, but you have to help them rationalise the benefits as far as possible. There are three main challenges that you must typically overcome to develop a compelling case for investment in SAP GRC Process Control: 1 Engage the support of multiple stakeholders in the business 2 Demonstrate the combination of tangible and intangible benefits 3 Provide assurance that payback can be achieved in the shortest possible timeframe Challenges: 1 2 3 PAGE TURNRETURN TO CONTENTS SUMMARYSECTION 1 SECTION 6INTRODUCTION SECTION 2 SECTION 3 SECTION 5SECTION 4
“SAP GRC Process Control gives me certainty that my end-to-end process is running correctly. I also have confidence that we are buying from the right people, at the right price and that the appropriate governance is in place to support the whole process.” 1 Engage the support of multiple stakeholders in the business We hear, on a fairly regularly basis, about the struggles many GRC practitioners have in getting the various different stakeholders bought into the idea of SAP GRC Process Control. It can be like ‘herding cats’ (whatever herding cats actually looks like!). There may be multiple functions and business units all with potentially conflicting views towards internal controls. Much time can be spent trying to convince these individuals and departments, but having their support when proposing the business case is critical. There are ways to accelerate this process. The starting point is to think about each stakeholder in terms of ‘what’s in it for them?’ – which means understanding their needs, the issues they would solve, the gains they could achieve and so on. Examples include reduced administration and labour costs, reduced time and effort spent on manual control activities, reduced compliance and control testing efforts and better visibility of controls. The more you can present hard numbers and metrics based on their real life situation, the better. ‘What’s in it for me?’ Procurement Process Owner PAGE TURN SUMMARYSECTION 1 SECTION 6INTRODUCTION SECTION 2 SECTION 3 SECTION 5SECTION 4 RETURN TO CONTENTS
Once you have a clear understanding of how the individual stakeholders can benefit, the key is how you present this to them. Of course you can provide summary papers, make presentations, run workshops. But one of the best ways to engage them is to show them a dashboard presenting the key performance indicators (KPIs) that matter to them most. When people can see a nicely presented dashboard with all of the key information they need, they can better live the feeling of control that a tool such as SAP GRC Process Control can give them. To make this more meaningful, a Proof of Concept (PoC) can also serve to help justify the business case.  By taking live data, a specific process area and optimising the internal controls surrounding it, you can more clearly demonstrate the art of the possible for different stakeholders. Visualisation tools can then also provide you with what we call ‘hindsight in advance’ which helps different stakeholders envision the end result more clearly right at the beginning of a project. Both techniques enable better decision-making around future solution design to ensure business benefits are realised in full. Actual screenshot from Integrc’s Insight Analytics dashboard suite PAGE TURNRETURN TO CONTENTS SUMMARYSECTION 1 SECTION 6INTRODUCTION SECTION 2 SECTION 3 SECTION 5SECTION 4
DIRECT COSTS INDIRECT COSTS Reduced cost of audit preparation Reduced external auditor fees Reduced FTE requirements through increased automation Reduced operating costs through standardisation of testing, reporting, monitoring and documentation Reduced re-testing costs for failed controls as automated controls have a much higher pass rate Reduced cost of remediation and addressing anomalies Reduced costs of managing compliance activities Reduced cost of centralising control creation and scheduling Efficiency gains identified in key process areas Decommissioning of older legacy infrastructure supporting the current controls approach Training costs for new staff on control performance procedures Consolidation of your enterprise systems and applications as part of an SAP-centric IT strategy Reduction in management load, with less issues to have to deal with – ‘get your firefighting mornings back’ Enables business managers to focus on running the business, knowing that a strong foundation is in place Creates confidence through a culture of control adoption, in which people take controls more seriously 2 Demonstrate the combination of tangible and intangible benefits The tangible benefits to include in the business case will relate to either direct or indirect costs. Typically these include: PAGE TURN SUMMARYSECTION 1 SECTION 6INTRODUCTION SECTION 2 SECTION 3 SECTION 5SECTION 4 RETURN TO CONTENTS
When calculating these costs it is important to factor in the frequency with which this activity currently happens. You need to fully understand who in your organisation manages internal controls, how many times they perform actions relating to them each year and how many hours it takes them. You also need to account for all your manual controls, how long it takes to test them and perform the necessary remedial activities. The intangible benefits are those that are typically hard to quantify, yet nevertheless are likely to yield the most positive impact on your organisation, particularly in the long-term. This is often THE most valuable benefit area, yet also perhaps the hardest to pin down. The difficulty is that some of the intangible benefits relate to ‘what if’ scenarios. This refers to those risks that you’re better prepared for, but that might never happen, as a result of making the investment. Then again, they might. Here’s some examples of intangible benefits: Reduction in likelihood and impact of risk Improved productivity of those responsible for manual control activities Deploying resources to focus on more value-added activities Prevention of fraudulent behaviour Minimising the potential for financial misstatements and associated fines Avoiding the penalties of non-compliance, particularly if you operate in a highly regulated environment Miscalculating the potential risk of entering a new market Allowing a culture of fraud or error to become permissible and usual Key to whether your business case stacks up will be whether the intangible elements are deemed significant enough to warrant the investment. As far as possible, you need to quantify the likelihood of these risks occurring and the potential financial impact on your organisation should they happen. PAGE TURN SUMMARYSECTION 1 SECTION 6INTRODUCTION SECTION 2 SECTION 3 SECTION 5SECTION 4 RETURN TO CONTENTS
TEST DRIVE TODAY! 3 Providing assurance that payback can be achieved in the shortest possible timeframe IT projects generally have a bad reputation. There are countless examples of programmes that have failed to deliver the intended business benefits and have run over both in terms of budget and their original milestones. Stakeholders and decision-makers are going to need to be convinced that your GRC implementation is going to be a story that ends with success for everyone involved and real value created for your business. Because SAP GRC Process Control benefits multiple stakeholders, they will often each bring their demands to the table. This means traditional implementations can become more complicated and time-consuming than they need to be. A common challenge experienced with SAP GRC Process Control is that it is so flexible and powerful, that it becomes hard to pin down how best to use it, and in what order to deploy its various capabilities. However, there are now many modern deployment tools and techniques available that can help you combat this situation and ensure you get what you need in a much quicker timeframe: Prototype environments can be created in just a few hours, which simulate the end state and enable you to ‘test drive’ and make changes to your design before, not during your implementation. Visualisation and iterative deployment methodologies provide transparency during the implementation phase through web browser-based simulations. This allows you to collate meaningful feedback from end-users and review progress with stakeholders at each step of your journey, enabling you to continuously improve your solution. PAGE TURN SUMMARYSECTION 1 SECTION 6INTRODUCTION SECTION 2 SECTION 3 SECTION 5SECTION 4 RETURN TO CONTENTS
Automation tools such as quick-loading data applications can also speed you through the latter realisation and testing phases of a project, so activities that used to take weeks to perform can now be done in just a few minutes. Pre-loaded content can dramatically accelerate the time it takes for you to implement. Naturally, every organisation will feel they have a unique set of circumstances and risks that affect the design, implementation and management of their controls. However somewhat surprisingly, most organisations’ controls have a lot in common – especially in the area of financial controls. Rather than try to invent your optimum controls from scratch, or take what you have and spend ages looking to improve them, it’s much more effective (faster and less expensive) to use controls developed and proven elsewhere – and that sort of content is increasingly becoming available from suppliers. User experience tools, applications and devices such as interactive forms (Adobe), mobile interfaces (SAP Fiori), mobile applications (Risk Reporter), dashboards and social tools (SAP Jam) can all accelerate adoption by giving people a more engaging, consumer-grade experience – with nicer looking interfaces, fewer clicks and enriched information sharing. Such ‘hindsight in advance’ thinking used in conjunction with innovative automation and collaboration tools can significantly diminish the likelihood of costly delays and overruns. This modern approach ensures your organisationrealises the benefits of a tailored solution in a much faster timeframe. It can reduce your implementation time by as much as 50%, which is a compelling argument to put forward as part of your business case. And furthermore, you should expect to see increased adoption as end-users feel they have actually designed the system themselves.  PAGE TURN SUMMARYSECTION 1 SECTION 6INTRODUCTION SECTION 2 SECTION 3 SECTION 5SECTION 4 RETURN TO CONTENTS
SAP GRC Process Control has been adopted by many leading organisations. So you have the opportunity to learn from those who’ve gone before you. Below are three of the most commonly cited lessons learnt from implementing the solution: Section 6: Implementing SAP GRC Process Control – three things that you must know 1. Get everyone involved from the start: It is essential to achieve a universal understanding of the solution and the ways in which your controls could be automated. Get everyone involved, especially the end-users, and ensure they are hands-on as soon as possible. This not only helps with the overall visualisation, design and transition, but builds also confidence and adoption. It also means you can move forward on an iterative basis and not backwards to correct mistakes or rework an earlier idea. 2. Define the end ‘to be’ status: A clear understanding of the final aims and goals must be in place to ensure a successful transition. Even if you decide to take a step-by-step approach, defining the final end state and communicating this helps you to engage the business. This not only supports the management of the transition to control automation – it also works to support a wider change management process in terms of developing a culture of controls that are part of everyday business operations. 3. If possible, include GRC in a SAP ERP implementation: Significant efficiencies and cost avoidance can be realised by integrating any of the SAP GRC modules with a wider SAP ERP programme. This could obviously make a big difference to the business case too. However, watch out for delays to wider ECC projects and ensure you’ve minimised the potential impact on your GRC project. It is critical to create a dedicated team focused on security and controls to design, implement, as well as manage the solution post go-live.  PAGE TURN SUMMARYSECTION 1INTRODUCTION SECTION 2 SECTION 3 SECTION 4 SECTION 5 SECTION 6 RETURN TO CONTENTS
It will reduce the cost of managing compliance and audit-related activities through a centralised, automated approach It will improve your visibility and control of risk across your business, also enabling more effective allocation of resources It will improve the performance of business processes by implementing continuous monitoring techniques 3 big reasons why SAP GRC Process Control will deliver value to your business We’ve explored the functionality available and the benefits delivered by SAP GRC Process Control. We’ve shown how you can reap rewards for your day-to-day business by providing automation and centralised policy management. Hopefully, we’ve also demonstrated that the solution can significantly reduce your exposure to risk, through continuous monitoring and comprehensive reporting. In Summary: SAP GRC Process Control makes life simpler PAGE TURN SUMMARYSECTION 1 SECTION 2 SECTION 3 SECTION 4 SECTION 5 SECTION 6INTRODUCTION RETURN TO CONTENTS
SAP GRC Process Control could make your life a lot simpler. It will equip you with a single source repository for your controls with simple, yet structured documentation of regulations and processes. It can simplify control testing with a number of tools ranging from the easy-to-use to the more advanced, as well as introduce more management by exception. It will also reduce administration through workflow and simplify the user experience through a more engaging user interface and Interactive Adobe Forms. SAP GRC Process Control can also be simple and quick to implement. Today, long projects or solutions that don’t realise the intended benefits are no longer acceptable. You want to realise your payback as quickly as possible and today you should expect no less. The automation tools and content now available, along with the lessons learnt from past projects can all dramatically accelerate the time to value of SAP GRC Process Control. Executed in the right way, SAP GRC Process Control will help you change the perception of controls in your organisation from that of a burden to something of strength, which your business can depend on. PAGE TURN SUMMARYSECTION 1 SECTION 2 SECTION 3 SECTION 4 SECTION 5 SECTION 6INTRODUCTION RETURN TO CONTENTS
Visit our website www.integrc.com Integrc, operating globally from bases in the UK, Netherlands, MENA and India PAGE TURNRETURN TO CONTENTS

