Financial Management Blog Posts by SAP
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

GRC Tuesdays: What's Coming in SAP Solutions for Three Lines (of Defense)

T_Frenehard
Product and Topic Expert
Product and Topic Expert
2 weeks ago
553

T_Frenehard_0-1750377816865.jpeg

To help drive a unified vision across all SAP solutions for Three Lines (of Defense), Rohit Hotwani has recently been announced as the Strategic Product Manager for these products. And Rohit will already be very familiar to many of you since he was until then Global Solution Advisor for SAP GRC.

As a result, Rohit and I thought it would be a good opportunity to provide an update on what’s planned in terms of roadmap items for SAP Process Control, SAP Risk Management and SAP Audit Management. And there’s quite a lot!

 

Harmonized management of compliance issues and findings from different source systems

 

If you have been following these GRC Tuesdays blogs for some time now, you may recall a partner blog from Turnkey Consulting: Hidden Gems. Integration between SAP Process Control (PC) and SAP Business Integrity Screening (BIS). This post highlighted how both tools can already complement each other's strengths, allowing for a healthier control management process. But there have recently been customer requirements to take this integration a step further and make it easier to leverage.

As a result, Product Management and Engineering are working on a sub-scenario in SAP Process Control to expose SAP Business Integrity Screening to its continuous control monitoring functionality. This would enable to link controls in SAP Process Control with detection strategies in SAP Business Integrity Screening so that continuous monitoring can make use of this powerful fraud detection capability and, at the same time, enable a unified issue remediation process in SAP Process Control. With this integration, organizations will be able to centralize and organize compliance issues and findings into one system.

 

Extending integration of continuous control monitoring to SAP and non-SAP systems

 

By integrating SAP Process Control with SAP Integration Suite, users will be able to connect to SAP and third-party systems and use these additional data as sources for continuous control monitoring and automated controls.

This will help build a holistic control environment system with SAP Process Control being the central hub to analyse and monitor data from connected systems, but also to follow-up on compliance issues and remediate them.

To do so, the plan is to provide pre-delivered integration flows and continuous monitoring across hybrid systems:

T_Frenehard_1-1750377816868.png

 

Intelligent self-diagnostics cockpit app

 

With this planned innovation, internal control experts will be able to get self-diagnosing errors and solutions provided within a dedicated app. This app will deliver detailed error descriptions and will help guide users through the resolution process, hence supporting problem-solving with step-by step approach.

T_Frenehard_2-1750377816871.png

 

Cybersecurity Risk Management framework

 

As announced last year, National Institute of Standards and Technology (NIST) SP800-53 revision 5 and Cybersecurity Framework CSF Version 2.0 content can now be uploaded as central controls in SAP Process Control to help organizations enhance their IT Security & Cybersecurity controls with a best in class set of guidelines that define the baseline controls for information systems and organizations.

To even better support customers looking at adopting the NIST best practices – especially in the area of Integrating Cybersecurity and Enterprise Risk Management (NIST IR 8286), we will provide a support of NIST’s risk management framework by importing content as a risk template or a response template. This will enable customers to benefit from best-practice guidance from the leading Cybersecurity agency.

T_Frenehard_3-1750377816881.png

 

Business continuity management

 

In continuation of the first building blocks delivered last year – Business Impact Analysis in SAP Risk Management, we plan to continue on this business continuity management journey with additional enhancements, including:

  • Business continuity planning by supporting strategy definition and documentation, including business continuity and disaster recovery plans to help ensure critical business processes or activities in the organization can survive serious disruptions and to enable organizations to provide a clear blueprint for what everyone should do when business processes can't continue as normal
  • Business continuity test and exercise to create a picture of the scenarios, making it easier for business continuity team members and stakeholders to get practical preparation and identify any loopholes in the business continuity plan, and improve it continuously

 

Vendor and third-party risk assessment and due diligence

 

Once again building on initial deliveries from last year, the Vendor Risk Assessment capability will be enhanced with the introduction of a new a survey type and format to support the onboarding and due diligence of third parties and vendors. This survey will support issuing to external recipients to cater for onboarding and due diligence for 3rd parties.

 

Creation and reuse of a recommendation across multiple findings

 

To increase the efficiency of the 3rd line in SAP Audit Management, we plan on helping avoid developing duplicate recommendations for the same or similar findings by enabling the reuse of recommendations across multiple findings. This will also come with enhancements to help auditors monitor and manage recommendations centrally, through a holistic view of the remediation process and, ultimately, should promote collaborative problem-solving with auditees.

T_Frenehard_4-1750377816885.png

 

Consolidation of email notification for multiple actions

 

To make it easier for auditors and auditees to track updates, our colleagues are working on a setting that would enable the system administrator to quickly configure and consolidate multiple e-mail notifications into a single mailing. Once activated, related email notifications would be grouped into one message. Of course, non-consolidated notifications would still be immediately dispatched.

This will help reduce email clutter that can occur when a high number of actions are performed in a short time frame – all sending their individual notification.

T_Frenehard_5-1750377816905.png

Rohit and I hope that this short overview will have provided some valuable insights on the roadmap plans for these solutions.

And if you are interested in learning more about SAP solutions for Governance, Risk, and Compliance, feel free to fill-in the demo request form!