Expand +



Governance for your GRC solutions: Controls for your Access Management implementation

by The Tip Doctor

June 15, 2012

Tip Doctor, Insider Learning Network.

This tip is taken from GRC 2012 presentation “Even GRC Needs Governance! Strategies for Governing Your Access Management and GRC Solutions”. In this presentation, Emily Aquila of PwC takes the audience through the building of a governance strategy for SAP GRC applications and processes, with a specific focus on Access Control implementation.

Common issues experienced prior to/ post a role redesign or GRC implementation include:

  • Lack of accountability within organization
  • Difficulty understanding end-to-end processes
  • Design and/or configuration inconsistently maintained
  • Lack of clearly defined design guidelines
  • No clear understanding of roles and responsibilities
  • Integration points with other teams not defined
  • Out-of-date or no business process documentation available

Behindthe governance framework and a governance structure,  she points to 7 key supporting components  & elements, including controls.

Setting & defining controls provides reasonable assurance that there is continual adherence to key reporting standards and design principles

The following controls should be reviewed and captured during an Access Management implementation:

  • Information Technology General Controls (ITGCs)
  • GRC 10 Application Specific Control s
  • Mitigating Controls
  • Operational Controls
    • ?Service Level Agreement
    • ?Key Processes and Activities

For more on compliance, controls and project management advice for GRC and other SAP implemnetations, visit the Compliance & Project Management groups on Insider Learning Network.

An email has been sent to:

More from SAPinsider


Please log in to post a comment.

No comments have been submitted on this article. Be the first to comment!