Recommended

Grc 10 training
Grc 10 trainingGrc 10 training
Grc 10 trainingsuresh
 
SAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsSAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsRohan Andrews
 
Sap grc process control 10.0
Sap grc process control 10.0Sap grc process control 10.0
Sap grc process control 10.0Latha Kamal
 
Wise Men Webinar: Fast Track Implementation of SAP GRC 10.1
Wise Men Webinar: Fast Track Implementation of SAP GRC 10.1 Wise Men Webinar: Fast Track Implementation of SAP GRC 10.1
Wise Men Webinar: Fast Track Implementation of SAP GRC 10.1Anup Lakra
 
Sap grc-access-control-solution
Sap grc-access-control-solutionSap grc-access-control-solution
Sap grc-access-control-solutionAnywhere Gondodza SAP.GRC.FI.B.COM.ACC.HONS (MSU)
 
Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online traininggrconlinetraining
 
SAP Governance,Risk and Compliance
SAP Governance,Risk and ComplianceSAP Governance,Risk and Compliance
SAP Governance,Risk and ComplianceTLI GrowthSession
 
SAP GRC 10.1 ONLINE - KNACK IT TRAINING
SAP GRC 10.1 ONLINE - KNACK IT TRAININGSAP GRC 10.1 ONLINE - KNACK IT TRAINING
SAP GRC 10.1 ONLINE - KNACK IT TRAININGKnack IT Training
 

Recommended

Grc 10 training
Grc 10 trainingGrc 10 training
Grc 10 trainingsuresh
 
SAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsSAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsRohan Andrews
 
Sap grc process control 10.0
Sap grc process control 10.0Sap grc process control 10.0
Sap grc process control 10.0Latha Kamal
 
Wise Men Webinar: Fast Track Implementation of SAP GRC 10.1
Wise Men Webinar: Fast Track Implementation of SAP GRC 10.1 Wise Men Webinar: Fast Track Implementation of SAP GRC 10.1
Wise Men Webinar: Fast Track Implementation of SAP GRC 10.1Anup Lakra
 
Sap grc-access-control-solution
Sap grc-access-control-solutionSap grc-access-control-solution
Sap grc-access-control-solutionAnywhere Gondodza SAP.GRC.FI.B.COM.ACC.HONS (MSU)
 
Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online traininggrconlinetraining
 
SAP Governance,Risk and Compliance
SAP Governance,Risk and ComplianceSAP Governance,Risk and Compliance
SAP Governance,Risk and ComplianceTLI GrowthSession
 
SAP GRC 10.1 ONLINE - KNACK IT TRAINING
SAP GRC 10.1 ONLINE - KNACK IT TRAININGSAP GRC 10.1 ONLINE - KNACK IT TRAINING
SAP GRC 10.1 ONLINE - KNACK IT TRAININGKnack IT Training
 
SAP GRC
SAP GRC SAP GRC
SAP GRC Kellton Tech Solutions Ltd
 
Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshoplarrymcc
 
Mitul Jain SAP GRC Security
Mitul Jain SAP GRC SecurityMitul Jain SAP GRC Security
Mitul Jain SAP GRC Securitymitul jain
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grchkodali
 
SAP Risk Management
SAP Risk ManagementSAP Risk Management
SAP Risk ManagementAuditBot SAP Security Audit
 
GRCSing2015_Kumar_Howtoperformasystem
GRCSing2015_Kumar_HowtoperformasystemGRCSing2015_Kumar_Howtoperformasystem
GRCSing2015_Kumar_HowtoperformasystemBarun Kumar
 
