Automate GRC Processes Using SAP BusinessObjects GRC 10.0

  • by Maxim Chuprunov, CEO, Riscomp GmbH, Switzerland
  • March 27, 2012
The three letters GRC have become firmly fixed in the vocabulary of top management levels and on the agenda of CFOs. Although compliance, for example, with the Sarbanes-Oxley Act, and the resultant requirements of an internal control system were previously considered mostly in isolation, today companies are taking an integrated GRC approach: This is evident from both the development of theoretical framework concepts and GRC software solutions. The issue becomes how to achieve a good balance between theory and a software-supported implementation. Learn the most important points about automating GRC processes using a simple structure and SAP BusinessObjects GRC 10.0 solutions.
Key Concept
An internal control system is composed of established processes, measures, and principles designed to help the organization accomplish goals set by the management of the company. An internal control system plays an important role in preventing and detecting fraud and protecting the organization's resources, both physical (e.g., machinery and property) and intangible (e.g., reputation or intellectual property such as trademarks). Three major areas in focus are the efficiency and profitability of the business, compliant and reliable external and internal reporting, and compliance with regulations to which the company is subject.

SAP BusinessObjects GRC 10.0 consists of the main components SAP BusinessObjects Process Control, SAP BusinessObjects Risk Management, and SAP BusinessObjects Access Control. For the first time, all existing GRC components based on a common data model were integrated technically on one platform (SAP NetWeaver ABAP 7.02):

  • SAP BusinessObjects Process Control (previous version: 3.0) – supports internal control system and compliance management.
  • SAP BusinessObjects Access Control (previous version: 5.3) with the following subcomponents: access risk management (formerly risk analysis and remediation), user access management (formerly compliant user provisioning), business role governance (formerly enterprise role management), and centralized emergency access (formerly superuser privilege management)
  • SAP BusinessObjects Risk Management (previous version: 3.0)

Figure 1 shows a simplified view of the integrated approach in SAP BusinessObjects GRC 10.0.

Maxim Chuprunov

Maxim Chuprunov (CPA, CISA, CRISC) is dedicated to the professional area of SAP and compliance since his studies and is developing this topic in the GRC area. His particular specialty is the combination of the compliance view on business processes with technical know-how. In 2010 he founded Riscomp GmbH (Switzerland), a consultancy specializing in SAP GRC. Before that, he worked for KPMG DTG in Munich, KPMG LLP in Boston, SCHENKER AG in Essen, and SAP AG in Zurich. In 2007 he joined the Center of Expertise Financials & Compliance of SAP AG Switzerland. As a senior consultant he was a pioneer conducting the first international implementation and proof-of-concept projects for SAP BusinessObjects GRC solutions, focusing in the automation of internal control system. He is known in SAP BusinessObjects GRC solution management as an expert and is being engaged as a referent by SAP Education for several SAP GRC courses. In 2011 he wrote a bestseller book on SAP GRC topics with SAP PRESS titlled the Handbook for SAP Auditing, ICS and Compliance.

Maxim will be presenting at the upcoming SAPinsider GRC 2018 conference October 16-18 in Prague. For information on the event, click here.



See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.