Wiley SAP GRC For Dummies 978-0-470-33317-4 用户手册

产品代码

978-0-470-33317-4

Integrated GRC systems not only have a system for managing access control
but they also have rules that take into account the thousands of specific
transactions inside an ERP system so that segregation of duties conflicts can
be avoided. In addition, GRC systems not only have systems for automating
the collection of information and the analysis of that information for controls,
but they come with a large set of commonly needed controls that are ready to
implement.

Perhaps the largest benefit of GRC systems is that they come with a step-by-
step approach of the sort shown in Figure 1-6 that is proven through the
experience gathered at numerous companies.

The general approach of one component of SAP’s solution, SAP GRC Process
Control, is to follow these steps:

1. Document the control environment.

What are you doing? What are your processes? Where are the risks?

2. Test: Implement the process and access controls needed to address

the risks identified.

3. Remediate: Resolve exceptions found by the controls.

4. Analyze: Use the information gathered to gain a deeper understand-

ing of the business.

5. Optimize: Improve both GRC and business processes as insights are

gathered.

Define the

Control

Environment

Compliance Team &

Business Process

Owners

Control

Testers &

Internal Audit

Compliance Team &

Business Process

Owners

Executives,
Controllers,

Managers & Auditors

Compliance Team &

Business Process

Owners

Document

Test

Remediate

Analyze

Optimize

Automated

and Manual

Control

Tests

Resolve

Exceptions

Report

Financial

Results

Optimize

Controls

RISK

Figure 1-6:

The steps

to GRC

implemen-

tation.

Part I: Governance, Risk, and Compliance Demystified

05_333174 ch01.qxp 4/4/08 7:15 PM Page 36