Chapter 7. Taking Steps toward Better Internal Controls

Almost every problem that a company confronts can be traced back to a lack of good internal controls. Good internal controls mean that you know what is going on in the business, in every key business process. Strong internal controls can also help you monitor and reduce risks. Internal controls are really the essence of good governance, taking a policy and translating it into the details of day-to-day business practices.

In this chapter, we look at the importance of good internal controls and how automating those controls can streamline your business and help you catch the exceptions to the rule. Finally, we look at the SAP solution for automating internal controls: SAP GRC Process Control.

Understanding Internal Controls

Internal controls may mean different things to different people. To a clerk in the purchasing department, having an internal control may mean double-checking vendor invoices for inconsistencies; to a CEO, an internal control may mean evolving a control policy to ensure effective overall governance. Also, control owners and business process owners may find themselves at loggerheads. A control owner is in charge of designing controls and making sure they work properly to prevent problems. A business process owner, on the other hand, is mainly concerned about running his or her department, looking at the bottom line. If, for example, an employee is able to create a vendor and pay a vendor, the control owner recognizes ...

Get SAP® GRC For Dummies® now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.