The three letters GRC have become firmly fixed in the vocabulary of top management levels and on the agenda of CFOs. Although compliance, for example, with the Sarbanes-Oxley Act, and the resultant requirements of an internal control system were previously considered mostly in isolation, today companies are taking an integrated GRC approach: This is evident from both the development of theoretical framework concepts and GRC software solutions. The issue becomes how to achieve a good balance between theory and a software-supported implementation. Learn the most important points about automating GRC processes using a simple structure and SAP BusinessObjects GRC 10.0 solutions.
An internal control system is composed of established processes, measures, and principles designed to help the organization accomplish goals set by the management of the company. An internal control system plays an important role in preventing and detecting fraud and protecting the organization's resources, both physical (e.g., machinery and property) and intangible (e.g., reputation or intellectual property such as trademarks). Three major areas in focus are the efficiency and profitability of the business, compliant and reliable external and internal reporting, and compliance with regulations to which the company is subject.
SAP BusinessObjects GRC 10.0 consists of the main components SAP BusinessObjects Process Control, SAP BusinessObjects Risk Management, and SAP BusinessObjects Access Control. For the first time, all existing GRC components based on a common data model were integrated technically on one platform (SAP NetWeaver ABAP 7.02):
- SAP BusinessObjects Process Control (previous version: 3.0) – supports internal control system and compliance management.
- SAP BusinessObjects Access Control (previous version: 5.3) with the following subcomponents: access risk management (formerly risk analysis and remediation), user access management (formerly compliant user provisioning), business role governance (formerly enterprise role management), and centralized emergency access (formerly superuser privilege management)
- SAP BusinessObjects Risk Management (previous version: 3.0)
Figure 1 shows a simplified view of the integrated approach in SAP BusinessObjects GRC 10.0.