Automate and manage your company’s risks, controls, identities and cyber threats.
SAP® GRC is a software offered by SAP® that allows us to automate processes, Manage business risks in real time and integrate risk management processes into the strategy, planning and operations execution. It has 7 modules: Access Control, Process Control, Enterprise Risk Management, Global Trade Services, Audit Management, Electronic fiscal note and Business Integrity Screening.
Access Control
Monitors, evaluates and controls access and user authorizations in SAP systems.
The ARA module is used to preventive and constant surveillance of SoD, risks, critical transactions and mitigating control. Allows us to:
- Real time analysis of Segregation of Duties Conflicts.
- Real time monitoring (Report creation, Alerts, etc).
- Ensure that managed conflicts are not replicated in the future in the system.
- Manage and Monitor the most complicated risks (Cross System).
- Document and Manage mitigating controls.
This module is used to automate the process of additions, deletions and modifications, to the creation of approval stages in order to create an account in SAP and to SoD analysis in each of the stages of the workflow.
- Automates the process of user creation, deletion or modification.
- Creation of approval stages in order to create an account in SAP.
- SoD analysis in each of the stages of the workflow.
The EAM module allows end users to perform emergency activities outside the parameters of their standard function, but within a controlled and auditable environment.
- Critical system accesses monitoring through Firefighters.
- Special approval for accessing the Firefighter.
- Real time activity reports are sent to the defined controllers.
- Logs reports, with the activities performed in the system, are sent to the defined controller once the Firefighter signs out.
The module automates the process of cataloging management and role functions definition in an easy way for companies.
- Role management based on a pre-established methodology.
- Definition of the role naming convention for all systems.
- Role maintenance in multiple systems.
- Definition of the Role owners in order to approve any kind of modification in the configuration of the role.
What benefits does SAP® GRC bring to companies?
Service improvement
- Faster user accounts creation.
- Reduction of mistakes in user management process.
- Transparency in user management process.
- Reduction of time required when interacting with Help-Desk.
- User can reset their passwords without intermediaries.
Risk reduction
- Preventive automated controls.
- Real-time risk analysis.
- Real-time risk analysis.
- Improvement of the security during the process of resetting passwords.
Cost reduction
- Automation of the key users process.
- Reduction of time and effort in risk analysis (ARA vs Manual).
- Reduction of time and effort in simulations.
- Automated process to reset passwords through ARM PSS.
Process Control
Optimises the functioning of established control policies and processes
The SAP® GRC tool allows you to establish and monitor controls that ensure the proper operation of the processes and established policies. Through monitoring them, processes are controlled by the right people, under a framework of compliance with internal policies and regulations.
In addition, it is valid for SAP and non-SAP environments: Marketing, Sales, Production, Logistics, Human Resources and / or Finance. Continuous Control Monitoring (CCM) helps to ensure that, business practices have remained trustful to the original design and purposes of the control structure over time.
Policy Management allows the creation, publication, application and verification of a policy and to manage its entire life cycle:
- Define: Definition of control indicators definition. Examples: SOX, ISO 27001.
- Monitoring: Periodical assessment of controls..
- Exception: Error or exception identification by application of controls.
- Resolution: Exception remediation by applying corrective actions.
- Reporting: Decision-making support, simplifying the continuous monitoring and certification processes.
