TEN YEARS of SAPinsider GRC events in Europe. Ten! Every year, I make the claim that the event was definitely the ‘best yet’ and this year is no exception. It was for many reasons—like higher attendance, significantly more customer sessions, a presentation by Michael Rasmussen (the godfather of GRC), greater coverage of the extensive SAP GRC product suite, and a focus on burning topics such as GDPR and GRC for SAP Digital Boardroom.

But the best ‘judge’ of these events are our customers and the initial feedback has been unanimously positive.  So what’s changed? What are the main differences between the ‘trial’ event we held for one day in 2008 and where we are in 2017?

1)GRC Maturity

Before 2008, the big focus was still on controls and compliance. With events such as the DeepWater Horizon oil spill and the financial crisis of 2008, it kick-started the additional focus on ‘risk management’ which we saw develop and continue to increase to this day. Back in 2008, we were advertising the benefits of integrating risk management with controls/compliance management. It wasn’t a new concept—but it was one that had not been adopted by many. These days most customers understand that this should be the default. Methodologies such as the Three Lines of Defense or Combined Assurance are accepted best practices these days and customers are realising that a GRC platform should be their strategic direction.

2)The SAP GRC Suite Explosion

In 2008, the picture of SAP GRC solutions looked as it does here.

Essentially, we were selling the ‘core’ of GRC: risk management + controls/compliance management. But in 2017, the picture looks very different:

We still have the core (but now the solutions are unified, sharing master data, and so on). But we also have developed and partnered to try to meet the increasing demands on our customers today such as next-generation solutions around cybersecurity, access governance, regulation management, and more.

The Wannacry attack was a wake-up call for many. I’ve already discussed the dangers of ransomware attacks in a recent blog (Cybersecurity in 2017 – Don’t Be Afraid, Be Aware). But the shocking thing with this attack wasn’t the extent of the problem created, it was the fact that it was stopped due to a coded ‘kill switch’ which may not be in other variants. The planet was lucky …..this time!

Cybersecurity is just getting hotter and hotter and finally people are starting to take notice. It was a necessity for us to add security solutions such as IDM/SSO, UI Masking/Logging and the new SAP HANA-powered cybersecurity solution, SAP Enterprise Threat Detection, to the GRC suite. Today, the SAP GRC suite has a major part to play in helping organisations protect themselves as much as is possible.

SAP has also dramatically enhanced our access governance suite by:

  • Adding partner solutions to the suite such as SAP Access Violation Management by Greenlight to extend and enhance the capabilities of SAP Access Control
  • Moving onto the ‘next-level’ of access management, ABAC (Attribute Based Access Control) through SAP DAM (Dynamic Authorizations Management)

Add to all this the new public cloud solutions; the solutions created because of the game-changing speed of SAP HANA; the new solution partnerships with companies such as Thomson Reuters, HP, TrendMicro, Sungard and more….With all these advances, we can see how determined SAP is to ensure that the GRC suite continues to develop and grow with and for our customers.

3) Customer Stories at SAPinsider

With the above point in mind, it was great to have such a broad range of solutions being presented by our customers themselves. Customers showed off the benefits they were seeing with SAP solutions for everything from process control to risk management, audit management to fraud management, access control to access violation management. Releasing a new product is always an exciting time, but it really makes it worthwhile when a customer  has bought, implemented, tested, and then presented that product back to us—highlighting the value which they are seeing.

Sometimes products can improve efficiencies, manage risk, and speed up processes. And sometimes, just sometimes, when implemented well, they can change the entire culture of an organisation. Hearing those stories from companies such as Vodafone, Exxaro, and Reliance was fantastic to witness.

4)GRC and SAP Digital Boardroom

GRC in SAP Digital Boardroom  made a dramatic entrance, with developments from SAP, EY, and Deloitte being presented to the audience.

SAP has worked hard to ensure that there is massive flexibility around the reporting options available to any GRC customers, and SAP Digital Boardroom demos brought ‘the art of the possible’ to life. Presentations from Peter Alexander from EY and Thomas Frenehard from SAP showed the variety of options available to customers today. Some boardrooms were very product specific while others merged the GRC data with their own KPIs and strategic objectives to simply bring risk-based thinking to the management level.

To Sum Up

So, in summary, another GRC SAPinsider event is over and it was a pleasure to attend. It’s fun hearing customers enthuse about the value they are getting out of the solutions. It’s fun hearing how customers have taken some of the solutions and started to twist and shape them for their own purposes. It’s fun watching eyes widen and jaws drop as some of the latest technologies are presented. And it’s fun meeting the growing SAP GRC ‘community’ again. I look forward to next year when I am almost certain that GRC2018 will be ‘the best yet.’

Read our other GRC blogs for more on governance, risk, compliance, and security topics.