SAP Risk and Controls – System reliability and integrity to drive business performance

Embedding controls into your enterprise system during the SAP implementation and preparing you for compliance activities and requirements for Day One compliance.

As your business and IT landscapes transform, security, controls, and risk management functions must adapt to ensure your critical assets are protected and compliance requirements are met in the new SAP landscape. Through the collaborative design of security and controls, our integration methodology sets the stage for day 1 compliance. Some of the ways in which we accomplish this are through helping companies:

• Understand the current state of controls and security framework and develop a journey that will help achieve the future vision and goals.
• Design solutions based on the scope and requirements gathered from business stakeholders of the future state vision, to support seamless end to end process flows with identified risk and control points and security implemented.
• Build the designed solutions and ensure controls and security are tested to provide assurance that they are in line with the requirements, overall vision, and objectives of the program.
• Identify key security and controls to be loaded during cutover and ensure future state readiness.
• Transfer knowledge from the program team to “business as usual” support teams.

PwC’s S/4HANA controls methodology focuses on delivering a cost effective, appropriately controlled solution, placing emphasis on:

• Establishing a rapid return on investment through building a cost effective, sustainable security and controls model
• Decreasing level of effort required to sustain and audit the new system
• Delivery of a highly “mature” control environment, leveraging SAP’s functionality for controls automation and GRC

Evaluating risks related to cross-border activities, implementing controls to prevent any violation and maximizing tax savings opportunities.

Global trade gives access to foreign markets and creates important growth opportunities for companies; however, international trade is subject to complex and constantly evolving regulations, from both the US and foreign entities. While companies face increasing pressure from protectionist measures, misconduct and violations are much more frequent leading to penalties, reputational damage and loss of market share. Additionally, operational efficiency and cost savings are at risk due to ever-changing tariff laws and a reliance on the work of third-party brokers.

With different focuses and shared missions, C-suite executives need to have conversations with their Boards about the impact of these changing US trade, tariff, sanctions, and export control policies and regulations on their company’s overall business strategy, plans, operations, and controls.

Our team partners with our clients to gain insight into the impact of changing trade policy and regulation on their business and helps identify opportunities for policy consulting, compliance & risk mitigation, and strategic business planning.

• Delivering a secure SAP landscape by embedding security, as well as extending and enhancing cybersecurity policies to fit technical needs.
• Manage new cybersecurity risks & ITGC requirements for a modern technology environment leveraging cloud applications such as Ariba, Concur, Successfactors, etc.

• Better business through better insights.
• Leveraging analytics and reporting software to automate access to key compliance information, drive real-time decision making, and gain insights into the control environment.
• PwC helps clients monitor transactions real-time to identify segregation of duties and exceptions to take immediate action, versus sifting through volumes of transactions and attempting to find the needle in the haystack.
• Key control KPIs can be monitored post go-live to provide visibility into automated control effectiveness and any control bypasses.
• PwC’s Transaction Outliers solution powered by Enterprise Control (see below) analyzes every transaction within a business process, highlighting those transactions that violate business process rules.

Enabling GRC tools to support sustainability and automation in managing security and controls while helping achieve risk management objectives.

With the introduction of S/4HANA, PwC helps clients extend their GRC solutions to automate access & manage risk in an increasingly complex SAP landscape, including SOD and critical actions monitoring for Fiori and other cloud applications. Our team focuses on helping our clients harness the value from their GRC investment with S/4HANA.

• Move away from a lengthy request process with S/4HANA Automated Provisioning. By building automated provisioning the right way, clients can spend less time requesting access, more time doing work. This can also include integrating GRC with HR applications.
• Simplify security with S/4HANA Business Role Design. Simplify complex S/4HANA application landscape & improve user experience via GRC business role analytic driven solutions.
• Update controls consideration to include S/4HANA SoD ruleset for Fiori and HANA Database. PwC has deep industry expertise and leading class SoF ruleset design accelerators to integrate monitoring of new functionality.

Obtaining impactful insight to assess and address your risk and control environment, including SAP systems, data, financial and operational processes throughout the M&A deal continuum.

PwC helps clients identify risks earlier and more effectively through impactful analysis and enhancements to the current control environment that will help mitigate and monitor ongoing risks, as well as manage the cost of compliance.

PwC brings a unique combination of SAP risk and controls expertise along with technology accelerators to help clients plan and execute mergers and acquisitions. We work alongside our clients throughout the deal decision and execution process to help assess risks as the risk profile changes.