As part of its annual work plan for 2017, the Office of Internal Audit conducted an audit of SAP GRC (Governance, Risk and Compliance) Access Control and related modules implemented in WFP’s Enterprise Resource Planning (ERP) system, the WFP Information Network and Global System (WINGS II). The audit focused on the period from 1 January 2016 to 30 April 2017. The audit team conducted the field work between 18 May and 27 June 2017 at WFP headquarters in Rome. The audit was conducted in conformance with the International Standards for the Professional Practice of Internal Auditing.