SAP Regulations & Content

Example Content


General Data Protection Regulation 2016/679 (GDPR) – Winterhawk’s Data Privacy Consultants have compiled a best practice GDPR governance framework, based on 13 overarching governance processes, with activities that organisations are required to perform to demonstrate effective GDPR compliance. Over 140 controls. 

Sarbanes Oxley – Covering both Section 302 (corporate responsibility for financial reports) and Section 404 (management assessment of internal controls). Over 100 controls.

Foreign Corrupt Practices Act (FCPA) – Conduct a Baseline Risk Assessment, Assign Managerial and Governance Responsibility, Corporate Policies, Communication to and Training, Certifications of Compliance, Intermediary and M&A Due Diligence Checklists, Contract Provisions for Third Parties, Reporting Mechanisms for Anti-Corruption Violations, Periodic Compliance Reviews, Internal Investigation Procedures. 100 controls across 11 categories.


Cyber Security Risks – A best practice library split across 27 different risk categories. 450+ cybersecurity risks.


Anti-Bribery – covering compliance with global and regional laws, regulations and professional standards (suspected wrongdoing, clients or third parties, facilitation payments, entertainment, donations, sponsorships, insider trading and accounting controls). Over 50 controls.

Anti-Money Laundering – Identity verifications, watchlist screening / sanctions checks, Policies, Controls, Procedures, Awareness & Training, Record Keeping, Risk Assessment, Client due diligence (CDD), Supervision, Monitoring. 46 controls across 8 risk sections.


  • Financial Close & Consolidation
  • Hazardous Waste
  • Health & Safety (Safety, Occupational Health)
  • HIPAA (healthcare)
  • HR
  • Human Rights (Compliance, Ethical Business, Equal Opportunities, Resettlement & Land Compensation, Encroachment, Damage)
  • ISO 31000, ISO 27001, ISO 27002,
    ISO 9001, ISO 22301
  • ITAR
  • Local Buying & Vendor management (Equipment, Security, Assessments)
  • NIST Cybersecurity Framework COBIT
  • Order to Cash
  • Procure to Pay
  • Tax Management (Relationships with Authorities, Compliance, Audits)
  • Third Party Outsourcing (SSAE16)
  • Travel & Expense

SAP GRC Solutions - Risk Management

Contact us

Get in touch to find out more about our range of content developed for SAP GRC solutions.