Blog - 2026

AI in SAP: Balancing Opportunity, Risk, and Control

richard.hunt@turnkeyconsulting.com (Richard Hunt) — Sun, 26 Apr 2026 13:30:00 GMT

Artificial intelligence presents a significant opportunity within SAP. The combination of structured, high-quality data and end-to-end business processes makes SAP a highly effective environment to apply AI. Whether supporting users through embedded assistants or enabling agentic AI, the potential to improve efficiency and streamline operations is clear.

Six reasons why you need a modern PAM approach to manage machine identities

Elliott Maidment — Thu, 23 Apr 2026 00:00:00 GMT

Non-human identities (NHIs) are rapidly expanding across your systems. These digital identities access resources, execute tasks, and communicate with other systems — often with little or no human involvement.

Five questions to guide your move to GRC for HANA 1.0

Kelly.Webber@turnkeyconsulting.com (Kelly Webber) — Wed, 15 Apr 2026 11:00:00 GMT

The launch of SAP GRC for HANA 1.0 (SAP GRC 2026) brings six previous solutions into a more user-friendly combined platform: Access Control, Process Control, Risk Management, UI Masking and Logging, Business Integrity Screening, and Audit Management. But to make the most of the efficiency, security, and compliance benefits this integration brings, you’ll need to embed with S/4HANA and ensure your target architecture is S/4 foundation 2025 or later.

Because of this, and because organizations are starting from different legacy environments, it can be difficult to pinpoint the right course of action. This blog will explore five key questions to guide your journey toward upgrading or migrating to SAP GRC for HANA 1.0.

How to Manage Privileged Access in Modern Retail IT Environments

Joseph Mendoza — Wed, 01 Apr 2026 11:00:00 GMT

Retail organizations operate in an environment where disruption has an immediate and visible impact. If a point-of-sale system fails, an e-commerce platform goes down, or a fulfilment system is locked, the result isn’t just delayed productivity but an instant loss of revenue.

The Next Generation of GRC: What It Means for SAP Customers

simon.persin@turnkeyconsulting.com (Simon Persin) — Wed, 18 Mar 2026 12:00:00 GMT

As SAP landscapes grow in scale and complexity, traditional governance models are struggling to keep up. Most organizations still rely on disconnected tools for access control, process control, risk management, and audit management — a structure that worked in older ERP environments but falls short in modern, highly integrated landscapes.

SAP is now evolving its GRC strategy to reflect this shift. A new generation of capabilities is emerging in SAP GRC for HANA 1.0 (SAP GRC 2026), which has been designed to unify previously separate governance functions and provide clearer visibility across systems.

This blog explains why GRC for SAP is entering a new phase, what’s changing in SAP’s approach, and how customers can start preparing for a more connected governance model.

Missed TAC CCR 2026? Here are the 3 big takeaways

cavan.arrowsmith@turnkeyconsulting.com (Cavan Arrowsmith) — Fri, 13 Mar 2026 12:00:00 GMT

On March 3-4, 2026, the SAP for Internal Controls, Compliance and Risk Management Conference gathered SAP governance, risk, and compliance professionals in Amsterdam. Organized by TAC Insights, in partnership with SAP, the event drew SAP users, IT managers, auditors, risk managers, and security experts from across the industry.

SAP Clean Core: Why it matters and how to achieve It

Tom Venables — Wed, 04 Mar 2026 01:00:00 GMT

Enterprise SAP environments are rarely simple. Large, multi-entity operations bring layers of regulatory, operational, and structural complexity, all of which inevitably shape how SAP is configured and extended.

How to start with continuous controls monitoring in SAP

Ruchika Kapur — Thu, 26 Feb 2026 01:00:00 GMT

As cloud adoption accelerates, SAP environments are operating at a scale and speed that traditional control frameworks were never designed to handle. Static, periodic reviews can no longer keep pace with real-time transactions and increasingly complex system landscapes. Continuous Controls Monitoring (CCM) has therefore shifted from a best practice to a critical capability, enabling organizations to identify risks proactively, maintain compliance, and strengthen governance in an always-on environment.

The rise of non-human and agentic identities and how to manage them

Vaibhav Dhote — Thu, 19 Feb 2026 00:00:00 GMT

Artificial intelligence is influencing every area of technology, and identity security is no exception. Non-human and agentic identities have become commonplace, with the creation of machine identities outpacing human identities at a ratio of 82:1, according to CyberArk.

Fully Managed: A Simplified Approach to Privileged Access Management

Tracy McFarlane-Barnes — Tue, 03 Feb 2026 00:00:00 GMT

From advancing IT operations and automation to managing cloud environments and third-party access, privileged access management has become a business essential.