SAP grc
SAP grc SAP grc
SAP grc smadhu29
 
SAP Governance, Risk and Compliance (GRC)
SAP Governance, Risk and Compliance (GRC)SAP Governance, Risk and Compliance (GRC)
SAP Governance, Risk and Compliance (GRC)SAP Latinoamérica
 
Wise Men- SAP GRC Webinar Deck- March 2015
Wise Men- SAP GRC Webinar Deck- March 2015Wise Men- SAP GRC Webinar Deck- March 2015
Wise Men- SAP GRC Webinar Deck- March 2015Wise Men
 
Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1
Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1
Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1Anup Lakra
 
SAP Security & GRC Framework
SAP Security & GRC FrameworkSAP Security & GRC Framework
SAP Security & GRC FrameworkHarish Sharma
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation hkodali
 
GRC_2016_US_Brochure
GRC_2016_US_BrochureGRC_2016_US_Brochure
GRC_2016_US_BrochureJimmy Singh Mathur
 
Scalable security modeling sap bw analysis authorizations
Scalable security modeling sap bw analysis authorizationsScalable security modeling sap bw analysis authorizations
Scalable security modeling sap bw analysis authorizationsPallavi Koppula
 
Sap Access Risks Procedures
Sap Access Risks ProceduresSap Access Risks Procedures
Sap Access Risks ProceduresInprise Group
 
An expert guide to new sap bi security features
An expert guide to new sap bi security featuresAn expert guide to new sap bi security features
An expert guide to new sap bi security featuresShazia_Sultana
 
Day5 R3 Basis Security
Day5 R3 Basis SecurityDay5 R3 Basis Security
Day5 R3 Basis SecurityGuang Ying Yuan
 
Part III of III: SAP Advanced Authorization for SAP Global Deployments: Octo...
Part III of III: SAP Advanced Authorization for SAP Global Deployments: Octo...Part III of III: SAP Advanced Authorization for SAP Global Deployments: Octo...
Part III of III: SAP Advanced Authorization for SAP Global Deployments: Octo...NextLabs, Inc.
 
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]Barun Kumar
 
Case Study: How a global cosmetics company met increased audit requirements d...
Case Study: How a global cosmetics company met increased audit requirements d...Case Study: How a global cosmetics company met increased audit requirements d...
Case Study: How a global cosmetics company met increased audit requirements d...Maria Wilson
 
GRC Business Presentation
GRC Business PresentationGRC Business Presentation
GRC Business PresentationSwita Ahuja
 
ACCA CFO Forum Final Presentation
ACCA CFO Forum Final PresentationACCA CFO Forum Final Presentation
ACCA CFO Forum Final PresentationMutenga Tagarira
 

More Related Content

What's hot

Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshoplarrymcc
 
Mitul Jain SAP GRC Security
Mitul Jain SAP GRC SecurityMitul Jain SAP GRC Security
Mitul Jain SAP GRC Securitymitul jain
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grchkodali
 
GRCSing2015_Kumar_Howtoperformasystem
GRCSing2015_Kumar_HowtoperformasystemGRCSing2015_Kumar_Howtoperformasystem
GRCSing2015_Kumar_HowtoperformasystemBarun Kumar
 
SAP Governance, Risk and Compliance (GRC)
SAP Governance, Risk and Compliance (GRC)SAP Governance, Risk and Compliance (GRC)
SAP Governance, Risk and Compliance (GRC)SAP Latinoamérica
 
Wise Men- SAP GRC Webinar Deck- March 2015
Wise Men- SAP GRC Webinar Deck- March 2015Wise Men- SAP GRC Webinar Deck- March 2015
Wise Men- SAP GRC Webinar Deck- March 2015Wise Men
 
Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1
Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1
Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1Anup Lakra
 
SAP Security & GRC Framework
SAP Security & GRC FrameworkSAP Security & GRC Framework
SAP Security & GRC FrameworkHarish Sharma
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation hkodali
 
Scalable security modeling sap bw analysis authorizations
Scalable security modeling sap bw analysis authorizationsScalable security modeling sap bw analysis authorizations
Scalable security modeling sap bw analysis authorizationsPallavi Koppula
 
Sap Access Risks Procedures
Sap Access Risks ProceduresSap Access Risks Procedures
Sap Access Risks ProceduresInprise Group
 
An expert guide to new sap bi security features
An expert guide to new sap bi security featuresAn expert guide to new sap bi security features
An expert guide to new sap bi security featuresShazia_Sultana
 
Part III of III: SAP Advanced Authorization for SAP Global Deployments: Octo...
Part III of III: SAP Advanced Authorization for SAP Global Deployments: Octo...Part III of III: SAP Advanced Authorization for SAP Global Deployments: Octo...
Part III of III: SAP Advanced Authorization for SAP Global Deployments: Octo...NextLabs, Inc.
 
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]Barun Kumar
 

What's hot (19)

SAP GRC
SAP GRC SAP GRC
SAP GRC
 
Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshop
 
Mitul Jain SAP GRC Security
Mitul Jain SAP GRC SecurityMitul Jain SAP GRC Security
Mitul Jain SAP GRC Security
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc
 
SAP Risk Management
SAP Risk ManagementSAP Risk Management
SAP Risk Management
 
GRCSing2015_Kumar_Howtoperformasystem
GRCSing2015_Kumar_HowtoperformasystemGRCSing2015_Kumar_Howtoperformasystem
GRCSing2015_Kumar_Howtoperformasystem
 
SAP grc
SAP grc SAP grc
SAP grc
 
SAP Governance, Risk and Compliance (GRC)
SAP Governance, Risk and Compliance (GRC)SAP Governance, Risk and Compliance (GRC)
SAP Governance, Risk and Compliance (GRC)
 
Wise Men- SAP GRC Webinar Deck- March 2015
Wise Men- SAP GRC Webinar Deck- March 2015Wise Men- SAP GRC Webinar Deck- March 2015
Wise Men- SAP GRC Webinar Deck- March 2015
 
Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1
Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1
Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1
 
SAP Security & GRC Framework
SAP Security & GRC FrameworkSAP Security & GRC Framework
SAP Security & GRC Framework
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation
 
GRC_2016_US_Brochure
GRC_2016_US_BrochureGRC_2016_US_Brochure
GRC_2016_US_Brochure
 
Scalable security modeling sap bw analysis authorizations
Scalable security modeling sap bw analysis authorizationsScalable security modeling sap bw analysis authorizations
Scalable security modeling sap bw analysis authorizations
 
Sap Access Risks Procedures
Sap Access Risks ProceduresSap Access Risks Procedures
Sap Access Risks Procedures
 
An expert guide to new sap bi security features
An expert guide to new sap bi security featuresAn expert guide to new sap bi security features
An expert guide to new sap bi security features
 
Day5 R3 Basis Security
Day5 R3 Basis SecurityDay5 R3 Basis Security
Day5 R3 Basis Security
 
Part III of III: SAP Advanced Authorization for SAP Global Deployments: Octo...
Part III of III: SAP Advanced Authorization for SAP Global Deployments: Octo...Part III of III: SAP Advanced Authorization for SAP Global Deployments: Octo...
Part III of III: SAP Advanced Authorization for SAP Global Deployments: Octo...
 
