SOX SoD Management with SAP GRC

Client sector: Power and Automation Technologies

Client Profile

Global leader on its field operating in approximately 100 countries, and with over 150.000 employees worldwide. Managed by regions where NEU region consists of total of 20 countries in UK, Nordic, and Baltics etc. SAP solutions are used heavily in key business processes with high reliance on performance and automation. Approach to control and risk management: SOX compliance.


SAP GRC v.5.2 had been implemented to one of the countries with global SOX Segregation of duties processes and matrix. An upgrade to solution was a mandatory as well as the adoption of solution to main business areas in the region. SAP GRC v 10 was available and the project was planned to include upgrade and introduction of the solution to 4 new countries and to several SAP ERP systems.


Project was started with a technical migration of the GRC system to latest version SAP GRC 10 followed with the implementation of common Group level SoD matrix for UK, Sweden, Finland and Norway. Common and local level training sessions were held in order to build unified understanding and prepare smooth roll-out of the solution. SAP GRC EAM (Firefighter) solution was implemented as part of the general project timeline. As end result an automated SoD reporting on based on the Group level SoD matrix was achieved.

GRC Nordic Role

GRC Nordic delivered the project with predefined deliveries, fixed milestones and commonly agreed timetable. Due to the fresh software version (v10) and some challenges related to this GRC Nordic´s deep relationship with SAP brought substantial value in ensuring that the project was finished on time, budget and scope. Understanding of cultural differences between the participating countries was also noted as one of the key success factors of running a delivery oriented project.

More success stories