Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Management
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.

Customer Success

At Turnkey, client satisfaction is of the utmost importance to us and we strive to constantly deliver above expectations, going the extra mile at every opportunity.


Revolutionising access management across the organisation

Collaborating closely with Ørsted, Turnkey 
meticulously aligned services to meet 
Ørsted’s unique business requirements. 
Through a series of workshops involving 
the Ørsted team, Turnkey gathered 
comprehensive information to define 
access provisioning workflows, 
streamlining of role methodology, and 
enablement of user and SoD review.


Transformation of Access Management enhances user experience and risk reporting

SESB was facing several challenges in the delivery of its access control management. 
End-to-end access provisioning was a manual process, resulting in prolonged lead 
times for completing requests. As a result, there was a risk of potential errors and 
violations within roles and responsibilities across the landscape.

AdobeStock_714890085 (1)

Business Partner screening tool delivers speed and efficiency to reduce risky business and prevent compliance issues

Staying compliant in a highly regulated e-commerce environment has become increasingly challenging. Turnkey’s client needs to ensure that any partner that it does business with is screened to detect and prevent irregularities, 
mitigating fraud and reducing risk.


Active Directory health check reduces inactive, old data by 20%

With the increasing threat of cybersecurity challenges in the pharmaceuticals sector due to sensitive data and high value technology, Turnkey’s client works consistently to minimise risk exposure and manage global user access to the right systems and data.


Providing an Identity & Access Management Solution and Managed Service

The university has been continuously improving its identity and access management (IAM) system since inception 10 years ago. The system is very large with close to 100,000 users (identities), including UK and international students, as well as non-university associates.


Creating a roadmap to best practice identity and access management for multinational retailer

To support significant business development and combat the ever-growing threat 
of cyber-attacks, Turnkey’s client continuously works to minimise risk exposure 
and manage user access by giving employees the right tools and expertise to 
secure their business-critical applications.


Establishing an enterprise view of access risk to comply with industry regulations

With energy suppliers increasingly relying on technology to run their networks, cyber security risks have a much bigger impact on suppliers and the public they serve. To address this, the Government introduced the Network & Information Systems (NIS) Regulations in 2018 to provide the UK’s energy providers with legal measures and requirements for securing their critical networks and information systems access.


SOX Compliance processes achieved with SailPoint ARM

Since the group’s listing on the NYSE, it has been subject to the regulatory requirements for IT security specified in the Sarbanes Oxley Act of 2002 (SOX).

To satisfy the relevant requirements and to facilitate the responses to audit findings, the global packaging business implemented the cloud-based SailPoint Access Risk Management (ARM) system to manage security across its SAP landscape. 


Deploying a security awareness training programme for cyber security

Turnkey’s client is a professional services organisation with seven locations across the world serving a range of blue-chip customers. They came to Turnkey because they were frustrated with traditional training methods and wanted a more hands-on and practical approach to engage employees and improve security awareness.


Improving staff productivity with automated business processes

The South Central Ambulance Service NHS Trust (SCAS) serves 7m people across six counties. Its emergency operations handle over half a million calls each year. The Trust needed to automate some of its core business processes to comply with the NHS Data Security Protection Toolkit and increase productivity, and implement an IDM platform for incident reporting.


Delivering a digitised Enterprise Risk Management reporting solution

Turnkey's client is a global leader in tobacco products across manufacturing, distribution, and marketing, working towards reducing the health impact of its business on people. The client wanted to digitise their approach to risk management. Although they already had robust processes in place, they weren’t able to get a big picture perspective due to a largely manual approach.


Turnkey leads the way in delivering SAP Cloud Identity Access Governance (IAG)

Turnkey’s customer is one of the largest soft drink bottlers in the Middle East, responsible for both manufacture and distribution. But, the complexity of managing around 50 locations and maintaining effective security controls and user access authorisations was becoming increasingly challenging.


Accelerating SOX compliance controls and access with SailPoint platform

Turnkey’s customer is a leading global healthcare company, working towards preventing and treating diseases and improving the health of millions of people. They had selected SailPoint for its Identity Security software to provide governance and compliance for its large number of business applications.