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
 

Viewers also liked

Case Study: How a global cosmetics company met increased audit requirements d...
Case Study: How a global cosmetics company met increased audit requirements d...Case Study: How a global cosmetics company met increased audit requirements d...
Case Study: How a global cosmetics company met increased audit requirements d...Maria Wilson
 
GRC Business Presentation
GRC Business PresentationGRC Business Presentation
GRC Business PresentationSwita Ahuja
 
ACCA CFO Forum Final Presentation
ACCA CFO Forum Final PresentationACCA CFO Forum Final Presentation
ACCA CFO Forum Final PresentationMutenga Tagarira
 
Adaptive grc competitive_matrix_2016
Adaptive grc competitive_matrix_2016Adaptive grc competitive_matrix_2016
Adaptive grc competitive_matrix_2016Rob Johnston, MBA
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveMax Neira Schliemann
 
Governance Of Enterprise IT MIA
Governance Of Enterprise IT MIAGovernance Of Enterprise IT MIA
Governance Of Enterprise IT MIATroy DuMoulin
 
A Case Study Explored: Increase Effectiveness While Lowering Operational Cost...
A Case Study Explored: Increase Effectiveness While Lowering Operational Cost...A Case Study Explored: Increase Effectiveness While Lowering Operational Cost...
A Case Study Explored: Increase Effectiveness While Lowering Operational Cost...TraceSecurity
 
Building a Compelling Business Case for Boosting your GRC Program
Building a Compelling Business Case for Boosting your GRC ProgramBuilding a Compelling Business Case for Boosting your GRC Program
Building a Compelling Business Case for Boosting your GRC ProgramNAVEX Global
 

Viewers also liked (9)

Case Study: How a global cosmetics company met increased audit requirements d...
Case Study: How a global cosmetics company met increased audit requirements d...Case Study: How a global cosmetics company met increased audit requirements d...
Case Study: How a global cosmetics company met increased audit requirements d...
 
GRC Business Presentation
GRC Business PresentationGRC Business Presentation
GRC Business Presentation
 
ACCA CFO Forum Final Presentation
ACCA CFO Forum Final PresentationACCA CFO Forum Final Presentation
ACCA CFO Forum Final Presentation
 
Adaptive grc competitive_matrix_2016
Adaptive grc competitive_matrix_2016Adaptive grc competitive_matrix_2016
Adaptive grc competitive_matrix_2016
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance Executive
 
Governance Of Enterprise IT MIA
Governance Of Enterprise IT MIAGovernance Of Enterprise IT MIA
Governance Of Enterprise IT MIA
 
A Case Study Explored: Increase Effectiveness While Lowering Operational Cost...
A Case Study Explored: Increase Effectiveness While Lowering Operational Cost...A Case Study Explored: Increase Effectiveness While Lowering Operational Cost...
A Case Study Explored: Increase Effectiveness While Lowering Operational Cost...
 
Building a Compelling Business Case for Boosting your GRC Program
Building a Compelling Business Case for Boosting your GRC ProgramBuilding a Compelling Business Case for Boosting your GRC Program
Building a Compelling Business Case for Boosting your GRC Program
 
Risk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and ImplementationRisk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and Implementation
 

Similar to 34514_Process_Control_e-book_interactive

SAP GRC PROCESS CONTROL OVERVIEW AND APPROCH
SAP GRC PROCESS CONTROL OVERVIEW AND APPROCHSAP GRC PROCESS CONTROL OVERVIEW AND APPROCH
SAP GRC PROCESS CONTROL OVERVIEW AND APPROCHAMITTIWARI620759
 
Reciprocity_GRC Software Buyers Guide v5
Reciprocity_GRC Software Buyers Guide v5Reciprocity_GRC Software Buyers Guide v5
Reciprocity_GRC Software Buyers Guide v5justinklooster
 
Brochure Auditing Erp System V2
Brochure Auditing Erp System V2Brochure Auditing Erp System V2
Brochure Auditing Erp System V2agc infotech
 
Governance, Risk and Compliance for Life Sciences Companies
Governance, Risk and Compliance for Life Sciences CompaniesGovernance, Risk and Compliance for Life Sciences Companies
Governance, Risk and Compliance for Life Sciences CompaniesFindWhitePapers
 
What Constitutes a Successful QMS?
What Constitutes a Successful QMS?What Constitutes a Successful QMS?
What Constitutes a Successful QMS?Sameeksha Verma
 
servicenow grc training
servicenow grc trainingservicenow grc training
servicenow grc trainingkhushboo rai
 
Insights on grc grc technology au1488
Insights on grc grc technology au1488Insights on grc grc technology au1488
Insights on grc grc technology au1488Ashwin Kumar
 
Asap implementation methodology (2)
Asap implementation methodology (2)Asap implementation methodology (2)
Asap implementation methodology (2)Pradipta Mallick
 
Roadmap to SAP® Security and Compliance | Symmetry
Roadmap to SAP® Security and Compliance | SymmetryRoadmap to SAP® Security and Compliance | Symmetry
Roadmap to SAP® Security and Compliance | SymmetrySymmetry™
 
Introduction Of Six Sigma for IT & BPO by Vision Raval
Introduction Of Six Sigma for IT & BPO by Vision RavalIntroduction Of Six Sigma for IT & BPO by Vision Raval
Introduction Of Six Sigma for IT & BPO by Vision RavalVision Raval
 
A New Era of Compliance: Innovations in ServiceNow GRC 
A New Era of Compliance: Innovations in ServiceNow GRC A New Era of Compliance: Innovations in ServiceNow GRC 
A New Era of Compliance: Innovations in ServiceNow GRC Aelum Consulting
 
My Vision
My VisionMy Vision
My Visionmelynch
 
Mann-India_SAP_Service-Offering_GRC
Mann-India_SAP_Service-Offering_GRCMann-India_SAP_Service-Offering_GRC
Mann-India_SAP_Service-Offering_GRCMann-India
 
Power your businesswith risk informed decisions
Power your businesswith risk informed decisionsPower your businesswith risk informed decisions
Power your businesswith risk informed decisionsAlireza Ghahrood
 
Reciprocity_Consolidated Objectives eBook v2
Reciprocity_Consolidated Objectives eBook v2Reciprocity_Consolidated Objectives eBook v2
Reciprocity_Consolidated Objectives eBook v2justinklooster
 
Compliance Management Software | Corporate Compliance
Compliance Management Software | Corporate ComplianceCompliance Management Software | Corporate Compliance
Compliance Management Software | Corporate ComplianceCorporater
 
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?SAPinsider Events
 
Unlock your potential through process discovery booklet
Unlock your potential through process discovery bookletUnlock your potential through process discovery booklet
Unlock your potential through process discovery bookletPBRKRISHNA
 
GRC FOR CAPITAL MARKETS: Beyond Corporate Governance
GRC FOR CAPITAL MARKETS: Beyond Corporate GovernanceGRC FOR CAPITAL MARKETS: Beyond Corporate Governance
GRC FOR CAPITAL MARKETS: Beyond Corporate GovernanceGary Cable
 

Similar to 34514_Process_Control_e-book_interactive (20)

SAP GRC PROCESS CONTROL OVERVIEW AND APPROCH
SAP GRC PROCESS CONTROL OVERVIEW AND APPROCHSAP GRC PROCESS CONTROL OVERVIEW AND APPROCH
SAP GRC PROCESS CONTROL OVERVIEW AND APPROCH
 
Reciprocity_GRC Software Buyers Guide v5
Reciprocity_GRC Software Buyers Guide v5Reciprocity_GRC Software Buyers Guide v5
Reciprocity_GRC Software Buyers Guide v5
 
Brochure Auditing Erp System V2
Brochure Auditing Erp System V2Brochure Auditing Erp System V2
Brochure Auditing Erp System V2
 
