SAP GRC
What is SAP GRC?
Governance, risk, and compliance (GRC) is a vital set of functions for enterprises to maintain secure and audit-friendly environments while being more confident in their actions. For SAP customers, SAP GRC can mean a set of GRC products provided by SAP itself or the GRC activities and technologies related to SAP systems.
What is SAP GRC?
Governance, risk, and compliance (GRC) is a vital set of functions for enterprises to maintain secure and audit-friendly environments while being more confident in their actions. For SAP customers, SAP GRC can mean a set of GRC products provided by SAP itself or the GRC activities and technologies related to SAP systems.
GRC is growing in importance with rapidly changing regulations that create new compliance challenges. Security and financial risks are also on the rise as companies adopt more cloud technologies, enact bring-your-own-device policies, and enable remote workers in greater numbers.
SAP GRC tools are available to help with areas of risk management, process control, financial compliance, threat detection, identity management, privacy governance, and more. SAP partners and other vendors that provide GRC solutions and consulting services include Appsian Security, Fastpath, and Soterion.
Key Considerations for SAPinsiders:
- Take inventory of your GRC processes and automate wherever possible. In our most recent GRC State of the Market research, successful GRC organizations are focused on automation to streamline processes. To do this, processes being automated need to be repeatable and effective. Before investing in GRC automation technology, it’s best to get processes in line. Many companies are automating the process of keeping track of who makes changes to the SAP systems.
- Digital transformation offers the opportunity to rethink GRC processes. If your company is implementing new software such as SAP S/4HANA, it’s smart to use that project as a catalyst to examine key GRC processes and find out how they can be improved. For example, HP set up a new GRC system during its SAP S/4HANA migration, including rethinking its user access processes and segregation of duties (SoD) ruleset. In the past HP relied on a homegrown tool for access control but implemented SAP Access Control and SAP Process Control as a component of its SAP S/4HANA migration.
- Determine the present and future state of remote work at your company, and how that impacts risk and security. Many companies have gone more remote in the past two years. For GRC groups, this provides more challenges for user access and opens companies up to more cyber threats. Map out your remote working landscape and determine what processes and tools you have in place to reduce risk.
60 results
-
Companies Combine their SAP Security Redesigns
A poorly executed SAP security redesign can have significant effects on an organization: unauthorized access, increased potential for fraud, inefficient access provisioning for end-users, and audit issues. To avoid this scenario and improve security, more companies are combining their SAP security redesigns with updates to their SAP GRC solutions, observes Adam Fattorini, Senior Manager, PwC… -
Premium
Take Control of Your SAP GRC Destiny: Define your compliance roadmap & execute a journey to success
Companies must take many measures to stay on the right path to compliance, such as ensuring efficient security and GRC technologies, staying one step ahead of fraudsters, and satisfying the requirements of auditors. At the same time, organizations need to avoid common pitfalls they might encounter at different stages of their GRC strategy. How can… -
Premium
Keynote | Going live and sustaining compliance in a virtual world with HP and Shell
In a COVID-19 world where virtual has become the primary way of working, how do companies go live on new technologies and meet compliance objectives in a sustainable way? As companies resume their pursuit of strategic investments in IT transformation, they must be able to identify common challenges with going live and maintaining compliance in… -
Premium
Keynote | GRC and cybersecurity for SAP S/4HANA and the intelligent enterprise
As the single source of truth about an enterprise's strategy and operations, SAP S/4HANA and the Intelligent enterprise vision is the beating heart of today's modern enterprises. At the same time, cybersecurity and data protection have emerged as the top risks for enterprises. Compliance, security, and risk management are key in today's digital economy, touching… -
Premium
Governance Risk and Compliance: State of the Market 2021 Benchmark Report
