march 17-20 • las vegaswpc.0b0c.edgecastcdn.net/000b0c/ems_rep/downloads/... · march 17-20 •...

This education program has been approved for 35.5 CPE creditsSee page 5 for details.

SAPinsider Events @InsiderGRC | #GRC2015www.GRC2015.com

March 17-20 • Las VegasThe premier event for SAP® governance, risk, audit, and complianceA collaboration of SAP and SAPinsider

Join Us!

For more information and to register, visit www.GRC2015.com or call SAPinsider at +1-781-751-8700

Overview

2

SchedulePre-Conference

Workshops Main ConferenceMonday, March 16

8:00 am Registration opens

9:00 am Pre-Conference Workshops

12:00 pm Lunch

1:00 pm Pre-Conference Workshops

Tuesday, March 17 7:30 am Registration

8:30 am Keynote address

9:45 am Refreshment break

10:00 am Breakout sessions



12:45 pm Lunch

2:00 pm Breakout sessions

3:15 pm Refreshment break

3:30 pm Keynote address



6:00 pm Welcome seception

6:15 pm Ask the Experts

Wednesday, March 18 8:00 am Registration opens




11:45 am Lunch

12:00 pm Speed networking






5:45 pm Cocktail hour

6:00 pm Ask the Experts

Thursday, March 19 8:00 am Registration opens




11:45 am Lunch


2:15 pm Meet the exhibitors




Friday, March 20

8:00 am Registration opens






12:45 pm Conference concludes

While there remains no doubt about the desire by Boards of Directors, CEOs and other senior business leaders for the CFO and their supporting finance departments to evolve into more strategic business partners, the certainty that this will occur is in jeopardy. What was the major topic at last year’s event is now an expectation of the finance profession to have a thorough understanding of business operations, while working alongside their line-of-business peers to focus resources and, ultimately, define their company’s strategy to meet targets for profitable growth. While it’s a safe bet that tomorrow’s finance leaders will still be applying the familiar skill sets of today in responding to the needs for funding capital at optimal cost, managing an increasing burden of compliance requirements, and providing ever more

transparent and real-time reporting and forward-looking disclosure, their ability to truly become a leading enabler of strategic direction and profitable growth, so often discussed today, remains an open question.

At Financials 2015 and GRC 2015, we will support you in better understanding your options: while advances in technology are enabling Chief Financial Officers to provide significantly more financial data and information much faster to other line-of-business decision makers, major gaps remain when it comes to how to effectively translate data into analysis that those outside of the finance function can understand and use in a meaningful way. Innovate your finance processes and supporting systems without disrupting your core duties!

This event is your opportunity to network with peers who face the same challenges you are facing and to directly access SAP solutions experts to help you understand how you can meet your specific business goals. Learn from other customers that went that path you’re aiming for. I hope that you will join us, your industry peers, and the SAP ecosystem in Las Vegas to engage in fruitful discussions and ensure that you are enabled for success.

Sincerely,

Thack BrownSenior Vice President, General Manager and Global Head Line of Business Finance SAP


Overview

3

Pre-Conference Workshops • Monday, March 16

Main Conference, March 17-20 • More than 90 sessions spanning 8 tracks

Track 1 2015 GRC leadership, processes, and strategy Page 8

Track 2 Access control, role design, and segregations of duties Page 10

Track 3 System security, IT governance, and control optimization Page 14

Track 4 Process control, control automation, and continuous control monitoring

Page 17

Track 5 Building, interpreting, and adding custom capabilities to GRC reports Page 19

Track 6 Implementations, upgrades, and migrations Page 21

Track 7 Fraud and audit management Page 23

Track 8 GRC and regulatory updates for finance teams Page 25

Special three-hour Pre-Conference Workshops hosted on this day offer you the opportunity to fortify your understanding of key SAP concepts and technologies, explore new trends and strategies, and enhance your learning experience at the main conference. Advance sign-up is required.

Page 6

Attendee Profile

Geographic DistributionExtensive draw from Europe, with a smaller portion from Africa, EMEA, and North America.