Governance, Risk and Compliance for Life Sciences Companies
Governance, Risk and Compliance for Life Sciences CompaniesGovernance, Risk and Compliance for Life Sciences Companies
Governance, Risk and Compliance for Life Sciences Companies
 
What Constitutes a Successful QMS?
What Constitutes a Successful QMS?What Constitutes a Successful QMS?
What Constitutes a Successful QMS?
 
servicenow grc training
servicenow grc trainingservicenow grc training
servicenow grc training
 
Insights on grc grc technology au1488
Insights on grc grc technology au1488Insights on grc grc technology au1488
Insights on grc grc technology au1488
 
Asap implementation methodology (2)
Asap implementation methodology (2)Asap implementation methodology (2)
Asap implementation methodology (2)
 
Roadmap to SAP® Security and Compliance | Symmetry
Roadmap to SAP® Security and Compliance | SymmetryRoadmap to SAP® Security and Compliance | Symmetry
Roadmap to SAP® Security and Compliance | Symmetry
 
Introduction Of Six Sigma for IT & BPO by Vision Raval
Introduction Of Six Sigma for IT & BPO by Vision RavalIntroduction Of Six Sigma for IT & BPO by Vision Raval
Introduction Of Six Sigma for IT & BPO by Vision Raval
 
A New Era of Compliance: Innovations in ServiceNow GRC 
A New Era of Compliance: Innovations in ServiceNow GRC A New Era of Compliance: Innovations in ServiceNow GRC 
A New Era of Compliance: Innovations in ServiceNow GRC 
 
My Vision
My VisionMy Vision
My Vision
 
Mann-India_SAP_Service-Offering_GRC
Mann-India_SAP_Service-Offering_GRCMann-India_SAP_Service-Offering_GRC
Mann-India_SAP_Service-Offering_GRC
 
Power your businesswith risk informed decisions
Power your businesswith risk informed decisionsPower your businesswith risk informed decisions
Power your businesswith risk informed decisions
 
Reciprocity_Consolidated Objectives eBook v2
Reciprocity_Consolidated Objectives eBook v2Reciprocity_Consolidated Objectives eBook v2
Reciprocity_Consolidated Objectives eBook v2
 
Compliance Management Software | Corporate Compliance
Compliance Management Software | Corporate ComplianceCompliance Management Software | Corporate Compliance
Compliance Management Software | Corporate Compliance
 
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
 
Unlock your potential through process discovery booklet
Unlock your potential through process discovery bookletUnlock your potential through process discovery booklet
Unlock your potential through process discovery booklet
 
GRC FOR CAPITAL MARKETS: Beyond Corporate Governance
GRC FOR CAPITAL MARKETS: Beyond Corporate GovernanceGRC FOR CAPITAL MARKETS: Beyond Corporate Governance
GRC FOR CAPITAL MARKETS: Beyond Corporate Governance
 
