- SAP Community
- Products and Technology
- Additional Q&A
- Understanding GRC
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Understanding GRC
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 03-28-2007 6:11 AM
Hi,
I am very new to this domain and want to gain a good knowledge of it for practical purposes. I have started with reading various documments on GRC on the whole. I get a lot of functional material, but I am unable to comprehend it technically.
I also realize that no one has provided (or can provide...am not sure) a solution that ensures full compliance under SOX and other such acts. So do we try to look into some specific areas under one act only and try to make our processes compliant by implementing various controls?
Please correct me if I am wrong.
Thanks in advance.
Regards,
Latika.
Accepted Solutions (1)
Accepted Solutions (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
It is conceptually impossible to provide a blanket 'solution' for you. Each organisation is different and has completely different GRC solutions. Rather than seeking a solution to GRC, you should be seeking an <b>approach</b> to developing a solution for your organisation.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Thanks Ramesh,Justin
So what I have understood from your replies is that a "solution" suitable for one organization may or may not be relevant for the other. That is our effort should first be at understanding the current processes of the organization and then modify the processes (if necessary) so that they are GRC enabled and during this excercise we may or may not be complying to any specific act like SOX.
Is it correct?
Regards,
Latika.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Answers (1)
Answers (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Latika,
The GRC does not have the tag of any specific Act,Rules,Regulations etc.
It is pertinent that all the regulatory acts such as SOX lay emphasis on the best practices.GRC enables the best practices.
The processes are the road map for achieving the goals;while the controls steer the organisation in attaining these goals.Thus the focus of this forum is upon understanding and analyzing the risks,controlling the identified risks by means of appropriate mitigation strategies thus enabling a good Governance.[ best corporate practices ].
The term "Good Governance" is very broad and exhaustive - Risk and control contribute to " Governance".
In light of the above, we are not trying to look into some specific areas under one act only.Rather we are trying to highlight the best practices in the processes.An understanding of the Risk and controls helps bringing about the best practices.
Hope this helps.
Regards,
Ramesh.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Start page of SAP Signavio Process Insights, discovery edition, the 4 pillars and documentation in Technology Blogs by SAP
- Advance Return Management complete configuration(SAP ARM) in Enterprise Resource Planning Blogs by Members
- Exploring Integration Options in SAP Datasphere with the focus on using SAP extractors - Part II in Technology Blogs by SAP
- For SAP Data Archiving, if I want to implement SAP ILM with SAP IQ, do I still need Archive Server? in Technology Q&A
- First Half 2024 Release: What’s New for Employee Central Service Center? in Human Capital Management Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.