For one of our clients in Düsseldorf we’re looking for a freelance SAP GRC Consultant:
Project description: The aim is to improve our Audit processes, thus reduce effort. Establish GRC PC possibilities and automate our internal controls. We lack internally with expertise.
Task description: The scope of services includes the following tasks, which are independently performed by the external consultant:
Client’s Support & Cross Functions (SCF, consisting of intenals and externals) Audit Management - SAP area
Review of existing IC (internal controls) catalogue in respect to new process requirements. Controls based on COBIT framework. The access will be provisioned by the client/project. Review means here to verify if the control definition is still matching current scope (SAP systems) and regulations. Verifying, if the the client’s teams are able to deliver on them.
Redesign, based on discussion with application managers and optimisation of the existing client’s SCF IC Audit relevant processes. The consultant will present to the hiring manager. He will sign it off.
Used tools: Symbio, Visio, Office 365, Process mapping methologies, optional: Connect (PWC tool).
Output verification with Internal & external Audit teams.
Coordination of delivery of SCF monthly/ quarterly/ yearly and ad-hoc audit activities. The client will provide the consultant with the necessary information about the activities. The consultant has to verify that the timeline is clear to everybody and check, if all Application Manager (AM) delivered in time.
Advise and consult of SCF teams in scheduling, requirements gathering, training, delivery coordination, quality checking of assigned audit tasks.
Issue resolution and risk mitigation. The consultant defining a plan, how to not having the risk. Implementation would be performed by AM teams.
SAP GRC Process Control (Ver. 12)
Definition (based on Consultants expertise) of Governance model for GRC PC platform (ITIL processes, RACI). The consultant has to present to the hiring manager and Application owner, They will sign off.
Functional consulting (to GRC PC AM team) on implementation of SAP GRC PC for Audit processes / Process management for relevant IT Controls.
Creation & Implementation (documentation) of:
Automation, semi-automated & Manual controls
Design of operational, support & escalation processes
Regulation definition & alignment (Alignment to be replaced by UAT.)
Functional & operational role definition of RACI for the GRC PC solution.
Control compliance reporting & evidence consultation of Internal & external Audit teams
Stakeholder Management; Moderation of meetings, identification of relevant stakeholders for specific tasks.
Operational execution of Automation, semi-automated & Manual controls ensuring control compliance. Sing off in form of acceptance of efforts in Fieldglass and confirmation by Application owner (email).