Six sigma Courses
Six sigma CoursesSix sigma Courses
Six sigma Courses
 

34514_Process_Control_e-book_interactive

  • 1. An Integrc guide for business leaders and GRC professionals THE DEFINITIVE GUIDE TO SAP GRC PROCESS CONTROL PAGE TURN
  • 2. Contents Introduction: Why we’ve developed the definitive guide to SAP GRC Process Control Section 1: What is SAP GRC Process Control? Section 2: Why is there a need for better process control? Section 3: How organisations are benefitting from SAP GRC Process Control Section 4: How different functions benefit from SAP GRC Process Control Section 5: Building the business case for SAP GRC Process Control Section 6: Implementing SAP GRC Process Control – three things you must know In summary References PAGE TURN INTRODUCTION SECTION 1 SECTION 2 SECTION 3 SECTION 4 SECTION 5 SECTION 6 SUMMARY
  • 3. The successful companies of tomorrow will be those that are transparent and can be seen to be doing good, whilst making a profit. Leading companies now recognise the importance of practising strong business ethics and that doing so still enables them to deliver a healthy margin. Whilst integrity in business may have a short-term cost, the long-term value it brings is certainly worth it. Increasingly, the value attributed to an organisation will be based not just on the wealth they create, but on how they go about creating it. Effective internal controls and compliance programmes are a key component of an organisation’s code of conduct and ethical framework. Auditors continue to raise the bar with increasingly tougher internal control examinations and at the same time, pressure on compliance continues to build with constant regulatory change. Despite these drivers, when it comes to managing internal controls many organisations still take a sophisticated, yet manual approach. This is despite the recognition that significant operational effectiveness and efficiencies can be gained through a more automated and centralised control model. Introduction: Why we’ve developed the definitive guide to SAP GRC Process Control INTRODUCTION PAGE TURN SUMMARYSECTION 1 SECTION 2 SECTION 3 SECTION 4 SECTION 5 SECTION 6 RETURN TO CONTENTS
  • 4. For SAP customers, SAP GRC Process Control is a comprehensive solution that can bring major benefits to key functional areas within a business, including operations, compliance, risk management, controls and internal audit. Once in place it acts as a controls hub, providing a single, core internal control system ensuring effective controls and ongoing compliance right across an organisation. Because of its depth of capability, SAP GRC Process Control is sometimes unfairly perceived as being big and complicated. Yes, it is a very powerful solution but it doesn’t need to be complex to implement or to run. We’ve developed this concise ‘everything you need to know’ guide, to help you understand SAP GRC Process Control better and to show you how it could make life a whole lot simpler. If the time is right for you to evaluate SAP GRC Process Control, this guide is the perfect starting point. INTRODUCTION PAGE TURN SUMMARYSECTION 1 SECTION 2 SECTION 3 SECTION 4 SECTION 5 SECTION 6 RETURN TO CONTENTS
  • 5. SAP GRC – ‘it’s like a high performance home surveillance and security system’ Understanding how the various components within SAP GRC fit together can be a little difficult. The following home surveillance and security analogy should help: Access Control ensures all your doors and windows within your home are locked and only certain people have keys and know the right passcodes. Process Control makes sure the alarm is on (as and when required), and ensures the motion detectors, smoke and heat sensors, warning lights and security cameras are all working. Fraud Management will assess what is being recorded on the cameras along with other data sources, identify patterns and take precautionary measures, such as securing the front gates if an unexpected visitor approaches along the drive way. Finally, Risk Management helps you assess the various potential risks of someone or something breaching your security, as well as the likely impact – so you can make more informed decisions to counter any possible threats. These complementary components work together to create a highly secure environment, ensuring less chance of an incident and that you are better placed to manage should an incident still occur. The Open Compliance and Ethics Group (OCEG) defines Governance, Risk and Compliance (GRC), as ‘the capability to achieve objectives (governance), whilst addressing uncertainty (risk management) and acting with integrity (compliance)’. SAP’s integrated GRC suite is a comprehensive solution that helps you manage each area in a unified way using automation, with powerful monitoring and reporting in real-time. SAP GRC Process Control is a key part of SAP’s comprehensive governance, risk and compliance (GRC) software. It sits alongside SAP Access Control, SAP Risk Management and SAP Fraud Management. Contrary to popular belief, although all are complementary solutions, none of these modules are a prerequisite to implementing SAP GRC Process Control and it can be used in full without already having any of these modules in place. Section 1: What is SAP GRC Process Control? PAGE TURN INTRODUCTION SUMMARYSECTION 2 SECTION 3 SECTION 4 SECTION 5 SECTION 6SECTION 1 RETURN TO CONTENTS
  • 6. In simple terms, SAP GRC Process Control acts as an organisation’s controls hub. Broadly, it covers five key areas: DOCUMENT: Enabling you to document controls, tests of controls and policies in one place, covering all risks and regulations impacting your organisation. SCOPE: Allowing you to manage risk and compliance by control tests to determine scope and test strategies. EVALUATE: Ensuring you can evaluate control design and effectiveness, test policy compliance, as well as raise and remediate issues using a wide range of tools and content. MONITOR: Equipping you with tools to perform automated, exception-based testing and monitoring of controls. REPORT: Providing you with actionable insights through analytics and supporting the increased accountability of individuals through social GRC. SUMMARY DOCUM E NT R EPORT EVALUATE SCOPE MONITOR PAGE TURN INTRODUCTION SECTION 1 SUMMARYSECTION 2 SECTION 3 SECTION 4 SECTION 5 SECTION 6 RETURN TO CONTENTS
  • 7. With increased automation and continuous monitoring comes reduced cost, more effective use of resources and better coverage and visibility of risks. As many findings from external auditors confirm, the best way to enhance your business operation is to improve your mechanism for both monitoring controls and reporting risks. Investing more in this area will result in lower costs. Investments can be made to reduce the number and volume of manual control activities that people undertake, as well as to improve the coverage and assurance of the controls. This brings down the real cost of control operations, whilst also increasing the business benefit likely to be achieved. It’s a win-win scenario. For those organisations using SAP as their core system, SAP GRC Process Control provides a comprehensive solution that is straightforward to adopt. Robust interfaces are available to connect SAP GRC Process Control with both SAP ERP and non-SAP systems, without introducing further complexity. Not only does it minimise any integration challenges, SAP GRC Process Control offers highly effective control management functionality with the added benefit of strong operational and management reporting. It runs on a ‘management by exception’ basis, which means the controls are continually monitored with management by exception and with audit logs. This also means business process owners are only alerted when their actions are needed. 3 MYTH-BUSTING FACTS ABOUT SAP GRC PROCESS CONTROL It is much more than a document management system – but it does have a central repository with audit trails within the system and version control that is able to store controls content in a highly structured, easy-to-use way. It is more than an ‘IT police’ and analytics tool - as it goes beyond detective, reactive analysis by enabling a more preventative, proactive controls framework. It doesn’t re-design or stifle current working processes – but thorough testing and controls can help you identify ways to make internal processes more efficient and effective and you can also reduce the risk of human errors by introducing more automation. PAGE TURN INTRODUCTION SECTION 1 SUMMARYSECTION 2 SECTION 3 SECTION 4 SECTION 5 SECTION 6 RETURN TO CONTENTS
  • 8. In today’s constantly changing environment the need for robust operational processes, regulatory compliance and effective risk management keeps increasing at an unprecedented rate. Expansion into growth markets overseas, diversification into new sectors or product categories and the adaptation to an increasingly digital marketplace, have all driven this trend. Furthermore, in today’s more ethically-responsible environment, stakeholders, auditors and now even customers are also demanding greater transparency and more adaptive management practices. Again and again we see business values significantly impacted by a loss of quality or financial risk-related issues. When risk events occur they are often the result of processes that weren’t able to adapt quickly enough and keep pace with a company’s growth agenda. Typically, this happens in the finance, reporting and quality assurance arena, the supply chain and in manufacturing production lines. The systems in place to control risks are pushed to their limits and can’t react to the way the organisation is changing. All of these risk events can be significantly reduced, if not avoided all together, by strong and effective control operations. Section 2: Why is there a need for a more adaptive Process Control framework? PAGE TURN SUMMARYSECTION 1 SECTION 3 SECTION 4 SECTION 5 SECTION 6INTRODUCTION SECTION 2 RETURN TO CONTENTS
  • 9. Here’s five key factors that typically expose process risk as organisations go through change: 1 2 3 Audit pressure Every year auditors raise their standards and expectations. They are increasingly concerned about the internal control deficiencies that exist in many of their clients’ organisations. Whether it’s the number of sign-offs required to process a purchase order or controlling access to a sales system, auditors are looking for more complete controls – due in part to a history of poor practices across many industries. Manual, reactive control testing For many organisations, the testing of data and system controls as well as the management of compliance policies are sophisticated, complex practices performed manually. Reporting is done on an ad hoc basis and the emphasis is on detective controls. As companies change, this level of complexity becomes harder to manage – particularly when you consider the massive amounts of information, the volume of complex processes and the multiple locations involved. Limited visibility of risk Infrequent control monitoring based on small sampling means you are more likely to miss key issues, whereas automated control monitoring detects all issues so they can be dealt with immediately. Without effective monitoring and reporting it’s unlikely that your risks and controls are being captured and overseen.  This ‘fear of the unknown’ creates continued anxiety and leaves many organisations vulnerable to issues such as fraud. Such narrow insight also prevents you from fully assessing the risk impact of key business decisions. 3 WAYS SAP GRC PROCESS CONTROL HELPS YOU ADAPT TO CHANGE Enables you to have a continuous view of all compliance activities across all business processes during intense periods of transformation Provides a solid platform from which you can roll-out effective controls activity quickly and at scale De-risk change by identifying, prioritising and focusing on key risk areas PAGE TURNRETURN TO CONTENTS SUMMARYSECTION 1 SECTION 3 SECTION 4 SECTION 5 SECTION 6INTRODUCTION SECTION 2
