Advisory

Excerpt from:

Transform your SAP organization and deliver business value through

IDM-GRC integration and role redesign initiatives Strictly Private

and Confidential

March 18, 2014

Peter Hobson PricewaterhouseCoopers

Agenda

Page

1 Session Overview 1

2 Key Terms 4

3 Implementing the solution 10

4 Transforming the organization 17

5 Key Considerations 20

6 Value Delivered 27

7 Key Takeaways 30

PwC

March 18, 2014

Session Overview

1

Section 1

Transform your SAP organization and deliver business value - through • IDM-GRC integration and role redesign initiatives

PwC

March 18, 2014

Session Overview

In this session, we will discuss how to transform you SAP operations and drive business value through SAP role redesign and IDM-GRC integration. The discussions will include:

1. How to design a single set of SAP security roles to manage multiple business units, locations and SAP systems

2. How to deploy an integrated Identity Access Management – SAP GRC Access Control 10 (IdM-GRC) solution to standardize and automate the SAP access request, approval and provisioning processes across multiple business units, locations and SAP systems

3. How IdM-GRC and role redesign projects can lead SAP organization transformation efforts

4. A review of the business, compliance and IT benefits that can be realized from these efforts, such as reductions in user downtime and fraud risk.

2

Transform your SAP organization and deliver business value - through • IDM-GRC integration and role redesign initiatives

Section 1 – Session Overview

PwC

March 18, 2014

Key Takeaways

At the end of this session, you will understand how:

1. Effective role design and automated provisioning tools deliver value far beyond IT; the business and compliance also benefit

2. Global templates, tools and processes are possible and value-add for even the largest, most complex organizations

3. Role design and IdM-GRC can be the catalyst to achieve strategic, organizational goals

3

Transform your SAP organization and deliver business value - through • IDM-GRC integration and role redesign initiatives

Section 1 – Session Overview

PwC

March 18, 2014

Key Terms

4

Section 2

Transform your SAP organization and deliver business value - through • IDM-GRC integration and role redesign initiatives

PwC

March 18, 2014

Key Terms

The following slides will provide definitions for key terms used throughout this presentation, including:

1. Four tiers of SAP access

2. Task-based with enabler role design

3. SAP GRC Access Control 10.x (GRC 10)

4. Identity Management Tool (IdM)

5

Transform your SAP organization and deliver business value - through • IDM-GRC integration and role redesign initiatives

Section 2 – Key Terms

PwC

March 18, 2014

What you can do

Task roles

Enabler roles

New York Chicago Consumer Products

Services

GL Document Parking

GL Document Posting

AR Invoice Parking

FI Common Display

AR Common Display

User General

Where you can do it

End User Access

6

Transform your SAP organization and deliver business value - through • IDM-GRC integration and role redesign initiatives

Section 2 – Key Terms

Tier 1: General Access

Access that is common to all users. Examples include SAP inbox and printing.

Tier 3: Functional Access

Functional access is broken down into role groupings based on static system tasks. Task based roles are SOD free.

Tier 2: Display Access

Display access is comprised of transactions specifically scripted to view and report on data within SAP.

Tier 4: Enabler Access Control points provide access to intentionally controlled data within the system. Examples include Plant and Company Code specific data.

What are the four tiers of SAP Access?

PwC

March 18, 2014

What is the task-based with enabler role approach?

8

Transform your SAP organization and deliver business value - through • IDM-GRC integration and role redesign initiatives

Section 2 – Key Terms

Business Unit

Co Code

Tier 4

Use

r 1

Use

r 2

Use

r 3

Use

r 4

Use

r 5

FI Document Reversals

FI Document Processing

FI Common Display

User General

SB

WP

SU

53

FB

01

FB

02

FB

05

FB

08

F.8

0

F.8

1

FB

00

FB

03

FB

V3

Tier 1 Tier 2 Tier 3 Tier 3

What (Task Based Roles) Where (Enabler)

GL Supervisor

Virtual Job Roles

Location

Plant

PwC

March 18, 2014

Monitor emergency access and transaction usage

Certify access assignments are still warranted

Define and maintain roles in business terms

Automate access assignments across SAP and non-SAP

systems

Find and remediate SoD and critical access violations

SAP_ALL

X

Legacy

8

Transform your SAP organization and deliver business value - through • IDM-GRC integration and role redesign initiatives

Section 2 – Key Terms

What is SAP GRC Access Control 10.x (GRC 10)?

PwC

March 18, 2014

What is IdM?

Identity Management (IdM) tools are enterprise-wide, cross-application solutions that automate and increase the transparency around user access and entitlement administration. IdM tools offer a wide range of functionality, including:

• Automated provisioning to new and existing users

• Automated password resets

• Single-sign on

• Ability to customize forms and functionality to enhance the user experience

Example IdM solutions:

• SAP IdM

• CA Identity and Access Management (IAM)

• Oracle Identity Management

• IBM Tivoli Identity Manager

• Microsoft Forefront Identity Manager (FIM)

9

Transform your SAP organization and deliver business value - through • IDM-GRC integration and role redesign initiatives

Section 2 – Key Terms

PwC

March 18, 2014

Release 5: LAR 5,063 Users 88% Role Reduction 1% SOD Reducation

Release 4: Ireland 1,125 Users 76% Role Reduction 64% SOD Reduction 431 IDM-GRC Requests

Pilot: Jordan 254 Users 75% Role Reduction 58% SOD Reduction 109 IDM-GRC Requests

