SAP GRC

Aric Quinones

Managing Director, Protiviti
Gaurav Singh

Manager, SAP Security - Under Armour
Craig L. Brown, Sr.

Chief Transformation Architect, Xceleon, LLC

Upcoming Events

SAPinsider Las Vegas 2026

Mar 16-19, 2026Las Vegas, Nevada, NV

What is SAP GRC?

Governance, risk, and compliance (GRC) is a vital set of functions for enterprises to maintain secure and audit-friendly environments while being more confident in their actions. For SAP customers, SAP GRC can mean a set of GRC products provided by SAP itself or the GRC activities and technologies related to SAP systems.

What is SAP GRC?

GRC is growing in importance with rapidly changing regulations that create new compliance challenges. Security and financial risks are also on the rise as companies adopt more cloud technologies, enact bring-your-own-device policies, and enable remote workers in greater numbers.

SAP GRC tools are available to help with areas of risk management, process control, financial compliance, threat detection, identity management, privacy governance, and more. SAP partners and other vendors that provide GRC solutions and consulting services include Appsian Security, Fastpath, and Soterion.

Key Considerations for SAPinsiders:

Take inventory of your GRC processes and automate wherever possible. In our most recent GRC State of the Market research, successful GRC organizations are focused on automation to streamline processes. To do this, processes being automated need to be repeatable and effective. Before investing in GRC automation technology, it’s best to get processes in line. Many companies are automating the process of keeping track of who makes changes to the SAP systems.
Digital transformation offers the opportunity to rethink GRC processes. If your company is implementing new software such as SAP S/4HANA, it’s smart to use that project as a catalyst to examine key GRC processes and find out how they can be improved. For example, HP set up a new GRC system during its SAP S/4HANA migration, including rethinking its user access processes and segregation of duties (SoD) ruleset. In the past HP relied on a homegrown tool for access control but implemented SAP Access Control and SAP Process Control as a component of its SAP S/4HANA migration.
Determine the present and future state of remote work at your company, and how that impacts risk and security. Many companies have gone more remote in the past two years. For GRC groups, this provides more challenges for user access and opens companies up to more cyber threats. Map out your remote working landscape and determine what processes and tools you have in place to reduce risk.

101 results

Cross Industry

Building a Successful Security and Compliance Program for Your SAP Landscape May 1, 2019 — In a climate of ever-increasing regulatory requirements, external auditors and organizations such as the US-based Public Company Accounting Oversight Board, which oversees audits of public companies, are increasing their scrutiny of security and privacy p

1 minute read

Cross Industry

GRC: Case study: How Revlon completed a global security redesign on an accelerated timeline Mar 10, 2019 — Learn how Revlon implemented a scalable segregation-of-duties-compliant role architecture in alignment with its GRC ruleset and business processes in its SAP environment. Click this link to view the slides from this session — GRC2017_Bell_Casestudyhowrevloncompleted. Betina Bell If you have comments about this article or publication, or would like to submit an article idea, please contact […]

1 minute read

Cross Industry

GRC: Case study: Setting up your SAP environment for growth — lessons learned from American Outdoor Brands’ SAP implementation success Mar 10, 2019 — Learn how American Outdoor Brands successfully deployed SAP ERP and managed a dramatic surge in business and the acquisition of 3 companies within 3 years without any major controls or business disruptions. Click this link to view the slides from this session — GRC2017_Lowy_Casestudysettingupyoursap. Joshua Lowy If you have comments about this article or publication, […]

1 minute read

Cross Industry

GRC: Case study: How Stanley Black & Decker designed an efficient global role structure Mar 1, 2019 — Learn how Stanley Black & Decker approached the design phase of its global SAP security redesign. here Erin Swartzmiller If you have comments about this article or publication, or would like to submit an article idea, please contact the editor.

1 minute read

Cross Industry

GRC: Case study: How Honeywell provides GRC insights to C-level executives Mar 1, 2019 — Honeywell has implemented SAP GRC solutions for risk, compliance, and policy management across different business groups. Learn how the company developed powerful dashboards for the executive team. here Vinod Kumar If you have comments about this article or publication, or would like to submit an article idea, please contact the editor.

1 minute read

Cross Industry

SAP GRC Collection 2019 Dec 14, 2018 — SAPinsider has assembled nine popular pieces for SAP GRC professionals. They provide both strategic and tactical insights for organizations using SAP® GRC solutions to manage risk and compliance, strengthen cybersecurity, detect and prevent fraud, and op

1 minute read

Cross Industry

Southwire Powers Up with Analytics to Redesign User Roles Sep 13, 2018 —

Preventing access risk and ensuring regulatory compliance are top priorities for any business, and cable and wire manufacturer Southwire Company, LLC, understands how analytics are required to successfully achieve these goals. Concerned that access-related risks were unacceptably high, Southwire embarked on a multi-phased project that aimed to remove, reduce, and mitigate these risks and to design more efficient user roles. Learn how Southwire Company, LLC, leveraged Security Weaver solutions to identify risks, remove or reduce segregation-of-duties (SoD) conflicts, optimize user role design, and improve overall business processes.

10 minute read