SAP Goverernace, Risk Mgmt & Compliance Approach Understanding
Filed in archive Enterprise Software by prashanth on July 05, 2006
After SAPPHIRE06 , i have always wanted to spend sometime better understanding the GRC (Governance, Risk-Management & Compliance) Model of SAP, As during SAPPHIRE06 the keynote speakers made it quite clear that in SAP all the compliances pieces are comprehensively available with their final acquisition of VIRSA,
Today, i spent sometime reading the white papers available on the site,this one started with what SAP termed the GRC Maturity Model, which is a suggested course/approach for all organizations chart through the murky waters of Governance, Risk-Management & Compliance.
GRC Maturity model explained:
phase
1: Blissfull Unawareness
Phase 2: Fragmented Implementation
Phase 3: Consolidation
Phase 4: Operational Excellence
This chart highlights the same, 
Phase 1:
management is unaware of the interdependencies of risk and governance and is focused only on the obvious, most critical mandatory compliance issues. Companies in this phase are often early start-ups and small, private businesses that are more concerned about staying afloat,This limited GRC awareness trickles down to employees and is reflected by little investment in tools and policies to support
GRC.
Phase 2:
The majority of organizations today fall into the fragmented implementation phase. For these companies, the pressures of local regulatory compliance issues, corporate governance demands, and dynamic business models usually result in disconnected, tactical approaches to these issues. However, there is a growing awareness among executive management that something must be done about the fragmentation of their governance, risk, and compliance initiatives.
Phase 3:
When your organization evolves into the consolidation phase, the GRC committee has developed and accepted a consistent GRC framework, senior management has committed to it, and your organization is ready to initiate a strategic change. Typically, one or two high-risk projects are selected to serve as pilots for the GRC framework.
Phase 4:
When your business has successfully transformed the way GRC is embedded into your culture and business processes, you are moving into the operational excellence phase. Characteristics of
GRC operational excellence typically include a balanced GRC view across all processes, projects, and objects; GRC ingrained at all organizational levels across the enterprise; and a common language and set of metrics for use with all initiatives.
Source: 1
Prashanth Rai
Permalink: SAP Goverernace, Risk Mgmt & Compliance Approach Understanding
Tags:
Governance Compliance Risk+Mgmt SAP GRC compliance risk+mgmt goverernace+risk
Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/27751
