Integrate Policy Management into Your Global Compliance Portfolio

  • by Tracy Levine, SAP Application Consultant, itelligence
  • August 7, 2014
Discover how to use policy management with key elements of SAP Process Control to respond to risk events in your organization. Understand the ways in which policy management can be integrated into functional business processes.
Learning Objectives

Reading this article, you will learn how to:

  • Integrate points between policy management and other GRC components
  • Use Adobe Interactive Forms for policy awareness and training
  • Use policy management for work instructions, corporate policies, and regulatory policies 
Key Concept

SAP has developed a global compliance solution as part of Process Control 10.0 and 10.1. Managing company-wide policies is a resource-heavy activity that is common among most large and midsized organizations. Policy management is a workflow-driven solution to manage the documentation, review, approval and distribution, or acknowledgment of company-wide policies. Policy management is part of the governance element of governance, risk, and compliance.

Policy management is an end-to-end compliance solution to specify, maintain, publish, communicate, and enforce policies and to measure policy compliance. One of the business benefits of policy management is that it automates the task of creating and maintaining policies.

Policy management enables you to attribute different policies (i.e., a work instruction) to a specific organizational structure, business process, and activity. For example, you can assign work instructions for a new piece of machinery to a specific warehouse and business process. Users can then be notified to read the work instructions and take a related quiz to ensure that they have read and understand the policy (machinery manual).

I discuss policy management, and highlight many of the features that SAP Process Control offers with regard to policy creation, approval and acceptance. I describe configuration steps as I take you through the process of organizing your policy hierarchy to improve transparency and visibility for global and corporate policies. I also define options for integrating policy management with other applications across the SAP solutions for GRC.

Features of Policy Management

One challenge many organizations face is that most companies face regulations from the top-down, but compliance must be achieved from the bottom up. All people, whether they are purchasing agents or salespeople, must understand what obligations this poses on their daily jobs and act accordingly. Policy management can be used as a tool to combat known risks and to bring awareness to all types of information and potential instructions that may affect an organization. With Adobe Interactive Forms, end users have the opportunity to confirm training and policy awareness through custom surveys, quizzes, and acknowledgements.

Policy management enables visibility through detailed reporting and analytics. The value of policy management, however, is that it is fully integrated with other components in the GRC suite, such as SAP Access Control and SAP Risk Management. You can associate policies with regulations, risks, and corporate and industry standards.

Implementation Steps

The first step in creating policies is to determine the various policy types, and to configure them in the back end. Policy management is a bit of a misnomer in that policy types can include one or more of the following: policies, procedures, work instructions, or standard operating procedures (SOPs). You can create new policy types to fulfill additional business requirements.

To create a policy type, execute transaction code SPRO and follow menu path Governance, Risk and Compliance > Policy Management. Click the execute icon beside Maintain Policy Types and Distribution Methods. In the initial screen to maintain policy types (Figure 1), click the Policy Type folder and enter a policy type and description. In my example, I entered types for Policy, Procedure, Work Instruction, Standard, and SOP. Click the save icon.

Tracy Levine

Tracy Levine (CPIM) is an SAP application consultant at itelligence. She has four years of experience in SAP security and authorizations, SAP Access Control, SAP Process Control, and core cross-module integration across many industry verticals. Tracy is an SAP Certified Application Associate- SAP Access Control 10.0 and is the voice behind the blog


See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.