Assessing Your Compliance Management System: Global Compliance with SAP GRC and GTS

These days, protecting your business means protecting your data, your processes, and your overall operations, which translates to creating and maintaining a Compliance Management System (CMS).

Understanding the full expanse of compliance from security, governance, risk, and policy to your global trade aspect of import/export both domestic and globally is daunting, but absolutely necessary. Wading through the vast land of IT, industry specifics, and global trade regulations quickly becomes an overwhelming process and convoluted with information overload. It becomes apparent that a CMS program can become quite unwieldy and requires a better system of management. Thus, many if not all, businesses will be employing a CMS software solution to help.

Organizations will often dig themselves into a hole when comparing all of the compliance management systems (CMS) on the market. It is both time-consuming and confusing to dive into all of the available options. This gets worse when a business realizes that their requirements for a compliance initiative have not been fully identified internally, which is a direct result of not properly analyzing their strengths and limitations. Without this information, how do you go about properly evaluating CMS software solutions?

The first step is evaluating your exact domestic and global compliance requirements.  You will have to identify your immediate and future business needs and requirements, and compare them with agreements and regulations such as SOX, HIPAA, FISMA, , NAFTA, and regulating offices such as NIST (U.S Department of Commerce: National Institute of Standards and Technology) OFAC (U.S. Treasury Department: Office of Foreign Assets Control) and BIS (U.S. Department of Commerce: Bureau of Industry and Security). Unforeseen changes such as Trade wars, like the current U.S./China tariff disagreement, must be included in the discussion in order to develop a comprehensive, strategic, global solution. You need a CMS software to help reduce your risk exposure and possible fines, and to use automation for key processes to reduce the mundane and day-to-day tasks so that your security and trade compliance departments can focus on real compliance issues.

When diving into the morass that is the CMS software landscape, your chosen solution must address all of your trade and business concerns. While there are many solid solutions that can perform CMS functions, they are mostly task and function specific: they are not comprehensive. In contrast, SAP is known to be a comprehensive ERP software and its comes with distinct advantages. SAP’s ERP solution is module-based, including the GRC (Governance Risk & Compliance) and GTS (Global Trade Services) modules, which can be independently added, altered, or updated as your organizational needs change. The modules can be added as part of a non-SAP ERP system, or as standalone solutions, so you can add them to your CMS program regardless of your technology level..  While this sounds very promising, none of this is possible unless you address a few key factors in your decision-making process. *Note: SAP GRC cannot stand alone, while SAP GTS can.

What Is Your Current Compliance Management System?

The beginning of a compliance management system project must start with looking at how your business processes currently achieve compliance. This includes taking a deep look into all divisions, global and local, to seek out the processes in place within your business structure such as finance, IT, operations, and executive departments. This will include identifying manual or siloed processes, as well as those which are redundant, expired, or ineffective. Diving into your global procurement, sales distribution, and logistical sites will be a crucial element in understanding what trade regulations you are subject to and how customs affect your overall distribution and supply chain. Whether, you have an SAP GTS or another CMS software or handling compliance manually in-house or via a third-party vendor, obtaining a clear and real-time understanding of your compliance requirements is imperative. Further, understanding where your company came from and more importantly, where your company’s compliance needs are going is paramount.  

This in-depth look into your organizational processes lets you compare the best practices within your industry, and specific needs of your company. This process lets you see where your current compliance management system supports the functionality of your business, and where it has become outdated or ineffective. Obsolete manual global trade functions and processes performed such as utilizing spreadsheets, internet searches, incompatible home-grown software, and even email queries lead to serious problems. Roles cannot be properly defined, tasks get missed or are incorrectly assigned, and overwhelming volume will quickly sink your business in fines and penalties.

Pushing to automate global trade as well as governance, risk and compliance requirements effectively solves these issues while providing fraud detection, which is next to impossible with manual processes. Those without a reliable software solution often lack breach policies due to incohesive monitoring. Making matters worse, there is a lack of any contingency or emergency planning. These crucial elements must be in place by the end of any CMS, and yet many of them are missed because businesses do not know what they really need. Engaging a third party to assist is important not just to see everything for what it is, but to fully analyze each solution to ensure the correct one for your business operations.

