Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Management
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
We've put together a comprehensive list of frequently asked questions - along with our responses - to the most common GRC and SAP security issues.
6 May 2015

Process Controls Webinar – Overview & Business Benefits

Marc Jackson recently hosted an insightful webinar focusing on Process Controls and the business benefits. Below is a summary of the discussion.

Process Controls as a concept

Although the name may suggest, it isn't simply about providing control solutions for your business processes, rather it describes the concept of providing an overall control and compliance management solution for your organisation. This means having a single centralised solution to coordinate and manage all of your controls and compliance related activities.

GRC Process Controls

SAP GRC Process Controls provides functionality in five broad areas which support both the lifecycle of a control and the underlying controls management processes and procedures required to comply with associated regulatory standards.

 1) Document - Document controls and policies centrally; map to key regulations and impacted organisations

 2) Scoping - Perform periodic risk assessments to determine scope and test strategies

 3) Evaluate - Evaluate control design and effectiveness; raise and remediate issues

 4) Monitor - Perform automated, exception-based monitoring of ERP systems

 5) Report - Support decisions and promote accountability with insightful analytics and sign-off

Automated Controls Monitoring 

Process Controls provides the ability to automate monitoring of configuration settings, master data and transactional data related to key control activities. For example, monitoring and preventing duplicate payments. Below is an example of a scenario where automated monitoring could be successfully applied with associated benefits over control assurance. 

Control deficiency in an organisation

There is a system configuration-based control which prevents field changes after posting to General Ledger, providing full transparency into all transactions affecting the SAP General Ledger. Any changes to this control means that the system is potentially exposed to the risk of fraudulent transactions or mistakes being made leading to inaccurate financial reporting.

For example, a user with access to OB32 may change this setting allowing vendor bank account details to be changed after posting. The risk is that inappropriate persons may receive payments, particularly if this configuration setting is not routinely checked. The company may leverage the automated control monitoring functionality in Process Controls to markedly reduce the risk in this scenario. In order to achieve this, a Business Rule can be defined looking at the bank account field to see if ‘Field Can Be Changed’ is set to X or not (‘X’ meaning that changes are allowed after posting), and could be scheduled for hourly monitoring. A control deficiency would then be automatically detected and an alert will be sent to the control owner allowing them to respond accordingly as part of the in-built issue remediation process.

Process Controls & Access Controls Integration

With the release of GRC 10.0, Access Controls and Process Controls no longer come as isolated applications as they are offered as an integrated solution. This new unified platform enables increased harmonization of key master data, where organization, process and control structures can now be shared across components of Access Control and Process Control, and this in turn supports a more integrated approach to governance, risk, and compliance. A big advantage of having the functionality of both Access Controls and Process Controls is the ability to perform continued monitoring of your SOD & critical access risks, which might otherwise be checked on a much less frequent basis. Additionally, by using Process Controls to maintain, monitor and assess your mitigating controls you instantly have greater visibility over their operating effectiveness based on their latest test, assessment or monitoring results. You can also use Process Controls to ensure that your GRC solution remains ‘fit for purpose’ at all times, which helps to underline its integrity and ensure you can rely on the risk and controls-related information it is reporting on. 

Key benefits

  • Manage, maintain and coordinate multiple compliance initiatives from a single repository with greater efficiency and improved visibility
  • Automation of controls monitoring, testing and assessments
  • Improved communication and adherence to policies
  • Integrating Process Controls & Access Controls solutions to enhance compliance initiatives
  • Reduced effort to achieve audit compliance

Marc will be re running this webinar on 9th July 2015 at 11:00am. To sign up please click here.