Who will need to be involved in a SAP GRC project, and what time commitment will it require?
Basis & SAP Security team, Business managers, Internal/ External Audit
- Basis team will need to be involved to a limited degree when the actual installations take place, though are not usually required much after this period.
- Business Process owners will need to devote time regularly throughout the project, attending workshops on Risks and Approval workflows for example.
- Internal/ External Audit should be involved at regular intervals as well, contributing advice on SOD risks and connected mitigating controls for example.
- Most businesses find that a small, dedicated GRC team is the best way to proceed, bringing in business owners on an ad hoc basis.
If you would like some customised advice on exact skill sets required through your project lifecycle, please get in touch and we can assist you in putting together a more accurate model.