  • 10. Cost efficiencies Most, if not all, organisations today are committed to driving greater efficiencies across their business. It’s no different for those departments responsible for GRC. Centralising, standardising and automating the control of processes can help you significantly reduce the growing costs of compliance, whilst putting you more in control of your risks. Improving operational performance Ensuring controls are working effectively usually involves reporting after the fact. Teams of people spending time trawling through data and an internal audit process that is akin to looking for a needle in a haystack. Improving operational performance means streamlined testing, increased control coverage, automated tasks and a more strategic approach to allocating resources. And moving to a more preventative approach to controls means you’ll have reduced dependency on rear-view analytics. 4 5 The key word here is change. Today it’s unprecedented. SAP GRC Process Control not only protects your organisation from key risks. It can also ensure your business can embrace change, whilst feeling confident that the right processes are in place. It will keep you compliant on an ongoing basis and gives you solid foundations from which to scale the management of your controls more easily, as and when your business needs it. A good example is how acquisitive companies harness SAP GRC Process Control to minimise the risk involved in integrating new organisations. “When the winds of change blow, some people build walls and others build windmills.” Chinese Proverb PAGE TURNRETURN TO CONTENTS SUMMARYSECTION 1 SECTION 3 SECTION 4 SECTION 5 SECTION 6INTRODUCTION SECTION 2
  • 11. Here are some examples of how other organisations have made SAP GRC Process Control work for them: Section 3: How can you benefit from SAP GRC Process Control? A company in the energy sector reduced control duplication by up to 30% and automated testing of more than 160 controls, resulting in significant operational savings A major retailer benefitted from enterprise-wide visibility of its compliance status to help plan and proactively assess the risks involved before executing its international expansion An oil & gas group enjoyed the shared repository of risks and controls across all its business areas, resulting in significantly reduced audit costs and audit preparation time A major electronics manufacturer improved business process effectiveness and efficiency through the adoption of consistent business practices An international telecoms company expanded its control testing capability allowing the internal audit team to embrace a wider remit, which resulted in significantly reduced audit fees The transformation of an internal audit department at a large bank increased the focus on continuous, automated monitoring as opposed to manual periodic sample testing. A healthcare group increased the speed at which deficiencies were resolved and gained better visibility on remediation activities for its control owners H PAGE TURNRETURN TO CONTENTS SUMMARYSECTION 1 SECTION 4 SECTION 5 SECTION 6INTRODUCTION SECTION 2 SECTION 3
  • 12. Typically, when we first speak to people about internal controls they regard them as a necessary evil. Department and process leaders in particular highlight the waste of time, the burden on the organisation and the mundane task of regularly reviewing documentation and reports to confirm controls are being executed as designed. When internal controls exist without automation or workflow, they’re hugely dependent on people. People who need to remember to do something at the right time. People who may need to break from their day job and remember what procedure to follow. People who need to document everything in the right way. Today, there are still a lot of manually-operated controls that could easily be replaced by a ‘management by exception’ rule through automation. When you have people monitoring the same control day after day, week after week and they don’t find any exceptions, human nature can easily take over. Maybe they will get lazy and go through the control too quickly? Maybe they will make errors? Because of the over-reliance on people, the whole process in the pre-automation world is mundane, burdensome and highly prone to errors. Section 4: How different functions benefit from SAP GRC Process Control PAGE TURN SUMMARYSECTION 1 SECTION 5 SECTION 6INTRODUCTION SECTION 2 SECTION 4SECTION 3 RETURN TO CONTENTS
  • 13. The‘artofthepossible’withProcessControl AREA CURRENT STATE DESIRED STATE WHO IT MATTERS TO? Compliance Focus • Audit issues / non-compliance • Changes in business operations / process impacting risk • Manual focus – auditors demand automation • Delays in remediation of issues and corrective actions • Increased automation • Central repository for audit data with ‘single source of the truth’ for all issues • Central reporting for all issues and corrective actions • Internal Audit • Risk Mangers • External Audit Risk visibility • 5% Sampling and test every 3 years. Potential to miss something key • Lack of confidence in test results and completeness • Lack of visibility and delays in reporting • Increase test frequency • Expand control tests • Focus moves from detective response to preventive and proactive position • Real-time online reports • Risk Managers • Compliance Teams • Finance • Board Operational Performance • Controls are a burden on the business • Reactive / adhoc, not making the most of your defined RACM • Manual and detective based • Controls are expensive to operate • More effective • More efficient • Saves money and test more • Mange by exception • Responses done by email – controls becoming part of the business day • Increased control focus without operational burden • Internal Audit (process / controls teams) • IT and Security • Operation Managers With SAP GRC Process Control life is very different. The automated system will remember the controls schedule. It will deliver tasks directly to the appropriate end-users. It will provide management by exception and retain the evidence. It also provides complete transparency in near to real time, so that any deviations from the norm can be spotted and dealt with immediately. The system lives and breathes internal controls, so that you don’t have to. Instead, you can look forward. Whatever your role - whether you’re a business leader or work in finance, risk and compliance, audit, control operations or IT – SAP GRC Process Control ensures you maintain your compliance focus, whilst significantly improving your risk visibility and operational performance. PAGE TURN SUMMARYSECTION 1 SECTION 5 SECTION 6INTRODUCTION SECTION 2 SECTION 4SECTION 3 RETURN TO CONTENTS
  • 14. Section 5: Building the business case for SAP GRC Process Control Developing the business case for SAP GRC Process Control may not be as straight-forward as other technology investments. If the focus is purely on short-term cost savings, it is unlikely to have your Chief Financial Officer jumping up and down with excitement. It’s essential that you can make people see the bigger picture and visualise the longer-term benefits. Emotionally they will see that it is the right thing to do, but you have to help them rationalise the benefits as far as possible. There are three main challenges that you must typically overcome to develop a compelling case for investment in SAP GRC Process Control: 1 Engage the support of multiple stakeholders in the business 2 Demonstrate the combination of tangible and intangible benefits 3 Provide assurance that payback can be achieved in the shortest possible timeframe Challenges: 1 2 3 PAGE TURNRETURN TO CONTENTS SUMMARYSECTION 1 SECTION 6INTRODUCTION SECTION 2 SECTION 3 SECTION 5SECTION 4
  • 15. “SAP GRC Process Control gives me certainty that my end-to-end process is running correctly. I also have confidence that we are buying from the right people, at the right price and that the appropriate governance is in place to support the whole process.” 1 Engage the support of multiple stakeholders in the business We hear, on a fairly regularly basis, about the struggles many GRC practitioners have in getting the various different stakeholders bought into the idea of SAP GRC Process Control. It can be like ‘herding cats’ (whatever herding cats actually looks like!). There may be multiple functions and business units all with potentially conflicting views towards internal controls. Much time can be spent trying to convince these individuals and departments, but having their support when proposing the business case is critical. There are ways to accelerate this process. The starting point is to think about each stakeholder in terms of ‘what’s in it for them?’ – which means understanding their needs, the issues they would solve, the gains they could achieve and so on. Examples include reduced administration and labour costs, reduced time and effort spent on manual control activities, reduced compliance and control testing efforts and better visibility of controls. The more you can present hard numbers and metrics based on their real life situation, the better. ‘What’s in it for me?’ Procurement Process Owner PAGE TURN SUMMARYSECTION 1 SECTION 6INTRODUCTION SECTION 2 SECTION 3 SECTION 5SECTION 4 RETURN TO CONTENTS
  • 16. Once you have a clear understanding of how the individual stakeholders can benefit, the key is how you present this to them. Of course you can provide summary papers, make presentations, run workshops. But one of the best ways to engage them is to show them a dashboard presenting the key performance indicators (KPIs) that matter to them most. When people can see a nicely presented dashboard with all of the key information they need, they can better live the feeling of control that a tool such as SAP GRC Process Control can give them. To make this more meaningful, a Proof of Concept (PoC) can also serve to help justify the business case.  By taking live data, a specific process area and optimising the internal controls surrounding it, you can more clearly demonstrate the art of the possible for different stakeholders. Visualisation tools can then also provide you with what we call ‘hindsight in advance’ which helps different stakeholders envision the end result more clearly right at the beginning of a project. Both techniques enable better decision-making around future solution design to ensure business benefits are realised in full. Actual screenshot from Integrc’s Insight Analytics dashboard suite PAGE TURNRETURN TO CONTENTS SUMMARYSECTION 1 SECTION 6INTRODUCTION SECTION 2 SECTION 3 SECTION 5SECTION 4
