GRC Tuesdays: Highlights from SAPinsider #GRC2018
For those not able to attend SAPinsider GRC2018 this year in Las Vegas, it was another fantastic week of hearing customers, partners, and colleagues share best practices, technology innovations, and hot topics across the GRC space. It truly is an exciting time to see the evolution and maturity of GRC practices and technology adoption across the profession!
Let me share just a few highlights from the event this year.
GRC ≠ Access Control
I must admit, it is time to celebrate. For years, the terms “GRC” and “Access Control” have been used interchangeably by many when referring to SAP’s solutions in this space. However, it is refreshing to see that although SAP Access Control and other access governance solutions are still as relevant as ever, the other 15+ SAP solutions for governance, risk and compliance are now seeing plenty of traction and “air time” at the event. SAP Process Control and SAP Business Integrity Screening (previously SAP Fraud Management), along with other solutions from SAP that address audit, risk, data protection, and cybersecurity – to name a few – were extensively discussed with success stories and best practices shared. This is important as SAP has developed and deployed an extensive set of capabilities to address not only enterprise-wide needs but focused solution areas as well.
GRC and Digital Transformation
We are in the midst of a significant milestone at SAP and as a result, an inflection point for SAP customers. The massive innovations with the in-memory database and the recoding of SAP’s core transactional systems now known primarily as SAP S/4HANA, have created new opportunities for deploying GRC technologies at a much greater scale and level of innovation. The opportunity to have real-time information and “one source of truth” (both heaven speak to GRC practitioners) are creating fantastic advances in continuous control monitoring, risk automation, fraud and anomaly detection, and enterprise reporting.
Linking Performance to Risk
One example of improved reporting options is found through the SAP Digital Boardroom. I had the opportunity to present a session and demo the solution which helps place GRC activities in their most important light, which is to link risks to objectives. As we demonstrate – at the decision-making level – the true impacts of risks (both in terms of avoidance and risk taking) on the key objectives the enterprise is pursuing, the true value of what GRC activities bring to an organization can be seen and optimized.
Several of the hot topic areas heard at the event include:
- How to leverage continuous controls monitoring in an SAP S/4HANA environment
- How to support an overall cybersecurity program and help address gaps
- Key risk and compliance considerations when implementing machine learning and other robotic process automation (RPA) technologies
- How to use SAP solutions for GRC in your GDPR compliance program
- How SAP uses its own software to support security, GDPR readiness, risk, audit, controls, and access monitoring
- How to use the new SAP Cloud Identity Access Governance solution to bridge access governance to the cloud while leveraging investments in SAP Access Control
- Multiple customer use cases on security and role redesigns, one view of risk, controls automation, continuous monitoring, and enterprise risk management
- A preview of the new solution for protecting data in the public cloud called SAP Data Custodian
SAP Access Control, SAP Process Control, and SAP Risk Management version 12.0
At the event, two sessions were held which highlighted the new functional enhancements and user experience that is available through the new 12.0 version release coming in late March of this year. Part of the good news is this release will be an upgrade and not a migration. The enhancements include improved user experience, simplified navigation, better risk aggregation, ad-hoc monitoring, and extensibility of Access Control to new authorization models like HANA and Fiori, as well as cloud applications.
As you can see, opportunities abound for leveraging technology to achieve the desired outcomes organizations envision for their GRC programs. SAPinsider proved again to be a great opportunity to hear first-hand of these use cases and best practices. I encourage you to join us again or even for the first time whether in Prague later this fall (October 16-18), in March for the International SAP Conference on Internal Controls, Compliance and Risk Management , or in Las Vegas in March of 2019. Wow – are we almost to 2019?