Tip Doctor, Insider Learning Network.
This tip is taken from GRC 2012 presentation “Even GRC Needs Governance! Strategies for Governing Your Access Management and GRC Solutions”. In this presentation, Emily Aquila of PwC takes the audience through the building of a governance strategy for SAP GRC applications and processes, with a specific focus on Access Control implementation.
Common issues experienced prior to/ post a role redesign or GRC implementation include:
- Lack of accountability within organization
- Difficulty understanding end-to-end processes
- Design and/or configuration inconsistently maintained
- Lack of clearly defined design guidelines
- No clear understanding of roles and responsibilities
- Integration points with other teams not defined
- Out-of-date or no business process documentation available
Behindthe governance framework and a governance structure, she points to 7 key supporting components & elements, including controls.
Setting & defining controls provides reasonable assurance that there is continual adherence to key reporting standards and design principles
The following controls should be reviewed and captured during an Access Management implementation:
- Information Technology General Controls (ITGCs)
- GRC 10 Application Specific Control
- Mitigating Controls
- Operational Controls
- ?Service Level Agreement
- ?Key Processes and Activities
For more on compliance, controls and project management advice for GRC and other SAP implemnetations, visit the Compliance & Project Management groups on Insider Learning Network.