Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Management
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
Bedrock Managed Service
Scalable support and on-demand expertise that seamlessly integrates with your existing operations.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Partners
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Careers
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Blogs
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
14 November 2012

An Integrated Approach To SAP GRC Process Controls (Part 2)

In this blog I would like to follow up on my earlier entry around the benefits of including GRC in a greenfield implementation. Previously we explored this area in the context of access controls. We now look at the benefits of implementing Process Controls at the outset of your SAP journey.

Integrated Control Framework
An SAP control framework is something that will be developed over time by most organisations. Typically Internal Audit will have a control framework against which they test the company's existing controls. This will be updated by IA either during the initial SAP implementation or, more commonly, at the first audit cycle post go-live. The inclusion of process controls at the outset of the project enables an organisation to focus resource towards the adaptation of the control framework to suit the SAP environment. It also gives the opportunity to ensure that these controls are designed efficiently for SAP.
 
Automated Process Controls
With or without GRC technologies in place your SAP implementation will need to define business process controls to ensure the control and smooth running of your business processes. The inclusion of GRC technologies in your initial implementation scope will enable these controls to be defined and developed in the most efficient way possible, taking advantage of the latest controls automation technology to drive down the costs associated with operating and testing these controls post go-live.
 
Internal Audit Efficiencies
Testing an SAP environment can be a very labor intensive and inefficient process from an audit perspective. Investing effort to understand where these inefficiencies occur during the initial implementation will help to reduce these inefficiencies, ensuring that duplication of testing is minimised and control testing is automated wherever possible.
 
Familiarity with the SAP Environment
Ensuring that IA are familiar with controls in the SAP environment from the outset of the project is an important but difficult challenge. Without focused effort from IA to get up to speed on the various complexities of auditing an SAP environment they could find themselves playing catch up post go-live. The inclusion of PC in the implementation scope of GRC will give your audit team a natural 'home' on the project and enable them to develop the skills they need to audit the new SAP environment  over the course of the project.

Conclusion
Maturity in the GRC market and in the GRC applications available from SAP means that these solutions should be a consideration for any greenfield SAP implementation. Whilst it may not be in every project scope from the outset customers should consider the benefits of addressing some of the problems that GRC solves during their initial implementation. As we have seen in this blog entry, taking a proactive approach has a number of benefits and tackling your GRC challenges early will surely result in a stronger and more efficient control environment.