GRC Application Selection and Implementation

wheat field

Client: Global Food and Beverage Company

Client Situation

The AddVantage Group was engaged by the Governance, Risk and Controls group for a Fortune 100 food and beverage company to help select and implement a new Controls Management tool, which was required after the company completed a major divestiture.

  • Client was required to identify access management tools that could replace the existing tool, which due to divestiture-related licensing issues, would no longer be available
  • Client lacked the expertise required to identify and select tool as well as to determine the impact from a process and skill set perspective
  • There was a limited amount of time to transform all current Access Controls over to the new tool
  • Due to limited experience with Controls Management tools, client team members lacked subject matter expertise required to implement and support a new application

Our Approach

  • Advocated for clients business, technical and controls environment during tool selection presentations from 3rd party vendors
  • Assisted client in reviewing proposals from third party implementers for the technical tool implementation
  • Developed a timeline and approach in coordination with client and third party vendor team members
  • Continuously clarified timeline and responsibilities, advocating for client during the implementation process with third party implementers
  • Guided client staff during the review of access controls translation from legacy systems, validation and verification
  • Identified issues related to the transition including the development of new processes and the hiring of new staff to support the new tool and organization
  • Collaborated with client management and executive leadership to set expectations, deliver regular status updates, identify resource gaps and propose viable process, resource or technical solutions
  • Supported knowledge transfer to controls and business team members through coaching and formal training programs
  • Led development and review of step-by-step process documentation


  • Client selected the SAP GRC 10.x tool that was aligned with company strategy
  • Client staff were developed and trained on a repeatable controls reporting process
  • Critical timeline and transition plan targets were met
  • Successful implementation of GRC Access Controls 10.x and GRC Process Controls 10.x
  • Increased reliability of GRC Access Controls reporting for Access Development, Access Requests, SOX reporting and internal and external audit purposes
  • Established a foundation for the future implementation of Controls Automation