Prioritising business continuity with expert SAP penetration testing

Turnkey’s client is a global healthcare and pharmaceuticals group, delivering high quality products and medicines to people all over the world to prevent and treat diseases and keep them healthy. As part of their controls and compliance framework, the pharmaceuticals group need to carry out SAP exploitable vulnerability assessments every year.


JTI identifies the right CIAM solution through a comprehensive and transparent procurement process

Japan Tobacco International (JTI) is a global company doing business around the world. JTI needed a single, cloud-based platform for all Customer Identity and Access Management (CIAM) to increase customer acquisition and improve brand loyalty, while reducing the risks associated with possible data misuse.


Turnkey delivers and supports security controls and automated user processes to 7,500 users with SAP GRC and SAP Identity Management

Turnkey's client is a global science and chemicals company and leader in sustainable technologies. The organisation has been deploying SAP technology to serve its business units globally, but the complexity of managing these systems and maintaining effective security controls and user processes had become increasingly challenging.


Safeguarding the integrity of a global sustainable forestry business with fast and sophisticated business screening

Turnkey's client is a North European bio-forest company focused on a sustainable and innovation-driven business model, delivering renewable and responsible solutions for a ‘future beyond fossils’. They had been using a standard tool to carry out business partner screening but it had become increasingly limited in its capabilities.


Turnkey’s Bedrock Managed Service Supports GRC and Security for Leading Supermarket Chain

Turnkey’s client has over 1000 supermarkets and grocery stores. It has a turnover approaching $60 billion AUD. With good Corporate Governance, Risk Management and Compliance (GRC) central to its approach, it needed a new partner to support these and other security activities.


SAP SoD: GATX Rail Europe sets important course for the future

As one of Europe’s leading full-service freight car rental companies, GATX Rail Europe provides customers with a fleet of more than 26,000 tank and freight cars.The company was looking for a specialist to develop cross-divisional concepts for general authorisation standards and SOX compliance as part of an SAP migration.


Turnkey Delivers Global SAP GRC Upgrades for Energy Giant

Turnkey's client is a global group of energy and petrochemical companies. The Group implemented SAP GRC across its SAP ERP landscape, but when SAP announced that maintenance for GRC 10.0 would expire at the end of 2020, they needed all 25 SAP environments to be upgraded to interface to a GRC12 system to maintain the integrity of its IT systems.


Identity management strategy brings users, SAP applications and data together

Turnkey's client is a packaging solution organisation for the grocery, fast moving consumer goods and industrial markets, with nearly 100 distribution centres internationally. They needed an identity management framework that would provide appropriate access to the company’s technology resources throughout their lifecycle, without compromising security.


A smooth implementation of SAP Business Integrity Screening (BIS) for controls automation for SAP S/4 HANA.

Siemens is a global powerhouse focusing on the areas of electrification, automation and digitalization, with over 385,000 employees world-wide. The objective was to ensure the best use of the available technology to create alerts for potential risks or fraud.


SAP S/4HANA security model minimises business risk for commercial aviation solutions provider

L3Harris is a global aerospace and defence technology innovator, delivering end-to-end solutions to meet customers’ mission-critical needs across air, land, sea, space and cyber domains. New to SAP, having previously deployed a non-SAP ERP, the firm needed to be able to monitor business risks within its new system. SAP S/4HANA delivered substantially more access controls than SAP ECC6 and required more configuration within each application and transaction.


Closing the segregation of duties compliance gap with role re-design, for Imperial Brands

Imperial Brands is a global fast-moving consumer goods company borne out of a strong tobacco heritage and an evolving product portfolio in next-generation products like vaping and heated tobacco. Imperial Brands turned to Turnkey to help them refresh and re-design the role-based access design globally, to bring it in line with the business’ current operating models as well as the new SoD definitions.


Turnkey implements SAP GRC to achieve significant business benefits

Ruralco is a leading Australian agribusiness with a market capitalization of over $300 million and reported revenue of over $1 billion. Ruralco has used SAP for many years, but it's growth and acquisitions have resulted in many different business units, and the SAP security systems not always kept pace with organisational and process change. It turned to Turnkey to help implement SAP GRC.


