GRC Application Selection and Implementation
Client: Global Food and Beverage Company
Client Situation
The AddVantage Group was engaged by the Governance, Risk and Controls group for a Fortune 100 food and beverage company to help select and implement a new Controls Management tool, which was required after the company completed a major divestiture.
- Client was required to identify access management tools that could replace the existing tool, which due to divestiture-related licensing issues, would no longer be available
- Client lacked the expertise required to identify and select tool as well as to determine the impact from a process and skill set perspective
- There was a limited amount of time to transform all current Access Controls over to the new tool
- Due to limited experience with Controls Management tools, client team members lacked subject matter expertise required to implement and support a new application
Our Approach
- Advocated for clients business, technical and controls environment during tool selection presentations from 3rd party vendors
- Assisted client in reviewing proposals from third party implementers for the technical tool implementation
- Developed a timeline and approach in coordination with client and third party vendor team members
- Continuously clarified timeline and responsibilities, advocating for client during the implementation process with third party implementers
- Guided client staff during the review of access controls translation from legacy systems, validation and verification
- Identified issues related to the transition including the development of new processes and the hiring of new staff to support the new tool and organization
- Collaborated with client management and executive leadership to set expectations, deliver regular status updates, identify resource gaps and propose viable process, resource or technical solutions
- Supported knowledge transfer to controls and business team members through coaching and formal training programs
- Led development and review of step-by-step process documentation
Outcomes
- Client selected the SAP GRC 10.x tool that was aligned with company strategy
- Client staff were developed and trained on a repeatable controls reporting process
- Critical timeline and transition plan targets were met
- Successful implementation of GRC Access Controls 10.x and GRC Process Controls 10.x
- Increased reliability of GRC Access Controls reporting for Access Development, Access Requests, SOX reporting and internal and external audit purposes
- Established a foundation for the future implementation of Controls Automation