Ask the Experts sessions provide an informal setting to connect one-on-one with subject matter experts and experienced end users on specific areas of expertise. Bring your pressing questions and be ready to discuss your key challenges and priorities.

Topics covered: SAP GRC, SAP Security, Segregation of Duties (SoD), user provisioning, access control and governance, corporate compliance"

Ask the Experts sessions provide an informal setting to connect one-on-one with subject matter experts and experienced end users on specific areas of expertise. Bring your pressing questions and be ready to discuss your key challenges and priorities.

Topics covered: Zero Trust, Private Cloud ERP Security aligned to SAP Shared Responsibility

Hear how Merck, a global leader in healthcare, science, and technology, has developed a cyber resilience strategy for their SAP S/4HANA Cloud environment using Zero Trust principles in the S/4HANA Private Cloud. Lessons learned emphasize collaboration, proactive security, SAP and partner technologies, user engagement, and an understanding of shared responsibilities. By attending this session, attendees will leave with ideas to strengthen their security posture and address evolving cyber threats in the SAP S/4HANA environment.

In many companies, the security team is often the last to be notified about user on-boarding, off-boarding, or position changes that require adjustments to users' system access and security permission levels. These delays, coupled with high volumes of manual provisioning tasks, create significant inefficiencies, leave employees without the necessary access, and introduce risky Segregation of Duty -conflicting permissions.  This session explores how SAP GRC Access Control HR Triggers, alongside SAP SuccessFactors or SAP HR streamlines provisioning through timely event-driven automation of the access request and provision process and how to leverage HR Triggers day-to-day SAP Security provisioning operations.

You will:

• Examine key SAP access provisioning challenges when HR-driven events are not integrated, including inefficiencies, security risks, and high-volume manual workloads.
• Explore SAP GRC Access Control 12.0 and SAP Cloud IAG HR Trigger capabilities for automating provisioning through HR event–based actions integrated with SAP SuccessFactors or SAP HR.
• Analyze how Arizona’s Salt River Project implemented SAP GRC HR Triggers to enable consistent, timely, HR-driven SAP access provisioning.
• Highlight key customer and consulting partner insights, including recommendations, challenges, and pitfalls to avoid for a successful and value-driven SAP GRC HR Trigger implementation.

Jabil successfully migrated its Access Violation Management (AVM) solution to the latest AVM Cloud platform, enabling standardized and scalable governance across multiple global SAP S/4HANA systems. This session explores how the organization executed this transformation to support continuous controls monitoring across its diverse manufacturing subsidiaries.

Attendees will learn how Jabil approached the migration with a focus on planning, risk management, and adaptability to regional operational needs. The session will highlight how the new cloud-based AVM solution improved governance frameworks, enhanced compliance, and delivered operational efficiencies. Real-world insights will be shared on how the team overcame challenges during the transition and leveraged advanced analytics to support better decision-making across business units.

In this session, you will learn:

• How to plan and execute a multi-system AVM Cloud migration with effective risk management.
• Key challenges and solutions for deploying AVM across diverse global manufacturing operations.
• How the cloud-based AVM platform improved governance, compliance, and continuous monitoring.
• Ways to leverage AVM analytics to drive operational efficiency and informed decision-making.

Ensuring your SAP S/4HANA system is still secure and compliant with your licensing agreements after a brownfield upgrade can be a challenge. While the introduction of Fiori can be a tremendous UI improvement for end users, an uncontrolled introduction of Fiori functions can lead to a nightmare of unauthorized access and SOD violations. Join this session to gain insight into a holistic approach to securing a brownfield SAP S/4HANA upgrade using GRC Access Control to maximize compliance while minimizing effort and RISE license costs.

In this session, you will learn how to:
Reengineer granular, SOD-compliant security roles to simplify the upgrade process.
Harmonize Fiori catalogs with security in a holistic approach to reduce work significantly.
Optimize RISE license fees as part of the reengineering."

