SAP GRC access control and process control are automated tools to manage an internal security model, remediate compliance issues, and monitor potential business risks within an SAP system. When users have too much access in a system, they can damage the company and break compliance both by intentional misuse (e.g. using privileges to steal money or goods) and accidental misuse (e.g. by making a mistake in accounting or bypassing a quality control safeguard).