SAP Risk and Controls – System reliability and integrity to drive business performance

Avoid disruption, increase efficiency, and manage risk effectively in your SAP landscape

Focused on the day-to-day concerns of the business, management often feels too busy to ask if they’re getting all they can from their SAP investment. Companies will invest millions in an enterprise solution that’s supposed to streamline processes, introduce efficiencies, and simplify reporting. Then, after the dust settles, the same leaders are wondering what they got for the (substantial) money. Why are there still so many manual functions? Why is information no more reliable than before? Why are there costly disruptions and audit findings?

We help maximize the investment in SAP to drive system integrity and establish the trust you need to successfully operate. PwC helps you evaluate your SAP landscape for the future to:

  • Secure the system appropriately and establish strong governance to avoid costly disruptions or audit issues
  • Challenge the current processes and invest in moving away from manual processes
  • Identify the key hurdles to a sustainable process
  • Rationalize the number of controls and maximize automation, using our proprietary analytic engine to identify opportunities for SAP automated controls
  • Identify opportunities for trade policy consulting, compliance & risk mitigation, and strategic business planning
  • Put proactive control monitoring routines in place as a managed service, leveraging our comprehensive, automation-enabled approach to control monitoring
  • Improve control operations & testing, leveraging the speed of HANA for audit transformation with our award-winning Intelligent Testing platform, Enterprise Control

Playback of this video is not currently available


Intelligent Controls for SAP S/4HANA

Getting more value from your SAP applications

PwC has had a group focused exclusively on SAP security, controls, GRC, and cybersecurity solutions since the mid-1990s. Since 2014, PwC has positioned itself as a leading S/4HANA partner. We are focused on driving operational efficiency, system protection, and compliance excellence through integrating risk, process and technology platforms. As an SAP Platinum Partner, we bring our approach, experience and proprietary accelerators to help our clients address the security, operational and compliance challenges throughout the S/4HANA business transformation journey.

SAP Platinum Partner logo


Designing and building simple, scalable and sustainable access management roles to secure your data in your SAP applications.

Challenges defining security and governance, risk, and compliance strategies and a lack of guiding principles during the implementation cause pain points for end users and decrease productivity during the Sustain phase. Whether it is during the implementation, or post go-live, we at PwC help our clients with:

  • Role design, risk monitoring, controls & access management for Fiori & HANA database, maximizing SAP GRC technology
  • Automating provisioning via workflows and governing access in a straight-forward process that supports compliance
  • Maximizing SAP security role design to reduce overhead maintenance and simplify access

With the introduction of S/4HANA, traditional application level security concepts remain in place; however, additional complexities are introduced via the need for HANA database level security for end users, security around new interface options such as Fiori, security controls around changing business processes, and new vectors for cyber security risks.

Controls Integration

Embedding controls into your enterprise system during the SAP implementation and preparing you for compliance activities and requirements for Day One compliance.

As your business and IT landscapes transform, security, controls, and risk management functions must adapt to ensure your critical assets are protected and compliance requirements are met in the new SAP landscape. Through the collaborative design of security and controls, our integration methodology sets the stage for day 1 compliance. Some of the ways in which we accomplish this are through helping companies:

  • Understand the current state of controls and security framework and develop a journey that will help achieve the future vision and goals.
  • Design solutions based on the scope and requirements gathered from business stakeholders of the future state vision, to support seamless end to end process flows with identified risk and control points and security implemented.
  • Build the designed solutions and ensure controls and security are tested to provide assurance that they are in line with the requirements, overall vision, and objectives of the program.
  • Identify key security and controls to be loaded during cutover and ensure future state readiness.
  • Transfer knowledge from the program team to “business as usual” support teams.

PwC’s S/4HANA controls methodology focuses on delivering a cost effective, appropriately controlled solution, placing emphasis on:

  • Establishing a rapid return on investment through building a cost effective, sustainable security and controls model
  • Decreasing level of effort required to sustain and audit the new system
  • Delivery of a highly “mature” control environment, leveraging SAP’s functionality for controls automation and GRC

Global Trade

Evaluating risks related to cross-border activities, implementing controls to prevent any violation and maximizing tax savings opportunities.

Global trade gives access to foreign markets and creates important growth opportunities for companies; however, international trade is subject to complex and constantly evolving regulations, from both the US and foreign entities. While companies face increasing pressure from protectionist measures, misconduct and violations are much more frequent leading to penalties, reputational damage and loss of market share. Additionally, operational efficiency and cost savings are at risk due to ever-changing tariff laws and a reliance on the work of third-party brokers.

With different focuses and shared missions, C-suite executives need to have conversations with their Boards about the impact of these changing US trade, tariff, sanctions, and export control policies and regulations on their company’s overall business strategy, plans, operations, and controls.

Our team partners with our clients to gain insight into the impact of changing trade policy and regulation on their business and helps identify opportunities for policy consulting, compliance & risk mitigation, and strategic business planning.


  • Delivering a secure SAP landscape by embedding security, as well as extending and enhancing cybersecurity policies to fit technical needs.
  • Manage new cybersecurity risks & ITGC requirements for a modern technology environment leveraging cloud applications such as Ariba, Concur, Successfactors, etc.

