SAP GRC Solutions

For the over 10 years, our SAP professionals have brought deep industry experience and knowledge to SAP HR technical design, implementation and post SAP implementation support projects. Our successful track record due to our SAP specialty coupled with quality and commitment is the reason why 97 percent of our top 100 clients elect to do repeat work with us.
Depending on company size, our clients have a number of SAP users who can be assigned roles (created in SAP software) according to their tasks. However adding new functions from SAP or new or modified in-house transactions can cause roles and responsibilities to change quickly. We recognize that organizations must manage a large number of roles and evaluate, test, and correct problems in access rules and authorizations within SAP software.

But doing so involves risk. For example, if an employee who has long been allowed to change vendor master data is now granted authorization to execute a payment run, the company faces the possibility of fraud. Such employees could transfer money to their own accounts. Government regulation requires companies to set up control mechanisms for such possibilities. So far, most control processes have been implemented at the organizational level, outside of SAP software. External auditors monitor access rights and use their experience to identify risky combinations of transactions. But the period between audits can last as long as a year – plenty of time for someone who wants to do damage.

The most efficient, cost-effective way to find gaps in the SAP control systems and to avoid violations of user rights should be risk centric approach integrated in the pre-Implementation and design stages. Ultimately it may involve automated testing and real-time monitoring, for example in terms of separation of duties.

From pre implementation to design and post implementation phases of a SAP HR project, our SAP specialists can help you design and implement a rigorous Continuous Risk and Controls assurance process. You will benefit by:

  • Ensuring that assurance is provided on more significant risks such as new and emergency roles, SAP access authorizations and appropriate workflow approvals
  • Identifying new or growing risks that require additional risk and control monitoring
  • Identifying sudden rises in risk levels that may merit immediate attention by management or internal auditors. For example, a large inventory write-off may lead to an increase in inventory related risk levels. The monitoring teams may respond in time to mitigate a further breakdown in related controls and the potential for additional inventory losses.

Specifically, we offer the following consulting services in the SAP GRC domain:

  • Risk management - Balance business opportunities with strategic, operational,   financial, legal, and compliance risks maximizing corporate performance
  • Access control – Control access and prevent fraud across the enterprise, while minimizing the time and cost of compliance.
  • Process control - Ensure compliance and enable business process control management by centrally monitoring key controls and data across-enterprise systems.
  • Sustainability performance management - Track and communicate sustainability performance, set goals and objectives, manage risks, and monitor activities.