DEFINING INTERNAL BEST PRACTICE FOR SAP GRC

Information security is essential to your IT and business operations.  It is important to continually assess your working practices to ensure that you:

  • Continue to address key business risks
  • Pro-actively identify potential vulnerabilities in your solution and seek ways to address these
  • Meet regulatory and audit compliance requirements
  • Have adequate controls in place, particularly where you outsource support or business activities
  • Deliver a high level of service and quality back to your customer base

AN INDEPENDENT ASSESSMENT

At Turnkey Consulting we provide review services to independently assess your existing solutions to ensure they meet governance and management obligations.  Our auditing techniques help us to quickly identify any gaps in your current levels of control compared with that desired by management and recommended through best practice.

Using our own methodology and extensive experience, we can help define practices that are both pragmatic and appropriate for your business, taking into account your organisation, risk profile and existing controls.   Working with your IT managers and business teams, we deliver realistic action plans to achieve best practice and assist you in implementing these plans.

A detailed assessment may focus on one or more of the areas below:

  • Policies and standards
  • SAP security settings
  • Application security design
  • Segregation of Duties
  • User provisioning and administration processes
  • Privileged access management
  • Change management processes
  • Continuous Controls Monitoring (CCM)
  • Role design, build and testing strategies

We provide detailed documentation to support any changes to existing practices and can employ our change management capability to develop and deliver training and communications.