SAP GRC


-

What is SAP GRC?

Governance, risk, and compliance (GRC) is a vital set of functions for enterprises to maintain secure and audit-friendly environments while being more confident in their actions. For SAP customers, SAP GRC can mean a set of GRC products provided by SAP itself or the GRC activities and technologies related to SAP systems.

What is SAP GRC?

Governance, risk, and compliance (GRC) is a vital set of functions for enterprises to maintain secure and audit-friendly environments while being more confident in their actions. For SAP customers, SAP GRC can mean a set of GRC products provided by SAP itself or the GRC activities and technologies related to SAP systems.

GRC is growing in importance with rapidly changing regulations that create new compliance challenges. Security and financial risks are also on the rise as companies adopt more cloud technologies, enact bring-your-own-device policies, and enable remote workers in greater numbers.

SAP GRC tools are available to help with areas of risk management, process control, financial compliance, threat detection, identity management, privacy governance, and more. SAP partners and other vendors that provide GRC solutions and consulting services include Appsian Security, Fastpath, and Soterion.

Key Considerations for SAPinsiders:

  • Take inventory of your GRC processes and automate wherever possible. In our most recent GRC State of the Market research, successful GRC organizations are focused on automation to streamline processes. To do this, processes being automated need to be repeatable and effective. Before investing in GRC automation technology, it’s best to get processes in line. Many companies are automating the process of keeping track of who makes changes to the SAP systems.
  • Digital transformation offers the opportunity to rethink GRC processes. If your company is implementing new software such as SAP S/4HANA, it’s smart to use that project as a catalyst to examine key GRC processes and find out how they can be improved. For example, HP set up a new GRC system during its SAP S/4HANA migration, including rethinking its user access processes and segregation of duties (SoD) ruleset. In the past HP relied on a homegrown tool for access control but implemented SAP Access Control and SAP Process Control as a component of its SAP S/4HANA migration.
  • Determine the present and future state of remote work at your company, and how that impacts risk and security. Many companies have gone more remote in the past two years. For GRC groups, this provides more challenges for user access and opens companies up to more cyber threats. Map out your remote working landscape and determine what processes and tools you have in place to reduce risk.

60 results

  1. SAP Security Redesigns image

    Companies Combine their SAP Security Redesigns

    Reading time: 4 mins

    A poorly executed SAP security redesign can have significant effects on an organization: unauthorized access, increased potential for fraud, inefficient access provisioning for end-users, and audit issues. To avoid this scenario and improve security, more companies are combining their SAP security redesigns with updates to their SAP GRC solutions, observes Adam Fattorini, Senior Manager, PwC…
  2. Take Control of Your SAP GRC Destiny: Define your compliance roadmap & execute a journey to success

    Companies must take many measures to stay on the right path to compliance, such as ensuring efficient security and GRC technologies, staying one step ahead of fraudsters, and satisfying the requirements of auditors. At the same time, organizations need to avoid common pitfalls they might encounter at different stages of their GRC strategy. How can…
  3. Keynote | Going live and sustaining compliance in a virtual world with HP and Shell

    In a COVID-19 world where virtual has become the primary way of working, how do companies go live on new technologies and meet compliance objectives in a sustainable way? As companies resume their pursuit of strategic investments in IT transformation, they must be able to identify common challenges with going live and maintaining compliance in…
  4. Keynote | GRC and cybersecurity for SAP S/4HANA and the intelligent enterprise

    As the single source of truth about an enterprise's strategy and operations, SAP S/4HANA and the Intelligent enterprise vision is the beating heart of today's modern enterprises. At the same time, cybersecurity and data protection have emerged as the top risks for enterprises. Compliance, security, and risk management are key in today's digital economy, touching…
  5. Governance Risk and Compliance: State of the Market 2021 Benchmark Report

    Reading time: 1 min

    In This Report: Governance, risk, and compliance (GRC) systems and professionals are increasingly important as regulations around data become stricter and corporate systems become a more frequent target of cybersecurity attacks. These risks and compliance challenges are compounded by the fact that many SAP organizations are in the process of transitioning to new technology —…...…
  6. Case Study: How Hershey is leveraging GRC to increase control automation with SAP S/4HANA

