SAP risk, security, and controls

Optimize your internal control environment and align it with key business processes and corresponding IT elements

Eric Bloesch

Eric Bloesch

Partner, Advisory / GRC Technology, KPMG US

+1 267-256-8311

A new era of possibilities

SAP’s next-generation ERP platform is a key component of digital transformation. Incorporating artificial intelligence, in-memory computing, redesigned business processes, analytics, cloud technologies, and a personalized user experience, it can reimagine how organizations do business so that they can run at the rate needed to remain agile and achieve the growth that is required to thrive in today’s market.

These new and complex capabilities, however, may prove challenging for organizations to manage. Additionally, the cost and complexity of managing an organization's internal control environment is on the rise due to growing scrutiny by regulators and increase of security breaches.

At KPMG, we understand these challenges. Our approach delivers a holistic SAP security, controls, and governance strategy that protects the entire SAP environment. Let KPMG professionals show you how to make the most of your SAP capabilities, while ensuring the appropriate risk and security controls are in place.

Our SAP Security & Controls framework is a cross-application view of on-premise and cloud application security and controls. It is positioned to help industry-leading organizations effectively balance the divergent tasks of leveraging modern applications to empower business users while simultaneously protecting sensitive data and transactions.


The KPMG SAP Security & Controls framework

Comprised of four main components, our SAP Security & Controls framework can be leveraged in all areas of your business, from front office to back office.

Controls integration 

The KPMG SAP Security & Controls framework leverages our proprietary controls library for enterprise applications and our controls-in-depth design approach to help our clients define a risk and controls program that balances business process enablement with the need to protect the integrity of the functions.

Explore some of our insights on controls integration

Application security

Our application security framework leverages predefined role definitions that are directly aligned with end-to-end business processes.  Our predefined roles are intentionally designed to work with application controls and address data security and user access administration risk and compliance requirements like segregation of duties (SOD). 

Explore some of our insights on application security

Cyber and data secruity

The key focus of our SAP cyber and data security framework is to help improve the sustainability, automation, effectiveness, efficiency, and transparency of an organization’s Cyber and Data Security programs and extend operations across the SAP landscape. 

Explore some of our insights on data and cyber security

GRC technology integration

Organizations are striving to reap more benefits from their sizeable investments in SAP technology, while at the same time operating in an internal control environment that manages transactional risk and complies with regulatory requirements.  By leveraging automation through the integration of GRC technology, organizations can achieve this balance and drive operational efficiencies.

Explore some of our insights on GRC technology integration

Helping you build stakeholder trust in the SAP solution

KPMG has specialized in the delivery of SAP risk, security, and control solutions for the past 20+ years providing organizations with:

  • an extensive set of SAP advanced and certified specialists
  • time-tested methodologies, assets, tools and accelerators.

Our SAP GRC Technology Services provide a thorough analysis of your entire SAP environment (people, process and technology). We can assess your SAP security landscape for advanced security threats, then implement security and monitoring throughout the entire SAP technology stack. Our professionals possess deep SAP business process, audit and technical experience with a long history of enhancements and implementation successes. Additionally, we possess experience in the areas of SAP strategy, planning, quality assurance, and third-party oversight/client-side advisory.

Get in touch with us to discover how we can work together to make the most of your SAP solution capabilities.


Eric Bloesch

Eric Bloesch

Partner, Advisory / GRC Technology, KPMG US

+1 267-256-8311
Mick McGarry

Mick McGarry

Principal, GRC Technology, KPMG US

+1 214-840-8249
Engel Schmidt

Engel Schmidt

Senior Director, Security & Controls Solutions, KPMG US

+1 713 319 2000