|
SAP GRC is an integrated set of applications that works across the enterprise. These applications help to document and manage risks and controls in real time. They can help automate controls and also minimise the likelihood and impact of risks. This real time overview can give an organisation better information and allow it to make better decisions.
Why would you want SAP GRC?
Stakeholders and audit bodies are increasingly demanding evidence that organizations are operating effectively, profitably, and ethically. Corporate accountability is gained by proving to stakeholders that a business is reliable, compliant, and sustainable. Achieving this level of operational reporting requires a GRC adoption strategy that can guide people, standardize processes, and integrate technology at every organizational level.
In a competitive market, organisations that manage risk will flourish, those which don't will struggle. This is not just about Segregation of Duty, users and roles. This is about risk management at every level of organisational operations.
What are the SAP GRC applications?
SAP says:
“SAP solutions for governance, risk, and compliance promote corporate accountability by unifying corporate strategy, control initiatives, opportunity discovery, and loss mitigation across the extended enterprise. Managing GRC across the extended enterprise allows processes and strategies to be evaluated within the company and extended to partners, suppliers, and customers – truly representing the reach of the enterprise.”
The SAP GRC applications:
GRC Repository
This contains tools to centrally manage all GRC content, based on internal corporate policies as well as best practices from the GRC ecosystem.
Risk Management
Through its 200+ Key Risk Indicators SAP risk management will identify risk and conduct risk analysis, response, monitoring, and reporting within a best-practice framework. It can balance business opportunities with financial, legal, and operational exposure to minimize the market penalties from high-impact events.
Access Control
Access Control is perhaps the best well known of the new SAP GRC suite. This group of applications (based on the Virsa tools) is dedicated to risk associated with logical system access. It can identify and prevent access and authorization risks in cross-enterprise IT systems to prevent fraud and reduce the cost of continuous compliance and control.
Process Control
The SAP solution provides 70 out-of-the-box process controls which have been used successfully by many global organisations to optimize business operations and ensure compliance by centrally monitoring key controls for business processes and cross-enterprise IT systems.
Global Trade Services
GTS is a new SAP offering which will manage all foreign trade processes within a comprehensive platform to ensure trade compliance, expedited cross-border transactions, and optimum utilization of trade agreements.
EH&S
EH&S is a mature solution from SAP which aligns business processes with environmental, occupational, and product safety regulations. It contains corporate policies to ensure proactive compliance.
SONA
SAP and Cisco have partnered to release SONA. By monitoring network traffic SONA extend controls and proactively addresses risk event issues across the extended enterprise network.
|
SAP Security and GRC 
