Implementing an integrated GRC approach with SAP GRC


Implementing an integrated GRC  approach with  SAP GRC

Increasing regulatory requirements set new challenges companies

grasec2

For years companies have been confronted with increasing  regulatory pressure, and therefore higher costs

grasec3

…with an organizational impact on the existing GRC structures

grasec4

Two strategies to react to increasing costs…

grasec5

From our practical experience, not only efficiency but also acceptance could be raised through iGRC.

grasec6

iGRC helps companies achieve…

grasec10

… and an integration strategy according to iGRC® can be implemented in SAP GRC

grasec15

An Integration Strategy according to iGRC® through…

  •  Concatenation of Risk and Compliance Management and the Internal Control System
  • Process-related intersections of internal steering and control systems —–> strong concatenation useful
  • Example „uniform control process“:
  • Common risk analysis for risk identification
  • Inventory of identified risk as basis for risk reducing measures, internal controls and focus on compliance program
  • Common testing of effectiveness for measures and internal controls
  • Supporting process synchronization by various forms of organizational concatenation with different degrees of integration
  • Using synergy effects and  avoiding duplication of work  as well as redundancy
  • Increasing transparency and  security
  • Performance and control  units obtain a broad overview  of the entire risk situation
  • Efficient and effective  corporate management and  management control

… and by the help of SAP GRC 10.0

Concatenation of Risk and Compliance Management and the Internal Control System

grasec11

An Integration Strategy according to iGRC® through…

Integrated Reporting for GRC

  • Purpose of an integrated reporting:

Standardized, transparent and efficient reporting for  management- and control units

  • Procedure for an integrated reporting:

Standardization resp. combination of the essential processes

  • Integration of the existing reporting elements
  • Merging of the reporting structures
  • Standardizing reporting deadlines and formats
  • Standardizing the compression ratio of information and data
  • Increasing reporting quality
  • Management and control  units obtain an holistic  overview of the company‘s  important issues
  • Efficient and effective  corporate-management and  control

grasec12

An Integration Strategy according to iGRC® – a process organization example

grasec13

According to our experience, in addition to efficiency also acceptance can be increased through iGRC®

grasec14