SAP transformations—whether migrating to SAP S/4HANA, adopting SAP BTP, or expanding cloud capabilities—introduce significant cyber risk exposure. As organizations modernize their SAP landscapes, they must navigate complex threat vectors, evolving compliance requirements, and heightened data privacy concerns. Without a robust cyber risk strategy, transformation efforts can be delayed, disrupted, or compromised. This session explores how organizations can embed cyber risk management into the heart of their SAP transformation programs. You will learn how to identify and assess SAP-specific risks, implement controls aligned to transformation milestones, and build governance models that ensure security without slowing innovation. The session will also highlight common pitfalls and lessons learned from real-world SAP transformation projects. You'll leave with actionable strategies to strengthen their security posture across SAP environments, including cloud, hybrid, and on-premise deployments.

You will learn how to:

• Identify security risks unique to SAP transformation initiatives (e.g., SAP S/4HANA, SAP BTP). 
• Integrate cybersecurity controls into SAP project governance and delivery. 
• Align cyber risk management with regulatory and data privacy requirements. 
• Apply lessons learned from real-world SAP transformation case studies.

Join us for an interactive hands-on lab where you'll explore the most in-demand capabilities of SAP Cloud Identity Access Governance (IAG) from intuitive role design to automated access requests and intelligent access reviews. This session will guide you through how IAG integrates seamlessly with SAP Cloud Identity Services, creating a unified identity lifecycle across your enterprise landscape. You’ll learn how to extend IAG to support key business applications, both within and beyond the SAP ecosystem, enabling centralized policy enforcement and risk analysis. Experience firsthand how to configure critical features like access risk analysis, role provisioning, and cross-system workflows, all while using real-world scenarios that mirror today’s governance challenges. By the end of this session, you’ll walk away with actionable best practices for optimizing access governance in a hybrid environment, strategies to scale IAG adoption effectively, and insights into building a future-proof, intelligent governance model.

Functions that once operated independently, Finance, Tax, and GRC, are now collaborating to meet the demands of real-time compliance, automation, and strategic insight. AI and digital transformation are driving this convergence, creating shared workflows and integrated controls across the enterprise. In this power session, we’ll highlight real-world use cases where these functions are coming together to improve efficiency, reduce risk, and deliver business value.

Join this session to learn how to:

• Identify key drivers behind the convergence of Finance, Tax, and GRC functions.
• Explain how AI and automation enable cross-functional collaboration and shared workflows.
• Analyze real-world use cases where integrated processes improve compliance and efficiency.
• Evaluate strategies for breaking down silos, building a unified governance, and reporting framework.

Effective access governance is essential for balancing security, compliance, and agility in today’s fast-paced digital landscape. This session will showcase how SAP Cloud Identity Access Governance (IAG) and SAP Access Control are leveraging AI-powered innovations to enable intelligent, adaptive access management at scale. We'll explore how seamless integration with partner technologies, such as Microsoft Entra, helps build a unified, scalable access governance framework across hybrid and multi-cloud environments. Attendees will gain practical insights into implementing AI capabilities that enhance risk detection, automate access certifications, and streamline compliance processes. Through a strategic deep dive, we’ll demonstrate how these solutions evolve with your business, empowering teams to proactively address access risks and build a future-ready governance strategy. Join us to see how SAP and its partners are redefining access governance for a dynamic, risk-aware world.

This session provides a comprehensive overview of how new version of SAP GRC for SAP HANA 1.0 operates, equipping participants with the essential knowledge to plan, implement, and optimize GRC functionalities on this new release. We will highlight new capabilities,  improvements, and discuss prerequisites, deployment considerations, and common challenges. Attendees will gain clarity on how Access Control, Process Control, and Risk Management leverage HANA’s in-memory capabilities, as well as the implications for upgrades, integrations, and future scalability. By the end of the session, participants will understand the key benefits, technical impacts, and best practices for running SAP GRC for SAP HANA 1.0.

This SAP GRC for SAP HANA 1.0 Roadmap Session will provide a forward-looking view of SAP’s evolving Governance, Risk, and Compliance portfolio as organizations face rising regulatory complexity and digital risk. The session highlights key innovations across Access Control, Process Control, Risk Management, and Audit Management, with emphasis on cloud transformation, AI-enabled capabilities, and tighter integration with SAP ecosystem. Attendees will learn what’s coming in SAP’s roadmap, how it impacts current landscapes, and the practical steps needed to modernize GRC processes. Participants will leave with clarity on future direction and actionable guidance to prepare for the next generation of intelligent, connected GRC.

