Governance, Risk & Compliance

Increased regulation, and significant technology and business transformation holds ramification for GRC teams and strategy. Content in this category targets risk, audit, and compliance leaders and their teams. We will explore best practices from process perspective, but also delve into how organizations are using both SAP and third-party solutions to manage risk, user access, security, data protection and privacy and support their overall controls environment. Explore best practices, and case studies that will help your organization improve their current compliance initiative, apply leading edge technology, and get greater visibility into the key risks and vulnerabilities that impact your organization.


  1. GRC for SAP S/4HANA and Cloud Applications Research Report

    Reading time: 1 mins

  2. Managing the Identity Life Cycle in Hybrid SAP Environments

    Managing the Identity Life Cycle in Hybrid SAP Environments

    Reading time: 13 mins

  3. firefighter

    Brighthouse Financial Accelerates User Provisioning Cycles

    Reading time: 4 mins


  1. Worksoft corporate logo image


    Reading time: 4 mins

    Before integrating Saviynt’s Identity Governance and Administration (IGA) solution and SAP Access Control, Brighthouse Financial ran an entirely manual user provisioning process using an access request feature in SharePoint. This case study explains how the Fortune 500 company improved their user provisioning processes for SAP products with SAP Access Control and then implemented Saviynt’s IGA…
  2. cutting it support costs through redesign image

    Cutting IT Support Costs Through Redesign

    Reading time: 4 mins

    Imperial Brands, one of the largest tobacco products companies in the world, saw an opportunity to reduce fraud risk and third-party IT costs by closing a gap in its segregation of duties (SoD) compliance. The gap become apparent when its auditors reported discrepancies between the company’s SoD audits and the SoD results coming from external…
  3. Video: Imperial Brands Cuts Costs, Boosts Security with Role-based Access Redesign

    Imperial Brands, one of the largest tobacco products companies in the world, saw an opportunity to reduce fraud risk and third-party IT costs by closing a gap in its segregation of duties (SoD) compliance. The gap become apparent when its auditors reported discrepancies between the company’s SoD audits and the SoD results coming from external audit. The company decided to update its processes and SoD ruleset to improve transparency of its reporting.  The SoD update revealed that its…
  4. increasing transparency and efficiency Eli Lilly image

    Increasing Transparency & Efficiency

    Reading time: 5 mins

    Sprawling multinational drug company Eli Lilly and Company (Lilly) needed a way to centrally monitor its core enterprise resource planning (ERP) systems. The company had been using a manual method to track its financial and operational activities and related controls. But to increase transparency and efficiency, Lilly decided to implement SAP Process Control to automate…
  5. Governance Risk and Compliance: State of the Market 2021 Benchmark Webinar

    Governance, risk, and compliance (GRC) systems and professionals are increasingly important as regulations around data become stricter and corporate systems become a more frequent target of cybersecurity attacks. These risks and compliance challenges are compounded by the fact that many SAP organizations are in the process of transitioning to new technology — be it SAP…
  6. How Microsoft enabled a highly regulated SAP landscape to support its new MS-Federal entity

    In 2020, Microsoft implemented Microsoft Federal (MS-Federal) to bring all U.S. Government critical customer functions under the same organizational umbrella. To support the newly created MS-Federal entity, Microsoft carved out a complex dedicated landscape into Azure Govt Cloud. This migration represented Microsoft’s first Greenfield deployment of SAP S/4HANA at Microsoft, with end-to-end scope, as a…
  7. The Usual Suspects: Catching the culprits of SAP access risk

    The world is changing, and SAP ecosystems are changing with it, as more organizations migrate to the SAP S/4HANA platform. Whether you are on the latest version of SAP S/4HANA or still thinking about making the move from ECC, monitoring and managing access risk can be challenging. How can you be sure you are fundamentally…
  8. Take Control of Your SAP GRC Destiny: Define your compliance roadmap & execute a journey to success

    Companies must take many measures to stay on the right path to compliance, such as ensuring efficient security and GRC technologies, staying one step ahead of fraudsters, and satisfying the requirements of auditors. At the same time, organizations need to avoid common pitfalls they might encounter at different stages of their GRC strategy. How can…
  9. Moving to SAP S/4HANA? Avoid these common audit issues

    Although transformative to businesses, SAP S/4HANA implementations have revealed some common, audit-relevant issues that could create risks for organizations. Because much of the focus of these implementations (and upgrades) is on ensuring that business functionality is enabled and the system goes live quickly, controls and security considerations are often neglected, or severely under-scoped. Implementation issues,…
  10. Least Privilege 2.0: Controlling Risk in a Dynamic Environment

    A growing landscape of laptops and smartphones, widespread internet access, and remote workforces throughout the world have increased the need for risk and identity management and has changed how security models should operate. Continuing to focus on only two dimensions, the “Who” (users and user groups) and the “What” (roles and authorizations), leaves organizations vulnerable…