83.3%7.4%3.7%3.7%2.0%

EuropeOtherAfrica

Middle EastNorth America

0 10 20 30

30.7%

10.7%

10.0%

8.7%

7.7%

6.2%

3.5%

3.5%

2.5%

2.2%

2.2%

2.2%

1.7%

1.5%

1.5%

1.5%

1.2%

1.2%

1.0%

IndustriesA wide range of industries across multiple sectors are represented at SAPinsider

conferences.

GRCProfessionals

A sample list of Who Should Attend

Vice President of Compliance

Compliance Manager

External Auditor

Internal Auditor

IT ManagerSystem Analyst

Security EngineerSecurity Specialist

Risk and Control Specialist

Professional Services

Consumer Products

Software

Oil & Gas

Healthcare & Pharmaceuticals

Other

Aerospace & Defense

High Tech & Electronics

Telecommunications

Banking & Finance

Engineering, Construction & Operations

Industrial Machinery & Components

Utilities & Waste

Building Materials

Chemicals

Public Sector

Media

Retail

Passenger & Cargo Services

For more information and to register, visit www.GRC2015.com or call SAPinsider at +1-781-751-8700 4


Overview

5

Educational and Networking Opportunities

Pre-Conference WorkshopsSpecial Pre-Conference Workshops hosted on this day offer you the opportunity to fortify your

understanding of key SAP concepts and technologies, explore new trends and strategies, and enhance your learning experience at the main conference. Advance sign-up is required.

Ask the ExpertsPull up a chair in the Ask the Experts area of the Exhibit Hall and spend one-on-one time with the top experts. Learn from their real-world expertise and get specific insights on

topics and questions that matter to you most.

Panel DiscussionsThese sessions are informal, interactive get-togethers where SAP customers can ask panelists their most pressing questions. Each panel will be moderated by a subject-

matter expert. You do not need to sign up in advance to attend, and there is no formal agenda. Just come with your list of questions in hand.

Speed NetworkingYou’ve heard of speed dating— now try speed networking! Participants will have 5 minutes to make their initial introductions and converse before moving on to meet

another contact. An emcee will provide instructions and keep things moving. Forge new relationships and build a lasting network of peers you can call on for years to come.

Evening ReceptionInteract with the best and the brightest minds working with SAP software. Build a lasting network of peers and meet with leading product and service vendors.

2 Conferences – 1 LocationGRC 2015 is co-located with Financials 2015. Registration at one event admits you to both at no additional cost. Please visit

www.GRC2015.com or www.financials2015.com for details.

CPE CreditsThis education program has been approved for 35.5 CPE credits. Advance your career and keep your certification current. Earn credits by attending sessions offered at GRC 2015.


Join us for Pre-Conference Workshops Monday, March 16

Pre-Conference Workshops

Special deep-dive sessions that enable you to: � Explore new trends and strategies

� Enhance your learning experience at the main conference

By registering for Pre-Conference Workshops, you can:

� Attend any sessions of interest to you � Benefit from expert-led instruction, demos, guidelines, and dedicated

question-and-answer time � Gain online access to the session slides and take-homes � Participate in a networking lunch with other attendees

Pre-Conference Workshops continued on next page

Faced with a complex SAP landscape? Tips and tricks for managing and administering your GRC systemsPrem Balraj, SAP

Attend this session and meet directly with one of SAP’s Senior GRC Support Engineers and learn tips and tricks for managing and administering your GRC system. By attending this session, you will:

y Hear recommendations for performance tuning and sizing your 10.x system

y Learn how to quickly identify the root cause of problems and find existing solutions using SAP’s new automated note search tool

y Equip yourself with leading practices and a better understanding of the most effective ways to manage users, roles, profiles, and logon data in the Central User Administration (CUA)

y Get practical advice for setting up distribution parameters within your transactions to determine where individual parts of a user master record are maintained

y Get answers to frequently asked support questions and hear suggestions for logging messages in the SAP Service Marketplace

y Get an overview of support tools available to SAP customers and how they apply to different GRC applications

Morning session • 9:00 am – 12:00 pm


Running SAP Governance, Risk, and Compliance solutions on SAP HANA: A functional and technical overviewNesimi Buelbuel and Andreas Nissen, SAP

