Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Management
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
We've put together a comprehensive list of frequently asked questions - along with our responses - to the most common GRC and SAP security issues.
2 March 2017

How retail can maintain control of the Carrots whilst counting Beans

Previously, Paul Lloyd-Smith and I focussed on highlighting the disconnection between loss at the point of sale and the back office/finance/business areas. 

SAP’s UK expert on GRC for Retail, Paul Lloyd-Smith identifies with the growing trend in the industry to improve controls. He has also seen a trend whereby technology helps improve and update the effectiveness of controls at the point of sale, but notes that this has often left the back office to fend for itself. 

The back office is often seen as a cost to the business, resulting in the controls relying upon management trust of the employees to do the right thing. Whilst trust is important we repeatedly see that it only takes one unethical individual to create a devastating impact.   

The back office functions are fast becoming the soft underbelly of the retail pig. Only last week we saw £3million worth of equipment being removed from the Jaguar/Land Rover manufacturing plant in the West Midlands. Was this an inside job?If so, were there indicators of suspicious behaviour that could have raised the alarm ahead of this event? 

Regardless of the source of the fraud, technology is now helping retailers to put effective controls in place, both on the point of sale and within back-office functions.  In regard to the point of sale, using the internet of things (IoT) and integrated monitoring, it is possible to track higher value items in a much more granular manner. For example, it is possible to identify when stock moves from the shelf to a different location as well as correlating that with a scan of the barcode to prove that it’s declared at the checkouts. If the scan does not happen before the item moves towards the exit, alerts are generated. 

Also, regarding the back office, technology solutions are becoming far more sophisticated in their evaluation of business transactions. SAP solutions can handle mass transactional data, especially where SAP HANA is the database. This allows customers to understand both known and unknown patterns to highlight potentially suspicious behaviours within their systems. This could be through suspicious payment transactions, undesirable business partners or outliers in tolerances from historical trends. SAP Fraud Management also embraces machine learning to automatically calibrate alert thresholds as well as using predictive analytics to predict future areas of interest. This all helps investigation teams to ask questions around what might be the next area of attack or to question what’s around the corner. 

In a future  blog, we’ll try to do just that by predicting what we think the next biggest threats are for the retail sector.