Winterhawk has developed a wide range of content for the SAP GRC Solutions – Access Control, Process Control, Risk Management, Audit Management and Business Integrity Screening as well as process automation using robotics. These can be offered independently for clients who already own SAP GRC solutions, or provided as part of a deployment or upgrade.
SAP Regulations & Content
Example Content
Regulatory
General Data Protection Regulation 2016/679 (GDPR) – Winterhawk’s Data Privacy Consultants have compiled a best practice GDPR governance framework, based on 13 overarching governance processes, with activities that organisations are required to perform to demonstrate effective GDPR compliance. Over 140 controls.
Sarbanes Oxley – Covering both Section 302 (corporate responsibility for financial reports) and Section 404 (management assessment of internal controls). Over 100 controls.
Foreign Corrupt Practices Act (FCPA) – Conduct a Baseline Risk Assessment, Assign Managerial and Governance Responsibility, Corporate Policies, Communication to and Training, Certifications of Compliance, Intermediary and M&A Due Diligence Checklists, Contract Provisions for Third Parties, Reporting Mechanisms for Anti-Corruption Violations, Periodic Compliance Reviews, Internal Investigation Procedures. 100 controls across 11 categories.
Cyber
Cyber Security Risks – A best practice library split across 27 different risk categories. 450+ cybersecurity risks.
Financial
Anti-Bribery – covering compliance with global and regional laws, regulations and professional standards (suspected wrongdoing, clients or third parties, facilitation payments, entertainment, donations, sponsorships, insider trading and accounting controls). Over 50 controls.
Anti-Money Laundering – Identity verifications, watchlist screening / sanctions checks, Policies, Controls, Procedures, Awareness & Training, Record Keeping, Risk Assessment, Client due diligence (CDD), Supervision, Monitoring. 46 controls across 8 risk sections.
Other
- Financial Close & Consolidation
- Hazardous Waste
- Health & Safety (Safety, Occupational Health)
- HIPAA (healthcare)
- HR
- Human Rights (Compliance, Ethical Business, Equal Opportunities, Resettlement & Land Compensation, Encroachment, Damage)
- ISO 31000, ISO 27001, ISO 27002,
ISO 9001, ISO 22301 - ITAR
- Local Buying & Vendor management (Equipment, Security, Assessments)
- NIST Cybersecurity Framework COBIT
- Order to Cash
- Procure to Pay
- Tax Management (Relationships with Authorities, Compliance, Audits)
- Third Party Outsourcing (SSAE16)
- Travel & Expense
Contact us
Get in touch to find out more about our range of content developed for SAP GRC solutions.