Chapter 16. Top Ten GRC Strategies

Are you eager to get started with GRC? This chapter details the strategies used in the most successful GRC projects.

Evaluate Which of the Most Prevalent GRC Issues Apply to You

The most prevalent GRC issues facing companies include audit compliance, segregation of duties, and internal productivity and resource availability.

For audit compliance, you should

  • Establish an approach and process to manage risks.

  • Pinpoint sources of deficiencies and data sources to identify preventative measures.

  • Eliminate conflicting testing methods and reconciliations.

For segregation of duties, you'll want to

  • Identify business functions that produce risks when executed by one person.

  • Gain risk visibility on 100 percent of user population.

  • Perform risk analysis before committing and approving changes to access controls.

To improve internal productivity and resource availability

  • Focus on prevention. It's better to prevent bad things from happening in the first place than to simply detect them after the fact.

  • Document test results and violations by business process and organization. Doing so will give you a scorecard of what's happening in various business processes and units.

  • Select controls and tolerances concurrent with organization policies, procedures, and regulations. In other words, you don't want alarms going off all the time — just when something warrants further investigation.

Adopt Best Practices

The 2006 SAP GRC Benchmarking Survey identified seven best practices for GRC: ...

Get SAP® GRC For Dummies® now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.