$100,000? Or would a manual process be able to generate an automatic report
if an important disbursement step is being manipulated or accidentally
missed?
The answer to these questions is a profound maybe.
As companies see the need for a unified and holistic GRC strategy, they are
also seeing the need to weave technology into the mix at every level of the
organization. And they are looking for products that not only match their
business model, but also the compliance and risk scenarios for their respec-
tive industries. They want IT solutions that can decidedly answer the preced-
ing questions in the affirmative and do so in a manner that reflects the
environment they operate in.
Therefore, they are looking for IT solutions that facilitate a unified corporate
strategy, incorporate the three control classifications (see the sidebar
“Controls: Tools of governance” elsewhere in this chapter), aid in discovering
new opportunities where GRC can align with the overall business goals of the
organization, and reduce the potential for loss or mitigate scenarios as they
may occur across the enterprise. Further, the benefits derived from this
approach would extend to partners, suppliers, and customers in a truly
systemic approach.
Just as you should avoid implementing a governance framework in a piece-
meal fashion, the same is true for GRC IT applications. Fragmented or seg-
mented automation efforts only confound the overall goal of a unified and
systemic governing structure.
The SAP Approach: Integrated Holistic IT for GRC....................................
As one example of an integrated IT approach, SAP provides a suite of inte-
grated solutions that are intended to support a holistic approach to GRC by
automating end-to-end GRC processes, which includes corporate governance
and oversight, risk management, and compliance management.
The primary motivations behind SAP’s unified platform approach flow directly
from established GRC goals, which, in a general sense, are to effectively govern
GRC activities from a system-wide and integrated perspective. Embedded in
the platform architecture is the intention to treat GRC as being one piece of the
company’s core business processes so that it can be integrated within the day-
to-day activities of the company.
The applications within the suite are each targeted towards a particular
aspect of GRC with one each for governance (SAP GRC Repository, shown in
Figure 3-1), risk (SAP GRC Risk Management), and a number targeted toward
Chapter 3: Governance: GRC in Action 83