In This Report: Governance, risk, and compliance (GRC) systems and professionals are increasingly important as regulations around data become stricter and corporate systems become a more frequent target of cybersecurity attacks. These risks and compliance challenges are compounded by the fact that many SAP organizations are in the process of transitioning to new technology —…...… -
Premium
Case Study: How Hershey is leveraging GRC to increase control automation with SAP S/4HANA
Learn how The Hershey Company, one of the largest chocolate manufacturers in the world, partnered with their SAP S/4HANA ERP implementation team to embed a reliable system of internal controls as part of the solution confirmation phase of the implementation. Attend this session to hear how Hershey: - Partners with key business process owners to… -
Premium
Expert’s guide for SAP GRC 12 configuration, Fiori UI, HANA integration, and upgrade FAQs
SAP GRC 12.0 has upgraded the look and feel of the GRC suite’s user experience while offering new enhanced integration with SAP HANA. Anyone considering a move from SAP GRC 10.0 to 12.0 will want to know that the upgrade will be successful. How can you best configure this security and compliance suite to fit… -
2021 GRC Trends Affecting the Intelligent Enterprise
The move to SAP S/4HANA holds broad implicates beyond technology simplicity, greater speed, and improved process improvement. Governance, Risk, and Compliance teams must fully understand the potential impact this transition has on security, roles, and overall risk to the organization. SAPinsider recently sat down with Dudley Alan Cartwright, CEO of Soterion, to hear how organizations… -
Premium
Keynote | GRC and Security Spotlight Session
As the single-source of truth about an enterprise's strategy and operations, SAP S/4HANA is the beating heart of today's modern enterprises. The executive suite increasingly relies upon the CFO and Finance team to deliver strategic, predictive insight to chart a winning business strategy. At the same time cybersecurity and data protection have emerged as the… -
Premium
Taking Control of your GRC Destiny: How to Build and Execute a Realistic SAP GRC Compliance Roadmap
Learn how to shift from a GRC plan that’s reactionary, to one that is proactive and preventative. Dive into the capabilities of SAP’s multiple solutions for GRC and learn how they can be tailored for your current scenarios and also prepare for future needs. Understand the process of building a GRC road map the can… -
Premium
Why Everyone’s Segregation of Duties Reports are Wrong
Even without the COVID-19 pandemic, all organizations need to be as efficient as possible when managing Segregation of Duties (SoD) conflicts. SoD reports are flawed and drive inefficiencies in business processes. The flaws also cause organizations to cut corners and limit their visibility to SoD conflicts. By recognizing the issues with your SoD reports, you… -
Premium
SAP capabilities for run-time, configurable attributes and rules for data protection and privacy
In this era of cyberattacks and GDPR, data privacy and protection has stepped to the forefront of the enterprise security agenda. This session will explore SAP’s capabilities to support this effort. You will: - Understand the latest status of run-time authorizations as employed by SAP’s UI Data Protection Masking solution - See use cases and… -
Premium
Audit and Risk Management: Plug & Play for SAP ERP
It’s a volatile time to be in business. Not only is there more pressure on people and processes caused by constant technological disruption, but we are also now living in a world of ever-increasing risk, legislation, and regulation. Magnitude Every Angle has long helped companies to understand the root causes of issues and bottlenecks in… -
Premium
Case Study: Pfizer’s SAP GRC Manual Control Performance governance, maintenance, and operations
Attend this session to learn how Pfizer, one of the world's largest pharmaceutical companies, manages, operates, and maintains the Manual Control Performance solution within SAP Process Control. Take a deep dive into critical paths, key decisions, process designs, and technical solutions that management should know and consider to successfully operate and maintain Manual Control Performance.… -
Premium
Managing SoD Risks in Modern SAP Environments
Tired of juggling manual and multiple technologies for GRC? Dealing with siloed reporting and failed audits? Do you know the true cost of compliance? Join this session led by Grant Small and Connor Hammersmith to gain practical insights on how to automate governance and compliance processes in modern SAP environments. Saviynt enables organizations to create… -