At some point, your SAP system may face an audit. This session explores what an audit might entail, how to prepare, and what separates a smooth audit from a painful one. Learn about different types of auditors, the focus of various SAP assessments, and why these distinctions matter. Gain insights into key areas including security, basis configurations, change control and transports, configurable controls, and reports through the lens of common questions and potential audit risks. Walk away with actionable steps to prepare, from obtaining an update on prior findings and gathering typical audit evidence, to coaching your team on how to effectively work with an auditor. Whether you are managing an SAP system under audit or you are an auditor yourself, this session provides valuable information to take the stress out of an audit.
 
You will:

• Understand the types of auditors and SAP audits and how each impacts what you are being asked.
• Review common areas of audit focus when your SAP system is in scope.
• Learn the dos and don’ts of working with auditors.
• Receive a checklist of tips for preparing your SAP system and your people for an audit.

Explore the details of functionality, differentiators, and important platform aspects in the latest SAP GRC On Premise and Cloud provisioning and compliance solutions. Gain detailed insights into the SAP Compliance applications of SAP GRC Access Control 12.0 and SAP Cloud Identity Access Governance and consider which application, platform, and functionality is best for current and long term compliance and provisioning requirements.

You will:

• Learn about the GRC evolution and why it is important to progress and plan ahead. 
• Discover how to identify where you are on the evolution roadmap, define where you want to be, and what it takes to get there through time and effort estimates. 
• Learn about SAP GRC application functionality through the lens of real customer examples of success and pitfalls at different stages of the GRC evolution.

Governance, Risk, and Compliance (GRC) functions are under pressure to adapt to a rapidly changing regulatory landscape while managing complex SAP environments. AI and automation are transforming what organizations must look for and do to lower risk, strengthen controls, and enable predictive compliance. This session explores findings from SAPinsider’s State of the Market: GRC Report, looking at how organizations in SAP environments are leveraging intelligent technologies to modernize governance frameworks, automate compliance, and proactively manage risk.

Join this session to learn how to:

• Apply insights about the AI revolution in GRC to your own strategic roadmap.
• Identify key trends in AI adoption for GRC processes within SAP environments.
• Explain how AI-driven tools enhance risk management and predictive analytics.
• Describe best practices for automating governance and compliance workflows.
• Analyze strategies for implementing continuous controls monitoring and SoD management using intelligent technologies.
• Evaluate the impact of AI on audit readiness and regulatory compliance.
• Develop an action plan to prioritize AI and automation initiatives for GRC transformation.

Organizations face increasing pressure to meet stringent data sovereignty requirements while continuing to innovate and operate efficiently.  This session proposes a transformative approach to GRC by unifying applications, data, and artificial intelligence within a cohesive, sovereignty-aware architecture. By integrating advanced data management capabilities and intelligent automation, enterprises can achieve real-time visibility, consistent compliance enforcement, and auditable decision-making across the entire data lifecycle. AI-powered analytics further enhance risk detection, streamline reporting, and enable proactive governance while ensuring that sensitive information remains within required geographical and jurisdictional boundaries. This integrated model not only strengthens regulatory compliance and reduces operational risk but also unlocks new opportunities for strategic value creation, positioning organizations to operate confidently in an increasingly complex global regulatory landscape.

Are you ready to elevate your SAP security expertise? Join us for an immersive and interactive SAP Security Game, crafted to simulate real-world security challenges faced by organizations. Participants will navigate various scenarios designed not only to test but also to enhance their strategic and technical expertise in SAP security. This active session offers an invaluable opportunity to enhance your skills in security planning, compliance management, and breach response while promoting collaboration and learning in a supportive and competitive setting. Throughout the workshop, we will engage with three critical topics including preventative security control implementation, compliance request/audit handling, and security breach response. 

You will: 

• Learn to develop and implement robust security controls to safeguard your SAP environment. 
• Gain experience in efficiently managing and responding to compliance requests and audits with precision. 
• Practice responding swiftly and decisively to a simulated security breach, aiming to minimize damage and ensure business continuity.