Key Insights Blog

Read the latest insights from our experts on GRC and risk management

10 September 2020

South Central Ambulance Service automates business processes with Turnkey Consulting

Pro bono project enables trust to meet NHS policy requirements and increase operational efficiency t...
18 August 2020

What I have learnt from my recent SAP cybersecurity engagements

While a pre-implementation security acceptance test has been a common feature of any large system im...
14 August 2020

The Next-Gen SAP Systems Audit

In recent years, there has been a drastic change in the focus of SAP technology – transition to S/4 ...
4 August 2020

What is SAP Cyber Security, and why is managing SoD insufficient?

SAP technology has changed radically in recent years, and this has had a direct impact on SAP securi...
8 July 2020

The clock strikes 12.0: Why now is the time to upgrade to SAP GRC

The current coronavirus pandemic has highlighted just how important it is for businesses to stay com...
7 July 2020

How does COVID-19 impact data protection compliance

There is no ordinary anymore. COVID-19 has changed how people work, exposing organisations’ confiden...
30 June 2020

Turnkey Consulting brings GRC, IDAM and cybersecurity expertise to the French market

London, 30 June, 2020: Risk management consultancy Turnkey Consulting has opened an office in France...
11 June 2020

The impact of a pandemic on the student journey

The Novel Coronavirus pandemic has changed the way we work, live, and study the world over. While th...
28 May 2020

How would an audit describe your privileged access posture?

In recent years ‘Privileged Access’, and how it is managed, has become a favoured hunting ground for...
20 April 2020

7 ways to include cyber security in your business continuity plans

Over the past few weeks many organisations will have found themselves implementing their Business Co...
3 April 2020

5 tips on staying secure when working from home

In most countries seriously affected by the current global pandemic, governments have forced any org...
31 March 2020

‘Zoom-bombing’ - minimising the risk of virtual hangouts

Dealing with uninvited guests is not something that many of us think about when it comes to video co...
26 March 2020

69% of SAP users believe SAP projects do not prioritise IT security

Organisations are not fully equipped to manage risk, but have a growing appetite for ‘security by de...
12 December 2019

Why ask a generalist system integrator to look after your security?

It’s time to embark on your latest application renewal programme - in the current environment likely...
10 December 2019

Turnkey appoints former PwC partner Jonathan Tate as first chairman

Risk management consultancy Turnkey Consulting has appointed Jonathan Tate, formerly a senior partne...
18 November 2019

Five steps to a successful SAP S/4 HANA security migration

Migration to S/4HANA brings myriad considerations for the SAP-driven enterprise, with the issue of s...
12 November 2019

The cloud needs security by design

Misconfigured cloud environments are increasingly identified as the source of damaging data breaches...
30 October 2019

Risk management must go beyond spreadsheets

    A traditional approach to risk management sees the board or risk committee define the key risks ...
24 October 2019

The operational approach to integrated risk management

How can information security professionals help their organisations move from traditional governance...
11 October 2019

How SAP GRC can accelerate integrated risk management (IRM)

Many software vendors are shifting their positioning from GRC (Governance, Risk and Compliance) to I...
20 September 2019

Avoiding security remediation in SAP S/4 HANA projects

Given the significant investment and commitment required by an organisation to roll-out SAP S/4 HANA...
29 August 2019

Why SAP access management should extend beyond the application layer

With the vast majority of SAP user activity taking place at the application level, it stands to reas...
26 July 2019

Managing today's SAP risks: the key questions

SAP security and GRC professionals now have the tools and technology available to be more effective ...
21 June 2019

The security risks of increased mobility with SAP S/4 HANA

The introduction of S/4 HANA is a major game-changer for SAP, as it offers a solution that’s designe...
4 June 2019

How SAP ETD assists with cyber-security

Following on from the previous insight blog series from Turnkey and SAP on Brexit and SAP’s Global T...
14 May 2019

What a systems integrator may not explain about S/4 HANA security

With the clock ticking on the 2025 deadline, more and more SAP customers are preparing to move away ...
4 April 2019

How to create a risk management framework to deal with Brexit

After more than two years of Brexit negotiations, the terms of the UK’s impending EU departure still...
13 March 2019

Google’s GDPR fine: a sharp reminder that non-compliance is not an option

Previously, there has been significant focus on the fines being associated with unlawful disclosure ...
18 February 2019

Managing SAP's automated access termination process

Companies across the globe all face similar issues when it comes to effectively managing the termina...
16 January 2019

Should you outsource your risk and compliance activities?