Premium
How Brighthouse Financial Integrated SAP GRC with Saviynt’s IGA Platform
Brighthouse Financial (BHF) recently chose SAP S/4HANA and other critical SAP applications, including SAP GRC, as their new infrastructure to support their business. This session will discuss how BHF integrated an identity governance and administration (IGA) platform with SAP GRC to perform preventative an SoD risk analysis during the access request for ABAP based systems.… -
Premium
Case Study: Inside Stericycle’s successful transformation project
Stericycle’s Project Monarch has successfully transformed over 500 business system processes to a harmonized landscape of just over 50 within four core applications. This has helped reduce customer invoicing from days/weeks/months to seconds/minutes/hours; shorten financial closes from over 28 days to less than a week; and drive management of indirect spend from less than 10%… -
Premium
How Ingevity automated GRC processes to better manage elevated access risks
Ingevity Corporation, a large public chemicals manufacturer, was faced with manually managing elevated access and meeting compliance requirements for internal financial auditing controls. The organization needed to ease the governance, risk, and compliance (GRC) burden on it SAP security team and overhaul its GRC processes. Attend this session to learn how Ingevity implemented elevated access… -
Premium
Case Study: How Jabil is Transforming SAP Governance using Robotic Process Automation
As part of the maturing the governance processes at Jabil, the company leverages several automation techniques to reduce manual tasks and streamline repetitive activities. The governance team leveraged robotic process automation (RPA) technology and the use of standard web services to automate various activities. This session shares specific examples of how RPA and web services… -
Eight Questions to Ask Before Upgrading your GRC platform
Different enterprises have different risk appetites, different compliance requirements, different operational processes, and different investment goals. What is right for one organization may not be right for another. But, whatever the right answer is, the modern enterprise must align its diverse stakeholders in order to get the right solution implemented. Find other insightful resources… -
Premium
GRC for SAP S/4HANA and Cloud Applications Research Report
Access the latest insights GRC strategies, as well as the required actions for organizations using, or planning to use, SAP S/4HANA or any cloud-based applications. This content is available to Premium Members. Sign In Learn more about Premium Access -
Business Continuity Track at SAPinsider Virtual Event Features Strategies and Quick Wins from SAP and Partners
The economic disruption caused by COVID-19 has impacted organizations at all levels of their operations, creating a unique environment that makes business continuity uncertain and challenging. To address this world-wide experience SAPinsider will host a special track with SAP and partners at our 2020 virtual event to help businesses leverage SAP technology and best practices… -
Premium
The Impact of SAP S/4HANA On-Premise Migration on SAP Roles and Authorizations
With the SAP-imposed deadline of 2027 looming for migrating to SAP S/4HANA, many of SAP’s customers are currently considering migrating their legacy ERP system to SAP S/4HANA. Resilient security is essential when moving forward with new technologies, and SAP software is no exception. SAP has made significant changes to the business suite’s data model in… -
8 Questions To Ask Before Upgrading Your GRC Platform
Thinking About Upgrading your existing GRC Environment? Consider these 8 questions to gain alignment and choose with confidence. -
Access Your GRC Content Bundle
Access to all of the resources in the GRC Content Bundle. Register below to gain the latest insights with SAP GRC tutorials, tips and training content from SAP Experts. -
GRC Compendium
9 articles to help you better manage risk and compliance, strengthen cyber security, detect and prevent fraud, and optimize controls. -
Leverage Intelligent GRC To Drive Business Value
Delivering effective GRC comes with several challenges. Whether it’s a lack of expertise, of proper tools, or agility, all companies could benefit from having improved GRC practices. However, knowing what improvements are needed first requires an unders This content is available to (General or Premium) members. Sign in or Join for free! Sign In Become… -
New Business Models In A New Global Landscape: Challenge Or Opportunity?
