cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The GRC Consultant

Go to solution
Former Member

on ‎03-19-2007 5:57 AM

0 Kudos

In a regulated economy, success is measured on the speed, transparency, integrity and compliance capabilities of the organization’s business processes and the system landscape. The key to success, would then translate into an effective audit of the organization’s SAP system, with specific focus on security and control. General Controls specialists reviewing Application Controls may not deliver the desired level of comfort in identifying control weaknesses in an SAP environment. This requires knowledge of the SAP system security, auditability, risks and controls. The introduction of SAP Netweaver has further enhanced the need for having a better understanding on the key aspects of security, user authentication and authorization, across platforms.

To get into the GRC space, I do believe that consultants must have a fair understanding of:

- the main business processes in the mySAP Business Suite covering the Purchase to Pay Cycle, Order to Cash Cycle, Inventory Management, Accounting etc.

- SAP Basis Security covering User Management and Authorizations, Roles, Infrastructure Security, Netweaver Security, Single Sign-On in Heterogeneous Landscapes etc

- SAP tools like MIC, AIS, Compliance Calibrator etc

- regulatory requirements like SOX, JSOX, Basel II etc

- compliance frameworks like COSO, Cobit etc

- auditing standards like AS1, AS2, AS3, AS4 from SEC

- international accounting standards

- risk assessment and risk management in enterprises

- preventive, detective, corrective and deterrent controls to mitigate risks

The GRC initiative from SAP is definitely a step in the right direction. I do believe that exchange of ideas through this forum will be a catalyst to good governance and will definitely help organizations in meeting their compliance objectives.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎03-21-2007 3:41 PM
0 Kudos

Hi Babu,

I fully agree with you.

The Technology which strictly an adjunct,has amalgamated very well with the process that we see only the "Technology driven processes" in place today.This trend is seems to be in the upswing and unstoppable.Who would have [ a decade ago ] dreamt of the financial approvals [ preventive control-in sap,parking] to be had in a matter of hours.?Years ago,in the year end,i still,remember pushing the contractor's bills much before the actual physical completion of the work,due to the inherent delay in the financial approval-The delay owing to the sheer paper work and the geographical remoteness being the culprits.But today,we don't face such discomforts[ thanks to the Technology],nor will the Governance permit such [ mal ]practices.

With the Technology defining a new landscape,one has to know the niche areas (i.e.) where and how the controls can be built.

The regulatory measures,with the constant changes in the rules etc [for example,soon AS2 will be predated by AS5] puts pressure on the professionals to upgrade,update their skill and knowledge.

The above demanding -metamorphosis in the Technology and the ever changing Regulatory laws etc-forces has rendered us vulnerable.In fact so far we have had been sitting in the edge without a proper exchange platform to overcome these challanges.The GRC is certainly a boon from this point of view.

Fortunately our forum has a mix of Process and Tech.specialists.Let us synergise and fathom new depths to our mutual collective gains

To quote your words,"The GRC initiative from SAP is definitely a step in the right direction. I do believe that exchange of ideas through this forum will be a catalyst to good governance and will definitely help organizations in meeting their compliance objectives."

Regards,

Ramesh.

Show replies
Show replies
Former Member
‎03-22-2007 4:40 AM
0 Kudos

Thanks Ramesh for your input..I do hope this forum gains momentum for the benefit of all compliance professionals.

Answers (3)

Answers (3)

Former Member
‎07-08-2008 3:32 PM
0 Kudos

The GRC suite eases the burden for publicly traded companies to become and remain Sox and JSox compliant (and probably a few more future compliance initiatives). If a company is not publicly traded then there is much less incentive to implement one of these tools because private companies are not subject to Sox and JSox. They are also not subject to the significant time and expense it takes to become compliant, not to mention the often changing and differing interpretations of Big 4 audit firms on what it means to be "compliant". There was a big backlash by public companies complaining that they received little return for the millions of dollars they spent on compliance.

That said, I don't think it is possible for SAP to make the use of GRC "mandatory". If a publicly traded company needed to implement an automated solution to help with SoD issues, controls, etc., they could always choose a competing product with similar functionality.