    Learn how The Hershey Company, one of the largest chocolate manufacturers in the world, partnered with their SAP S/4HANA ERP implementation team to embed a reliable system of internal controls as part of the solution confirmation phase of the implementation. Attend this session to hear how Hershey: - Partners with key business process owners to…
  7. Expert’s guide for SAP GRC 12 configuration, Fiori UI, HANA integration, and upgrade FAQs

    SAP GRC 12.0 has upgraded the look and feel of the GRC suite’s user experience while offering new enhanced integration with SAP HANA. Anyone considering a move from SAP GRC 10.0 to 12.0 will want to know that the upgrade will be successful. How can you best configure this security and compliance suite to fit…
  8. 2021 GRC Trends Affecting the Intelligent Enterprise

    Reading time: 5 mins

    The move to SAP S/4HANA holds broad implicates beyond technology simplicity, greater speed, and improved process improvement. Governance, Risk, and Compliance teams must fully understand the potential impact this transition has on security, roles, and overall risk to the organization. SAPinsider recently sat down with Dudley Alan Cartwright, CEO of Soterion, to hear how organizations…
  9. Keynote | GRC and Security Spotlight Session

    As the single-source of truth about an enterprise's strategy and operations, SAP S/4HANA is the beating heart of today's modern enterprises. The executive suite increasingly relies upon the CFO and Finance team to deliver strategic, predictive insight to chart a winning business strategy. At the same time cybersecurity and data protection have emerged as the…
  10. Taking Control of your GRC Destiny: How to Build and Execute a Realistic SAP GRC Compliance Roadmap

    Learn how to shift from a GRC plan that’s reactionary, to one that is proactive and preventative. Dive into the capabilities of SAP’s multiple solutions for GRC and learn how they can be tailored for your current scenarios and also prepare for future needs. Understand the process of building a GRC road map the can…
  11. Why Everyone’s Segregation of Duties Reports are Wrong

    Even without the COVID-19 pandemic, all organizations need to be as efficient as possible when managing Segregation of Duties (SoD) conflicts. SoD reports are flawed and drive inefficiencies in business processes. The flaws also cause organizations to cut corners and limit their visibility to SoD conflicts. By recognizing the issues with your SoD reports, you…
  12. SAP capabilities for run-time, configurable attributes and rules for data protection and privacy

    In this era of cyberattacks and GDPR, data privacy and protection has stepped to the forefront of the enterprise security agenda. This session will explore SAP’s capabilities to support this effort. You will: - Understand the latest status of run-time authorizations as employed by SAP’s UI Data Protection Masking solution - See use cases and…
  13. Audit and Risk Management: Plug & Play for SAP ERP

    It’s a volatile time to be in business. Not only is there more pressure on people and processes caused by constant technological disruption, but we are also now living in a world of ever-increasing risk, legislation, and regulation. Magnitude Every Angle has long helped companies to understand the root causes of issues and bottlenecks in…
  14. Case Study: Pfizer’s SAP GRC Manual Control Performance governance, maintenance, and operations

    Attend this session to learn how Pfizer, one of the world's largest pharmaceutical companies, manages, operates, and maintains the Manual Control Performance solution within SAP Process Control. Take a deep dive into critical paths, key decisions, process designs, and technical solutions that management should know and consider to successfully operate and maintain Manual Control Performance.…
  15. Managing SoD Risks in Modern SAP Environments

    Tired of juggling manual and multiple technologies for GRC? Dealing with siloed reporting and failed audits? Do you know the true cost of compliance? Join this session led by Grant Small and Connor Hammersmith to gain practical insights on how to automate governance and compliance processes in modern SAP environments. Saviynt enables organizations to create…
  16. How Brighthouse Financial Integrated SAP GRC with Saviynt’s IGA Platform

    Brighthouse Financial (BHF) recently chose SAP S/4HANA and other critical SAP applications, including SAP GRC, as their new infrastructure to support their business. This session will discuss how BHF integrated an identity governance and administration (IGA) platform with SAP GRC to perform preventative an SoD risk analysis during the access request for ABAP based systems.…
  17. Case Study: Inside Stericycle’s successful transformation project

