SAP GRC OR CISA/CRISC/CISM certifications ?

sapconsultant86@yahoo.comsapconsultant86@yahoo.com Registered Users Posts: 2 ■□□□□□□□□□
Which of the two is desirable - investing (time and money) in SAP GRC & Auditing OR CISA/CRISC/CISM certifications in case the person has experience in SAP Proj Mgmt. (implementations) as well as SAP GRC/Audit projects.

I'd like to hear especially from those who have worked in ERP implementation (SAP, Oracle etc) as well as SAP GRC/Audit areas and also have ISACA certification.


  • Options
    dustervoicedustervoice Member Posts: 877 ■■■■□□□□□□
    According to your name the choice should be obvious.
  • Options
    jcundiffjcundiff Member Posts: 486 ■■■■□□□□□□
    I have a GRC/Audit(in support of GRC... vendor audits) background, I have never heard anyone specifically asking for SAP certs in the field, CISSP, CISA, CRISC, CISM are expected or desired on just about any mid senior level GRC posting you see
    "Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke
  • Options
    636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    What exactly is SAP GRC? I'm well versed in GRC, but how is SAP GRC different from GRC in general?
  • Options
    dustervoicedustervoice Member Posts: 877 ■■■■□□□□□□
    I believe SAP GRC is an audit tool integrated into SAP ERM systems but i could be wrong.
  • Options
    mcc39817mcc39817 Member Posts: 20 ■■■□□□□□□□
    I have an SAP background, but primarily from Audit, however, I've worked in SAP GRC a bit as well. Also, I just earned my CISA and I'm planning to move toward CISSP next. I'm in the US and outside of the Big 4 advisory groups or consulting firms, trying to find SAP certs can be difficult, so that is the direction I would go if I had that available as the other Certs can be obtained at another time. That said, it all depends.

    So, this greatly depends on what you are currently doing, what you want to move into and where you want to go long term. If your goal is SAP Security Admin/analyst/manager, then GRC 10.1 cert is the way to go. That said, if you want to move more into an audit related role, where you will touch on multiple modules of SAP, then CISA is the way to go. I know that at my company, they have a hard time finding SAP security folks who do not have very specific and particular experience in one module of SAP. Since it sounds like you have already worked in a consulting capacity and have experience with SAP, then going the direction of CISA could be valuable as it would position you to move into IA. This would provide more opportunities to assist on Business process related work.
    Certs: CISA, CDPSE | Pentest+, SEC+, CySA+
    Planned: CASP+, CISSP, CISM, eJPT, eWPT (2023)

Sign In or Register to comment.