Sunday, July 19, 2015

What are SAP GRC solutions?

Term GRC in enterprise software refers to Governance, risk management, and compliance. This is the umbrella term covering a company's approach across these three areas:

1. Governance - combines processes established and executed within company that reflect the company's structure and how it is managed and led toward achieving goals.

2. Risk management - predicts and manages risks that could hinder the company to achieve its objectives.

3. Compliance - with the company's policies and procedures, laws and regulations. It helps to measure this compliance as it is considered key to an organization's success. Automated risk and compliance monitoring activities can help prevent and/or mitigate risk events across company.

In other words the GRC integrates and manages IT operations of company that are subject to regulation. The GRC solution typically combines applications that manage the core functions of GRC into a single integrated package. Speaking very simply; such a software issues roles to the user in addition it collects information who and when requested an access to particular function or data in the SAP system. It tracks who and when approved the access etc. among other things.

SAP has few GRC solutions for different LoBs:

1. SAP GRC Access Control - is a suite of tools to monitor, test, and enforce access and authorization controls across company. It complies with regulatory mandates (e.g. Sarbanes-Oxley). Using these tools companies can identify and remove access and authorization risks from its systems. Also preventive controls in business processes to stop segregation of duties (SoD) violations are supported. The solution has following capabilities:
1.1 Compliant User Provisioning (CUP)
1.2 Enterprise Role Management (ERM)
1.3 Risk Analysis and Remediation (RAR)
1.4 Superuser Privilege Management

2. SAP GRC Fraud Management (powered by SAP HANA) - it enables frauds analysis across industries. Also it helps to prevent irregularities or fraud in ultra-high volume environments. Technically it is add-on application for SAP NetWeaver AS ABAP and the SAP HANA database. Sometimes SAP Fraud Mngt is referred as part of SAP Assurance and Compliance Software.

online docu SAP Fraud Management - SAP Assurance and Compliance Software 1.1 SP07

3. SAP GRC Process Control - is solution for internal controls management. It supports audit team in gaining better visibility into business processes and ensures a high level of reliability in financial statement reporting. Moreover it enables documenting control environment, testing and assessing controls, tracking issues to remediation, and certifying and reporting on the state and quality of internal controls. Using a combination of data forms, automated workflows, certification, and interactive reports, this solution enables members of internal control, audit, and business process teams to effectively manage compliance activities.

4. SAP GRC Risk Management - enables companywide risk management process as mandated by certain legal requirements and recommended by best practice management frameworks.

5. SAP GRC Global Trade Services (GTS) - Solution to support control of costs, reduce risk of trade penalties and fines. In addition it helps to clear inbound/outbound customs in fast manner. Automation of trade processes in case of international operations, ongoing compliance, and tight integration throughout your cross-border supply chain.

Useful links:

No comments: