It’s hard to start a career in any field, particularly the highly specialized field of GRC in SAP. The good news is that you know this is a direction you’d like to take. The question is how.
I recently read this article by Andy Greig from SAP. Basically, the article promotes the SAP education platform by saying, “So what is the best way to involve yourself and train your mind to think like a SAP guru? Through SAP Education offerings!”
This got me thinking.
Now, I don’t know Mr. Greig and I don’t criticize his point of view, but I’d like to offer an alternative answer to the question of, How can you become a GRC expert in SAP, if you’re starting from scratch?
(By the way, if you’re like many customers who put SAP Authorizations in the same category as SAP GRC, the question can also be, How can you become an SAP Authorization expert, if you’re starting from scratch?)
From my involvement in the field, educational knowledge is just not enough if you wish to become a GRC expert in SAP. The secret is experience. Now, you might be nodding your head and saying, “Yeah sure, but knowledge is easy to obtain. How can you obtain experience just as easily if you’re a beginner?
From the people that I have witnessed who were anxious to get into the SAP world (in my case the SAP authorization world) and succeeded, these are the three take-aways that I found:
1. Find a project
Even if you have to work for a very, very low salary, if you find a good project, it’s probably worth it.
Ensure that you’re in a position where you can be trained and gain experience – but make sure it’s a live project, because being involved in a live project is crucial for your learning curve.
Why are “live” projects so crucial? Just imagine that you’re in the “maintenance” phase of a project that ended two years ago, (i.e., not a “live” project). All the SAP authorizations are already set, the Segregation of Duties are solved or mitigated, and you only need to maintain an SoD rule once in a blue moon or change an authorization every other week. Not so exciting. Not the way to learn. And not a good reason for waiving a normal salary.
Without going through GRC “boot camp” there’s no way you can become a GRC expert in SAP. I can’t express how important this is for your next, or in fact first, serious project. Use your connections, ask for favors, work hard, but get your “first GRC project in SAP” on your resume.
2. Find a mentor
Search out a person who can be your advisor when you have questions or don’t know what to do. It’s better that this person is in a senior position at your organization, but it can also be a professional who’s an expert in the field that you’re interested in.
Great places to look for a GRC mentor are at the Big Four Audit Firms: Deloitte, PwC, Ernst & Young, and KPMG. They all have senior consultants who love to mentor ambitious people.
3. Don’t neglect learning
Just like the blog image says, the common acronym “ASK: Always Seek Knowledge” is good advice here too.
While on the project, try to keep reading books, web articles, Q&A forums and more. These LinkedIn Groups that can be very informative and help you network: GRCXchange SAP GRC Network, SAP Security & GRC Consultant’s, Global Corporate Fraud and Compliance Professionals.
By the way, you can use the SAP education platform as mentioned above, but don’t only count on that.
Try to be the smartest, most up-to-date person in your area of GRC; although I do advise that for your first project and for your first year – just listen.