GRC Tuesdays: Rising with SAP and the Three Lines ...

T_Frenehard · ‎2024 Jul 30

I’ve already described in a recent GRC Tuesdays blog post the RISE with SAP program and how Governance, Risk, and Compliance & Security augments it, so I won’t go over this again. But I have good news to share today: if relevance of GRC within this SAP initiative wasn’t clear enough, it has been made even more prominent with the announcement in April of a GRC package for RISE with SAP: The three lines of defense package

What is it?

SAP S/4HANA Cloud for financial three lines of defense is an existing offering that has now been included in the RISE program to help SAP S/4HANA Cloud, private edition customers shift to remote, continuous, and risk-adjusted management to drive down risk and compliance costs while building trust.

By embedding the integrated solutions for three lines model into the very foundation of their SAP software landscape, organizations can automate tasks and decision-making, gain real-time visibility on their compliance status, and equip their people to anticipate and respond to the risks standing in the way of achieving business objectives.

Why is SAP doing this?

Well, quite simply because more and more organizations are requesting commercially packaged solutions to help them address the following trends:

30%

increase in cost of compliance expected by companies

90% of compliance leaders expect evolving business, regulatory, and customer demands to increase compliance-related operating costs by up to 30%

Find calm in every compliance storm, Accenture, May 2022

75%

of companies to increase risk management spend

3 out of 4 of companies are planning to increase spend across data analytics (75%), process automation (74%), and technology (72%) to support the detection and monitoring of risks

2022 Global Risk Survey, PwC, 2022

50%

of companies to automate controls

50% of organizations aim to automate controls monitoring and management capabilities to address core drivers of GRC strategy in 2023

GRC State of the Market 2023 – Benchmark Research Report, SAP Insider, 2023

38%

of organizations can identify risks before it is too late to take action on them

Executive Leadership: Strategic Risk Management Primer for 2023, Gartner, 2023

What’s in the scope?

To help companies manage enterprise risks, regulatory compliance, and audit activities efficiently and effectively, SAP S/4HANA Cloud for financial three lines of defense includes the following SAP GRC products:

SAP Process Control

This internal control and compliance tool enables organizations to achieve compliance and business process performance goals, while keeping their GRC program costs under control.

Find problems faster and easier through continuous control monitoring and automated testing
Easily adapt and scale with robust functionality and configurable options, increasing user productivity
Access a single source of truth with a unified framework and processes, minimizing duplication of efforts
Reduce costs using configurable, interactive email-delivered forms for business users, eliminating costly training
Improve accountability and problem tracking with workflow-driven evaluations and issue resolution

SAP Risk Management

This enterprise risk management solution supports companies to scan the horizon for emerging risks and opportunities, and preserve the value of the organization by minimizing unnecessary losses.

Define and configure business value drivers and objectives
Provide insight into how risks and controls can be optimized to meet strategic objectives
Balance acceptable residual risk with the cost of control and compliance
Continuously survey and assess emerging risks and opportunities
Continuously monitor risk levels, risk drivers, and risk indicators

SAP Audit Management

The internal audit module helps organizations provide independent assurance of risk and compliance standards to management and audit committees by leveraging real-time audit insights.

Improve audit quality, resource management, and scheduling for cost-effective operations
Prioritize audits more effectively using technology-driven risk inputs
Achieve comprehensive audit insights and standardized approaches across the enterprise
Enhance staff efficiency with self-service access to audit data
Quickly collect audit evidence using mobile tools and drag-and-drop features

In addition to being a commercial package, these solutions are of course natively interconnected – and also integrated to RISE with SAP S/4HANA Cloud, private edition – so that information can flow from the source system to 1st to the 2nd and 3rd line, and then to Management and Governing Bodies seamlessly:

Benefiting from additional innovations for SAP S/4HANA Cloud, private edition, this package enables customers to:

Establish clear responsibilities and collaboration across all three lines
Automate key control and risk management activities
Identify and mitigate compliance issues
Facilitate audit engagement and improve audit performance
Improve business performance and decrease the cost and effort of managing GRC activities with a single-source of truth
Integrate with SAP ECC, SAP S/4HANA, SAP Signavio, etc. to automate continuous control and risk monitoring

Looking for more information?

If you’d like to read more about this package and its components, then have a look at the following links:

Overview video: Integrated Risk and Controls Management for SAP S/4HANA
Individual product pages: SAP Process Control, SAP Risk Management and SAP Audit Management

I look forward to reading your thoughts and comments either on this blog or on Twitter @TFrenehard.

And if you are interested in learning more about SAP solutions for Governance, Risk, and Compliance, feel free to fill-in the demo request form!