SAP GRC OR CISA/CRISC/CISM certifications ?

sapconsultant86@yahoo.com[email protected] Registered Users Posts: 2 ■□□□□□□□□□
in CISM
Which of the two is desirable - investing (time and money) in SAP GRC & Auditing OR CISA/CRISC/CISM certifications in case the person has experience in SAP Proj Mgmt. (implementations) as well as SAP GRC/Audit projects.

I'd like to hear especially from those who have worked in ERP implementation (SAP, Oracle etc) as well as SAP GRC/Audit areas and also have ISACA certification.
· Share on FacebookShare on Twitter

Comments

  • dustervoicedustervoice Member Posts: 877 ■■■■□□□□□□
    According to your name the choice should be obvious.
    · Share on FacebookShare on Twitter
  • jcundiffjcundiff Member Posts: 486 ■■■■□□□□□□
    I have a GRC/Audit(in support of GRC... vendor audits) background, I have never heard anyone specifically asking for SAP certs in the field, CISSP, CISA, CRISC, CISM are expected or desired on just about any mid senior level GRC posting you see
    "Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke
    · Share on FacebookShare on Twitter
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    What exactly is SAP GRC? I'm well versed in GRC, but how is SAP GRC different from GRC in general?
    · Share on FacebookShare on Twitter
  • dustervoicedustervoice Member Posts: 877 ■■■■□□□□□□
    I believe SAP GRC is an audit tool integrated into SAP ERM systems but i could be wrong.
    · Share on FacebookShare on Twitter
  • mcc39817mcc39817 Member Posts: 20 ■■■□□□□□□□
    I have an SAP background, but primarily from Audit, however, I've worked in SAP GRC a bit as well. Also, I just earned my CISA and I'm planning to move toward CISSP next. I'm in the US and outside of the Big 4 advisory groups or consulting firms, trying to find SAP certs can be difficult, so that is the direction I would go if I had that available as the other Certs can be obtained at another time. That said, it all depends.

    So, this greatly depends on what you are currently doing, what you want to move into and where you want to go long term. If your goal is SAP Security Admin/analyst/manager, then GRC 10.1 cert is the way to go. That said, if you want to move more into an audit related role, where you will touch on multiple modules of SAP, then CISA is the way to go. I know that at my company, they have a hard time finding SAP security folks who do not have very specific and particular experience in one module of SAP. Since it sounds like you have already worked in a consulting capacity and have experience with SAP, then going the direction of CISA could be valuable as it would position you to move into IA. This would provide more opportunities to assist on Business process related work.
    Certs: CISA, CDPSE | Pentest+, SEC+, CySA+
    Planned: CASP+, CISSP, CISM, eJPT, eWPT (2023)

    · Share on FacebookShare on Twitter
Sign In or Register to comment.