What is SAP Process Control?
SAP Process Control (PC) is Solution which can be used by organizations to manage their compliance processes more effectively and realize the value of a centralized model for compliance initiatives.
Master data, assessments, manual & automated testing, workflows, reminders and escalations, certifications, and the use of interactive reports support members of business process teams, internal control, and internal audit to carrying out their individual compliance activities.
Process Control provides a centralized controls hub in which testing, certifications, and policies, monitoring and documentation can take place.
Process Control is a key part of SAP’s GRC software, sitting alongside SAP Risk Management, which enables an organization to define its enterprise risk and responses to those risks and SAP GRC Access Control, which assists in detecting, remediating, and ultimately preventing access risk violations.
Although not a requirement for implementation, Process Control can be integrated with these two modules to provide added value to customers of SAP GRC.
Tips & Tricks`
Functionality –
- The Supports scoping through risk assessments and materiality analysis as well as the planning of control testing.
-
- Establish integration with Risk management using Controls design assessments/ self-assessments and manual test of effectiveness to auto update values of completeness and effectiveness.
- Supports did to & can-do analysis through mitigation assignment & control assignment.
-
- Establish integration with access control using mitigation assignment linkage provided with reference to organization and control assignment in master data, the organization which are assignment with mitigation control are usually local and hence the controls which are being used should also be made local, there can’t be central reference.
- Provides documentation of both centralized and local control catalogues, alignment of compliance initiatives and efficient management of risks and controls through workflow functionality.
-
- We can use the concept of shared service provider and receiver, with shared services model whenever an organization which are been considered as provider undergoes an assessments cycle, the corresponding receiver organizations shares the results with the provider which presents duplicate assessments in receiver organization.
- Master data helps in establishing the linkages with the different entity such as organization, process, sub process, controls, risk, policy & regulation.
- It Supports the design and test of the operating effectiveness of controls with online or offline workflow.
-
- Using Control design assessment – usually triggered to control owner to design/ build the controls, questions / survey can be set in assessments usually a quarterly assessment cycle.
- Using Self assessments – usually triggered to control performer to see the efficiency of control, questions / survey can be set in assessments usually a monthly assessment cycle.
- Using Manual test of effectives – usually triggered to control tester to see the steps assigned to control testing. Test plan can be set in assessments usually a quarterly assessment cycle.
- Using manual control performance – usually triggered to control tester to see the detailed granular steps assigned to control testing. Can be set in control performance tab, usually a monthly assessment cycle.
Every Business in default will have a risk management process to reduce the risk under control to the maximum extent. Though every business has risk management, but it depends on the execution of the same to have enough control over it.
DataNub Technologies ensures to provide best practices which help our customers in managing business risk through our consulting service and implementation of the services through our service support/ Expert-on-Demand.