    Stericycle’s Project Monarch has successfully transformed over 500 business system processes to a harmonized landscape of just over 50 within four core applications. This has helped reduce customer invoicing from days/weeks/months to seconds/minutes/hours; shorten financial closes from over 28 days to less than a week; and drive management of indirect spend from less than 10%…
  18. How Ingevity automated GRC processes to better manage elevated access risks

    Ingevity Corporation, a large public chemicals manufacturer, was faced with manually managing elevated access and meeting compliance requirements for internal financial auditing controls. The organization needed to ease the governance, risk, and compliance (GRC) burden on it SAP security team and overhaul its GRC processes. Attend this session to learn how Ingevity implemented elevated access…
  19. Case Study: How Jabil is Transforming SAP Governance using Robotic Process Automation

    As part of the maturing the governance processes at Jabil, the company leverages several automation techniques to reduce manual tasks and streamline repetitive activities. The governance team leveraged robotic process automation (RPA) technology and the use of standard web services to automate various activities. This session shares specific examples of how RPA and web services…
  20. Eight Questions to Ask Before Upgrading your GRC platform

    Reading time: 0 min

    Different enterprises have different risk appetites, different compliance requirements, different operational processes, and different investment goals. What is right for one organization may not be right for another. But, whatever the right answer is, the modern enterprise must align its diverse stakeholders in order to get the right solution implemented.   Find other insightful resources…
  21. GRC for SAP S/4HANA and Cloud Applications Research Report

    Reading time: 1 min

    Access the latest insights GRC strategies, as well as the required actions for organizations using, or planning to use, SAP S/4HANA or any cloud-based applications. This content is available to Premium Members. Sign In Learn more about Premium Access
  22. Global Communications (World Map Courtesy of NASA)

    Business Continuity Track at SAPinsider Virtual Event Features Strategies and Quick Wins from SAP and Partners

    Reading time: 5 mins

    The economic disruption caused by COVID-19 has impacted organizations at all levels of their operations, creating a unique environment that makes business continuity uncertain and challenging. To address this world-wide experience SAPinsider will host a special track with SAP and partners  at our 2020 virtual event to help businesses leverage SAP technology and best practices…
  23. cybersecurity

    The Impact of SAP S/4HANA On-Premise Migration on SAP Roles and Authorizations

    Reading time: 8 mins

    With the SAP-imposed deadline of 2027 looming for migrating to SAP S/4HANA, many of SAP’s customers are currently considering migrating their legacy ERP system to SAP S/4HANA. Resilient security is essential when moving forward with new technologies, and SAP software is no exception. SAP has made significant changes to the business suite’s data model in…
  24. 8 Questions To Ask Before Upgrading Your GRC Platform

    Reading time: 0 min

    Thinking About Upgrading your existing GRC Environment? Consider these 8 questions to gain alignment and choose with confidence.
  25. Access Your GRC Content Bundle

    Reading time: 0 min

    Access to all of the resources in the GRC Content Bundle. Register below to gain the latest insights with SAP GRC tutorials, tips and training content from SAP Experts.
  26. GRC Compendium

    Reading time: 0 min

    9 articles to help you better manage risk and compliance, strengthen cyber security, detect and prevent fraud, and optimize controls.
  27. Leverage Intelligent GRC To Drive Business Value

    Reading time: 0 min

    Delivering effective GRC comes with several challenges. Whether it’s a lack of expertise, of proper tools, or agility, all companies could benefit from having improved GRC practices. However, knowing what improvements are needed first requires an unders This content is available to (General or Premium) members. Sign in or Join for free! Sign In Become…
  28. New Business Models In A New Global Landscape: Challenge Or Opportunity?