Providing SAP cyber security peace of mind

Serco, a British outsourcing company with a global presence, wanted to evaluate cyber threats across their entire infrastructure and prioritise their investment for remediation. They wanted to assess their SAP systems cyber-resilience as part of this broader cyber control programme to understand the risk position of their SAP system and to see whether or not it warranted an expedited outlay to address it.


Consolidating Global SAP systems in the financial sector

As a major global financial services provider, Turnkey's client employs approximately 140,000 people across Europe, America, Africa and Asia. The Company wanted to improve the way it delivered its HR services to the entire business, as well as creating a new authorisation structure and identity procedures.


Turnkey consulting helps Premier Foods secure their SAP systems during a business divestment

As one of Britain's largest food producers, Premier Foods supplies a range or retail, wholesale, food service and other customers with some of Britain's best loved brands. When the Hovis divestment was announced Premier Foods had a short timescale in which to ensure that all the correct SAP security authorisations would be in place from day one, for both companies.


Turnkey Consulting helps a global beverage can manufacturer achieve the benefits of upgrading to SAP GRC access control 10.1

Rexam (now part of Ball), is a leading global beverage can manufacturer, making cans for many of the world’s favourite brands. Rexam decided to upgrade to SAP GRC Access Control 10.1 to give better functionality and align the GRC system with other SAP environments, with a move from the two to three tier environment.



Turnkey's client is one of the world’s largest office products suppliers, serving customers across 27 countries. The company wanted to reduce the manual-based workload of maintaining and managing their user information on the new SAP system, as well as to improve the security role administration.


Upgrading the SAP GRC solution for a truly global business

Japan Tobacco International (JTI) is a global company doing business around the world. It employs over 25000 employees and runs operations in 120 countries. JTI decided to move to version GRC 10.0 and in January 2012 went to competitive tender for GRC security specialists. Turnkey Consulting won that tender.


Implementing a coherent strategy for security and risk management within a major utility provider

United Utilities Group PLC owns and manages the regulated water and wastewater network in the North West of England. The need to develop and implement a security and risk management strategy in SAP was identified by managers at United Utilities. This identification followed on from a plan to implement GRC process and access controls.


Setting global GRC standards

Turnkey’s client is one of the world’s largest consumer products organisations, with leading brands that span the areas of nutrition, hygiene and personal care. With overall responsibility for SAP security, Warren Burns, the Global Technology Risk Manager explains, “We were keen to ensure that any possible fraudulent activities were identified and dealt with, and the segregation of duty conflicts managed effectively.”


Engaging the business to proactively manage risk

Swiss Re is a leading global provider of reinsurance, insurance and other insurance based risk transfer services. Swiss Re had already chosen SAP as their implementation partner for a new information management solution that would re-engineer its current IT environment. To complement this work stream they were also looking to take on a partner to help engineer authorisation concepts and design a solution around their HR practices.


Identity management implementation provides seamless view of user access

Australand is one of Australia's leading diversified property groups with activities including development of residential land, development of investment in income producing commercial and property management. The company wanted to implement an integrated Identity Management solution that incorporated HR hire to retire processes across multiple SAP systems that would also fit neatly with its existing security architecture.


An end-to-end SAP GRC solution delivering efficiencies in internal controls

SABMiller is one of the world’s leading brewers with more than 200 beer brands and some 70,000 employees in over 75 countries. Following a SAP implementation at their UK Corporate division, SABMiller identified Segregation of Duties (SoD) conflicts that needed to be addressed. Some of these were due to broad technical roles and business roles, and some were caused by role assignments.


Successful POC paves the way for return on investment from SAP GRC process controls

Turnkey's client is a global group of energy and petro-chemical companies with around 93,000 employees in more than 90 countries and territories. The company wanted to undergo a Proof of Concept project using SAP GRC Process Control 10.0 to standardise its approach and use a single tool to underpin its controls management processes, as well as moving towards a continuous controls monitoring solution.


Implementing an SAP GRC Access Control 10.0 solution to improve internal control and deliver process improvements

Infineum is a world leader in the formulation, manufacturing and marketing of petroleum additives for lubricants and fuels. Following a review of its security software solutions, the Infineum Group was looking to replace its ageing access control and segregation of duties monitoring system.


