Four Steps to Keeping SAP’s Financial Processes Compliant – Step 3: Implement Internal Control Governance

Protiviti has identified four key steps that organizations can take to improve their overall control environment and receive the benefits mentioned below. Each of these steps will be a focus in this four-part blog series. In Part 1 and Part 2, we covered Step 1: Analyze SAP configuration and processes and Step 2: Optimize internal control framework. In this post, we will be covering the third step, implementing internal control governance processes, why it is important, and an example of a governance framework leveraged by multiple of our clients.

Protiviti’s four steps to improving the SAP control environment

Analyze configuration and processes – Identify and gain an understanding of the ERP ecosystem landscape (e.g., SAP instances and versions, Ariba, Concur, etc.), the business processes that utilize SAP, and their current control environment (e.g., manual controls, automated controls, key system-based reports, etc.).

Optimize internal control framework – Optimize and formalize the controls based on the results of the organization’s controls assessment.

Implement internal control governance processes – Implement governance processes for control ownership and management to keep controls updated and consistent.

Enable intelligent SAP control automation – Map automated control configuration opportunities to the identified control strengths, gaps and improvements as indicated in the steps discussed in this blog.

Implement internal control governance processes

During the third stage, implementing governance processes, the framework for control ownership and management is established to keep controls updated and consistent, given that most companies may have changes to the organizational structure and SAP system functionality over time. Furthermore, companies should determine global and local control owners that will be responsible for reviewing control parameters periodically and approving control changes going forward.

Why this step is important

This step is vital to the overall control optimization process because it ensures the updated internal control framework remains aligned with company policies, corporate initiatives, and compliance requirements. It also establishes control accountability and ownership at multiple management levels in the organization and keeps controls current during organizational changes. As it relates to potential business transformation or periodic upgrades to SAP S/4HANA, control ownership will help identify impacts to configurable controls arising from updates to business processes (both from the business and from possible feedback provided during Step 1, analysis of configuration and processes) or system functionality.

More specifically, the establishment of a control governance committee, team and processes can help the organization:

  • Manage strategic control decisions and understanding evolving risks that need to be managed
  • Create business accountability around control ownership and changes
  • Ensure proper training for control execution is maintained and delivered to the organization
  • Oversee adherence to policies and procedures
  • Align SAP configurable controls with the overall control environment (e.g., change management, SAP support access, access provisioning, etc.)
  • Take ownership of governance, risk and compliance (GRC) solutions that provide continuous monitoring of the control environment

Case study: Control governance organization example

The model below has been used successfully by multiple organizations to maintain effective governance around their control environments. There are three key stakeholder groups needed for success: sponsors, governance committees, and governance teams, along with the key roles and responsibilities associated with them.

This model has been so successful because it provides structure around the controls and ensures flow between all levels of an organization. It ensures that the controls align with the organization’s changing goals via sponsors, are documented and communicated via the governance committee, and are relevant to the day-to-day business activities via the governance teams.

In summary, when trying to improve an organization’s overall control environment, implementing internal control governance processes is key to ensure continuous monitoring and improvement. Establishing clearly defined control owners ensures alignment with company initiatives and updates to system functionality, ensuring a framework that is current. Once a governance process is established, an organization can then move on to the next step in the process, enabling intelligent SAP control automation, to decrease manual efforts and ensure continuous monitoring.

Steve Toshkoff, Steve Apel, Vijan Patel and Toni Lastella also contributed to this post.

To learn more about our SAP capabilities, contact us or visit Protiviti’s SAP consulting services.


Christine LaRochelle

Senior Consultant
Enterprise Application Solutions

Joe Fuchs

Senior Manager
Enterprise Application Solutions

Subscribe to Topics

Many think of the #Metaverse as VR headsets and gaming. However, it can help build brand awareness and improve #customerexperience. Join #ProtivitiTech as we demystify the Metaverse, share business applications and discuss challenges you may encounter.

A hospitality client worked with #ProtivitiTech to quickly and securely migrate and re-platform their enterprise data warehouse before incurring contract penalty fees. See how we helped the client transform:

#LetsTransformTogether #Microsoft #Azure #SAP

#Technology is an enabler of innovation that drives growth, efficiency, and improved customer experience. Take the #ProtivitiTech #IT survey to share how you, as an IT leader, view and manage #innovation at your company amid #technicaldebt.

Join #ProtivitiTech for #Pathlock’s #SAP #Innovation Days, where our experts will host a speaking session dedicated to helping address the most critical #security and #compliance issues facing your business applications. Register now!

Protiviti is proud to be a sponsor of the Microsoft 365 Conference. Stop by Booth 415 or attend our sessions to learn about our Microsoft Solutions from our MVPs and experts!

#ProtivitiTech #Microsoft #Microsoft365 #M365Conf

Load More