    Reading time: 1 min

    In this e-book, discover the challenges and opportunities new global business landscapes are uncovering and how they are impacting platforms, selling models, legislation, tax and the customer experience. This content is available to (General or Premium) members. Sign in or Join for free! Sign In Become a Member
  29. Building a Successful Security and Compliance Program for Your SAP Landscape

    Reading time: 1 min

    In a climate of ever-increasing regulatory requirements, external auditors and organizations such as the US-based Public Company Accounting Oversight Board, which oversees audits of public companies, are increasing their scrutiny of security and privacy p This content is available to (General or Premium) members. Sign in or Join for free! Sign In Become a Member
  30. SAP GRC Collection

    Reading time: 0 min

    The top 8 articles to help you better drive accounting, controlling and planning. This content is available to Premium Members. Sign In Learn more about Premium Access
  31. GRC: Case study: How Revlon completed a global security redesign on an accelerated timeline

    Reading time: 1 min

    Learn how Revlon implemented a scalable segregation-of-duties-compliant role architecture in alignment with its GRC ruleset and business processes in its SAP environment. Click this link to view the slides from this session — GRC2017_Bell_Casestudyhowrevloncompleted. Betina Bell If you have comments about this article or publication, or would like to submit an article idea, please contact…...…
  32. GRC: Case study: Setting up your SAP environment for growth — lessons learned from American Outdoor Brands’ SAP implementation success

    Reading time: 1 min

    Learn how American Outdoor Brands successfully deployed SAP ERP and managed a dramatic surge in business and the acquisition of 3 companies within 3 years without any major controls or business disruptions. Click this link to view the slides from this session — GRC2017_Lowy_Casestudysettingupyoursap. Joshua Lowy If you have comments about this article or publication,…...…
  33. GRC: Case study: How Stanley Black & Decker designed an efficient global role structure

    Reading time: 1 min

    Learn how Stanley Black & Decker approached the design phase of its global SAP security redesign. here Erin Swartzmiller If you have comments about this article or publication, or would like to submit an article idea, please contact the editor…. This content is available to Premium Members. Sign In Learn more about Premium Access... This…
  34. GRC: Case study: How Honeywell provides GRC insights to C-level executives

    Reading time: 1 min

    Honeywell has implemented SAP GRC solutions for risk, compliance, and policy management across different business groups. Learn how the company developed powerful dashboards for the executive team. here Vinod Kumar If you have comments about this article or publication, or would like to submit an article idea, please contact the editor…. This content is available...…
  35. SAP GRC Collection 2019

    Reading time: 0 min

    SAPinsider has assembled nine popular pieces for SAP GRC professionals. They provide both strategic and tactical insights for organizations using SAP® GRC solutions to manage risk and compliance, strengthen cybersecurity, detect and prevent fraud, and op This content is available to (General or Premium) members. Sign in or Join for free! Sign In Become a…
  36. Southwire Powers Up with Analytics to Redesign User Roles

    Reading time: 10 mins

    Preventing access risk and ensuring regulatory compliance are top priorities for any business, and cable and wire manufacturer Southwire Company, LLC, understands how analytics are required to successfully achieve these goals. Concerned that access-related risks were unacceptably high, Southwire embarked on a multi-phased project that aimed to remove, reduce, and mitigate these risks and to…
  37. What’s new in SAP Process Control and SAP Risk Management version 12.0

    Reading time: 29 mins

    An exclusive Q&A with Central Finance Bootcamp speaker David Dixon. This content is available to (General or Premium) members. Sign in or Join for free! Sign In Become a Member
  38. GDPR Action Plan: Discover, Manage, Protect and Report

    Reading time: 18 mins

    Matthew Shea    On May 25th, 2018, the European Union began enforcing the General Data Protection Regulation (GDPR) to protect customer privacy and data. GDPR adherence requirements apply to any organization in any country, inside or outside the EU, that handles or processes EU residents’ personal data. In the wake of GDPR, organizations should reconsider their…...…
  39. Implementing a Role Redesign Project in 2018

    With converging forces like big data, artificial intelligence, and dev ops, role redesign projects are capturing SAP customers’ interest in 2018. At GRC 2018, SAPinsider spoke with Stephen Dubravac, Executive Vice President at Security Weaver, about how role redesign affects auditors, end users, and IT by creating a set of roles that provides a better…...…
  40. Building a Bullet-Proof Cybersecurity Program with SAP Process Control and SAP Risk Management