In this e-book, discover the challenges and opportunities new global business landscapes are uncovering and how they are impacting platforms, selling models, legislation, tax and the customer experience. This content is available to (General or Premium) members. Sign in or Join for free! Sign In Become a Member -
Building a Successful Security and Compliance Program for Your SAP Landscape
In a climate of ever-increasing regulatory requirements, external auditors and organizations such as the US-based Public Company Accounting Oversight Board, which oversees audits of public companies, are increasing their scrutiny of security and privacy p This content is available to (General or Premium) members. Sign in or Join for free! Sign In Become a Member -
Premium
SAP GRC Collection
The top 8 articles to help you better drive accounting, controlling and planning. This content is available to Premium Members. Sign In Learn more about Premium Access -
Premium
GRC: Case study: How Revlon completed a global security redesign on an accelerated timeline
Learn how Revlon implemented a scalable segregation-of-duties-compliant role architecture in alignment with its GRC ruleset and business processes in its SAP environment. Click this link to view the slides from this session — GRC2017_Bell_Casestudyhowrevloncompleted. Betina Bell If you have comments about this article or publication, or would like to submit an article idea, please contact…...… -
Premium
GRC: Case study: Setting up your SAP environment for growth — lessons learned from American Outdoor Brands’ SAP implementation success
Learn how American Outdoor Brands successfully deployed SAP ERP and managed a dramatic surge in business and the acquisition of 3 companies within 3 years without any major controls or business disruptions. Click this link to view the slides from this session — GRC2017_Lowy_Casestudysettingupyoursap. Joshua Lowy If you have comments about this article or publication,…...… -
Premium
GRC: Case study: How Stanley Black & Decker designed an efficient global role structure
Learn how Stanley Black & Decker approached the design phase of its global SAP security redesign. here Erin Swartzmiller If you have comments about this article or publication, or would like to submit an article idea, please contact the editor…. This content is available to Premium Members. Sign In Learn more about Premium Access... This… -
Premium
GRC: Case study: How Honeywell provides GRC insights to C-level executives
Honeywell has implemented SAP GRC solutions for risk, compliance, and policy management across different business groups. Learn how the company developed powerful dashboards for the executive team. here Vinod Kumar If you have comments about this article or publication, or would like to submit an article idea, please contact the editor…. This content is available...… -
SAP GRC Collection 2019
SAPinsider has assembled nine popular pieces for SAP GRC professionals. They provide both strategic and tactical insights for organizations using SAP® GRC solutions to manage risk and compliance, strengthen cybersecurity, detect and prevent fraud, and op This content is available to (General or Premium) members. Sign in or Join for free! Sign In Become a… -
Southwire Powers Up with Analytics to Redesign User Roles
Preventing access risk and ensuring regulatory compliance are top priorities for any business, and cable and wire manufacturer Southwire Company, LLC, understands how analytics are required to successfully achieve these goals. Concerned that access-related risks were unacceptably high, Southwire embarked on a multi-phased project that aimed to remove, reduce, and mitigate these risks and to… -
What’s new in SAP Process Control and SAP Risk Management version 12.0
An exclusive Q&A with Central Finance Bootcamp speaker David Dixon. This content is available to (General or Premium) members. Sign in or Join for free! Sign In Become a Member -
GDPR Action Plan: Discover, Manage, Protect and Report
Matthew Shea On May 25th, 2018, the European Union began enforcing the General Data Protection Regulation (GDPR) to protect customer privacy and data. GDPR adherence requirements apply to any organization in any country, inside or outside the EU, that handles or processes EU residents’ personal data. In the wake of GDPR, organizations should reconsider their…...… -
Implementing a Role Redesign Project in 2018
With converging forces like big data, artificial intelligence, and dev ops, role redesign projects are capturing SAP customers’ interest in 2018. At GRC 2018, SAPinsider spoke with Stephen Dubravac, Executive Vice President at Security Weaver, about how role redesign affects auditors, end users, and IT by creating a set of roles that provides a better…...… -
