Expand +



Process Before Technology

Effective GRC Strategies Begin with Business Alignment

by Nazam Jamal and Kush Sharma | SAPinsider, Volume 16, Issue 4

October 9, 2015

As more businesses expand to the global scale and technology continues to advance, security concerns remain on the forefront. Find out the importance of an integrated approach to security that puts process before technology.


Security concerns can seem daunting to any enterprise. With new threats always on the horizon, and business models that place a high value on networks and connectivity, traditional ways of assessing and analyzing risk are giving way to new models that focus on governance, risk, and compliance (GRC) as a comprehensive, end-to-end enterprise platform. The stakes are too high to rely on localized security measures that may have sufficed in the past, as companies are more globally focused than ever before. This global focus requires an integrated approach to get visibility into all types of threats. Only then will an organization have the ability to detect and ultimately predict critical events as well as prepare for and execute a response.

Organizations that run SAP solutions for GRC have a strong foundation for mitigating enterprise risk, but they also need to be vigilant outside of their existing technology. One key challenge for a global enterprise, for example, is to customize a solution to adhere to regulations at a regional level, which often vary greatly from region to region. With vast experience working with SAP customers, Accenture has learned the nuances of SAP solutions for GRC and how to apply this knowledge within an organization’s specific environment.

It is important to build a consensus from various stakeholders for how SAP solutions for GRC will be used to support the business. Leaders and solution owners must come to a shared view on how compliance, integration, authentication, and access management will mesh to support a holistic enterprise platform.

Leaders and solution owners must come to a shared view on how compliance, integration, authentication, and access management will mesh to support a holistic enterprise platform.

Think Process, Not Technology

In our experience helping global multinationals develop and design security strategies, we find an approach that puts people and process ahead of technology is one that best leads to long-term success. With this in mind, we approach SAP solutions for GRC implementations with the understanding that other pieces can assist these solutions in creating a holistic, end-to-end security framework that supports the entire business.

One interesting piece of the puzzle is the trend of more organizations turning to the cloud to host business applications. This opens an entirely new set of security concerns, and we find that many SAP customers are looking to refresh their entire security strategy. They can tackle security not through the standard approach at the application layer, but instead by adopting a broader approach that takes an integrated, enterprise view of security through all layers, including the network, operating systems, databases, and, most importantly, the business applications themselves, given how many users access SAP systems. Because of increased use of the cloud, security needs to be addressed not just internally but externally, as data traverses through the internet and the access management mechanisms and data protection controls needed to secure it.

Creating this new enterprise security architecture is only half the battle. Managing and maintaining a world-class architecture demands world-class resources, and many organizations turn to Accenture’s managed security solutions to help manage growing complexity. And with mergers and acquisitions on the rise, Accenture’s team of SAP security specialists can help ensure a successful transition while meeting the requirements of two organizations.

Staying on the Leading Edge

SAP customers are making heavy investments in effective security and risk management measures. Accenture is committed to protecting this investment by staying on the leading edge in the strategy, integration, design, delivery, and management of the modern GRC platform. At the Accenture Security Labs in Virginia, an entire team is dedicated to research, development, and innovation to ensure a company’s security response is always one step ahead of the latest threat on the horizon.

Accenture’s approach is aligned with what our clients and the market is asking for — a partner that helps solve business issues in an integrated way, with digital pervasive in everything we do. For more information, visit

An email has been sent to:


Jamal Nazam
Nazam Jamal

Infrastructure and Security Transformation

Kush Sharma
Kush Sharma

Manager, Security Transformation

More from SAPinsider


Please log in to post a comment.