SAP Governance, Risk and Compliance (GRC)

The United Nations has begun work on a future Statement on Internal Control (SIC) which will be based on an organization-wide assurance process. The assurance process will use the updated COSO Internal Control Integrated Framework of 2013 (thereafter referred to as the “COSO framework”) as its conceptual basis. Currently UN uses SAP as its enterprise resource planning system. It is envisaged that SAP – GRC module (Governance, Risk and Compliance (GRC) module), which UN has purchased, will be the platform used for the implementation of the COSO framework and issue the SIC. UN is seeking an experienced system provider who cano help the UN in the configuration of GRC module. Background: 1. The International Public Sector Accounting Standards (IPSAS) sustainability plan approved by the United Nations includes the strengthening of internal controls and the introduction of a Statement on Internal Control (SIC). 2. The SIC is a key component and one of the five main pillars of longer-term sustainability of the new accounting standards. 3. The SIC will be based on the updated Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control - Integrated Framework (therefore referred to as the “COSO Framework”) issued in 2013 and an organization-wide assurance process. 4. The assurance process is envisaged to be hosted in its entirety (covering all 5 components and all 17 principles of the COSO framework) in SAP’s Governance, Risk and Compliance (GRC) Module. 5. The UN currently utilizes spreadsheets as a repository for control and testing documentation, questionnaires, and sign-off. Objective: 6. To implement SAP GRC module, specifically process control to build and maintain the organization and control framework. 7. This tool will be used to centralize assessing and reporting on controls and how they operate in the context of the COSO components, principles, and points of focus.