Show replies
Show replies
Former Member
‎07-04-2008 10:40 AM
0 Kudos

Hi Gurus,

I am FICO consultant with 10 years of Domain and 2.5 years of SAP experience working with a multinational. I am planning to enter the SAP GRC for which i need to prepare . I need your guidance on the following ;

1. What role can I play in GRC , I have been told by the dept heads that I perfectly fit as a Business Analyst in GRC .

2. What is the carreer progression in GRC I mean the future prospects

3. can anyone guide me as to what material I should start going through to increase my knowledge on the subject.

Thanks in advance . Look forward to your valuable guidance.

Best regards,

Edited by: AJAY K DUA on Jul 4, 2008 11:41 AM

Show replies
Show replies
Former Member
‎07-07-2008 10:27 PM
0 Kudos

Hi Ajay

I mean with your FICO back ground , you must have a great deal of experince with Business Process etc .

Well to get into GRC ,I suggest you go through SAP courses AC010 , FIN900 , TGRC 20 , TGRC 30 , GRC 300 , GRC 310 .

should be strong security& authroisation concept ( AMEZ ,ADM 940).

As far is GRC market is concerned , opprtunities are bleek at the moment with all the recession and jobs cuts etc., it doesnt mean that future would be bad .

Matter fact all SAP customers should be using GRC ( I heard SAP is making it mandatory in near future with all their customers) so future could be good at the same time too many consultants out there mate.

hope this helps

All the best

Former Member
‎07-08-2008 10:43 AM
0 Kudos

Making the use of GRC software mandatory for all SAP customers is unlikely to happen. Considering the vast differences in different countries and industries it would be interesting to learn the rationale for such a step.

Former Member
‎07-08-2008 2:55 PM
0 Kudos

Hi Alexander,

I thought atleast SAP is trying to promote with new installations , thats what I have heard

but i presume you are from SAP labs so ,hands down on that

you should have more insight, so what do you think of GRC future ??

Regards

Prem

Former Member
‎03-22-2007 7:56 PM
0 Kudos

Greetings to the Forum and Babu,

It is indeed a pleasure that SAP has started this forum and has heavyweights like Babu involved and participating.

SAP has been a front runner in the GRC space and is indeed doing a tremendous job to further the cause of a unified and holistic approach towards GRC, justifiably, the industry is perceiving the other players as laggards in this space.

I am attempting to provide a laundry list of all the resources available on the internet pertaining to GRC in general and SAP GRC in particular.I am passionate and committed to SAP GRC and would like to see this forum grow by leaps and bounds.

<b>Generic information on GRC and regulations</b>

1. http://www.isaca.org/ for CISA and Systems Auditing and a whole range of subjects in GRC

2. http://www.aicpa.org/ for SOX

3. http://www.sec.gov/ for SOX

4. http://pcaobus.org/ for SOX

5. http://www.theiia.org/ for Internal Audit

6. https://www.isc2.org/ for Security

7. http://www.sebi.gov.in/ for Clause 49

8. http://www.fsa.go.jp/ for J SOX

9. http://www.frc.org.uk/corporate/internalcontrol.cfm for Turnbull guidance on Internal control

10 http://www.osc.gov.on.ca/ for Bill 198/CSOX.

11. Apart from these there are numerous other regulations like Kon Traag, FDA, ROHS, WEEE all of which are part of the Governance, Risk and Compliance Ecosystem.

In my next post I will give a laundry list of all resorces available for the SAP GRC ecosystem.

Thankyou,

Happy blogging!

Show replies
Show replies
Former Member
‎03-26-2007 4:17 PM
0 Kudos

In addition to the links given by Krishna, I would like to add the following:

http://www.oceg.org/

Hope it helps.

Former Member
‎03-28-2007 11:09 AM
0 Kudos

A rather comprehensive listing of governance codes and recommendations from around the world is found on the website of the European Corporate Governance Institute: http://www.ecgi.org/codes/all_codes.php

Former Member
‎06-04-2008 9:47 PM
0 Kudos

Hi Everyone

I want to be part of this compliance world , I presume you all are already working GRC area.

Best Regards

Ask a Question