03 Apr How SAP GRC Helps Efficiently Manage Global Compliance Policies
You can’t escape government regulations. They burden nearly every organization. To effectively comply with them, you need an enterprise-wide strategy and enterprise software. Organizations already invested in ERP solutions like SAP often implement complementary governance, risk, compliance (GRC) functionality. It’s a sound strategy, building on the foundation of information, functionality, and processes already created with an ERP solution. GRC capabilities create the enterprise-wide foundation for managing global trade compliance policies. Securing access to data and systems, streamlining process control operations, identifying areas of risk and potential fraud, and automating audit processes are key capabilities provided by GRC modules.
Being A Global Organization Brings Additional Compliance Requirements
Every organization with a global footprint faces additional requirements, dependent upon the products, services, business partners (vendors, customers, etc.), data protection and privacy policies, to name a few. Then there are the domestic, country specific, and international certifications, guidelines, and policies to adhere to.
Similar to the GRC strategy, organizations with global activities often choose to address global compliance requirements by implementing a global governance, risk, and compliance program with accompanying software such as SAP-GRC) module..
On an additional compliance note, building on the established ERP and under the GRC compliance umbrella, global trade compliance can be handled via the SAP GTS module. GTS automates and manages key global trade processes such as product classification, denied party lists screening, and security filings. Together, GRC and GTS functionalities help organizations efficiently manage global security/compliance and global trade compliance policies.
How GRC Helps Manage Global Compliance Policies
GRC institutes the enterprise policies to control, monitor, and analyze access to information systems and their data. These policies create a separation of duties to help ensure compliance and reduce risk. GRC functionality supports global trade compliance policies in 3 key areas—access, fraud, and audit.
Control Access Based on Roles and Responsibilities
Access controls automatically detect and prevent access risk violations to ensure only authorized individuals get access to information and systems supporting all business processes, including global trade data. A few examples show how access controls and separation of duties(SODs) support global trade compliance policies:
- GRC SODs establish that the global trade compliance team members are the only authorized individuals to resolve or release transactions
- The person approving a letter of credit has a higher level of authority than the person requesting the letter of credit.
- Final approval for shipment of goods is confirmed by a person different from the one who initiated the order.
- Only authorized members of the financial team have access to the financial records of the master data (customers, vendors, partners, etc.) thus preventing unauthorized changes to the invoicing or payment data.
Throughout all of these transactions and processes, GRC functionality monitors the activity and records instances of policy violations. As regulation changes are introduced, GRC facilitates easy and consistent modifications to enterprise access policies. Best practices recommend that modifications to access policies be documented prior to making the changes.
Fraud: An Increasing Threat
When hundreds to thousands of transactions are executed in any given time period, fraud is an ever-present risk. Incorrect product valuations, shipping goods to an unverified address, discrepancies between the purchase order and the invoice amount,unauthorized access to data (banking info, account info, etc.), and the increasing incidence of identity fraud are only a few of the ways criminals and unscrupulous employees can acquire goods or embezzle funds.
GRC greatly diminishes the risk by automatically monitoring data and transactions in real time to identify potential fraud. When fraud is suspected GRC functionality provides the relevant information and documentation to help streamline investigation and resolution of the incident.
GRC audit functionality takes advantages of information and processes created with ERP foundation, the policies created by GRC, and GTS logs enable efficient audits. GRC automates the audit process by capturing artifacts and evidence and creating the required reports, thereby reducing the time, costs and department overhead associated with manual audit processes.
GRC audits provide the required level of detail to both confirm that business activities are compliant as well as identify policies and processes that need to be improved. In the context of global compliance trade, an audit can show:
- The number of blocked transactions that occurred in the past month, and changes are needed to reduce blocked transactions;
- Validation of access rights, usage, and duration for accounting data and system metrics; and
- Create a report summarizing exceptions to access policies, e.g.:
- unauthorized attempts to access resources, data, processes,
- Possible breaches of SODs.
- Identify what policy modifications should be made based on these findings.
With the increasing frequency of audits—both internal and external—automation brings greater efficiency in conducting audits to review and verify global trade compliance policies.
Successfully Manage Global Trade Compliance Policies
The rules and regulations that govern global business change constantly. That means ever-greater responsibilities and costs for organizations conducting business across borders. Success in managing the complexities of compliance and global trade begins by:
- Identifying the relevant rules and regulations that affect your business;
- Developing a well-reasoned enterprise strategy to comply with these regulations; and
- Implementing enterprise software to create and enforce these policies throughout your business processes.
It’s a daunting task, one best undertaken with the help and guidance of a partner with a focus on SAP GRC implementations. An experienced partner is skilled in analyzing the unique aspects of your business and, using that information, determining which regulations, policies, and guidelines apply. Equally important, they have the knowledge to apply the proper SAP GRC functionalities to best meet those needs. The appropriate access policies, fraud monitoring, and automated auditing provide solid support for global trade compliance.
Pinary, Inc. is an SAP Partner, ASUG Member, and Open Compliance and Ethics Group (OCEG) think tank member. With more than 20 years of successful SAP implementation experience, we specialize in global trade services (GTS). Contact us today to realize greater efficiency in managing global compliance policies.