Implementation of SAP GRC minimises conflicts and reduces audit pain

Turnkey's client is one of the world’s largest office products suppliers, serving customers across 27 countries. Having failed their audit twice in a row, the organisation did not wish to repeat the same mistakes and it was agreed that a process was needed to manage SAP business roles with no conflict of interest.


Achieving business ownership of risk and compliance

Transport for London (TfL) was created in 2000 and is the integrated body responsible for the capital's transport system. As a publicly funded body, Corporate Governance is critical to Transport for London. Because of this they chose to implement SAP Governance, Risk and Compliance (GRC) across their systems.


Deploying a multi-national GRC solution to reduce the burden of internal management processes

Turnkey's client is a global group of energy and petrochemical companies that is one of the most profitable organisations in the world. The company was already committed to using SAP systems to help them conduct their business but they wanted to improve and expand this in the area of GRC.


Enabling global reporting and reducing support costs with automated security access in SAP BW

Turnkey's client is a global group of energy and petrochemical companies. The organisation has achieved one of the largest rollouts of SAP R3 HR (SAP HCM) on a single instance, in the world. Manual synchronisation issues meant that although individuals with the appropriate access could run and execute transactions within SAP R3, they still couldn’t see certain data in the reporting system.


Implementing SAP Security and Controls on a global scale

Turnkey's client is a global group of energy and petrochemical companies. Although the group had a lot of SAP skills internally, they found that none of their suppliers could provide competent people in all the areas needed. This was particularly prevalent in the controls and authorisations area.


Providing a complete end-to-end IT audit solution

RSM Tenon , the 7th largest accounting and audit firm in the UK, provides a comprehensive suite of accounting and consultancy services including business advisory, tax and financial management. They were keen to establish and talk to larger clients and prospects about their system audit and ERP security and to do this, they needed to partner with a specialist. They needed a more complete security review proposition.


SAP Security Support: Global telecommunications company

The Australian branch of Turnkey Consulting helped one of the world’s largest telecommunications providers satisfy its urgent requirement for SAP security support. Turnkey consultants served as a valuable resource, providing immediate assistance to cope with the high volume of support requests the company was receiving.


Managing access violation and improving efficiency with the Bedrock GRC managed service

Sodexo is now the worldwide leader in Quality of Life services. They develop, manage and deliver a unique array of onsite Services, Benefits & Rewards Services, and Personal and Home Services for a wide range of clients across the globe. They chose to take advantage of Bedrock - Turnkey's GRC managed service - to support their SAP GRC activities.


Implementing an integrated risk management platform using SAP GRC Process Controls

Japan tobacco International (JTI) is a global company doing business around the world. It employs over 25000 employees and runs operations in 120 countries. The tobacco industry is heavily regulated and JTI takes its compliance responsibilities very seriously. JTI’s risks and controls were documented and managed through a single repository database – SharePoint – but the control framework was outgrowing SharePoint’s size and functionality.


SAP aerospace and defence (A&D): Leading National Airline

The UK branch of Turnkey Consulting helped the engineering division of this leading national airline meet the significant challenges of implementing a security solution for the SAP Aerospace and Defence (A&D) industry solution


SAP security review: HONG KONG power supplier

A leading power supplier in the Hong Kong region turned to Turnkey Consulting when they needed a comprehensive review of their current SAP security and SAP portal solutions. Turnkey was charged with leveraging its extensive expertise to thoroughly evaluate the environment, identify weaknesses, and recommend potential enhancements.


Large-Scale SAP Implementation: Australian Engineering and Services Group

A leading Australia-based engineering and services group with more than 30,000 employees in four primary business units (infrastructure, resources, property, and communications) commissioned Turnkey Consulting to design and deliver security and controls to its large-scale SAP implementation


Providing SAP Cyber Security Peace of Mind

Before implementing the technology, you need to conduct a variety of activities to ensurey our organisation can maximise the software, including defining your business roles, synchronising your data and assessing the impact on related systems - both ERP & non-ERP.

Read More