4 Target Areas for Reducing Your Total Cost of Compliance- SAP Insider

By Scott Goolik

By now, most organizations have taken initial strides in
their governance, risk, and compliance (GRC) projects. For many of these companies, the first step was to improve their segregation of duties (SOD) activities — with the help of tools like SAP BusinessObjects Access Control, for instance. Now, with a growing push to achieve cost savings in their GRC projects, these companies are asking a tough question: How can we maximize our compliance investments, improve productivity and responsiveness, and drive effectiveness? The answer is easy: By using complementary solutions like ControlPanelGRC to automate your business processes.

Reap the Benefits of Automation

Automating everyday tasks as well as important business
processes has several benefits: It frees up staff to focus
on high-value work, reduces resource requirements, and
ensures that established processes are followed. Companies
can enhance their GRC solutions and reduce the total
cost of compliance by adding automation and compliance
controls to areas beyond SOD. Let's see how automation
can improve the way your company handles four key tasks.

Opportunity #1: Change Management

While it's typically functional teams that originate requests for transports, the Basis team traditionally migrates these requests to target systems. By applying automated workflow principles, companies can develop a searchable audit trail around the validation, approval, and migration of correction transports. This automation can free up Basis staff for more valuable activities, saving countless hours of work and lowering overall operational costs. Automation also can help ensure compliant change control in the management and monitoring of batch jobs. Batch jobs can present a risk if a step in the process fails
and that failure is not routed to an appropriate party for review. Here again, automated workflow principles enable a searchable audit trail for the approval, scheduling, and monitoring of batch jobs.

Opportunity #2: Compliance Reporting

Companies have to prove to auditors that critical compliance reports are being viewed and acted upon. But in a hectic business environment, tasks like these are easily forgotten. Automated reporting not only reduces workloads, but also ensures that compliance requirements are met. By adding a workflow step for the review of financial reports, companies can ensure that this review no longer falls by the wayside.

Opportunity #3: Role Validation

In a dynamic SAP environment, roles often require modification. But releasing an untested role change into production is risky and could potentially halt business. Best practices dictate that security teams should provide the functional team with test logons and that this testing should occur in a quality assurance system. However, the testing process can be tedious and difficult to monitor, and is thereforeoften neglected. Tools that accelerate and automate the testing process and provide ongoing monitoring can be used to mitigate the risk, without placing an added burden on functional or security teams.

Opportunity #4: Risk Remediation

Constant user and role changes mean that a GRC environment requires ongoing cleansing and maintenance to prevent excessive access and SOD risks. Existing data that is maintained in SAP systems can be used to uncover which transactions are actually being executed, and by whom. Then, whichever transactions are not being used can safely be removed to eliminate compliance risks.

Automate Your Processes with ControlPanelGRC

ControlPanelGRC, a suite of modular yet integrated GRC applications from SymSoft Corporation, can help SAP customers improve their compliance processes through better task automation. To learn more about this solution and its benefits for your GRC projects, visit www.sym-soft.com.