And now... for something totally different... WHAT THE HECK IS SONNY REALLY DOING IN INDIA?!?!
By now, I'm sure you may have taking a few seconds and wondered what is this SAP GRC thingy that Sonny is doing -
No, IBM has not sent me to India to go in the jungle and collect sap from the trees. And, no I haven't started behaving like an out of control 'sap' so IBM has shipped me out to India until I behave myself.
No, IBM has not sent me to India to go in the jungle and collect sap from the trees. And, no I haven't started behaving like an out of control 'sap' so IBM has shipped me out to India until I behave myself.
For a quick and dirty definition, SAP is a company wide, web based solution for businesses which has a single database and business process modules 'plug' into the single database allowing them to communicate in synch (on-demand) with each other.
The resources (employees) that are using the company's computer system, access' to the system, is configured to allow them to only see, edit, or pull reports from the system that are needed for their role in the company.
The resources (employees) that are using the company's computer system, access' to the system, is configured to allow them to only see, edit, or pull reports from the system that are needed for their role in the company.
Now comes the GRC part:
GRC is one of those above mentioned modules that 'plug' into the companies system. I will break it down to ABC's.
G is for governance: This means taking care of business, making sure that things are done according to the company's standards (and those of the auditors).
It also means setting your expectations of what should be done so that everyone is on the same page with regard to how your company is run.
R is for risk: Everything we do involves an element of risk. When it comes to riding in a rickshaw through the streets of Bangalore or dancing wildly to Bollywood music in public, it’s pretty clear that certain risks are just not to be taken. Ha!
However, when it comes to business, risks MUST be taken in order to succeed and grow. Managing those risks are a way to help you protect what you have, strategically expand your business and add new products & services.
They all come with risks that when managed, are good and healthy for business.
They all come with risks that when managed, are good and healthy for business.
C is for compliancy: It's all about being compliant with the many laws and internal company directives affecting businesses (and taking time away from THE business).
This also includes putting certain controls in place to ensure that the company remains compliant on a proactive basis.
This could even include things like monitoring your factory’s emissions or ensuring that your import and export papers are in order. Or, it might just simply mean that all roles are separated properly to help avoid fraud.
For example, the same person should not be creating vendors and at the same time cutting checks to his brother-in-law José on the side.
For example, the same person should not be creating vendors and at the same time cutting checks to his brother-in-law José on the side.
Compliancy also relates to laws such as Sarbanes-Oxley (SOX), which is all about stopping another Enron from happening. http://msdn.microsoft.com/en-us/library/aa480484.aspx
In a nut shell, GRC is not only taking care of the business by establishing standards, managing risks and complying to audits, but it's basically about making a paradigm shift in your company, helping it to change and run more efficiently in a more proactive way.
Note: If there are any SAP / GRC experts reading this, who really know what SAP GRC is all about, please feel free to (discreetly) send me corrections and comments in order to make this post as accurate as possible.
Sounds very interesting. I particularly like the fact that you refer to Microsoft for additional explanation....
ReplyDeleteHey Marcel, Oh yeah... I didn't even notice! That's MS for you! On top of everything!
ReplyDelete