Release 6: Middle East 1,636 Users 85% Role Reduction 45% SOD Reduction 109 IDM-GRC Requests

Release 7: Europe 1,103 Users 80% Role Reduction 14% SOD Reduction

Release 2: Eastern Europe 2,355 Users 88% Role Reduction 24% SOD Reduction 960 IDM-GRC Requests

Example Project Impact

29

Transform your SAP organization and deliver business value - through • IDM-GRC integration and role redesign initiatives

Section 6 – Value Delivered Overall 7 releases 13,007 Users 90% Role Reductions 44% SOD Reduction 2,088 IDM-GRC Requests

Release 3: Asia-Pacific 1,725 Users 96% Role Reduction 47% SOD Reduction 588 IDM-GRC Requests

PwC

March 18, 2014

Key Takeaways

At this point, you should have an understanding of how:

1. Effective role design and automated provisioning tools deliver value far beyond IT; the business and compliance also benefit.

2. Global templates, tools and processes are possible and value-add for even the largest, most complex organizations.

3. Role design and IdM-GRC can be the catalyst to achieve strategic, organizational goals

31

Transform your SAP organization and deliver business value - through • IDM-GRC integration and role redesign initiatives

Section 7 – Key Takeaways

PwC

March 18, 2014

Questions

Peter M Hobson PwC | Director 646 471 0203 peter.m.hobson@us.pwc.com peter.m.hobson@us.pwc.com

Section 7 – Key Takeaways

32

Transform your SAP organization and deliver business value - through • IDM-GRC integration and role redesign initiatives

2:30 pm - 3:45 pm | Raymond Mastre, PwC SAP Security Part 2: Advanced concepts for SAP Access Control and SAP ECC security and design Thursday, March 20 8:30 am - 9:45 am | Gordon Roland, PwC Creating controls to monitor purchasing and accounts payable processes in SAP 12:45 pm - 2:00 pm | Ram Gopalakrishnan, PwC Creating a single version of truth: Leading practices for integrating SAP Business Planning and Consolidation with multiple back-end sources 2:34 pm - 4:00 pm | Taylor Hassan, PwC How to successfully use the business rule engine (BRF+) in SAP Process Control to assess system usage and improve system performance 4:15 pm - 5:30 pm | Kyle Lindquist, PwC Designing a chart of accounts that supports fast closes and smoother reporting 4:15 pm - 5:30 pm | Mayur Iyyanki, PwC How to enhance the credit approval process using documented credit decision functionality Friday, March 21 8:30 am - 9:45 am | Manish Dharnidharka, PwC A step-by-step guide to leveraging Inter-and Intra-company processing in SAP General Ledger

Tuesday, March 18 10:15 - 11:30 am | Brian Perrotto, PwC Mitigate financial risks and automate the testing of financial controls using SAP Process Control 12:00 pm - 1:15 pm | Jonathan Levitt, PwC Glean greater value from your SAP audits: It’s not just about compliance 12:00 pm - 1:15 pm | Sundeep Gupta, PwC Leading practices to manage transfer pricing in SAP with and without the SAP Material Ledger 12:00 pm - 1:15 pm | Peter Hobson, PwC Transform your SAP organization and deliver business value through IDM-GRC integration and role redesign initiatives 4:15 pm - 5:30 pm | Roberta Wang, PwC Effective methods for maintaining compliance with Foreign Corrupt Practice Act (FCPA) 4:15 pm - 5:30 pm | Sundeep Gupta, PwC How to solve overhead cost allocation challenges without the need for enhancements or custom coding Wednesday, March 19 8:30 am - 9:45 am | Prasad Boddupalli, PwC Solve critical asset management challenges utilizing standard SAP integration techniques 11:45 am - 1:00 pm | Raymond Mastre, PwC SAP Security Part 1: A beginner’s guide to SAP Access Control and fundamental security concepts within SAP ECC

Thank you

Not for further distribution without the permission of PwC

The information contained in this document is shared as a matter of courtesy and for information or interest only. PwC has exercised reasonable professional

care and diligence in the collection, processing, and reporting of this information. However, data used may be from third-party sources and PwC has not

independently verified, validated, or audited such data. PwC does not warrant or assume any legal liability or responsibility for the accuracy, adequacy,

completeness, availability and/or usefulness of any data, information, product, or process disclosed in this document; and is not responsible for any errors or

omissions or for the results obtained from the use of such information. PwC gives no express or implied warranties, including, but not limited to, warranties or

merchantability or fitness for a particular purpose or use. In no event shall PwC be liable for any indirect, special, or consequential damages in connection with

use of this document or its content. Information presented herein by a third party is not authored, edited or reviewed by PwC and PwC is not endorsing third

parties or their views. Reproduction of this document or recording of its presentation, in whole or in part, in any form, is prohibited except with the prior written

permission of PwC. Before making any decision or taking any action, you should consult a competent professional adviser.

This document contains information that is confidential and/or proprietary to PricewaterhouseCoopers LLP and may not be copied, reproduced, referenced,

disclosed or otherwise utilized without obtaining express prior written consent from PricewaterhouseCoopers in each instance.

© 2014 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. PwC refers to the United States member firm, and may

sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. This document is for

general information purposes only, and should not be used as a substitute for consultation with professional advisors.

PwC

To learn more, visit

www.pwc.com/us/sap

PwC

March 18, 2014

Disclaimer

SAP, R/3, mySAP, mySAP.com, SAP NetWeaver®, Duet®, PartnerEdge, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Wellesley Information Services is neither owned nor controlled by SAP.