Compliance Analytics

  • Better business through better insights.
  • Leveraging analytics and reporting software to automate access to key compliance information, drive real-time decision making, and gain insights into the control environment.
  • PwC helps clients monitor transactions real-time to identify segregation of duties and exceptions to take immediate action, versus sifting through volumes of transactions and attempting to find the needle in the haystack.
  • Key control KPIs can be monitored post go-live to provide visibility into automated control effectiveness and any control bypasses.
  • PwC’s Transaction Outliers solution powered by Enterprise Control (see below) analyzes every transaction within a business process, highlighting those transactions that violate business process rules.


Enabling GRC tools to support sustainability and automation in managing security and controls while helping achieve risk management objectives.

With the introduction of S/4HANA, PwC helps clients extend their GRC solutions to automate access & manage risk in an increasingly complex SAP landscape, including SOD and critical actions monitoring for Fiori and other cloud applications. Our team focuses on helping our clients harness the value from their GRC investment with S/4HANA.

  • Move away from a lengthy request process with S/4HANA Automated Provisioning. By building automated provisioning the right way, clients can spend less time requesting access, more time doing work. This can also include integrating GRC with HR applications.
  • Simplify security with S/4HANA Business Role Design. Simplify complex S/4HANA application landscape & improve user experience via GRC business role analytic driven solutions.
  • Update controls consideration to include S/4HANA SoD ruleset for Fiori and HANA Database. PwC has deep industry expertise and leading class SoF ruleset design accelerators to integrate monitoring of new functionality.


Obtaining impactful insight to assess and address your risk and control environment, including SAP systems, data, financial and operational processes throughout the M&A deal continuum.

PwC helps clients identify risks earlier and more effectively through impactful analysis and enhancements to the current control environment that will help mitigate and monitor ongoing risks, as well as manage the cost of compliance.

PwC brings a unique combination of SAP risk and controls expertise along with technology accelerators to help clients plan and execute mergers and acquisitions. We work alongside our clients throughout the deal decision and execution process to help assess risks as the risk profile changes.

SAP Controls & Monitoring

Enterprise Control

Improving control operations & testing, leveraging the speed of HANA for audit transformation.

Analytic capabilities are changing the way audit evaluates the effectiveness of controls. Our Enterprise Control platform is infused with trusted PwC expertise to automate the operation and testing of SAP controls. With Enterprise Control, our clients can:

  • Use PwC’s analytic engine to identify opportunities for SAP automated controls.
  • Automate the extraction of SAP data and introduce Control Testing Automation.
  • Use a centralized portal to maintain compliance programs, control monitoring and test plans.
  • Gain actionable responses to analytics results, providing precise insights into business risks with pre-built SAP specific control and transaction analytics.
  • PwC’s Proprietary cross system analytics solutions that helps you assess risks within your enterprise system data. With a reporting portal and the ability to workflow results, this monitoring platform provides one solution to support a data-driven approach to manage business process risks and controls.
  • PwC’s Transaction Outliers solution powered by Enterprise Control analyzes every transaction within a business process, highlighting those transactions that violate business process rules.

Learn more

Intelligent Controls, powered by the Enterprise Control platform

Building confidence in your enterprise applications by unlocking a holistic, universal view of risk through intelligent control design, execution and automated testing.

PwC’s Intelligent Controls Diagnostic ingests current state control frameworks, extracts data directly from SAP and analyzes it against a singular benchmark—one that’s been thoughtfully and expertly developed by PwC specialists with deep knowledge of regulation, enterprise tech, and automation. It quickly and accurately diagnoses where an enterprise’s risk stands, opportunities to automate and optimize controls, and a concrete estimate of ROI.

PwC’s Intelligent Controls Diagnostic is about lowering the overall cost of compliance by not only reducing control count, but by automating manual control processes and automating the test of controls.

Learn more

Application Security & Controls Monitoring (ASCM) Managed Services

Performing the specialized activities of monitoring security, controls, and transactions for business applications to reduce compliance costs.

Companies are investing in a state-of-the-art S/4 system with a leading practice security and control design.  Once they are live with this solution, this investment needs to be protected and maintained through proactive control monitoring routines. ASCM is a comprehensive, automation-enabled approach to control monitoring that increases confidence in their S/4 system.

The growing focus from audit firms and regulators around SAP-run control environments demands a robust understanding of the complexities of key configurations, security, and transactions. PwC has invested heavily in the content driving this solution. Our content was built leveraging over 20 years of experience and thousands of SAP controls projects, including external audits.

Combining PwC’s extensive leading practice SAP security and control content; state-of-the-art Enterprise Control technology; and our Acceleration Center-enabled managed services operating model to provide clients with the information they need to know, when they need to know it.

Learn more



Contact us

Elizabeth McNichol

Principal, Enterprise Technology Solutions Leader, Cyber, Risk and Regulatory, PwC US

Scott Osterman

Partner, Cyber, Risk and Regulatory, PwC US

Follow us