    Reading time: 5 mins

    Cyberattacks, like the May 2017 WannaCry attack, can be devastating, but a breach can easily be prevented with appropriate monitoring and controlling of your critical SAP data. Read Q&A transcript with EY’s Natalie Reuss to find out how you can use SAP Process Control to manage and evaluate common vulnerability areas. Get answers to questions…...…
  41. An Integrated Approach to GRC

    Reading time: 4 mins

    Cybersecurity is top of mind for governance, risk, and compliance (GRC) professionals for one clear reason: The value of data is growing. Some might think technology alone is the solution to cyberattacks. And while solutions like SAP Enterprise Threat Detection do a great job at mitigating these risks, a more holistic GRC approach is the…
  42. Be Compliant, Stay Compliant

    Reading time: 2 mins

    The General Data Protection Regulation (GDPR) — a new data privacy regulation in Europe — will affect any organization that handles the personal data of EU residents, regardless of whether it is located in the EU. With the regulation going into effect in May 2018, and stiff fines for non-compliance, now is the time to…
  43. Live from SAPinsider Studio: How to Maintain a Strong GRC Framework

    SAPinsider Studio sits down with Jan Gardiner, Senior Director of GRC Solutions at SAP, to discuss how SAP’s GRC solutions help to maintain a strong governance framework. Topics covered include: What the “Three Lines of Defense” framework is and how organizations can follow it How SAP Process Control helps companies maintain effective GRC practices Why…...…
  44. Mitigate Foreign Trade Payment Compliance Risk Using the Cockpit for Documentary Payments

    Reading time: 33 mins

    Learn how the Cockpit for Documentary Payments can be used to facilitate international customers’ payment compliance, thereby reducing the risk of doing foreign trade. Follow steps to implement the Documentary Payments component in SAP sales and distribution (SD). Key Concept The Cockpit for Documentary Payments provides automated financial documents to facilitate payment guarantee procedures required…...…
  45. Seamlessly Activate and Deploy SAP Fiori 1.0 for SAP Solutions for GRC

    Reading time: 17 mins

    Understand the technical architectural design, setup, and implementation of SAP Fiori in the SAP GRC environment as it relates to SAP Access Control, SAP Risk Management, and SAP Process Control applications. SAP Fiori provides a friendlier and intuitive user interface to access these SAP applications. Key Concept SAP Fiori for SAP solutions for GRC is…...…
  46. 12 Control Issues That Can Slip Under the Radar — and How to Prevent Them

    Reading time: 4 mins

    Many organizations devote large amounts of time, money, and resources to internal controls testing. Yet in spite of these stringent tests, most businesses suffer from a multitude of controls errors — and many don’t even realize that these errors are occurring. Whether it’s due to user mistakes or intentional misuse, there are a dozen hidden…
  47. Control User Compliance to a Stipulated Source of Supply Using a Source List

    Reading time: 22 mins

    Learn how to set up and implement the SAP system functionality to enforce user compliance to an approved source of supply with a source list at the plant and material levels in the SAP ERP Materials Management Purchasing (MM-PUR) component. Key Concept A source list can be a vital tool for achieving 100 percent user…...…
  48. GRC in the Digital Age

    Reading time: 2 mins

    Implementing strong governance, risk, and compliance (GRC) practices doesn’t involve one solution, one policy, or one team: It involves a collection of solutions, policies, and teams that work together to address the many concerns that make up GRC. As businesses change in the wake of disruptive technologies, each of the three prongs of GRC faces…
  49. Keeping Up with the GRC Demands of the Digital Age

    Reading time: 4 mins

    Today’s organizations look dramatically different than they did just a few years ago. Modern digital enterprises have an increasing cloud presence, a growing mobile footprint, and data that lives outside an organization’s walls. These characteristics are not only reshaping how businesses operate, they are reshaping how businesses secure themselves. With borderless networks and an abundance…
  50. The Need for Real-Time Insights and Alignment for True Governance and Compliance

    Reading time: 2 mins

    Auditing and risk management are essential for ensuring that your organization is meeting standards properly and following processes. But as IT landscapes grow bigger and new technologies introduce new vulnerabilities, the governance, risk, and compliance (GRC) landscape has become increasingly complicated and difficult to manage. Discover how automation and modern GRC solutions for SAP environments…
  51. How to Prepare Your SAP System for the New European Union General Data Protection Regulation

