As the advancements of technology embrace the forefront of business, the need for good corporate governance is imperative in order to effectively manage enterprise-wide risk.
Managing governance, risk and compliance (GRC) in today's business environment has become much more difficult and complex, as companies either don't see the value, or have a combination of fragmented and manual GRC processes that produce an abundance of data, thus obscuring true risks.
With the evolving emphasis on corporate governance, directors face increased scrutiny from shareholders, regulators, media and other stakeholders.
Fuelled by regulators' demands that organisations behave responsibly, stakeholders now want evidence that organisations are conducting their operational tasks effectively, profitably and, most importantly, responsibly.
The GRC solutions delivered by SAP aim to address this need and help organisations maximise strategic and operational performance by enabling them to evaluate and manage business risks efficiently; implement financial and operational controls embedded within business processes; and create a transparent, reportable environment for stakeholders and other key decision-makers.
GRC today should be part of running a business and should not be ignored. For most companies, there seems to be a disconnection between strategy, risks, policies and compliance, with some businesses only realising the importance after risks are realised.
The SAP GRC solutions offer a unified approach to governance risk and compliance that overcomes the challenges of identifying and managing cross enterprise-wide risks.
The SAP GRC solutions aid management processes across all SAP and non-SAP platforms, across regions, business processes and organisational units.
Smoothly integrating with SAP technology and applications, GRC solutions support the automation of end-to-end processes, enforcement of corporate policies, risk management, and compliance management, including real-time risk reporting and detailed audit trails across organisations.
The latest available release, SAP GRC 10 solution comprises the following modules:
SAP GRC Access Control (AC)
This application identifies and prevents segregation of duty (SoD) access and authorisation risks across enterprise IT systems to prevent fraud and reduce the cost of continuous compliance and control.
Proper segregation of duties and access control across business processes and transactions are among the most effective safeguards to protect against fraud and financial and operational risks - as well as good prerequisites for sound corporate oversight.
Far too often, SoDs' high-risk transactions and violations are not flagged by most compliance tools, and thus pose a critical risk to the organisation. SAP GRC Access Control monitors, tests and enforces access and authorisation controls across the extended enterprise and closes this gap.
The solution offers the following, but is not limited to:
* Online and real-time SoD and critical access reports (24/7)
* Functionality to capture and manage mitigation controls for existing violations
* SAP user transaction usage
* Authorisation access approval procedure - automated with workflow and subject to risk analysis
* Self service password reset
* Complete audit trail of all approvals
* Business Role Management - enforcing role creation methodology and naming conventions
* Emergency Access Management (Fire Fighter) - complete audit trail and reports what users have executed during a time of emergency access
SAP GRC Access Control also enables all corporate compliance stakeholders - including business managers, auditors and IT security managers - to collaboratively manage the enforcement of SoDs and high-risk transactions. This helps to identify and remediate potential risks, like conflicting authorisations within a single user's access profile. Most importantly, it also helps to identify actual risks, such as business functions that are executed in conflict with SoD mandates.
Access Control can leverage existing identity management solutions where present, smoothly integrating with the SAP NetWeaver Identity Management component and other identity-management solutions from major vendors.
To keep total cost of ownership for both solutions low, and provide a compliant identity-management solution, it is designed to help users comply with financial reporting and regulatory mandates.
SAP GRC Access Control automates many of the processes for access and authorisation management, enables users to rapidly identify and remove access and authorisation risk from IT systems, as well as automate and embed preventive controls into business processes to stop future SoD violations from occurring.
The result is a dramatic reduction in the time, risk and cost associated with compliance.
SAP GRC Enterprise Risk Management (ERM)
This application offers the following, but is not limited to:
* Balances business opportunities with financial, legal and operational exposure to minimise the market penalties from high-impact events
* Provides a best-practice framework, enterprise-wide
* Risk identification, collaborative risk analysis, pre-defined risk responses, and continuous risk monitoring and reporting
* Key risk indicators enable users to monitor the overall risk portfolio and to alert management immediately when high-impact and high-probability risks exceed company-specific thresholds
* Risk owners cannot only analyse risks in terms of severity and likelihood of impact, but can also monitor GRC activities and timeframes at the most granular level - information that is automatically aggregated to create higher-level views and risk networks
* All risk-related activities are monitored through executive-level dashboards and reports that deliver visibility into key risk metrics and policy compliance
SAP GRC Process Control (PC)
This GRC application optimises business operations and helps ensure compliance and mitigated risk by centrally monitoring key controls for business processes and cross-enterprise IT systems with the following:
Document and manage compliance initiatives (legislative and regulatory) ie. Companies Act, King III, ISO, etc., which needs to be adhered to, including:
* Document and manage supporting mitigation controls at business process level
* Mitigation control database
* Assign accountable and responsible business process owners
* Consolidated dashboard reports
* Seamless integration with GRC RM and AC
* Automated controls are embedded and used, which will significantly reduce manual control activities and costs thereof
* Gain complete visibility into business process controls to help ensure that they are operating as designed and that users can trust the data provided to regulatory bodies
* SAP GRC Process Control applies a risk-based approach to setting up users' control environment and identifying the most effective and efficient controls needed to achieve compliance
* Create a library of all process documentation, risks and controls across the enterprise and centralise enterprise control management, eliminating the need to integrate separate tools for documentation, testing, remediation and control monitoring
* Test controls for key risks by using a combination of monitoring for automated controls, testing for manual controls, and self-assessments.
This powerful combination works together to help users establish controls that promote desired employee behaviour and optimise business processes. It helps ensure that the organisation meets compliance mandates on time and in a cost-effective manner, ensuring risks are effectively mitigated.
SAP GRC Global Trade Services (GTS)
SAP GRC GTS application embeds regulatory and corporate policies into trade processes to automate compliance and cut costs
SAP GRC Global Trade Services:
* Enables an organisation to automate and streamline complex import and export processes by embedding the regulatory and corporate compliance into core logistics processes.
* Allows for central management of these processes. The software reduces users' risks of non-compliance with trade regulations, expedites customs clearance, and mitigates financial risks for global transactions, while presenting opportunities to take full advantage of international trade agreements.
SAP GRC Global Trade Services will meet all global trade requirements - no matter where users do business.
The unified SAP BusinessObjects GRC solutions act as a strategic business weapon to increase efficiencies, reduce compliance costs, and improve predictability and performance.
TWC Consulting is proud to be recognised by SAP as a GRC Professional Service Expertise Partner.
TWC has a business unit dedicated specifically to the implementation, support, optimisation, SoD resolution and many more of the SAP GRC solutions.
With over seven years' of global experience, TWC has successfully delivered more than 26 GRC implementations.
Being an attendee at the 2011 SAP GRC 10 Partner enablement session, hosted by SAP in Germany, the TWC brand was highly recognised by the individual GRC solution owners and thanked for the contributions made towards the development of the GRC 10 solution currently available to the market.
TWC South Africa has the following registered and certified partnerships:
* SAP Africa Services Partner
* SAP Africa Value-Added Reseller (VAR)
* SAP Africa GRC Special Expertise Partner
* Greenlight Technologies Partner for Africa
* KNOA Partner
* SAP User Experience Management Preferred Partner
For a more personal GRC experience, or if you require more information, please contact TWC today to discuss your GRC requirements.
Share