skip to Main Content

GRCControlPanelGRC is an award-winning product that drives the audit-readiness for enterprises around the world. But back in 2008, it was just an idea. Time and again when we visited our customers to manage and support their SAP environments, we heard the same complaints. Their GRC systems were overly manual, seemed to require a computer science degree to decipher and operate, and they spit out reports that didn’t actually tell the business how exposed they were to risk and fraud.

What started as an idea, quickly turned into a development project that lead to a software product and a new approach to GRC management. Just as the iPhone at the time was completely changing the user experience from clunky phones with small screens to a new world of touchscreens and apps, ControlPanelGRC delivered a simple, intuitive interface that seamlessly integrated with SAP and delivered data and reports designed for business users (not IT).

Our big idea wasn’t to build software, but to help our customers reach a state of continuous audit-readiness so there wouldn’t be the last minute crush of chasing down data, reporting and analysis, and overall stress when the auditors were coming in for a review. Customers could push a button and be done with it.

In fact, ControlPanelGRC’s design and features have been driven by the business needs of our customers since the day we first installed it 10 years ago at Graham Packaging. Since then, ControlPanelGRC has grown to be used by more than 120 enterprises around the world – including numerous Fortune 500 companies – representing a diverse mix of industries, from heavy manufacturing, life sciences and pharmaceuticals to consumer products, aerospace, defense and more. And underscoring its scalability, the customers range from 50 up to more than 150,000 SAP users.

And over the years, our commitment to continually improving the software to better suit our customers’ evolving security, risk and compliance landscape has remained. There are countless features and functions that make life easier for Security Admins, Compliance Analysts and Internal/External Auditors, but some industry firsts and key features over the years include:

  • Segregation of Duties (SoD) Remediation Assistantaccelerating the remediation process by providing a step-by-step roadmap to easily reduce SoD risks.
  • HR Data Integrationautomated access changes based on customer-defined HR attributes to keep up with hires, position changes, and terminations.
  • Fiori & S/4HANA integration the first access control platform to offer actionable, out-of-the-box SoD rules for S/4HANA and Fiori applications in addition to existing SAP GUI transactions.
  • Job Role Managementcross-system Roles to provide access to SAP applications, HANA databases, and other critical company systems.
  • Mobile Apps – first in the industry to launch a client-centric iPhone and Android mobile app, which allows clients to control workflow from their mobile device along with support for Fiori to greatly enhance the end user experience.

And while our customers have always been global, ControlPanelGRC has seen a growing international footprint through partnerships and Symmetry’s own expansion into Europe. A great example is the deployment we did for TIRU, a leading waste recovery company in France, with our partner, Harmonie Technologie.  Mehdi Kefi, senior manager in charge of the GRC practice at Harmonie Technologie, provided great insight into why the intersection of security and simplicity is key: “TIRU is a great example of the importance of ensuring roles, access controls and segregation of duties are updated and aligned with the business as it evolves and changes over time to ensure data is secured. The challenge has always been that most GRC solutions are complicated, expensive and take a long time to implement, which is why ControlPanelGRC is an ideal solution for TIRU and our other customers.”

The ControlPanelGRC user base is such a collaborative community, that three years ago we created the SAP Security & GRC User Summit. What started out as “boot camps” to offer a forum for expanded learning, the annual event now focuses on customer presentations and use cases with hands-on workshop time to allow customers to learn from each other and our experts. We’ve even heard stories about customers solving compliance challenges that we never thought about using ControlPanelGRC. It’s such an engaged and active user base, it’s no wonder ControlPanelGRC has a Net Promoter Score of 69.

It’s that focus on helping our customers that will drive ControlPanelGRC’s innovation over the next ten years as we add new features and capabilities around public cloud services, S/4HANA, tighter ITSM integration, and robotic process automation.

Even as our customers’ environments get more complex through virtualization, automation and hybrid cloud architectures, we will remain true to why customers starting with Graham Packaging through to hundreds more have chosen ControlPanelGRC: continual simplification.


Scott Goolik - VP, Compliance and Security Services

Scott Goolik - VP, Compliance and Security Services

Scott Goolik is VP of Compliance and Security Services at Symmetry. A recognized expert in the field of SAP security and compliance, Scott has over 20 years of expertise in SAP security and is a regular presenter at SAP industry tradeshows and ASUG events. His experience includes working for one of the Big Four accounting firms and developing auditing tools, including those for segregation of duties (SOD). Scott is also responsible for architecting the ControlPanelGRC® solution which provides audit automation and acceleration of security and control processes.