Attend this three-hour comprehensive session to get a solid understanding for running your SAP GRC solutions on SAP HANA®. Through lecture and live demonstration this session addresses the most important questions anyone evaluating SAP HANA must consider, including:

y What exactly is SAP HANA and how can it support my existing GRC solutions?

y What GRC processes are most likely to be improved as a result of utilizing SAP HANA?

y What type of deployment scenario is best suited for my organization: SAP HANA Enterprise Cloud, on-premise, or SAP HANA Cloud Platform?

y What are the key steps for performing an on-premise install and setup?

y What new features and functionality are now available for SAP GRC 10.1 run on SAP HANA

y What is the time frame for getting SAP HANA up and running?

Attendees will come away with a clear and detailed understanding of what running GRC applications on SAP HANA entails is and how it operates from both a technical and functional perspective.

Pre-Conference Workshops

The impact of big data on finance and GRC security: How to trade IT complexity for business agilityManish Dharnidharka, Peter Hobson, and Frank Rinaldi, PwC

This comprehensive session will examine how big data is leading to a fundamental shift in how businesses create value. Learn how by utilizing big data, organizations can better focus on data exploration, predictive analytics, and real-time decision making in the areas of finance and GRC. During this comprehensive three-hour session, you will hear:

y The types of opportunities big data creates as it relates to SAP’s finance and GRC systems

y Practical use cases taken from real-world client examples that cite the benefits of big data

y How SAP Business Suite built on SAP HANA can be used as a key technology enabler in transforming the finance function

y How to more efficiently perform access control and segregation of duties (SoD) conflict analysis based on data from multiple systems

y Step-by-step advice for utilizing SAP’s dynamic ad-hoc reporting capability, which drives more user analysis with less IT intervention

y Critical lessons to minimize impact on operations and system performance when gathering data and performing analysis

Afternoon sessions • 1:00 pm – 4:00 pm

Keynote Address


Keynote Address

Keynote AddressSimplifying finance in an increasingly complex worldThack Brown, Senior Vice President, General Manager and Global Head Line of Business Finance, SAP America

Panelist: Celina Rogers, CFO Magazine and Bill McNee, Saugatuck Technologies

Finance transformation has been a hot topic for the last couple of years. Finance organizations are well aware that the time for transformation is NOW. Market complexity and volatility, the need to create greater business value, and ever present cost and compliance pressures are driving finance executives to change. Innovation in technology – Big Data, Cloud, and the mobile, collaborative work style of the Millennial workforce to name a few – demand a fast re-thinking of what constitutes a successful finance business model. In his keynote speech, Thack Brown – Senior Vice President, General Manager and Global Head Line of Business Finance – will share SAP’s vision of the modern finance department. Thack will be joined by a panel of thought leaders to look at the challenges and opportunities CFOs face today – and how SAP Simple Finance offers the agility and capabilities needed to address them. Thack’s opening session is a must for finance leaders looking for a new, competitive way to do business. Learn how you can start your journey to business transformation with SAP Simple Finance.

Thack Brown

Track 1 continued


GRC 2015 spotlight session

SAP solutions for governance, risk, and compliance (GRC): Product updates, strategy, and roadmapKevin McCollom, SAPLearn how SAP continues to invest in solutions that enable customers to proactively prevent risk events and compliance violations. During this session:

y Find out what’s new in version 10.1 of SAP solutions for GRC and how the latest offerings can be leveraged to protect the value of your organization

y View a demo of the most recent solution added to the GRC portfolio that is powered by SAP HANA and designed to support the needs of internal audit teams

y Hear real-world use case scenarios of how leading organizations are leveraging enhanced capabilities delivered in version 10.1 to maximize business performance and sharpen their competitive edge

Leading security, controls, and GRC trends for top-performing companies: How does your organization stack up? Mick McGarry, KPMGHow does your organization stack up against leading companies in the areas of security, controls, and GRC? In this session, walk through a maturity model that provides the core characteristics of top-performing organi-zations, including what separates them from bottom-performing organizations. Examine:

y The two primary factors this model is built upon, including:

– An organization’s process and control "IQ"

– The degree of GRC technology adoption to support those process and control environments

y Top characteristics of compa-nies in both the top and bottom quadrants of the maturity model

y Where your company fits into the maturity model

y What opportunities exist for improve-ment, allowing you to better plan future roadmaps and build a business case for wider adoption

Achieving collaborative GRC accountability: The power of successful communication between the business and ITTracy Levine, itelligenceThis session will highlight the importance of collaboration between the business and IT within the realm of SAP Access Control, SAP Process Control, and SAP Risk Management and provide a better understanding of the communication opportunities within GRC. During this session:

y Learn what steps you can take to eliminate common fractures such as overlapping responsibilities, processes and systems, as well as gaps or other inefficiencies from your GRC processes

y Develop a deeper understanding of the key stakeholders and contributors as part of GRC, including who participates and at what stages, why they partici-pate, and how they perform these tasks

y Walk through common instances of separation of powers within GRC and key examples of how collaboration drives checks and balances within the system

SAP Governance, Risk, and Compliance Think Tank: How to improve your company’s use of GRC Alan Edmunds, EYWhether you are in the inception stage of SAP GRC or in a position to streamline compli-ance-based activities, there are plenty of lessons to be learned and shared across customers, system integrators, and SAP alike. This interactive session will serve as an open forum using Think Tank technology to allow everyone to anonymously collaborate on the design, implementation, and use of GRC solutions:

y Hear from your peers what GRC components and features are being used successfully and why they were successful

y Identify challenges with current GRC solutions and how to best combat them

y Share your own ideas and tips that other customers can then use in their own implementations and GRC projects

Mastering the last mile of GRC: User engagement Gavin Campbell, IntegrcLearn how to improve user adoption and perception of GRC in your organization by mastering the user experience. This session covers both the practical processes and technologies available to enhance your users’ experience of SAP GRC solutions. During this session:

y Understand what drives a better user experience, including management reporting, mobility, application personalization, SAP Fiori apps, and SAPUI5 interface

y Walk through live demos in SAP Access Control, SAP Process Control, SAP Risk Management, and SAP Fraud Management and learn how a few simple localizations can enhance and optimize the user experience offered by standard SAP GRC

y Explore lessons learned on how SAP GRC processes, like user request workflows, can also be optimized to ensure that they are relevant, appro-priate, adopted, and supported by users

Track 1

Track 1 continued on next page

2015 GRC leadership, processes, and strategy

Track 1 continued


Panel discussion

How companies leverage SAP solutions for GRC to safeguard assets, prevent fraud, and comply with complex regulationsModerator: Kent Cowsert , KPMG ; Panelists: Joshua Moench, MillerCoors; Michelle Womack, Cargill; Rajashree Londhe, Johnson Controls; Sangram Dash, eBay; Praveen Nair, CaterpillarAttend this lively discussion to hear ideas, experiences, and perceptions — from panel members representing various business functions — regarding opportunities compa-nies can leverage to benefit from SAP solutions for GRC. Discussion will focus on:

y Strategic and tactical decisions and alignment required for leading-class SAP solutions for GRC implementations and initiatives

y Change management tactics and tips to close the gap between diverse business units post-rollout to maximize ROI on GRC technologies

y How to use strategic enablers and tools successfully during and after a GRC technology implementation

Panel discussion

Developing a ”best-in-class” SAP governance, risk, and compliance business case and Implementation roadmapModerator: Holly Marrs, Protiviti; Panelists: Garry De Los Angeles, Juniper Networks; Benjamin Wienand, McKesson; and Joshua Lowy, Smith & WessonAttend this discussion to hear approaches to plan and develop a successful short- and long-term roadmap and to learn how your company can improve and drive value from SAP GRC Solutions. Key panel discussions points will include:

y Identifying high value GRC function-ality based on the GRC maturity state

y Recommendations to define short- and long-term roadmap for managing compliance initia-tives starting with ”quick wins”

y Approaches to build a successful business case for implementing or expanding your SAP solutions footprint

y GRC project trends and what companies are planning

Actionable advice for calculating the ROI of your GRC project and sustaining your investmentSteven Oberhauser, KPMGThis session helps you answer the critical question: How will my SAP GRC implemen-tation translate into financial and business benefit? Explore a variety of case studies that illustrate the financial and operational benefit of SAP solutions for GRC, including:

y A detailed look at how to measure success using key performance indica-tors (KPIs) and benchmarks such as key drivers of compliance mandates

y How to utilize those benchmarks to establish the business value of your GRC initiative and assist you in planning your own projects better

y Critical advice to help you build your business case and GRC implementation budget

