Download - 29 Sap Governance Risk and Compliance
-
7/29/2019 29 Sap Governance Risk and Compliance
1/15
Governance,
Risk and Com pl ianc e
ManagementSAP Solu t ions fo r GRC
Holly RolandGRC Solutions MarketingSAP
-
7/29/2019 29 Sap Governance Risk and Compliance
2/15
SAP AG 2006, ESA /
Fragm ent a t ion inc reases r iskManaging r isk s is ever yones job
Supply Chain Customers & Channel
Human Resources
Employee safetycompliance
FinanceComplex, internationalcompliance requirements
Compliance / Risk OfficeDisconnected risk analysis
? Sales, ServiceHigh credit riskcustomers
ProcurementSupplier
black lists
Executives & Managers
Incomplete globalrisk profile
IT OperationsData leakage &
security
SALARIES
Board, Audit CommitteeExecutive compensation practices
-
7/29/2019 29 Sap Governance Risk and Compliance
3/15
SAP AG 2006, ESA /
Unident i f ied r i sk s im pac t perfor m ance
National Headlines
Agency Delayed ReportingTheft of Veterans DataMay 24, 2006, New York Times
Data Theft at Nuclear Agency
Went Unreported for
9 MonthsJune 10, 2006, New York Times
Bomb Scare shuts Ports
Terminal 18Aug 18, 2006,The Seattle Times
High Tech Manufacturer
Violates E.U. Pollution LawJul 06, 2006, CIO Tech Informer
-
7/29/2019 29 Sap Governance Risk and Compliance
4/15
SAP AG 2006, ESA /
Overc om e f ragm enta t ion , ga in t ransparency
w i t h GRC
Supply Chain Customers & Channel
Board, Audit CommitteeEvidence for decisions & directives
Compliance / Risk Office
Integrated risk analysis
Executives & Managers
Increased confidencein business results
IT OperationsSecure IT
infrastructure
ProcurementAnti-terrorist
trade practices
Finance
Global financial reportingcompliance
Human ResourcesEnvironmental health& safety compliance
Sales, ServiceBalancedcredit profile
SALARIES
-
7/29/2019 29 Sap Governance Risk and Compliance
5/15
SAP AG 2006, ESA /
Imp lement m anagem ent by exc ept ionTurn GRC in t o a s t ra te g ic advanta ge
Available
forInvestment
HolisticApproach
TacticalApproach
Cost of GRC
# of GRC projects
-
7/29/2019 29 Sap Governance Risk and Compliance
6/15
SAP AG 2006, ESA /
SAP Solut ions fo r GRCThe f ramew ork fo r a hol i s t i c approach t o GRC
Business Process
Business Process Platform
SAP Solutions for GRC
Cross-Industry GRC
Access Controls GlobalTrade
Environment
Process Controls
Risk Management
GRC Repository: Documentation & Monitoring
Industry-Specific GRC
Business Applications
-
7/29/2019 29 Sap Governance Risk and Compliance
7/15
SAP AG 2006, ESA /
SAP GRC Ec osys t em 2Bui ld the com muni t y, de l iver best prac t ices, ex t end the va lue
SAP GRC Ecosystem2
Business Process
Business Process Platform
SAP Solutions for GRC
Cross-Industry GRC
Access Controls GlobalTrade
Environment
Process Controls
Risk Management
GRC Repository: Documentation & Monitoring
Industry-Specific GRC
Business Applications
-
7/29/2019 29 Sap Governance Risk and Compliance
8/15
SAP AG 2006, ESA /
SAP GRC Repos it or yCentr a l syst em of r ecor d dr ives governance, inc reases t ransparency
Centralizes knowledge baseof content contributed fromGRC Ecosystem2
Rationalizes controls againstmultiple frameworks
Stores evidence to supportexecutive decisions andboard directives
Performance
Measures &
Benchmarks
Regulations
& Industry
MandatesRisk & Control
Libraries
Corporate
Policies &
Procedures
BOD &
Committee
Minutes
GRC
Repository
Best PracticesControl
Frameworks
(COBIT, JSOX, )
Advisory Services
(Auditors, Attorneys)
