bca_icai grc approach sap.pdf
Post on 27-Feb-2018
219 Views
Preview:
TRANSCRIPT
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
1/33
Drive Enterprise ValueEnabled by SAP Governance Risk & Compliance solns
Murali Narayanamurthy
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
2/33
2011 SAP AG. All rights reserved. 2
Manage Enterprise Risk and Compliance
Manage access
risk and
prevent fraud
SAP GRC
Access Control
SAP GRC
Access
Approver -
mobile
application
Access Risk
Management
Controls &
Compliance
Monitoring
Ensure
effective
controls and
ongoing
complianceSAP GRC Process
Control
SAP GRC Policy
Survey - mobile
application
Enterprise Risk
Management
Preserve and
grow value
SAP GRC Risk
Management
Planning and
performing
Audits
Drive a unified
audit
management
function
SAP GRC Audit
Management
Fraud
detection and
investigation
Prevent, detect,
investigate,
and monitor
fraud patterns
and predictions
SAP GRC Fraud
Management
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
3/33
2011 SAP AG. All rights reserved. 3
SAPs Approach: Unified Governance Risk & Compliance
Unified GRC
Framework
Organizational
Objectives
Monitor Key Risk
Indicators
Policy
Management
Legal Compliance
Internal Controls
Effectiveness
Prevent Frauds
Risk Based Audit
Segregation of
Duties
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
4/33
2011 SAP AG. All rights reserved. 4
Standardizes on SAP Business workflow technology,supports more flexible and tailored access request and
approver views, simplifying the provisioning process Key Benefits
Business workflow
reduces manual tasks
and streamlines access
request processing
Leverage existing
resources for workflow
administration and
configuration
Faster and easier for
users to request the roles
they need.
Streamlined User Access Management
SAP
Business Suite
Other SAP
Applications
Heterogeneous
Environment
HR Systems
SAP HR
PeopleSoft HR
Other
IDM Systems
SAP IDM
Novell IDM
Other
Other
AC Direct Entry
Help Desk
More
Requestgenerated
RiskAnalysis
ManagerApproval
Automatedprovisioning
SOURCE CONFIGURABLE WORKFLOW RESULT
Mitigation
Exception
workflow
SAP
Mobility
Option
3
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
5/33
2011 SAP AG. All rights reserved. 5
Business Control Monitoring:Supplier Relationship Management Process
Are suppliers forcritical materialsdelivering on time?
Identify &QualifyVendors
EvaluateBids
Award &NegotiateContract
Implement
Strategic
Agreements
CreatePurchase
Order
DispatchElectronic
PO to
Supplier
ReceiveGoods orServices;
Inspect
ApplyAgreement
Terms &
Conditions
ApplySourcing
Rules
Execute
Procurement
ReceiveElectronic
Invoice
PaySupplier
(EFT)
Pay
Suppliers
AnalyzePerformance
AdjustContracts
Drive
Continuous
Improvement
Were sourcingpolicies followed inawarding contracts?
Are any criticalmaterials singlesourced?
Were any supplierpayment termschanged?
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
6/33
2011 SAP AG. All rights reserved. 6
Combining the power of different approachesSAP Fraud Management covers the full spectrum of fraud detection
Know fraud
behaviors
Unusual
behaviors
Similar, butdifferent from
known behaviors
Unknown fraud
behaviors
Know PatternsUnknown/complex
Patterns
Rules
Predictive
Algorithms
Hybrid combination of
Rules and Predictive Algorithms to detect fraud
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
7/33 2011 SAP AG. All rights reserved. 7
Investigation
Detection
Prevention
Monitoring
Alert
Notification
Fraud ManagementA Closed-loop, Cross-Functional Process
Fraud
Pattern
Analysis
Claim Handling
& Settlement
Inquire &
AnalyzeInvestigation
Integratio
n
Configuration
Platform
Evaluation &
Decision
Fraud Monitoring & Performance Optimization
From Claim Notification to Claim Closure
Define Rules
& Predictive
Models
Setup
Fraud Detection
Strategy
Calibration &
Simulation
Online
Detection
Mass
Detection
Fraud
Investigator
Business
AnalystCIO
Head of Claim
Management
Head of Fraud
Investigation
SAPFraudMan
agementforInsurance
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
8/33
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
9/33
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
10/33
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
11/33
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
12/33
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
13/33
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
14/33
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
15/33 2011 SAP AG. All rights reserved. 15
USER FRIENDLY INTERFACE TO HELPMATURE ALGORITHMS
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
16/33
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
17/33
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
18/33
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
19/33
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
20/33
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
21/33
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
22/33
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
23/33
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
24/33
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
25/33
2011 SAP AG. All rights reserved. 25
Monitor thresholds, effectiveness
of risk responses, and corrective
actions
Respond to risk after
balancing costs and
benefits
Analyze risk via scenarios, modeling,
& other factors to understand
exposure
Link risks, risk drivers,
risk indicators,
impacts and
responses
Plan risk management
within the context of value
to the organization
SAP Risk ManagementPreserve and grow value
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
26/33
2011 SAP AG. All rights reserved. 27
Intuitive Risk eat maps for prioritization and
action
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
27/33
2011 SAP AG. All rights reserved. 28
Define the context within which business risks are to be managed
Risk Planning(Bow-tie Builder)
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
28/33
2011 SAP AG. All rights reserved. 30
Identify and assess the impact of risk events on the business
Risk AssessmentBusiness context based assessments
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
29/33
2011 SAP AG. All rights reserved. 31
Evaluate and select the risks to be addressed and create risk responses
Risk ResponseImplement responses Superior mitigation with automation
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
30/33
2011 SAP AG. All rights reserved. 32
Monitor the effectiveness and completeness of the response actions
Risk MonitoringProactive risk management and prevention
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
31/33
2011 SAP AG. All rights reserved. 33
Enterprise Wide Integrated Governance Risk &
Compliance Example using SAP GRC Solutions
Develop andPackage External
Content
Enterprise Risks
Responses
ReduceControlAvoidAccept Transfer
RegulationsProcess
Procure to Pay
Vendor Mgmt
AP Invoicing
Process Risks
Fraudulent
invoices paid
Valid
invoices not
entered
Access Risks
User can
enter vendor
& POUser can
enter invoices
& payments
Controls
Review of new
vendors and
related invoice
support
AP SOD
rules in AC
Review of
uninvoiced
goods
receipts
Monitor
Access
Status
Mitigate
Access
Violations
Policies
Update and roll
out strengthened
security policy
Fraud
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
32/33
2011 SAP AG. All rights reserved. 34
Unified GRC
is the key step en route
to building the linkagefrom strategy to
execution, because you
can prove that linkage
works.
Increased visibility into
the impact of risk
against performance.
Improve predictability
and performance.
Allocate resources
and capital where it is
most needed
Achieving Benefits with Enterprise Risk and Control
Management
Confident Decisions
Predictable Performance
Strategic Alignment
-
7/25/2019 BCA_ICAI GRC Approach SAP.pdf
33/33
Thank You!
Murali Narayanamurthy
Director Office of the CFO & GRC
Solutions
SAP India Private Limited
(+91) 9820972906
murali.narayana.murthy@sap.com
top related