SAP risk, security, and controls

Optimize your internal control environment and align it with key business processes and corresponding IT elements


SAP’s next-generation ERP platform is a key component of digital transformation.

Incorporating artificial intelligence, in-memory computing, redesigned business processes, analytics, cloud technologies, and a personalized user experience, it can reimagine how organizations do business so that they can run at the rate needed to remain agile and achieve the growth that is required to thrive in today’s market.

These new and complex capabilities, however, may prove challenging for organizations to manage. Additionally, the cost and complexity of managing an organization's internal control environment is on the rise due to growing scrutiny by regulators and increase of security breaches.

At KPMG, we understand these challenges. Our approach delivers a holistic SAP security, controls, and governance strategy that protects the entire SAP environment. Let KPMG professionals show you how to make the most of your SAP capabilities, while ensuring the appropriate risk and security controls are in place.

Our SAP Security & Controls framework is a cross-application view of on-premise and cloud application security and controls. It is positioned to help industry-leading organizations effectively balance the divergent tasks of leveraging modern applications to empower business users while simultaneously protecting sensitive data and transactions.

The KPMG SAP Security & Controls framework

Comprised of four main components, our SAP Security & Controls framework can be leveraged in all areas of your business, from front office to back office.


Application security

Our application security framework leverages predefined role definitions that are directly aligned with end-to-end business processes.  Our predefined roles are intentionally designed to work with application controls and address data security and user access administration risk and compliance requirements like segregation of duties (SOD). 


Cyber and data secruity

The key focus of our SAP cyber and data security framework is to help improve the sustainability, automation, effectiveness, efficiency, and transparency of an organization’s Cyber and Data Security programs and extend operations across the SAP landscape. 


GRC technology integration

Organizations are striving to reap more benefits from their sizeable investments in SAP technology, while at the same time operating in an internal control environment that manages transactional risk and complies with regulatory requirements.  By leveraging automation through the integration of GRC technology, organizations can achieve this balance and drive operational efficiencies.


Process mining and analytics

Automated process mining can help your organization examine transactions to uncover control breakdowns, process deviations, and potential fraud events.

Helping you build stakeholder trust in the SAP solution

KPMG has specialized in the delivery of SAP risk, security, and control solutions for the past 20+ years providing organizations with:

  • an extensive set of SAP advanced and certified specialists
  • time-tested methodologies, assets, tools and accelerators.

Our SAP GRC Technology Services provide a thorough analysis of your entire SAP environment (people, process and technology). We can assess your SAP security landscape for advanced security threats, then implement security and monitoring throughout the entire SAP technology stack. Our professionals possess deep SAP business process, audit and technical experience with a long history of enhancements and implementation successes. Additionally, we possess experience in the areas of SAP strategy, planning, quality assurance, and third-party oversight/client-side advisory.

Get in touch with us to discover how we can work together to make the most of your SAP solution capabilities.

Our people

Eric Bloesch

Eric Bloesch

Partner, Advisory / GRC Technology, KPMG US

Mick McGarry

Mick McGarry

Principal, GRC Technology, KPMG US

Engel Schmidt

Engel Schmidt

Senior Director, Security & Controls Solutions, KPMG US