Sap Solutions For Governance Risk And Compliance And Grc Access Control 3 doc

SAP ERP Financials

SAP Solutions for

Governance, Risk, and

Compliance and

SAP GRC Access Control

Rainer Salaw, CPA

SAP Deutschland AG & Co KG

Regional Solution Sales GRC

EMEA

Barbara Mayer

Enterprise Risk Management,

SAP Consulting

SAP ERP Financials

SAP Solutions for

Governance, Risk, and

Compliance and

SAP GRC Access Control

Rainer Salaw, CPA

SAP Deutschland AG & Co KG

Regional Solution Sales GRC

EMEA

© SAP AG 2007, SAP Skills 2007 Conference / G3 / 3

GRC as part of SAP Financials

Challenge for GRC

GRC-Suite in detail

Value proposition

AGENDA

The Fast Track to SAP Knowledge

© SAP AG 2007, SAP Skills 2007 Conference / G3 / 4

GRC as part of SAP Financials

Challenge for GRC

GRC-Suite in detail

Value proposition

AGENDA

The Fast Track to SAP Knowledge

© SAP AG 2007, SAP Skills 2007 Conference / G3 / 5

Gartner “Strong Positive”

About SAP GRC Access Control

„ SAP is the only vendor with a “Gartner recommends” rating

in all technique categories (Static analysis, provisioning support,

integrated provisioning workflow, transaction monitoring and

emergency access)

„ “… offers one of the strongest product sets in our analysis,

comprehensively addressing all SoD issues across multiple SAP

instances”.

„ “…capable of running on multiple ERP platforms…”

1 Gartner - MarketScope for Segregation of Duties Controls Within ERP, 2007

Rating

Strong

Negative

Caution Promising Positive Strong

Positive9

© SAP AG 2007, SAP Skills 2007 Conference / G3 / 6

mySAP ERP Financials

Corporate

Performance

Management (CPM)

Accounting &

Finance Transformation

Financial

Supply Chain

Management (FSCM)

Governance, Risk,

and Compliance

(GRC)

Strategy

Management

(Balanced Scorecard)

Consolidation

Planning

FI, FI-AA, FI-AR/AP

NewGL, CO, PCA

Credit Mgmt.,

Collections Mgmt.

Dispute Mgmt.

FI-CA, Biller direct,

In-house Cash

Governance, Risk,

and Compliance

(GRC)

mySAP

ERP Financials

Internal regulations /

ethical standards

strategic/operative Risks

External regulations /

compliance to laws

© SAP AG 2007, SAP Skills 2007 Conference / G3 / 7

GRC as part of SAP Financials

Challenge for GRC

GRC-Suite in detail

Value proposition

AGENDA

The Fast Track to SAP Knowledge

© SAP AG 2007, SAP Skills 2007 Conference / G3 / 8

Business Case: „…the True Information Age“

„In 2010 the need for fast,

accurate and reliable

information will be increased

significantly.

In four areas the demand will

be raised most. Two of them

are:

„ Risk Management

„ Governance

© SAP AG 2007, SAP Skills 2007 Conference / G3 / 9

Supply Chain Customers & Channel

Human Resource

environmental health

& safety

Finance

complex, international

Compliance requirements

(e.g. Revenue recognition)

Compliance / Risk Office

high level risks, not

proactive

? Sales

Credit risks,

Customer

ratings

Purchasing

Supplier rating

& “embargo

lists”

Management

no overview about

risk portfolio

IT

IT Security; SOD￾management,

Fraud

SALARIES

Supervisory board, internal audit

almost manual, sample based, not

error free controls

Fragmented Processes and Systems: A Risky Situation !

© SAP AG 2007, SAP Skills 2007 Conference / G3 / 10

Supply Chain Customers & Channel

Supervisory board, internal audit

documented decisions, audit trail

Compliance / Risk Office

Real time risk analysis,

integrated view

Management

Transparency about risks

=> max. confidence !

IT

highly secured IT￾Systems

Purchasing

transparent

rating,

compliance to

trace

regulations

Finance

Compliance in group

reporting processes

Human Resource

compliance to

environmental standards

Sales

transparent

customer

solvency

SALARIES

Gain Confidence by Proactive Transparency with SAP GRC

© SAP AG 2007, SAP Skills 2007 Conference / G3 / 11

Fragmentation vs. Holistic Approach to GRC

Business Process Platform

SAP Solutions for GRC

Cross-Industry GRC

Access Controls Global Trade Environment Process Controls

Risk Management

GRC Repository: Documentation and Monitoring

Industry-Specific GRC

Business Applications

?

Information

Security SOX

Compliance

Risk

Mgmt Internal

Audit

Information

Security

From Fragmented Risk

& Compliance…

Risk

Mgmt

SOX

Compliance

Internal

Audit

… to Holistic GRC

© SAP AG 2007, SAP Skills 2007 Conference / G3 / 12

GRC Suite

Access

Control

Risk

Management

Process

Control

Compliance

Calibrator

Role Expert Access

Enforcer

Fire Fighter

Cross industry solution Industry specific solutions

Global

Trade

Services

(GTS)

Environment,

Health &

Safety

(EH&S)

… more Solutions

GRC Suite

Functions for All Process Orientated Risks and Regulations

© SAP AG 2007, SAP Skills 2007 Conference / G3 / 13

GRC Suite

Access

Control

Risk

Management

Process

Control

GRC-Repository

SAP GRC Access Control

Risk Analysis and

Remediation

Enterprise Role

Management

Compliant User

Provisioning

Super User

Privilege

Management

Cross industry solution Industry specific solutions

Global

Trade

Services

(GTS)

Environment,

Health &

Safety

(EH&S)

… more Solutions

GRC Suite

Functions for All Process Orientated Risks and Regulations

© SAP AG 2007, SAP Skills 2007 Conference / G3 / 14

SAP Solutions for GRC

Framework for an integrated GRC-Solution

Business Process Platform

Business Applications

Business Process

„ GRC as an integrated part

of all business processes

„ leverage integration

through high automation

(e.g. automatic controls)

„ Group-wide utilization, open

architecture (usage of SAP´s

technology platform Æ no

limitation to SAP-ERP systems)

SAP GRC Access Controls