Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Managaement
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Partners
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Careers
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Blogs
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
FAQs
We've put together a comprehensive list of frequently asked questions - along with our responses - to the most common GRC and SAP security issues.
20 April 2018

Automating IT controls to improve future audits

It is one of the most interesting but underrated features of GRC Process Control: Automated Controls. In most companies an Internal Control System (ICS) is always associated with lots of work. The efforts for assessments are high, the coverage is poor and audits are usually troublesome.

Just recently a major German retail corporation (and client of ours) had the same issues. Moreover, the pressure was high from the last audit to initiate some changes. So how is GRC Process Control helping?
 

Sensoring issues automatically via GRC Process Control

Automated Controls are also called Continuous Control Monitoring (CCM) and come with every GRC Process Control. In order to make them work, tables and critical values have to be defined in the GRC system. By planning the controls to run as a job, they reach into the connected backend systems, pull the data from the pre-defined tables and perform a check for deficiencies.

Now whether it is value checks, change logs or events the possibilities are huge and even HANA databases and non-SAP systems can be connected. The controls can go from simple parameter checks to really complex checks on the accounting tables. For IT controls an example is a change log check on the profile parameter for the password length. If this parameter has been changed and the password length is lower than a certain number, an issue will be raised.

That means with automated controls it is possible to detect security holes and prevent fraudulent behaviour.

 

What does that mean for our client?

For our current client we have implemented a little over 60 automated controls and have rolled them out to more than 60 production systems. This results in 3600 less checks for the IT department and a massive return of investment for the whole corporation.

What does that mean for our client

Aside from saving time and money, they were also getting reliance from their auditors after the project. So just by introducing automated controls, trust has immediately gone up for future audits. It is these kind of benefits, that make this feature so valuable for clients.

Since the IT controls can be applied to almost any other SAP system, this is just the first step and more controls and systems are to come. Are you interested in automating your controls as well? Please do not hesitate to contact us for further information.

 

PS: You can also hear about the project approach and key takeaways from our client himself at the SAP-Forum for Financial Management and GRC 2018 in Frankfurt (Germany)

 

Privacy by Design CTA