IT Security and Compliance
SAP GRC Implementation
Designing and Implementing IT General Controls to meet Regulatory Compliance Requirements.
Adopting an intelligent approach to IT general control development by:
- Using external/internal audit findings as the basis for control requirements.
- Determining and incorporating all applicable regulatory compliance standards.
- Focusing on core areas of expertise-- access control and remediation.
- Conducting workshops to ensure buy-in from stakeholders comprising executive management, business risk managers, business owners and legal to ensure a strong governance model.
Achieving Cost Containment with Control Rationalization.
Achieving cost containment by rationalizing controls across:
- Regulatory compliance requirements.
- Application platforms.
- Lines of business and geographies.
Achieving Cost Reduction using World-Class Offshore Delivery Capability.
Achieving cost reduction by:
- Delivering projects with a world-class offshore delivery capability.
- Maintaining optimum on-shore to offshore resource ratios to ensure program success.
- Apply specially designed implementation and delivery blueprints optimized for offshore delivery.
Developing Optimum Solution Architecture.
Designing optimum architectures by focusing on:
- Meeting business requirements by maintaining requirements traceability.
- Reconciling orthogonal agendas of risk mitigation measures and business agility.
- Transforming controls to business enablers.
Assuring Delivery with Leading Project Management Practices.
Assure project delivery by:
- Reducing the risk of implementation by providing special attention to the planning phase: project estimation, task and resource scheduling, and communications.
- Reducing the risk of implementation by adopting the agile implementation methodology
- Regularly providing project status updates to stakeholders, pro-actively escalating issues.
- Paying due consideration to user acceptance training and user training activities.
Extending Enterprise Risk Framework.
Develop IT Risk Framework by:
- Advising executive management, risk officers, controllers, and legal on benefits of control rationalization to meet multiple regulatory compliance standards.
- Aligning IT control development with the broader enterprise risk framework roadmap.
- Implementing comprehensive reporting modules to enable controllers, risk officers, line of business owners to instantly and continually gauge the level of risk in their current sphere of responsibilities and influence.
- Developing IT security policies related to deployed IT controls.