Chapter 16. Top Ten GRC Strategies

Are you eager to get started with GRC? This chapter details the strategies used in the most successful GRC projects.

Evaluate Which of the Most Prevalent GRC Issues Apply to You

The most prevalent GRC issues facing companies include audit compliance, segregation of duties, and internal productivity and resource availability.

For audit compliance, you should

Establish an approach and process to manage risks.
Pinpoint sources of deficiencies and data sources to identify preventative measures.
Eliminate conflicting testing methods and reconciliations.

For segregation of duties, you'll want to

Identify business functions that produce risks when executed by one person.
Gain risk visibility on 100 percent of user population.
Perform risk analysis before committing and approving changes to access controls.

To improve internal productivity and resource availability

Focus on prevention. It's better to prevent bad things from happening in the first place than to simply detect them after the fact.
Document test results and violations by business process and organization. Doing so will give you a scorecard of what's happening in various business processes and units.
Select controls and tolerances concurrent with organization policies, procedures, and regulations. In other words, you don't want alarms going off all the time — just when something warrants further investigation.

The 2006 SAP GRC Benchmarking Survey identified seven best practices for GRC: ...

Get SAP® GRC For Dummies® now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.