Of course, some controls require human intervention. SAP GRC Process
Control supports manual control activities with smooth, workflow-driven
procedures that automatically notify the appropriate people of tasks and
action items and remove potential confusion. When control testers are
unable to respond quickly, workflows escalate or reroute notifications.
Testers are walked through guided procedures, and approved spreadsheet
templates and policy documents help minimize data collection errors.
Control testers can attach files and documents to serve as evidence of work
done, while the software maintains a complete audit trail and change history
of work done. SAP GRC Process Control also captures the monetary risk
quantification for failed tests, letting you know not only what went wrong
but how much that risk could cost you if it’s not mitigated.
SAP GRC Process Control provides remediation case management. It detects
global exceptions and prioritizes corrective action. The workflow-based noti-
fications alert users to failed tests or assessments while documenting remedi-
ation activities and resolutions. Dashboards and reporting help provide
insight into failed controls as well as allowing you to drill down for details
about how to address the underlying problem being identified.
SAP GRC Process Control also helps companies prevent control exceptions
from turning into material weaknesses by providing real-time visibility into all
GRC activities. Companies can use a geographical heat-map that superimposes
their business over a particular operating region, allowing them to identify
trouble spots for control exceptions and drill down for answers. Companies
can assign cases for fixing on the centralized remediation workbench, and
actions are tracked, documented, and measured.
The product can normalize the certification process by providing a hierarchi-
cal bottom-up progression of sign-off activities from business process owners
to location owners, corporate signers, and up to the CFO/CEO. Sign-off status
is monitored through dashboards and reports to ensure that executives are
kept informed of progress.