The SAP Harmony Project: The GRC Program at SAPMarie-Luise Wagener, SAP SE Attend this session to learn how SAP runs SAP solutions for GRC. During this session:

y Learn about the key compo-nents of SAP’s Governance, Risk, and Compliance strategy

y Hear about SAP’s project strategy and implementation

y Understand SAP’s own keys to success in driving a globally integrated GRC program

Case study

Driving transformation — Honda’s SAP journey toward global governance, risk, and compliance Brent Armstrong, Honda North AmericaDuring this session, learn how Honda embarked on a journey to transform its business operations through standardiza-tion of sales and manufacturing on a global scale and improving internal controls with the power of SAP. This case study will examine:

y How Honda is transforming risk and controls as part of a global SAP standardization program

y How Honda aligned risk and controls between its internal and external audit departments across multiple countries

y Key challenges faced and lessons learned as Honda moved onto a common gover-nance, risk, and compliance platform

y How Honda rationalized a risk and control framework for SOX and J-SOX compliance

Track 1 continued

Track 1 continued


Hands-on lab

An introduction to using key features in SAP Access Control 10.1Sarma Adithe and Peter Creal, SAP This hands-on session provides step-by-step instruction to fully utilize the new key features in SAP Access Control 10.1, including integra-tion with SAP Fiori. Attendees will:

y Walk through the key steps for running risk analysis in SAP Access Control

y Practice conducting a firefighting session and review a complete summary of the activities performed

y Step through methods for submit-ting and approving requests for user access in SAP Access Control

y Get a complete overview of available security and audit reports included with the SAP Access Control solution

Rethinking segregation of duties: Where is your business most exposed?Erin Hughes, SAPChanges in technology and/or the structure of an organization can quickly cause segre-gation of duties (SoD) policies to become obsolete and dated, yet many companies fail to periodically reassess them as identi-fying where poor segregation of duties exist continues to be challenging. During this session, gain:

y Practical advice for staying on top of your current policies and segre-gation of duties rule set

y A clear understanding of the cost and impact of access control violations

y Tips to govern access across your entire landscape and understand financial exposure due to SoD violations using SAP Access Control and SAP Access Violation Management by Greenlight

y Guidance on how to centralize monitoring, investigation tracking, and resolution of access violations

Hands-on lab

Part 1: A beginner’s guide to the post-installation configuration of SAP Access Control Kurt Hollis, David Jayne, and Narayanan Krishnamoorthy, Deloitte In this hands-on session, gain expert insight in setting up the GRC Access Control system to perform the first risk analysis, first emergency access, and first access request in a newly implemented version 10.1 system. In this session, an expert instructor guides you through key GRC configuration tasks. You will learn how to:

y Utilize valuable insight from the 10.1 technical overview and architecture

y Speed up the process of setting up your system while learning impor-tant configuration settings based on real customer project knowledge

y Set up the segregation of duties and critical action ruleset, and run your first risk analysis for a user and a role

y Build the end-to-end emergency access process, including setting up of firefighter approval workflow and review of logs

y Configure the first access request workflow using the Multi-stage, Multi-path (MSMP) framework

y Set up periodic synchroniza-tion jobs including expert tips on their frequency and their setup

Case study

How ConocoPhillips conducts user access reviews and monitors transaction usage in SAP GRC 10.0 Trevor Wyatt, ConocoPhillipsAttend this session and learn how ConocoPhillips set up and conducted periodic reviews with integrated transaction usage statistics. By attending, you will:

y Find out how the company integrated the access control suite, access request management, and business role management functionality in order for user access reviews to be fully operational in version 10.0

y Explore the reports that ConocoPhillips uses to track and evaluate transaction usage

y Walk through ConocoPhillips’s steps to review and remediate segregation of duties risks with its transaction usage

