SAP GRC: The Sweet Spot: Where Productivity, Confidence and Security Meet

An increasing number of companies are caught off guard by cyber-attacks and security breaches because they do not have effective measures in place to prevent them.  This oversight can lead to financial devastation, loss of jobs and more. 

User access is the primary culprit of such breaches – including inside jobs.  By integrating technology like SAP solutions for Governance, Risks and Compliance (GRC), you not only reduce risks, you also create transparency in a way that saves time and money.  SAP solutions for GRC automate your access governance activities in order to prevent work redundancy and reduce the manual effort needed to generate reports.  It is important for a company to reach its security goals in the most productive and efficient way possible.  To achieve increased productivity, one must first have clarity to understand what adjustments need to be made.

Implementing Segregation of Duties (SODs), setting user authorization with SAP Access Control, and monitoring user activity are some of the ways GRC puts you in the driver’s seat.  These solutions give you continuous insight into your company’s workflow and how well its valuables are being protected.

Optimizing Performance: Who’s Doing What and Why It Matters to Your Business

The design of your employees’ business processes is only the beginning.  Experts stress the importance of implementing Segregation of Duties within a company, as it is the primary defense against internal fraud and has the greatest opportunity to create a productive environment.  Integrating these strategic measures will minimize the opportunity for fraud and create transparency.  SAP’s GRC solution can automatically audit your user profiles and flag all violations of your SOD policies.

An example of typical segregation of duties would be to not allow the same person to create a vendor master record, a purchase requisition and order, and a goods receipt, as these activities would cause a payment to be made to the vendor.  A fraudulent vendor with the employee’s name and address equals big bucks stolen from your company!

But SODs can be difficult for a small to mid-size businesses to achieve due to the lack of resources and manpower available.  The concept of segregation of duties is to separate the following responsibilities in each business process:

  • Record Keeping
  • Authorization
  • Custody of Assets
  • Reconciliation

Ideally, no individual employee should handle more than one of the above-noted functions in a process. When an organization separates these functions among its employees, it has implemented a strong internal control, which may deter and prevent employee fraud. When duties cannot be segregated, compensating controls should be considered. Compensating controls can be preventative, detective, or monitoring controls that are executed by an independent, supervisory-level employee who does not have custody, record-keeping, authorization or reconciliation responsibilities for the process.

Gain control via SAP solutions for GRC to assess your SOD and remediation process by:

  • Identifying key responsibilities for each business process area,
  • Defining Segregation of Duties rules, and
  • Creating a SOD matrix from these rules.

Identify conflicting duties and determine if an alternate person can perform certain tasks with SAP solutions for GRC.  After you have had an audit performed of internal processes, you will be ready to:

  • Upload Segregation of duties to the SOD tool;
  • Execute the SOD tool;
  • Perform SOD Conflict Analysis.

Is That All There Is???

 Nope!  SAP’s GRC tools offer much more than automatic SOD checking.

  • Improve business alignment with audit processes integrated with fraud management, process control, and risk management activities.
  • Support business network growth and compliance with business partner screening.
  • Help ensure effective, ongoing controls and compliance management. Focus resources on high-impact processes, regulations, and risks to get continuous insight into the status of compliance and controls. With greater visibility, you can reduce costs while increasing business process reliability and quality.
  • Understand what influences risk levels, how risks impact value, and which responses are most suitable with enterprise risk management. SAP solutions can help corporate boards, audit committees, executives, and operating managers.
  • Minimize financial loss through early detection and more effective alert investigation in fraud management. SAP solutions can help you:
  • Screen high volumes of transactions and business partner data.
  • Investigate and document potential fraud cases.
  • Limit false positives with real-time calibration and simulation on large volumes of data.
  • Improve response and control to reduce future occurrences of fraudulent activity.
  • Improve international trade management operations while supporting ongoing compliance and streamlining the cross-border supply chain.

Do you want to upgrade your company’s security? We look forward to exploring the options with you. Contact Warren Norris, warren@titanconsulting.net or call me at 972.679.5183. You can also contact your Titan Sales Director.