GRC does not look at the audit logs in SAP as far as I know.  The primary product from the GRC suite is Access Control (provisioning and deprovisioning), Process Control and Risk Manger.  Currently ArcSight has a Web Service integration into Process control allowing us to pass events to the GRC Suite for follow up and remediation.  We have a very tight partnership with the GRC team and are working on a number of scenarios with them.

We have made very good progress with our SAP Monitoring Solution that can integrate with SAP GRC.  Below is a high level summary.  Please reach out to me direclty if you would like further detail curt.lockton@hp.com

ArcSight Enterprise View for SAP enables organizations to comprehensively monitor SAP security from the infrastructure layer up through transactions. The solution is composed of more than 100 use cases to address every facet of SAP security monitoring. The foundation for the solution is the use of the ArcSight Security Information and Event Management (SIEM) platform to monitor the entire infrastructure that supports an SAP implementation, from security and network devices to servers and databases, ensuring detection of attempts to breach SAP security both inside and outside of the application.

Working with SAP security experts and auditors, ArcSight has identified four key drivers for in-depth monitoring:

 Fraud and Error: Whether malicious or unintentional, organizations lose millions of dollars each year due to fraud and errors. The Institute of Internal Auditors estimate that 0.1%–0.5% of all invoices are duplicate payments. These errors can be the result of overtasked personnel, changes in processes, mergers and acquisitions, temporary staff, or intentional fraud.

 SAP BASIS and Misuse of Privilege: Privileged users (e.g., SAP Basis administrators and database administrators) have the highest level of access and permissions and can inflict significant damage to operations. This is one of the highest risk sources within an organization.

 Audit and Compliance Automation: Various compliance and audit processes involve time-consuming, manual tasks, such as reporting on access to customer credit card data or monitoring segregation-of-duties exceptions. With appropriate integration and data analytics, many of these processes can be automated or streamlined.

 360-Degree Security: Security threats to SAP can originate from within the application or can be completely external. An accounts payable user’s workstation may be compromised via a brute force attack or social engineering. That machine’s access to SAP now poses a security risk to SAP itself. These types of threats require monitoring not only of SAP, but also supporting infrastructure (servers, databases, network) and all points of access to SAP.