It’s a fact that the management of risk and compliance is becoming increasingly complicated. The com...
14 December 2018

Wem geben Sie (Cloud) Zugriff auf Ihre Daten

  …Ein Überblick über die aktuelle IdM und Access Governance Situation… Nur sehr wenige Unternehmen ...
23 November 2018

Positioning global trade to embrace the changes to come

In our last blog we explored with Paul Lloyd-Smith how a changing regulatory environment can impact ...
23 October 2018

The rise of robotic process automation in centralising controls

Robots are on the rise in business. As organisations become ever more focused on replacing manpower ...
22 October 2018

Why you need to upgrade from SAP IDM 7.2 to 8.0

SAP Identity Management (IDM) 7.2 has reached the end of life, with maintenance for this version of ...
12 October 2018

Preparing in the face of ongoing uncertainty

Turnkey and SAP are currently working with organisations both in the UK and further afield to better...
25 September 2018

Just owning SAP GRC is not enough

Many companies have made the news lately: Their systems have been corrupted, their data has been lea...
27 July 2018

Understanding the role of HR in identity and access management

The importance of identity and access management (IAM) has increased dramatically over the last few ...
5 July 2018

Five key benefits of SAP GRC 12.0

The new risk management suite, SAP GRC 12.0 has been available since March 2018 and with its launch ...
21 June 2018

SAP S/4 HANA security considerations

This article appeared in E-3 Magazine International on 19th June 2018.
4 June 2018

Pragmatism - the Light at the End of the Shadowy GDPR Tunnel

A few days on from the enforcement of the GDPR and the world hasn’t collapsed! Although there have b...
20 April 2018

Automating IT controls to improve future audits

It is one of the most interesting but underrated features of GRC Process Control: Automated Controls...
9 March 2018

[PRESS RELEASE] Turnkey provides exclusive review of the new SAP GRC 12.0

  Turnkey provides exclusive review of the new SAP GRC 12.0 Hosts webinar with SAP’s Chris Johnston ...
12 February 2018

[PRESS RELEASE] Turnkey Consulting pioneers new format presentation at GRC2018

 Turnkey will be offering insight into compliance and data privacy legislation at this years SAP Ins...
12 February 2018

SAP's GRC 12.0 is moving towards Fiori

  Following announcements last year, a major new version of the GRC is almost ready to be released. ...
1 February 2018

SAP skills: why contractor hire is not the only option

This news story appeared in E-3 Magazine International on 1st February 2018.  Click here for the ori...
19 January 2018

Understanding Privacy by Design to comply with the GDPR

When the EU General Data Protection Regulation (GDPR) comes into play in just a few month’s time, on...
6 December 2017

Turnkey's takeaways from UKISUG Connect 2017

With three days of SAP peers under the same roof, the UK & Ireland SAP User Group (UKISUG) Connect c...
21 November 2017

The financial benefits of integrating SAP SuccessFactors and SAP GRC

It’s not easy to get access management processes right. However, you might find the secret to achiev...
21 November 2017

Turnkey’s celebration of 10 years in Australia, features in ‘E-3 Magazine International'

  This news story appeared in E-3 Magazine International on 20th November 2017.  Click here for the ...
17 November 2017

Turnkey’s expansion to New Zealand features in ‘InsideSAP’ magazine

  This news story appeared in Inside SAP on 17th November 2017.  Click here for the original article...
15 November 2017

Is hiring an SAP contractor your only option?

With GDPR looming on the horizon, it is time to take a closer look at how organisations can adapt pr...
8 November 2017

The Top 5 signs you need a role re-design

  Consumers purchase cars to have the freedom to travel between destinations at will. However, cars ...
2 November 2017

[PRESS RELEASE] Turnkey celebrates 10 Years in Australia and expands to New Zealand

After ten years of business success in Australia, global SAP security specialist Turnkey Consulting ...
11 October 2017

Preparing your SAP environment for GDPR: Roundtable summary part 1

There is no shortage of discussion about GDPR – the General Data Protection Regulation – that will c...
26 July 2017

How GRC is changing the face of internal controls

I was recently invited to speak on the topic of how Internal Controls has changed in the past 20 yea...
29 June 2017

Is the CFO’s office the right place for GRC?

In recent years, high-performing organisations have been continuously challenging the structure of t...
20 June 2017

With so many threats, how prepared are retailers for a disruptive event?