Building a Bullet-Proof Cybersecurity Program with SAP Process Control and SAP Risk Management
Cyberattacks, like the May 2017 WannaCry attack, can be devastating, but a breach can easily be prevented with appropriate monitoring and controlling of your critical SAP data. Read Q&A transcript with EY’s Natalie Reuss to find out how you can use SAP Process Control to manage and evaluate common vulnerability areas. Get answers to questions…...… -
An Integrated Approach to GRC
Cybersecurity is top of mind for governance, risk, and compliance (GRC) professionals for one clear reason: The value of data is growing. Some might think technology alone is the solution to cyberattacks. And while solutions like SAP Enterprise Threat Detection do a great job at mitigating these risks, a more holistic GRC approach is the… -
Be Compliant, Stay Compliant
The General Data Protection Regulation (GDPR) — a new data privacy regulation in Europe — will affect any organization that handles the personal data of EU residents, regardless of whether it is located in the EU. With the regulation going into effect in May 2018, and stiff fines for non-compliance, now is the time to… -
Live from SAPinsider Studio: How to Maintain a Strong GRC Framework
SAPinsider Studio sits down with Jan Gardiner, Senior Director of GRC Solutions at SAP, to discuss how SAP’s GRC solutions help to maintain a strong governance framework. Topics covered include: What the “Three Lines of Defense” framework is and how organizations can follow it How SAP Process Control helps companies maintain effective GRC practices Why…...… -
Premium
Mitigate Foreign Trade Payment Compliance Risk Using the Cockpit for Documentary Payments
Learn how the Cockpit for Documentary Payments can be used to facilitate international customers’ payment compliance, thereby reducing the risk of doing foreign trade. Follow steps to implement the Documentary Payments component in SAP sales and distribution (SD). Key Concept The Cockpit for Documentary Payments provides automated financial documents to facilitate payment guarantee procedures required…...… -
Premium
Seamlessly Activate and Deploy SAP Fiori 1.0 for SAP Solutions for GRC
Understand the technical architectural design, setup, and implementation of SAP Fiori in the SAP GRC environment as it relates to SAP Access Control, SAP Risk Management, and SAP Process Control applications. SAP Fiori provides a friendlier and intuitive user interface to access these SAP applications. Key Concept SAP Fiori for SAP solutions for GRC is…...… -
12 Control Issues That Can Slip Under the Radar — and How to Prevent Them
Many organizations devote large amounts of time, money, and resources to internal controls testing. Yet in spite of these stringent tests, most businesses suffer from a multitude of controls errors — and many don’t even realize that these errors are occurring. Whether it’s due to user mistakes or intentional misuse, there are a dozen hidden… -
Premium
Control User Compliance to a Stipulated Source of Supply Using a Source List
Learn how to set up and implement the SAP system functionality to enforce user compliance to an approved source of supply with a source list at the plant and material levels in the SAP ERP Materials Management Purchasing (MM-PUR) component. Key Concept A source list can be a vital tool for achieving 100 percent user…...… -
GRC in the Digital Age
Implementing strong governance, risk, and compliance (GRC) practices doesn’t involve one solution, one policy, or one team: It involves a collection of solutions, policies, and teams that work together to address the many concerns that make up GRC. As businesses change in the wake of disruptive technologies, each of the three prongs of GRC faces… -
Keeping Up with the GRC Demands of the Digital Age
Today’s organizations look dramatically different than they did just a few years ago. Modern digital enterprises have an increasing cloud presence, a growing mobile footprint, and data that lives outside an organization’s walls. These characteristics are not only reshaping how businesses operate, they are reshaping how businesses secure themselves. With borderless networks and an abundance… -
The Need for Real-Time Insights and Alignment for True Governance and Compliance
