How many times have you heard: “I didn’t realize I was approving a purchase order I’m not supposed to” or how about: “I had access to the transaction, so I ran it to find out what it does!” and you can imagine what happened next.
In our books, Governance, Risk and Compliance is much more than just a software that is setup by a team of consultants and left behind to be run by in-experienced junior IT analysts.
Many organizations tend to refuse the above notions and leave their IT departments in charge of securing their data. They fail to realize it is the business that creates the business processes when mitigating and controlling risks and it is the task of IT folks to uphold these processes using industry best-practices or automated tools such as SAP’s GRC.