SAP Regulations & Content

Example Content


General Data Protection Regulation 2016/679 (GDPR) – Winterhawk’s Data Privacy Consultants have compiled a best practice GDPR governance framework, based on 13 overarching governance processes, with activities that organisations are required to perform to demonstrate effective GDPR compliance. Over 140 controls. 

Sarbanes Oxley – Covering both Section 302 (corporate responsibility for financial reports) and Section 404 (management assessment of internal controls). Over 100 controls.

Foreign Corrupt Practices Act (FCPA) – Conduct a Baseline Risk Assessment, Assign Managerial and Governance Responsibility, Corporate Policies, Communication to and Training, Certifications of Compliance, Intermediary and M&A Due Diligence Checklists, Contract Provisions for Third Parties, Reporting Mechanisms for Anti-Corruption Violations, Periodic Compliance Reviews, Internal Investigation Procedures. 100 controls across 11 categories.


Cyber Security Risks – A best practice library split across 27 different risk categories. 450+ cybersecurity risks.


Anti-Bribery – covering compliance with global and regional laws, regulations and professional standards (suspected wrongdoing, clients or third parties, facilitation payments, entertainment, donations, sponsorships, insider trading and accounting controls). Over 50 controls.

Anti-Money Laundering – Identity verifications, watchlist screening / sanctions checks, Policies, Controls, Procedures, Awareness & Training, Record Keeping, Risk Assessment, Client due diligence (CDD), Supervision, Monitoring. 46 controls across 8 risk sections.


  • Financial Close & Consolidation
  • Hazardous Waste
  • Health & Safety (Safety, Occupational Health)
  • HIPAA (healthcare)
  • HR
  • Human Rights (Compliance, Ethical Business, Equal Opportunities, Resettlement & Land Compensation, Encroachment, Damage)
  • ISO 31000, ISO 27001, ISO 27002,
    ISO 9001, ISO 22301
  • ITAR
  • Local Buying & Vendor management (Equipment, Security, Assessments)
  • NIST Cybersecurity Framework COBIT
  • Order to Cash
  • Procure to Pay
  • Tax Management (Relationships with Authorities, Compliance, Audits)
  • Third Party Outsourcing (SSAE16)
  • Travel & Expense

SAP GRC Solutions - Risk Management

Innovation: Robotic Process Automation (RPA) for SAP GRC solutions

  • Password Self Service using Chat Bots
  • Creation of Access Requests (Template based) using Chat and Process Bots
  • Approval of Access Requests and Mitigation Controls using Chat and Process Bots
  • Creation of Master Data including Organisation, Process, Sub process, Controls, Risk using Process and Chat Bots
  • Interactive Issue / Case Management using Process Bots
  • User role assignment using Chat Bots
  • Interactive Survey Management using Chat Bots

For more information please get in touch, we’ll be happy to discuss solutions to the challenges facing your organisation.

Contact us

Get in touch to find out more about our range of content and RPA developed for SAP GRC solutions.