About Me

I'm one of the Directors @ su53 Solutions. su53 provides risk management, compliance and security services to companies that run SAP, reducing costs, automating process conformance, driving business results and enhancing your status as a trusted organisation. I'm passionate about Risk Management and Security. My views are influenced by OCEG thinking. My vision aligns Risk to Strategy, focuses on mapping controls to risks, leverages, CCM and data mining. All this operates within your boundaries. Technology is the enabler. Collaboration and Communication are key to the success of GRC. My path to my current role has been varied, joining a Big 4 as a post-graduate from Queens Belfast and Notre Dame Indiana, before developing in depth SAP® BASIS skills en route to a focused career plan to become a lead thinker in SAP related GRC, audit and security. I've travelled extensively and worked with many organisations(from Australia to the Arctic). The breadth of exposure to client SAP systems and the various attitudes, abilities, process and practices around risk management has given me a sound perspective on best-practice. GRC isn’t my job, it’s my passion.

Tuesday 15 March 2011

The Inside Track from Vegas


So the crazy world of Vegas is behind me and I am excited to share with you the outcome of another successful and motivating GRC event. Thanks WIS!
Exciting keynotes from key SAP  players with Jim Dunham, Sanjay Poonen and James Fisher all promoting the same view of how SAP are progressing in Finance and GRC and the significance of integration with the analytics layer. The product focus was around Enterprise GRC (Process Control and Risk Management), Access Risk Management and Continuous Transaction Monitoring (via Oversight) with positioning around closer integration with the Business Objects portfolio and bringing Performance management and Risk closer together.
Mobile computing appears to be a definite hot topic which I found interesting as I had initially discounted the ipad as more of a consumer device, however, there is such a strong drive towards utilising such devices to really engage business and increase adoption. The launch of the Blackberry Playbook (RIM) in April is going to be exciting as it is compatible with flash based applications such as Xcelsius.  
From a customer perspective there is an increased awareness around Continues Controls monitoring and continuous transaction monitoring. More customers are integrating their IDM solutions with GRC. There is lots of buzz around upgrading to GRC 10.0 and positive impressions of some of the new features – here are the Top 7 that really hit the spot with delegates;

  • ·         Process Control now includes policy management
  • ·         Technical layer now back in ABAP
  • ·         Common software and database – shared master data
  • ·         Enhanced SPM logging
  • ·         Process control queries now significantly more flexible
  • ·         CUP now leverages ABAP workflow
  • ·         Introduction of business role concept for CUP

There was also the feeling that many of the customers are entering an era of SOX maturity and they have an appetite for rationalising and streamlining. 2011 is going to be the year of organisations taking time to stop, think and plan for the future. No doubt we will see the reduction in the number of systems to manage risk and controls, more automation, management by exception and an overall rationalisation of controls. The CFO now wants to make the correct decisions, better and faster with less zero value added steps. There seems to be a realised reality that risks and controls impact business performance. With that in mind su53 insight analytics dashboards were really well received – these need to be shown to the business user to ensure appreciate of the benefits.

From my perspective, I saw a real step change in the way organisations are viewing and approaching risk. The emphasis is really changing – GRC will assist you with managing your risk and meeting regulations, however, it will also reduce costs and burden of the business controls. This step change is going to empower organisations to become more agile and drive better business performance.
With this in mind there is still not a great deal of risk management transformation talk amongst customers. There needs to be a move away from just technology and functionality and more of a focus on the velocity of business today and how understanding your risk profile and being able to take evasive action will ultimately change the performance and profitability of your business.

GRC 10.0 is a real step forwards for SAP customers. Convergence of the products, return to the ABAP platform, integration with CLM and an enhanced user interface is demonstrating that the technology has caught up with the positioning.

So it’s back to base for me and working on finalising the release 1 of our content for GRC for the Consumer Packaged Goods sector and P2P/O2C lines of business. We are really excited about this new innovation and look forward to working with SAP GRC customers implement at seeing how the utilisation of content and dashboards will help lower costs.

Key take home thought –“Link your risks and your controls to your strategy. Leverage technology to automate and manage by exception. Use data analytics to identify anomalies. Engage your business users with intuitive reporting. Change the emphasis of your GRC initiatives from burden to benefit. This will become the new normal for GRC solutions and SAP GRC 10.0 provides a great platform to achieve that.”

GRC Amsterdam is our next stop and I am looking forward to meeting up with customers and colleagues alike to share our next exciting innovation.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)