SAP® – GRC Implementation Services
The basic imperative for managing access and separating incompatible duties on your SAP® system is to minimise the risk of error, omission and fraud. It is a very real risk, often realised and is therefore targeted repeatedly by assurance providers and audit & risk committees. In more serious cases the entire system of internal controls is called into question if appropriately implemented user security is not maintained.
In an environment where user abilities are controlled with a powerful and granular role based security model, identifying and controlling powerful and sensitive functions, separating incompatible duties and satisfying the demands of assurance providers and management in this respect can only be effectively achieved with a software solution. For existing environments, identifying and remediating these issues is a daunting task.
Protecting this investment once you have remediated your system becomes your next priority.
We have extensive experience with assisting organisations implement the SAP® BusinessObjects™ GRC Access Control suite. Our services are meaningful to those organisations that:
- Require assistance in developing the business case for implementation of SAP® BusinessObjects™ GRC Access Control solutions
- Need to build momentum with executive management through education, quantification of issues and peer-to-peer organisation discussions
- Are building an implementation roadmap of software, process and governance elements that combine to identify and manage access control risks in a sustainable and on-going manner
Not surprisingly, the technical solution elements are not the key to success. They are enablers only. In our experience, successful projects:
- Have strong support from senior levels in the organisation based on a clear understanding of the business risks being managed – not the technical solution being implemented
- Develop and publish a realistic roadmap that pairs the build-up of SAP® Business Objects™ Access Control solution.
- Transform into an operational capability built based on a comprehensive risk and controls framework that integrates governance, system capabilities and support processes.
We welcome the opportunity to outline our experience in delivering and leveraging successful implementations.