Ready for the GRC transformation?

Find out how you can continuously monitor risk and controls, integrate processes, and unify GRC activity on a common technology platform. Build digital trust and quickly adapt to changes in technology, regulations, and a global environment.

Make better decisions faster with built-in analytics, from operations to the digital boardroom. Meet your goals for the IT environment with hybrid, cloud, and on-premises scenarios that share a consistent data model, line of code, and user experience.

Because SAP security is difficult to manage and monitor, and it is becoming increasingly important to have a holistic view of risks and compliance. SAP has the GRC solution to help organizations keep access risks under control. The Access Control system of the Governance, Risk & Compliance suite is one of them.

This solution enables companies to significantly improve the way they manage their risk, internal audit and compliance functions through further automation of data and information.

SAP GRC solutions are designed to help you optimize digital identities across the enterprise.

This includes enabling identity and access management to manage system accounts and provide the correct authorization assignments.

The main purpose of the GRC solution is to automate a large part of the work associated with the documentation of evidence and presentation of information of the risk management and compliance activities, which are, for the most part, closely related to the business objectives and corporate governance .

THE FOUR MAIN FUNCTIONS OF THE GRC:

AUDIT MANAGEMENT:

Provides support to internal auditors in the management of work papers and in the planning of tasks, time management and presentation of information.

POLICY MANAGEMENT:

It includes a specialized form of document management that enables the life cycle of policies, their link with business mandates and objectives in one direction and risks and controls in another. As well as the distribution to employees and business partners and verification by them.

COMPLIANCE MANAGEMENT:

It helps compliance professionals not only with documentation, workflow, reporting, but also with visualization of control objectives, controls and associated risks, surveys and evaluations, verification and correction. It will include compliance for financial reporting purposes (SOX compliance) as well as industry-specific regulations (eg, ISO 9000) and compliance with internal policies.

RISK MANAGEMENT:

It facilitates the documentation, work flow, evaluation, analysis, presentation of information, visualization and correction of risks (as defined in ISO 31000, COSO, etc.). This component is generally focused on monitoring risks and incidents, but can also collect data from risk analysis tools (Credit, Market, etc.) to provide a consolidated view.

Solutions

The following technological tools provide a range of options to automate the process offering innovative solutions on the market:

UPDATE FROM GRC 10 / 10.1 TO 12.0

Why is the GRC update crucial in this year 2020?

As the main maintenance for GRC 10 / 10.1 will end on 12/31/2020, it is necessary to plan and implement an update to version 12. (SAP Note 2878927)

Advantages of version 12.0:

  • You can run risk analysis for FIORI. This version brings a new set of rules for the integration of risk analysis with Fiori Apps in S / 4HANA On-premise systems.

  • GRC 12.0 now allows its use on mobile devices, as it is a personalization application based on SAP Persona.

  • Integration with cloud platforms and new SAP products such as SAP Ariba, SAP Concur, Success Factors and S / 4HANA cloud. These can be achieved with IAG, which connects as a bridge to all cloud-based applications (SF, S / 4HANA, Ariba, etc.).

  • SAP Cloud IDM is integrated with SAP Access Control: the access analysis service allows customers to connect to cloud applications from local SAP Access Control to bring those applications in the cloud under the umbrella of access governance. It enables users of the local access control solution to take advantage of the access analysis service capabilities in the cloud.

  • Integration with the SuccessFactors system.

  • Fiori applications have been improved, making them more intuitive.

  • EAM Functionalities (emergency user) extended in HANA.

  • UPDATE OF THE MASSIVE ROLE METHODOLOGY: It allows the re-application in a massive way to the roles.