Internal
Policies
Governmental
Agencies
Influence
Councils
-
7/29/2019 29 Sap Governance Risk and Compliance
9/15
SAP AG 2006, ESA /
Plan
Identify&
Analyze
Respond
Monitor
SAP GRC Risk Mana gem entAw ard-w inning appl ic at ion balanc es oppor t uni t y and r isk
Balances opportunitieswith financial, legal, andoperational risks
Increases accuracy andpredictability of risks at alllevels of the enterprise
Minimizes impact of marketpenalties from high-impactevents
Establish risk appetite
and thresholds
Collaborate and aggregateacross the enterprise
Balance cost of risk avoidanceand opportunity
Actionable, role-baseddashboards & alerts
-
7/29/2019 29 Sap Governance Risk and Compliance
10/15
SAP AG 2006, ESA /
Envi ronm ent a l Produc t Com pl ianceCom pl ianc e for Produc t s - based on SAP Environm ent , Heal t h and Safet y
SAP EH&SComprehensive and complete business solution for environment, health and safety management
Industry SpecificCross-Industry
SAP xEMEmissions
Management
CfPCompliance
forProducts
OccupationalHealth
IndustrialHygiene
and Safety
WasteManagement
EmissionsManagement
ProductCompliance
HazardousSubstance
Management
ProductSafety
DangerousGoods
Management
Implemented Design for Environment & Compliance to reduce operationalcosts (by 505 in some areas) while staying compliant
Simplified environmental reporting and transparency
-
7/29/2019 29 Sap Governance Risk and Compliance
11/15
SAP AG 2006, ESA /
Cross-Indust r y GRCSec ure and exped i t e cross-border t ransac t ions
ImportManagement
TradePreference
Management
RestitutionManagement
ExportManagement
Expedite customsclearance to reducecostly buffer stock
Make the most ofinternational trade
agreements
Take advantageof export refunds
Avoid delays atborders to ensure
fast delivery tocustomers
SAP Global Trade Services
Ensure full regulatory compliance, expedite customs clearance, mitigate financial risk of
global transactions, take full advantage of international trade agreements
35 documents for cross-border shipments
600 trade laws
500 trade agreements
-
7/29/2019 29 Sap Governance Risk and Compliance
12/15
SAP AG 2006, ESA /
Ef fec t ive GRC pays of f
Up 27%
Up
25.7%
Down 5.7%
I-C weaknessin 04, but none
in 05
No I-Cweaknesses
in 04 or 05
Reported I-Cweakness in
both 04 and 05
Share-pr ice per fo rm ance o f com pan ies com ply ing w i th
in t ernal -c ontr o l ru les ca l led for under SOX
Source: Wall Street Journal, Lord & Benoit, LLC
-
7/29/2019 29 Sap Governance Risk and Compliance
13/15
SAP AG 2006, ESA /
Aut om at ed GRC m anagem ent w i l l
inc rease t he gap in shareho lder va lue
Up 30%
Up 20%
Down 10%
RemediatedInternal Control
weaknesses fromprevious year
No InternalControl
weaknesses
ContinuedInternal Control
weakness reported
-
7/29/2019 29 Sap Governance Risk and Compliance
14/15
SAP AG 2006, ESA /
SAPs Commitment
Most ComprehensiveFramework
Part of Every Process
Risk Intelligence
GRC Partner Ecosystem
SIMPLICITYA hol is t ic solut ion for gover nanc e, r isk and c om pl ianc e m anagem ent
ServicePartners
Co
ntentPartners
Technolo
gyPartners
Business Process
Business ProcessPlatform
SAP Solutions for GRC
Cross-Industry GRC
AccessControls
Global Trade Environment ProcessControls
Risk Management
GRC Repository: Documentation and Monitoring
Industry-Specific GRC
Business Applications
-
7/29/2019 29 Sap Governance Risk and Compliance
15/15
Governance,
Risk and Com pl ianc e
ManagementSAP Solu t ions fo r GRC