Access control, role design, and segregations of duties


Track 2

Track 1 continued


Hands-on lab

Part 2: An advanced guide to the post-installation configuration of SAP Access ControlKurt Hollis, Phillip Dunbar, and Narayanan Krishnamoorthy, Deloitte In this hands-on session, gain lessons and hands-on experience performing the more advanced configuration steps in a newly implemented SAP Access Control 10.1 system. An expert instructor guides you through complex processes and tasks, such as:

y Advanced set up of the GRC segre-gation of duties ruleset (SOD)

y Setting up segregation of duty reviews using the latest workflow functionality

y Configuring your system to automate periodic access reviews

y Advanced workflow set up in GRC including the use of Business Rules Framework (BRF+)

Tools and techniques proven to unify business role management across multiple systems in SAP Access Control 10.x James Roeske, Customer Advisory GroupThis session examines how to streamline role management across multiple systems with leading strategies and expert instruction to leverage business role management (BRM) in SAP Access Control 10.0 and 10.1. You will learn:

y How to build a business case for BRM in SAP Access Control

y What steps are required to imple-ment and configure BRM

y How to ensure role definitions, devel-opment, testing, and maintenance are consistent across the entire enterprise

y Practical advice to maintain and report on your roles in a more timely and organized manner

Case study

How eBay effectively utilizes SAP GRC 10.1 to automate and streamline its periodic user certification processSangram Dash, eBayFind out how eBay automates the periodic user access certification process by leveraging new enhancements to SAP Access Control. During this session:

y Step through the key stages of eBay’s latest SAP Access Control 10.1 user access review deployment

y Learn how eBay was able to restrict the review scope to a specific set of roles, making the review more manageable

y Listen in as eBay discusses the pros and cons of using role owners or managers as periodic access approvers

y Hear what critical success factors the company performed to ensure a successful, accurate, and complete review

Apply existing risk and compliance processes across both SAP and non-SAP systems with SAP Access Violation ManagementSusan Stapleton, Greenlight TechnologiesThis session will provide best practices for leveraging your SAP Access Control implementation to apply existing risk and compliance processes across both SAP and non-SAP systems. Through lecture and demo:

y See firsthand how to estab-lish a sustainable approach to enterprise-wide access control

y Learn how to enhance existing mitigating controls with automated monitoring of users who perform conflicting transactions

y Understand the financial exposure that segregation of duties risks have on the organization

y Find out how to detect, quantify, resolve, and prevent access risks that can negatively impact the bottom-line of your organization

Case study

How Tyson Foods remediated four million segregation of duties conflicts without changing its overall security designPatrick Snodgrass, Tyson FoodsHear how Tyson Foods assessed, managed, and mitigated four million segregation of duties (SoD) conflicts using SAP Access Control. During this session:

y Understand the background of Tyson Foods’s GRC initia-tives, including its recent upgrade project and the impact on SoD

y Evaluate Tyson Foods’s method-ology for monitoring and remediating its SoD conflicts

y Hear how Tyson Foods defined the scope of its remediation plan and understand the steps the company took to achieve its goal of remedi-ating most of its conflicts

y Walk through a best-practice approach that prevents common mistakes which can slow down your remediation efforts

Access governance for the enterprise: Integrating identity management with SAP Access ControlErin Hughes, SAPMany customers today are looking to combine processes for managing identities with application governance for their enter-prise applications and IT systems. Attend this session to:

y Receive practical guidance to properly integrate SAP Access Control and identity management solutions, helping to establish an integrated end-to-end process that automates permission assignments in IT systems

y Develop a deeper understanding of the SAP identity governance and administra-tion solution, including key integration scenarios and deployment options

y Find out how to employ identity analytics for analyzing roles, users, and activity data for purposes of perfor-mance, efficiency, risk, and compliance

y Learn about integration of HR cloud applications to on-premise provisioning

Track 2 continued


Track 1 continued


Track 2 continued

How to perform a system audit and technical review of SAP Access ControlKehinde Eseyin, Turnkey ConsultingA technical system review of SAP Access Control is usually performed both pre- and post-go-live, as well as on an ongoing basis to ensure continuous compliance. Attend this session to:

y Learn what steps are required to adopt a risk management approach that evaluates the threats, vulner-ability, and risk implications of a compromise of any kind to the imple-mented controls in your system

y Gain deeper insights into the pre-conditions which must be in place for a successful system review of SAP Access Control

y Walk through leading practices for the administration and management of batch jobs in SAP Access Control

y Examine what is needed for the ongoing maintenance of workflow and approval processes

