Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Management
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
Bedrock Managed Service
Scalable support and on-demand expertise that seamlessly integrates with your existing operations.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
26 February 2016

GRC As A Service – Achieving And Operating A Quality Solution

Turnkey Consulting often finds that GRC is allocated as an additional responsibility to the SAPSecurity team, which, in itself has frequently been misrepresented as just another element of the Basis function. That really acts as a constraint on the organisation maximising their GRC business-man-touching-solution-min (2)-min (1)solution as GRC is considered simply another technical module rather than a mechanism to improve and enhance the overall management of risk and controls across the business. It is often difficult to justify a full time dedicated GRC role but when taking all of the required technical and non-technical activities into account; it is actually more common to require more than one person. This adds significant cost to the operating model as there is effectively an ongoing additional FTE or equivalent cost added to the implementation and licensing costs for ongoing operations.

A significant cost of operating a GRC solution is the ongoing support and maintenance, not just of the infrastructure but of the functional expertise in the support organisation to be able to troubleshoot issues and deliver business improvement projects. Although there is often capability in the non-differentiated SAP technical skills within the existing support team, it is not often that an organisation has inherent SAP GRC functional skills to be able to make best use of the product 

However, even if the requirement is recognised and the resourcing increase approved, it is difficult to find the balance of skills in a single person who can easily switch between detailed technical access-orientated discussions and discussing key risks and controls in a business operational context.

By consuming GRC as a Service, the availability of internal skills is no longer a factor. By virtue of our experience in implementation, support and advisory services, we can feed that experience into the service for the consumption of all customers as part of the platform. Infrastructure, hosting, maintenance and support is inherent within the service thus removing the requirement to add incremental capacity onto existing teams.

Customers can also gain access to the breadth of skills within the Turnkey Consulting organisation to support on demand expertise across the spectrum of SAP security, GRC and business risk and controls advisory services. Customers no longer need to make the compromise on the available skills in the market, nor risk a poor quality implementation by trying to reduce the capital expenditure costs from a systems integrator or trying to learn GRC skills on the job with a support team who are already busy with their core business as usual activities.

By failing to recognise the importance of implementing a quality solution from the outset, the likely outcome is a solution which is under-valued and under-used across the business.

There are also a number of other factors to consider when thinking about GRC as a service.