In our previous articles, Paul Lloyd-Smith of SAP and I highlighted that whilst the point of sale (P...
11 May 2017

Are you facing a capability gap for SAP security?

SAP security teams face a growing set of challenges in safeguarding their SAP systems. Heightened en...
2 March 2017

How retail can maintain control of the Carrots whilst also counting the Beans!

Previously, Paul Lloyd-Smith and I focussed on highlighting the disconnection between loss at the po...
19 January 2017

Risks Management: The  IoD’s New Directors Competency Framework

The Institute of Directors recently released their new ‘Director’s Competency Framework’. The framew...
13 January 2017

Is your CISO now more valuable than your CMO in protecting your brand?

Your CMO has traditionally been the guardian of your brand, nurturing and developing brand value by ...
4 January 2017

Has the retail sector ever faced greater threats in this digital age?

Has the retail sector ever faced greater threats in this digital age? The digitalisation of the econ...
25 November 2016

Moving beyond Least Privilege Access principles

Having been at the GRC Dreamzone event in Paris, I have been at the forefront of the futuristic thin...
5 October 2016

A Quick Reference Guide on How to Choose Between GRC Consultancy and GRC as a Service

In today's market, customers have a wide range of purchasing options available to them. Consequently...
19 September 2016

3 steps to ensure a controls-based approach to financial statement audits

As part of the year-end statutory audit of the financial statements for a company, the external audi...
9 September 2016

Where Will GRC as a Service Be in a Year From Now?

Although software as a service has been around for many years, there has been a significant market (...
2 September 2016

Outsourcing the IT Systems Audit: Why Not?

Outsourcing part of a company’s Internal Audit function is a practice which has become increasingly ...
25 August 2016

The 5 Key Business Benefits of SAP's S/4HANA

SAP S/4HANA is proving to be SAP’s most successful ERP system. SAP’s involvement with ERP solutions ...
19 August 2016

How to Enable More Growth by Taking More Risk with More Control

In an era where change across all aspects of business is accelerating, the ability to adapt and grow...
12 August 2016

3 things every CEO needs to know about the new General Data Protection Regulation (GDPR)

The General Data Protection Regulation is in its final phase of implementation and will become law i...
5 August 2016

7 things every Director should know about their FRC Risk Management responsibilities

Every Director knows they need to ensure that their company is managing risk. But what does that mea...
27 July 2016

How to change the cost ownership of your business risk management

  Who owns your risk management function? For many companies this seemingly simple question is diffi...
22 July 2016

Brexit and the future of the EU Network & Information Security directive

The European Commission originally proposed the first EU-wide directive on Network and Information S...
14 July 2016

How to protect SAP within your Data Centre

Hosting business applications and data is not a new concept.  Mechanisms, terminology and custody ca...
17 June 2016

Turnkey’s GRC 2016 Preview

Here's a quick overview of some of the topics we’re really excited to be speaking about at GRC 2016 ...
16 June 2016

Are Three Lines of Defence Enough? Introducing the Fourth Line of Defence

When it comes to enterprise risk management, the phrase “three lines of defence” is often heard. I h...
29 April 2016

The importance of an integrated approach to GRC across your enterprise

It is imperative that organisations are aware of risks associated with their business. This is not p...
22 April 2016

Bringing Technology into the Boardroom

In the SAP world 2016 is all about the ‘Digital Enterprise’ and in my opinion one of their most inte...
15 April 2016

Learn why surveys are essential in your toolset for gaining assurance over internal controls

Internal controls are (or at least should be) implemented for a specific reason – to mitigate risks....
16 March 2016

Day 1 Round-up from the GRC 2016 Event

Well it's the end of day 1 here in Las Vegas and already some trends are starting to emerge from the...
26 February 2016

GRC As A Service – Achieving And Operating A Quality Solution

Turnkey Consulting often finds that GRC is allocated as an additional responsibility to the SAPSecur...
21 January 2016

Least Privilege: Stand Up For Your Principles!

One of the most ubiquitous terms in information security, the principle of least privilege is used i...
21 January 2016

SAP Data Security With Turnkey Consulting

Richard Hunt chats with SAPinsider's Ken Murphy about governance, risk and compliance (GRC) issues a...
13 January 2016

Cost – A Barrier To GRC As A Service?

Cost is often the first thing that people are interested in when looking at implementing new service...
23 October 2015

Access Control 5.3 End Of Life - Time To Upgrade, Or Do You Just Keep The Lights On?