Auditing and risk management are essential for ensuring that your organization is meeting standards properly and following processes. But as IT landscapes grow bigger and new technologies introduce new vulnerabilities, the governance, risk, and compliance (GRC) landscape has become increasingly complicated and difficult to manage. Discover how automation and modern GRC solutions for SAP environments… -
Premium
How to Prepare Your SAP System for the New European Union General Data Protection Regulation
Learn how to change your practices within your SAP environment so that they comply with the new data General Data Protection Regulation (GDPR) privacy regulation. Key Concept The new European Union General Data Protection Regulation (GDPR) will become effective on May 25, 2018. Companies using European personal data, both inside and outside of Europe, are…...… -
Live from SAPinsider Studio: San Diego Gas & Electric on Mitigating SoD Conflicts
Paul Malin, Financial Systems Client Support Manager at San Diego Gas & Electric, joins SAPinsider Studio at the SAP GRC 2016 event to discuss San Diego Gas & Electric’s journey to upgrade its GRC system. Ken Murphy, SAPinsider: Hi, this is Ken Murphy with SAPinsider. I’m at the SAPinsider GRC event 2016, in Las Vegas,…...… -
Live from SAPinsider Studio: Beam Suntory’s SAP Role Redesign
Ivanka Gajecky, Manager of Application Security, Beam Suntory, joined SAPinsider Studio at the SAPinsider GRC 2016 event to discuss Beam Suntory’s SAP security role redesign project that was undertaken to align with the business becoming more centralized. This is an edited transcript of the discussion: Ken Murphy, SAPinsider: Hi, this is Ken Murphy with SAPinsider…....… -
Live from SAPinsider: Stanley, Black & Decker’s GRC Journey
Rebecca Hodge of Stanley, Black & Decker joins Steve Biskie of High Water Advisors at the SAPinsider GRC 2016 event to discuss her company’s GRC journey with SAP Access Control. This is an edited transcript of the discussion: Steve Biskie, High Water Advisors: Hi, I’m Steve Biskie, Managing Director of High Water Advisors, here with…...… -
Gain Control and Mitigate Risk
It’s no secret that cybercriminals are growing stronger. As technologies advance and people grow more interconnected, hackers have more opportunities to exploit those connections and compromise a business. Given all the dangers that are present, it’s essential that organizations implement a consistent security framework across an entire organization. This article explores SAP’s three lines of… -
Integrated Security Solutions to Mitigate Risks on All Fronts
The new digital economy brings an unprecedented flow of data into the enterprise, which in turn leads to an unprecedented governance, risk, and compliance (GRC) challenge. As organizations struggle to sort through this data, cybercriminals are working just as hard to steal it. In order to stay secure, businesses need integrated GRC solutions that not… -
An Integrated Approach to Identifying Security Risks
As technology becomes more sophisticated, so do the cyberattacks that aim to steal and even manipulate data. In response to this new rise in cybercrime, SAP released SAP Enterprise Threat Detection, a native SAP HANA application that quickly identifies suspicious patterns in log data and generates alerts to notify the appropriate personnel to take action.… -
Control Compliance and Business Risk with Streamlined Role Maintenance: Q&A on BRM Functionality and Configuration
A critical element of an efficient and compliant SAP system is control over user access to your business systems. The Business Role Management (BRM) component of SAP Access Control 10.0 provides SAP customers with comprehensive, centralized monitoring and maintenance of the role definitions that determine this access. BRM offers not only a single repository for…...… -
Take the Complexity and Risk Out of Intercompany Transactions
Companies that operate multiple ERP systems and have international operations continue to be challenged with monitoring cross-entity and intercompany transactions. The risks of waiting to see discrepancies in intercompany billing until month-end close are substantial, ranging from inventory write-offs, top-side adjustments, wasted resources, and financial integrity risk, to major financial exposure. Discover how to simplify… -
Preparing for New Country-by-Country Reporting Requirements — Are You Ready?
Tax transparency is gaining steam for multinational enterprises (MNEs) that have to handle tax policies of countries around the world. And with base erosion and profit shifting practices attempting to circumvent burdensome tax policies, MNEs have their hands full ensuring proper taxation. This article explores the new country-by-country (CbC) reporting template recently finalized by the…
