EY with SAP


SAP is one of the world’s leading software, cloud computing and consulting multinationals. Based in Germany, it employs over 105,000 people around the world and together they helped to generate revenues over €27.8 billion in 2021. SAP customers include 92% of the Forbes Global 2000 companies, and its customers distribute 78% of the world’s food and 82% of the world’s medical devices.

A core part of SAP’s commercial strategy to maintain its leading position in the market is to transform how SAP delivers its products to customers; this involves the transition of 26 platforms, services and customer workloads to five cloud hyperscalers. The aim of this is to enable SAP to continue differentiating itself in the market. Alongside this cloud transformation, SAP identified a need to transform its Security Risk and Compliance function and capabilities to improve organisational performance, support SAP’s cloud transformation objectives, and increase SAP customer trust. To help SAP deliver its Security Risk and Compliance transformation programme, SAP brought on board a truly international EY project team located across the US, the UK and Germany, mirroring SAP’s geographical footprint. Its purpose is to modernise the business’s current security risk and compliance strategy, processes, operating model and capabilities.

There were many challenges. While we estimated that delivering the Security Risk and Compliance (SR&C) transformation programme would take three years, the client wanted to accelerate this to 18 months. We also had to manage the vast geographical spread of the client team across multiple time zones, while operating in a highly complex regulatory environment. There was also significant cultural challenge in helping those individuals to see the value of changing their mindset and ways of working for the behavioural and cultural changes that were fundamental to realising the value of the transformation programme.

EY worked with the client to co-develop its FY22 Security Risk and Compliance strategy, aligning this with broader SAP ambitions – assessing the SR&C current state and developing an 18-month transformation programme that would increase audit and compliance performance, increase operational efficiency and maturity, and build capability. We used leading practice insights and benchmarks from our experience in delivering similar transformation projects in comparable organisations. Our approach was to provide data points that validated our thinking to bring additional value and insight to SAP and to accelerate delivery and transformation timelines.

Working with the client project team to develop and execute a strategy, the EY team has enabled SAP Security Risk and Compliance to increase its Capability Maturity Model Integration (CMMI) organisational maturity by two levels over a 12-18 month timeframe. Among other notable achievements, the team has helped to reduce audit walkthroughs and testing by 40% and identified opportunities to reduce activities required to deliver audits by 34% through more efficient and effective operational processes. SAP has been so impressed with the project team’s collaborative ways of working, and true partnership approach to delivery, that EY continues to be engaged in supporting SAP in delivering the Security Risk and Compliance transformation.

View the EY profile in the MCA Members Directory.[/vc_column_text][/vc_column][/vc_row]