What are the Advantages of SAP GTS & SAP GRC Over Other Solutions?

There is one key advantage to using SAP GTS: It is a module-based solution that can both stand alone or connect with any other SAP ERP system, Non-SAP systems, databases and more. Also, SAP GTS seamlessly works with SAP GRC and thus completes the compliance spectrum. This gives you flexibility for your business requirements and an advanced level of automation for business processes. That automation can be globally available to all of your systems regardless of country, or industry. Once in place, automated processes s greatly reduce the risk of global trade violations while giving you just the functions you need, saving on implementation time and money.

The specific SAP GTS functions which businesses require in a solution will vary due to business-specific needs. However, consistent across all businesses the advantages of SAP GTS are:

• Connects with SAP and non-SAP systems, databases, etc.
• Can be a stand-alone system
• Can be configured/customized to fit all businesses and industries globally
• Has the ability to be compliant with various regulations for both exports and imports, from denied party screening to communications with customs, FTA’s, etc.
• Has the ability to reduce the day to day mundane tasks for a compliance business user by automating most business processes.
• Consists of detailed level audit trail which provides information not only to management but also for internal and external audits.
• It is used as a ‘system-of-record’ for all your exports/imports
• The level accuracy and automation drastically reduces the risk of non-compliance, and penalties.

The advantages of SAP GRC are numerous, however again, the most ubiquitous advantages are:

1. Maintains a Defined Organizational Hierarchy  

• Organization layers are defined within the GRC tool (generally as a one-to-many relationship).
• Business units are mapped to business processes  
• Assigning applications/systems by level and authority providing better access control and understanding of access being provided

2. Provides Consolidated /customized to fit all businesses and industries globally

• GRC allows stakeholders and managers to access all relevant information in manageable formats for all compliance requirements  
• Consolidation improves consistency of governance and policy processes across the organization’s landscape.  
• Process consolidation with SAP GRC allows an organization to manage and dictate workflow capabilities.
• Configuration flexibility makes it possible to consolidate control over all processes that are applicable to the organization while also executing efficiency updates to policies as required.

3. Provides Improved Communication

• o   Provides improved communication across the organization and with external partners along with compliance agencies/organizations
  • Better relationship with business and IT stakeholders
  • GRC utilizes access control capability so that compliance teams can share data and efficiently update information as compliance needs and/or requirements change
  • To collaborate more effectively by allowing all relevant resources to understand the business and the information stakeholders
  • Allows the organization to let go of legacy tools, manual processes, inherent risks, and old methodologies

When considering the other trade compliance software solutions on the market, you will quickly find that while each meets some needs, but none of them provides the level of automation and integration that SAP GTS does. Deciding to use a trade software that only solves part of your trade compliance puzzle will force you into adding other software solutions to fill your gaps. This increases risk, not only in terms of limited technical support, maintenance, and role allocations, but vendor stability. Smaller and less complete software developers are prone to mergers or failures, both of which will quickly destabilize your ability to expand or get help going forward. Thus, your CMS software solution is a hodgepodge patchwork of siloed solutions that are weakly connected by manual intervention waiting to unwind. It is understandable why SAP GTS is the prudent choice.

The same can be said for SAP GRC. Other GRC software also follows this pattern, leaving unfulfilled requirements or limitations on the CMS program. Again, piecing smaller solutions together always leads to gaps and points of failure. During upgrades, functional and component additions/deletions, or other changes, these weak spots always manifest as system hairballs, hard to look at and harder to untangle. Sometimes, these issues are so convoluted that it is not practical or possible to back out, leaving the CMS program weakened or exposed. Most if not all of these issues can be avoided by marrying your CMS program with SAP GRC.

Getting the Help You Need From an Experienced Partner

Assessing a CMS solution is a complex undertaking that requires you to know your overall goals in exact detail. It is important to know what to look for in an SAP GTS and SAP GRC implementation partner. Your partner will need experience in a broad range of industries and should have an excellent track record of success. A valued partner will be honest and forthright with you while remaining sensitive to your business needs and goals, maintaining an eye on any limitations and specific requirements. Your partner should be knowledgeable and open to creating a custom and innovative solution for you.