Access Control 5.3 is due to exit “Mainstream Maintenance” and enter Extended Support at the end of ...
22 October 2015

Controls Automation - Monitoring vs. Operation And The Business Case For Automated Controls - Part 3

Following Marc Jackson’s insightful webinar on Controls Automation in the next 3 blogs we will walk ...
21 October 2015

Controls Automation - A New Breed Of Automated Controls - Part 2

Following Marc Jackson’s insightful webinar on Controls Automation in the next 3 blogs we will walk ...
2 October 2015

Controls Automation – Controls Terminology And Traditional Controls - Part 1

Following Marc Jackson’s  insightful webinar on Controls Automation in the next 3 blogs we will , th...
6 August 2015

Do You Have Trust Issues?

Security is all about trust. Many organisations talk about trust in various ways, especially where s...
12 July 2015

Evolving Challenges Require Evolving Skills

One of our clients recently remarked that our team offer something that their other partners in the ...
6 May 2015

Process Controls Webinar – Overview & Business Benefits

Marc Jackson recently hosted an insightful webinar focusing on Process Controls and the business ben...
7 January 2015

Unlocking Management Information - Part 4

The final principle of secure and compliant data provisioning is: only present the reports to correc...
15 December 2014

Unlocking Management Information - Part 3

Up to now, we have looked at understanding the purpose of an MI system and some options for transfor...
18 September 2014

Guest Blog | Richard Anderson | New Guidance On Risk Management From Financial Reporting Council

We're delighted to welcome Richard Anderson, our first guest blogger, to the Turnkey Consulting Key ...
29 August 2014

Unlocking Management Information - Part 2

In the previous installment, I described the need to clearly understand the purpose of a Business In...
18 August 2014

Security Engagement

When should security get involved in a project? The short answer to this is: as early in the project...
4 April 2014

SAP GRC 2014, Orlando

Last week I attended the US based SAP GRC conference for the eighth year in a row and this year it w...
14 February 2014

The Paradox Of Password Rules

Many organisations can expect to see some sort of findings on their audit reports pertaining to thei...
19 December 2013

Common Characteristics Of High Performing Teams

As we come to the end of 2013 I have been thinking of some of the projects that we have been working...
24 October 2013

SAP: The Increasing Cyber Security Threat

The cyber threat to IT systems in on the increase and this time it is not bored teenagers that we ne...
24 August 2013

Raising The Bar In Data Protection

The European Union is currently undertaking an overhaul of its Data Protection regime with the EU Di...
22 May 2013

Top 5 Customer Concerns Around Managing Access Risk - Part 1

Here at Turnkey Consulting in Australia, we speak to many customers about their concerns with managi...
21 May 2013

Top 5 Customer Concerns Around Managing Access Risk - Part 2

As part of my blog on the top five concerns around managing access risk, last week we looked at conc...
8 March 2013

Top 5 Customer Concerns Around Managing Access Risk - Part 5

Last week we discussed lack of visibility of access risks for management and the issues this creates...
25 February 2013

Top 5 Customer Concerns Around Managing Access Risk - Part 4

Last time we looked at issues around managing access risk in a reactive and fragmented way. This wee...
4 February 2013

Top 5 Customer Concerns Around Managing Access Risk - Part 3

Last week we looked at issues around managing emergency access to systems. This week I discuss the t...
30 November 2012

GRC Process Control - It's All About Risk (Part 2)

In the 1st part of this series I explained why risks are an essential element of GRC Process Control...
14 November 2012

An Integrated Approach To SAP GRC Process Controls (Part 2)

In this blog I would like to follow up on my earlier entry around the benefits of including GRC in a...
2 November 2012

GRC Process Control - It's All About Risk (Part 1)

Controls should be put in place with an objective to mitigate a specific risk, or set of risks. Ther...
30 October 2012

Emergency Access Logs - What Is Logged And What Isn't?

The SAP GRC Emergency Access Management (EAM) log level has been the subject of a lot of questions a...
24 October 2012

Taking A Top Down Approach To Your SAP GRC Deployment

Typically GRC deployments have focused initially on Access Controls, maybe followed by Process Contr...
13 August 2012

Compliance Of The Compliance Tool

The SAP GRC Access Controls product is designed to support customers in their compliance objectives....
2 August 2012

An Integrated Approach To SAP GRC Access Controls (Part 1)

Many Greenfield SAP implementations will exclude SAP GRC from scope, treating it as an optional modu...
22 July 2012

Unlocking Information In BW

BW systems present some very specific challenges when authorising access to data, so for this series...