Home

     About Us

     Our Services

     Our Difference

     Our Success Stories

     Our People

     Careers

     IT Security News

     SAP Resources

     GRC Resources

     KeyTeam

     Press Releases

     Contact Details

SAP GRC Frequently Asked Questions

How long will my GRC Project take?

Of course this will depend on a number of factors, like what modules you are implementing, what your objectives are, and the state of the security design and internal resources you have.

  • In general the expectation should be for 3 months plus for a complete Compliance Calibrator project.
  • Firefighter and Role Expert projects will take at least 1 month.
  • Access Enforcer projects are more likely to be similar in timescale to Compliance Calibrator.

The implementation and configuration is not actually the most time consuming part of these project, generally it is the security remediation and mitigation phases that will consume 60% plus of resources.

If you would like some customised advice on timescales you should expect, please get in touch and we can assist you in putting together a more accurate model. Please also see the following resources:-

SAP GRC generic project plan

Principles of GRC projects article

Who will the project involve, and what time commitment does it take?

Basis & SAP Security team, Business managers, Internal/ External Audit

  • Basis team will need to be involved to a limited degree when the actual installations take place, though are not usually required much after this period.
  • Business Process owners will need to devote time regularly throughout the project, attending workshops on Risks and Approval workflows for example.
  • Internal/ External Audit should be involved at regular intervals as well, contributing advice on SOD risks and connected mitigating controls for example.
  • Most businesses find that a small, dedicated GRC team is the best way to proceed, bringing in business owners on an ad hoc basis.

If you would like some customised advice on exact skill sets required through your project lifecycle, please get in touch and we can assist you in putting together a more accurate model.

Please contact us to get further information on:-

The standard SAP “Quickstart” 2 wk training schedule

Synopsis of skills needed by module

What training & skills are most important for team members?

As this is relatively new technology and a slightly different approach to responsibility for Security there is a lot of confusion over skills your core project team will need.

  • Project management skills, and preferably some experience of GRC would come top of the list of key skills. Project success tends to depend as much on knowing what doesn’t need to be done as what does need to be done.
  • Good understanding of general Risk management, as GRC projects are aimed at a far more integrated approach than managing SAP Security by itself.
  • Reasonable understanding of SAP Security is preferable, but this really only has to be a basic understanding
  • More important is a good understanding of SAP Business Processes, and in particular how they used in your environment.

If you would like more advice please get in touch and we can discuss the key skills required, and map out a training plan for your team members.

Should I convert my current SOD rules or take the standard Rules provided?

There are good reasons to go either route, though we would generally advise on taking the standard rules as the starting point.

  • Dependent on what the timescales / objectives are – limited or for continuous compliance.
  • Always recommended to customise standard Ruleset to your business environment, which could be done in as little as 2 days.

To discuss this in more detail please get in touch, and we can either assist your team in preparing a Rules management plan or just provide some simple pointers.

What modules should I implement first, and why?

The standard methodology is to implement Compliance Calibrator first, as this is the Hub system

  • There are actually a number of different ways you can implement dependent on what your current environment is, and what you project deadlines are.
  • In order to be confident in any implementation methodology we would advise you get some advice prior to starting.
  • There are a number of inter system dependencies between GRC modules which will affect your planning.

This area is highly complex, and dependent on a huge number of variables.

What is the standard methodology might well not be the best route for your requirements or environment, so we would stress that this should be considered in detail before committing to an action plan.

Page 1 of 2 | › Next

What makes us different

What makes us different Having focused on the IT Security niche Turnkey Consulting have developed a unique methodology for the delivery of ERP Security.

About Us

About Us
Founded in 2004, Turnkey Consulting provides specialised security consulting services to clients across industry sectors

Success Stories

Success Stories
• Implementation of SAP Security at Large Government Agency.
• Implementation and Support of SAP Security at a Leading National Airline.
• SAP Security Review at a Hong Kong Power Supplier.

© 2008 Turnkey Consulting Ltd | Site Map | website by Pink Cactus | Member of the SAP Global Security Alliance