Many companies implement SAP solutions for governance, risk, and compliance (SAP solutions for GRC); turn on different aspects of SAP Access Control, SAP Process Control, and SAP Risk Management; and consider the job done. They may be able to, for example, check segregation of duties (SoD) violations against user access, require IT users to check out FireFighter IDs, and have a few controls established and monitored in real time via continuous control monitoring. Technically, the solutions are installed and working — but are they really providing maximum return on the company’s investment?
For continuous, long-term success, companies need to better connect their GRC solutions with their integral, enterprise-wide business processes. Without this approach, companies may face redundant, costly audit efforts; uncoordinated, inconsistent processes among different departments; and insufficient visibility into risks.
Daily Compliance Is Key
To truly capture the value of SAP solutions for GRC, companies should extend the functionality to the business and incorporate the processes into daily tasks. This is how businesses can achieve continuous compliance — by making compliance part of a company’s daily operations through constant diligence and improvement. By continuously reviewing the effectiveness of compliance activities, companies can ensure their compliance activities and business processes are truly integrated and aligned.
For example, consider how compliance can help reduce the time it takes to identify and mitigate SoD issues. When an issue arises that causes an SoD violation to occur, you can use SAP Access Control to quickly mitigate and even systematically point to the correct mitigating control. By maintaining continuous compliance, you can be sure that the mitigating control is appropriate and effective to mitigate the violation. This can save time and effort, eliminate manual errors, and ensure consistency throughout the organization.
To truly capture the value of SAP solutions for GRC, companies should extend the functionality to the business and incorporate the processes into
Going Beyond the Initial Implementation
This is where ultimumIT differentiates itself: Through our robust technical implementation experience, and our governance and compliance expertise, we have established a proven methodology and approach.
For example, to help organizations further hone and increase their return on investment with SAP solutions for GRC, ultimumIT has developed the following bolt-on utilities:
- uAssist: Streamlines reporting and provides continuous compliance alerts by combining repetitive, hard-to-generate reports in a central location and providing email notifications upon termination of SAP Access Control approvers.
- uChangeAC: Reduces the administrative overhead of SAP Access Control by allowing you to mass-replace all of the different owners in SAP Access Control (FireFighter owner, role owner, mitigation monitor, for example) from a single screen in minutes.
- uLicense: Simplifies and automates SAP licensing processes by centralizing your SAP license reports into a single screen, identifying discrepancies within license assignments, and providing the ability to mass-change or update licenses in multiple systems.
ultimumIT offers services and tools that not only focus on the initial successful implementation of SAP solutions for GRC, but also help provide a vision for their future use, support, and scalability. It is not merely a technical implementation, but an important piece of a long-term roadmap for how IT and the business will work together to report, govern, and control one of the company’s largest capital investments and expenses — its ERP solution.
For more information, visit www.ultimumIT.com or contact us at firstname.lastname@example.org.