    Reading time: 10 mins

    Learn how to change your practices within your SAP environment so that they comply with the new data General Data Protection Regulation (GDPR) privacy regulation. Key Concept The new European Union General Data Protection Regulation (GDPR) will become effective on May 25, 2018. Companies using European personal data, both inside and outside of Europe, are…...…
  52. Live from SAPinsider Studio: San Diego Gas & Electric on Mitigating SoD Conflicts

    Paul Malin, Financial Systems Client Support Manager at San Diego Gas & Electric, joins SAPinsider Studio at the SAP GRC 2016 event to discuss San Diego Gas & Electric’s journey to upgrade its GRC system. Ken Murphy, SAPinsider: Hi, this is Ken Murphy with SAPinsider. I’m at the SAPinsider GRC event 2016, in Las Vegas,…...…
  53. Live from SAPinsider Studio: Beam Suntory’s SAP Role Redesign

    Ivanka Gajecky, Manager of Application Security, Beam Suntory, joined SAPinsider Studio at the SAPinsider GRC 2016 event to discuss Beam Suntory’s SAP security role redesign project that was undertaken to align with the business becoming more centralized. This is an edited transcript of the discussion: Ken Murphy, SAPinsider: Hi, this is Ken Murphy with SAPinsider…....…
  54. Live from SAPinsider: Stanley, Black & Decker’s GRC Journey

    Rebecca Hodge of Stanley, Black & Decker joins Steve Biskie of High Water Advisors at the SAPinsider GRC 2016 event to discuss her company’s GRC journey with SAP Access Control. This is an edited transcript of the discussion:  Steve Biskie, High Water Advisors: Hi, I’m Steve Biskie, Managing Director of High Water Advisors, here with…...…
  55. Gain Control and Mitigate Risk

    Reading time: 5 mins

    It’s no secret that cybercriminals are growing stronger. As technologies advance and people grow more interconnected, hackers have more opportunities to exploit those connections and compromise a business. Given all the dangers that are present, it’s essential that organizations implement a consistent security framework across an entire organization. This article explores SAP’s three lines of…
  56. Integrated Security Solutions to Mitigate Risks on All Fronts

    Reading time: 5 mins

    The new digital economy brings an unprecedented flow of data into the enterprise, which in turn leads to an unprecedented governance, risk, and compliance (GRC) challenge. As organizations struggle to sort through this data, cybercriminals are working just as hard to steal it. In order to stay secure, businesses need integrated GRC solutions that not…
  57. An Integrated Approach to Identifying Security Risks

    Reading time: 12 mins

    As technology becomes more sophisticated, so do the cyberattacks that aim to steal and even manipulate data. In response to this new rise in cybercrime, SAP released SAP Enterprise Threat Detection, a native SAP HANA application that quickly identifies suspicious patterns in log data and generates alerts to notify the appropriate personnel to take action.…
  58. Control Compliance and Business Risk with Streamlined Role Maintenance: Q&A on BRM Functionality and Configuration

    Reading time: 10 mins

    A critical element of an efficient and compliant SAP system is control over user access to your business systems. The Business Role Management (BRM) component of SAP Access Control 10.0 provides SAP customers with comprehensive, centralized monitoring and maintenance of the role definitions that determine this access. BRM offers not only a single repository for…...…
  59. Take the Complexity and Risk Out of Intercompany Transactions

    Reading time: 4 mins

    Companies that operate multiple ERP systems and have international operations continue to be challenged with monitoring cross-entity and intercompany transactions. The risks of waiting to see discrepancies in intercompany billing until month-end close are substantial, ranging from inventory write-offs, top-side adjustments, wasted resources, and financial integrity risk, to major financial exposure. Discover how to simplify…
  60. Preparing for New Country-by-Country Reporting Requirements — Are You Ready?

    Reading time: 5 mins

    Tax transparency is gaining steam for multinational enterprises (MNEs) that have to handle tax policies of countries around the world. And with base erosion and profit shifting practices attempting to circumvent burdensome tax policies, MNEs have their hands full ensuring proper taxation. This article explores the new country-by-country (CbC) reporting template recently finalized by the…