  • 17. DIRECT COSTS INDIRECT COSTS Reduced cost of audit preparation Reduced external auditor fees Reduced FTE requirements through increased automation Reduced operating costs through standardisation of testing, reporting, monitoring and documentation Reduced re-testing costs for failed controls as automated controls have a much higher pass rate Reduced cost of remediation and addressing anomalies Reduced costs of managing compliance activities Reduced cost of centralising control creation and scheduling Efficiency gains identified in key process areas Decommissioning of older legacy infrastructure supporting the current controls approach Training costs for new staff on control performance procedures Consolidation of your enterprise systems and applications as part of an SAP-centric IT strategy Reduction in management load, with less issues to have to deal with – ‘get your firefighting mornings back’ Enables business managers to focus on running the business, knowing that a strong foundation is in place Creates confidence through a culture of control adoption, in which people take controls more seriously 2 Demonstrate the combination of tangible and intangible benefits The tangible benefits to include in the business case will relate to either direct or indirect costs. Typically these include: PAGE TURN SUMMARYSECTION 1 SECTION 6INTRODUCTION SECTION 2 SECTION 3 SECTION 5SECTION 4 RETURN TO CONTENTS
  • 18. When calculating these costs it is important to factor in the frequency with which this activity currently happens. You need to fully understand who in your organisation manages internal controls, how many times they perform actions relating to them each year and how many hours it takes them. You also need to account for all your manual controls, how long it takes to test them and perform the necessary remedial activities. The intangible benefits are those that are typically hard to quantify, yet nevertheless are likely to yield the most positive impact on your organisation, particularly in the long-term. This is often THE most valuable benefit area, yet also perhaps the hardest to pin down. The difficulty is that some of the intangible benefits relate to ‘what if’ scenarios. This refers to those risks that you’re better prepared for, but that might never happen, as a result of making the investment. Then again, they might. Here’s some examples of intangible benefits: Reduction in likelihood and impact of risk Improved productivity of those responsible for manual control activities Deploying resources to focus on more value-added activities Prevention of fraudulent behaviour Minimising the potential for financial misstatements and associated fines Avoiding the penalties of non-compliance, particularly if you operate in a highly regulated environment Miscalculating the potential risk of entering a new market Allowing a culture of fraud or error to become permissible and usual Key to whether your business case stacks up will be whether the intangible elements are deemed significant enough to warrant the investment. As far as possible, you need to quantify the likelihood of these risks occurring and the potential financial impact on your organisation should they happen. PAGE TURN SUMMARYSECTION 1 SECTION 6INTRODUCTION SECTION 2 SECTION 3 SECTION 5SECTION 4 RETURN TO CONTENTS
  • 19. TEST DRIVE TODAY! 3 Providing assurance that payback can be achieved in the shortest possible timeframe IT projects generally have a bad reputation. There are countless examples of programmes that have failed to deliver the intended business benefits and have run over both in terms of budget and their original milestones. Stakeholders and decision-makers are going to need to be convinced that your GRC implementation is going to be a story that ends with success for everyone involved and real value created for your business. Because SAP GRC Process Control benefits multiple stakeholders, they will often each bring their demands to the table. This means traditional implementations can become more complicated and time-consuming than they need to be. A common challenge experienced with SAP GRC Process Control is that it is so flexible and powerful, that it becomes hard to pin down how best to use it, and in what order to deploy its various capabilities. However, there are now many modern deployment tools and techniques available that can help you combat this situation and ensure you get what you need in a much quicker timeframe: Prototype environments can be created in just a few hours, which simulate the end state and enable you to ‘test drive’ and make changes to your design before, not during your implementation. Visualisation and iterative deployment methodologies provide transparency during the implementation phase through web browser-based simulations. This allows you to collate meaningful feedback from end-users and review progress with stakeholders at each step of your journey, enabling you to continuously improve your solution. PAGE TURN SUMMARYSECTION 1 SECTION 6INTRODUCTION SECTION 2 SECTION 3 SECTION 5SECTION 4 RETURN TO CONTENTS
  • 20. Automation tools such as quick-loading data applications can also speed you through the latter realisation and testing phases of a project, so activities that used to take weeks to perform can now be done in just a few minutes. Pre-loaded content can dramatically accelerate the time it takes for you to implement. Naturally, every organisation will feel they have a unique set of circumstances and risks that affect the design, implementation and management of their controls. However somewhat surprisingly, most organisations’ controls have a lot in common – especially in the area of financial controls. Rather than try to invent your optimum controls from scratch, or take what you have and spend ages looking to improve them, it’s much more effective (faster and less expensive) to use controls developed and proven elsewhere – and that sort of content is increasingly becoming available from suppliers. User experience tools, applications and devices such as interactive forms (Adobe), mobile interfaces (SAP Fiori), mobile applications (Risk Reporter), dashboards and social tools (SAP Jam) can all accelerate adoption by giving people a more engaging, consumer-grade experience – with nicer looking interfaces, fewer clicks and enriched information sharing. Such ‘hindsight in advance’ thinking used in conjunction with innovative automation and collaboration tools can significantly diminish the likelihood of costly delays and overruns. This modern approach ensures your organisationrealises the benefits of a tailored solution in a much faster timeframe. It can reduce your implementation time by as much as 50%, which is a compelling argument to put forward as part of your business case. And furthermore, you should expect to see increased adoption as end-users feel they have actually designed the system themselves.  PAGE TURN SUMMARYSECTION 1 SECTION 6INTRODUCTION SECTION 2 SECTION 3 SECTION 5SECTION 4 RETURN TO CONTENTS
  • 21. SAP GRC Process Control has been adopted by many leading organisations. So you have the opportunity to learn from those who’ve gone before you. Below are three of the most commonly cited lessons learnt from implementing the solution: Section 6: Implementing SAP GRC Process Control – three things that you must know 1. Get everyone involved from the start: It is essential to achieve a universal understanding of the solution and the ways in which your controls could be automated. Get everyone involved, especially the end-users, and ensure they are hands-on as soon as possible. This not only helps with the overall visualisation, design and transition, but builds also confidence and adoption. It also means you can move forward on an iterative basis and not backwards to correct mistakes or rework an earlier idea. 2. Define the end ‘to be’ status: A clear understanding of the final aims and goals must be in place to ensure a successful transition. Even if you decide to take a step-by-step approach, defining the final end state and communicating this helps you to engage the business. This not only supports the management of the transition to control automation – it also works to support a wider change management process in terms of developing a culture of controls that are part of everyday business operations. 3. If possible, include GRC in a SAP ERP implementation: Significant efficiencies and cost avoidance can be realised by integrating any of the SAP GRC modules with a wider SAP ERP programme. This could obviously make a big difference to the business case too. However, watch out for delays to wider ECC projects and ensure you’ve minimised the potential impact on your GRC project. It is critical to create a dedicated team focused on security and controls to design, implement, as well as manage the solution post go-live.  PAGE TURN SUMMARYSECTION 1INTRODUCTION SECTION 2 SECTION 3 SECTION 4 SECTION 5 SECTION 6 RETURN TO CONTENTS
  • 22. It will reduce the cost of managing compliance and audit-related activities through a centralised, automated approach It will improve your visibility and control of risk across your business, also enabling more effective allocation of resources It will improve the performance of business processes by implementing continuous monitoring techniques 3 big reasons why SAP GRC Process Control will deliver value to your business We’ve explored the functionality available and the benefits delivered by SAP GRC Process Control. We’ve shown how you can reap rewards for your day-to-day business by providing automation and centralised policy management. Hopefully, we’ve also demonstrated that the solution can significantly reduce your exposure to risk, through continuous monitoring and comprehensive reporting. In Summary: SAP GRC Process Control makes life simpler PAGE TURN SUMMARYSECTION 1 SECTION 2 SECTION 3 SECTION 4 SECTION 5 SECTION 6INTRODUCTION RETURN TO CONTENTS
  • 23. SAP GRC Process Control could make your life a lot simpler. It will equip you with a single source repository for your controls with simple, yet structured documentation of regulations and processes. It can simplify control testing with a number of tools ranging from the easy-to-use to the more advanced, as well as introduce more management by exception. It will also reduce administration through workflow and simplify the user experience through a more engaging user interface and Interactive Adobe Forms. SAP GRC Process Control can also be simple and quick to implement. Today, long projects or solutions that don’t realise the intended benefits are no longer acceptable. You want to realise your payback as quickly as possible and today you should expect no less. The automation tools and content now available, along with the lessons learnt from past projects can all dramatically accelerate the time to value of SAP GRC Process Control. Executed in the right way, SAP GRC Process Control will help you change the perception of controls in your organisation from that of a burden to something of strength, which your business can depend on. PAGE TURN SUMMARYSECTION 1 SECTION 2 SECTION 3 SECTION 4 SECTION 5 SECTION 6INTRODUCTION RETURN TO CONTENTS
  • 24. Visit our website www.integrc.com Integrc, operating globally from bases in the UK, Netherlands, MENA and India PAGE TURNRETURN TO CONTENTS