.jpg)
Introduction
GRC is an acronym that may be Greek to the uninitiated, but chances are if you picked up this book, you are at least interested in knowing what it means. And even if not everyone knows what GRC means, the concepts involved are ones that everyone understands. The G is governance. In short, this means taking care of business, making sure that things are done according to your standards (and those of the ever- present regulators, not to mention your company’s Board of Directors). It also means setting forth clearly your expectations of what should be done so that everyone is on the same page with regard to how your company is run. The R is risk. Everything we do involves an element of risk. When it comes to running across freeways or playing with matches, it’s pretty clear that certain risks are just not to be taken. When it comes to business, however, risk becomes a way to help you both protect value (what you have) and create value (by strategically expanding your business or adding new products and services).
The C is what everyone knows about — compliance with the many laws and directives affecting businesses (and citizens) today. One of the authors of this book would also like to extend that C to controls, meaning that you put certain controls in place to ensure that compliance is happening. This might mean monitoring your factory’s emissions or ensuring that your import and export papers are in order. Or it might just simply mean that the same person is not creating vendors and cutting checks to her brother-in-law Frank on the sly. The C relates to laws as familiar as Sarbanes-Oxley (SOX) or as emergent as Europe’s REACH (if we’ve got you on that one, see Chapter 12). But when you put it all together, GRC turns out to be not just what you have to do to take care of business, but a paradigm to help you grow your business in the best possible way and — even more — to figure out what that way is.
About This Book
When we decided to write a book about GRC, we thought about writing a book for experts, a thought-leadership book. And although this book is no slouch in the area of thought-leadership (if we do say so ourselves), we decided that what was needed the most was a way to start the conversation about GRC. What are you doing, in terms of governance, risk, and compliance? What should you be doing? And do you know that it’s a much bigger picture 03_333174 intro.qxp 4/4/08 7:14 PM Page 1than you realize, encompassing areas like sustainability and dovetailing very nicely with developing and executing your key business strategies? That’s why this book was originally going to be called GRC For Dummies. But (as you can see by the title), it’s SAP GRC For Dummies. That’s a bit of a mis- nomer because unlike classics like SAP NetWeaver for Dummies, this book is not all about SAP software. It’s mainly about GRC. But SAP has leading soft- ware for GRC, so at the end of relevant chapters, we tell you about products like
SAP GRC Risk Management and how it can help you. This book could have been all about SAP GRC, easily — there are probably areas that SAP covers that you don’t even know about. (For example, we bet you didn’t know that SAP is a leader in the area of software for environmental manage- ment.) But just a disclaimer before we start—there’s a lot more to learn about SAP GRC than we cover in this book. We focus on giving you the background to get started conceptually in the most important areas. Now that we’ve explained a bit about the book, are you ready to get started and to become well-versed in GRC? That way, if you need a conversation stopper for Aunt Ida at Thanksgiving — or, better, a conversation starter when talking to almost anyone about what it takes to succeed in business today — you’ll be prepared.
One Response to "SAP GRC For Dummies"