sap grcSAP GRC shouldn’t feel like an ongoing strategic challenge. With the right SAP Governance, Risk and Compliance software, passing audits should be a given, and remediating SOD conflicts should be pretty routine. If you’re struggling to keep up, it’s time to look for better software and vendor support. Here are some of the challenges your vendor should be able to solve.

 

SAP Governance, Risk and Compliance Challenges

    1. Meeting The Requirements of All Stakeholders Your SAP GRC software needs to be able to provide very different information and controls for different users. Unfortunately, many SAP GRC applications have a single stream of idiosyncratic output. It’s very difficult for users to even understand the output, let alone zero in on the information that’s relevant for their jobs. The right solution should meet these challenges with out-of-the-box reporting that delivers the right cut of data to all constituents in a clear, comprehensible manner. With the right SAP GRC solution, business users can self-assess for risk, technical users can perform root cause analysis and quickly address SOD conflicts and other issues, and auditors can perform period to period delta analysis and validate controls.

 

    1. Time to Value By the time companies find the right SAP GRC solution, most are way behind in the compliance game, and struggling to keep up with audits and remediation, despite huge resource investments. A long implementation is too costly — they can’t afford to wait 6-12 months to solve a compliance issue, while propping up their outdated GRC program. Look for an SAP GRC solution with excellent time-to-value, backed up by high-touch customer service. For example, when Carlisle Construction Materials started working with ControlPanelGRC, they had already struggled unsuccessfully to remediate risks with their previous GRC system. Instead, their auditors kept finding more and more risks.We were able to implement an accelerated timetable, delivering SAP GRC Access Control inside of one week, with overall remediation inside of 4 months. We reduced SAP security consulting costs by 80%, and even reduced the time it takes them to run audit reports, from days to less than a minute. You should expect nothing less from your SAP GRC provider.

 

    1. Continuous Control Monitoring Even with SAP GRC software, there can be a lot of unnecessary work in running your GRC program. Look for SAP GRC software that automatically executes compliance reports, routes them for workflow approval, audits and records your review process, and allows you to go quickly from risk to remediation. A solution with Continuous Control Monitoring (CCM) will make it simpler (and less expensive) to stay compliant by automating everything from tracking reviews and approvals to user and role change management.

 

Successful SAP GRC Takes the Right Software, With The Right Vendor

 

SAP GRC should be a routine process, not an ongoing struggle. That takes the right combination of functionality, stakeholder-specific output, and vendor support. Don’t just look for a solution that makes it possible to solve GRC challenges — choose a solution that makes it easy.

About Scott Goolik - VP, Compliance and Security Services

Scott Goolik is VP of Compliance and Security Services at Symmetry. A recognized expert in the field of SAP security and compliance, Scott has over 20 years of expertise in SAP security and is a regular presenter at SAP industry tradeshows and ASUG events. His experience includes working for one of the Big Four accounting firms and developing auditing tools, including those for segregation of duties (SOD). Scott is also responsible for architecting the ControlPanelGRC® solution which provides audit automation and acceleration of security and control processes.