Designing and building compliant roles within SAP GRC 10.x: How to take the first stepTroy Konis, Turnkey ConsultingIn this session, examine the key steps you’ll need to take to design and build compliant roles that work with the functionality of SAP GRC 10.0 (and beyond) and not against it. You will:

y Examine proven design approaches that leverage SAP’s governance, risk, and compliance solutions

y See firsthand what a good role design looks like in 2015 and what recent trends will impact design considerations

y Get practical advice to develop more scalable and sustainable designs that work hand-in-hand with your GRC investment

y Learn how to overcome common design pitfalls and gotchas that can result in sub-optimal integration into processes

Simplify and automate your review processes with user access and segregation of duties reviewsDylan Hack, DeloitteIn this session, learn how your organization can take full advantage of two underutilized features of SAP Access Control 10.1 including functionality for automated user access reviews (UAR) and automated segregation of duties (SoD) reviews. Participants will gain insight into:

y Leading practices for implementing both the UAR and SoD reviews

y How performance tuning and decisions about UAR and SoD review config-uration options can impact your organization’s adoption of the reviews and overall end user experience

y How to group and rollout the UAR and SoD reviews in staged phases, and how your organization can leverage multiple coordinators to manage review responses

Choosing the best method for emergency access management (EAM) in SAP Access Control 10.x Holly Marrs, ProtivitiWith the latest version of SAP Access Control, there are now two different options for setting up firefighter review processes in SAP Access Control 10.0/10.1: using either emergency access management (EAM) or workflow approval. This session will discuss:

y An outline of the key configura-tion elements for each option

y Pros and cons to utilizing log reviews in EAM versus workflow approvals

y The key Sarbanes-Oxley requirements for emergency access, including the new COSO 2013 guidance framework

y Options to incorporate SAP Process Control continuous control monitoring functionality to facili-tate the EAM review process

What can SAP Access Control do for me? An in-depth review of key functionality and practical use casesJames Roeske, Customer Advisory GroupAttendees of this session will gain detailed insight into both the technical aspect as well as realistic compliance scenarios within SAP Access Control. Walk through:

y A detailed explanation of what access risk analysis (ARA), emergency access management (EAM), access request management (ARM), and business role management (BRM) can do and what compliance requirements they address

y The little known pieces of function-ality that most customers overlook or may not have used yet, including password self-service and segre-gation of duties reviews

y A technical overview of what is involved in the configuration and implemen-tation of the different components of SAP Access Control functionality

A detailed guide to building and customizing workflows in SAP Access Control 10.x using both business rule framework+ (BRF+) and MSMP Ruth Johnson, Customer Advisory Group Walk through the latest features and capabili-ties of the new workflow engine in SAP Access Control and learn how to configure a frame-work for access requests. During this session, you will explore:

y The capabilities and flexibili-ties of the multi-stage, multi-path (MSMP) workflow, including rules, agents, paths, and variables

y Why SAP Access Control workflow components cannot be migrated but must be manually config-ured and how to do so

y Undocumented tips and tricks to incor-porate the business role framework+ (BRF+), initiator, and routing rules into your MSMP workflow implementation

Track 1 continued


Track 2 continued

Case study

Johnson & Johnson’s journey for improving its role design on a global level in SAP Access Control 5.3Alka Paradtel and Lynn Reed, Johnson & JohnsonHear the how and why behind Johnson & Johnson’s implementation of enterprise role management (ERM) functionality in SAP Access Control 5.3 across its large, decentral-ized, global landscape. Explore:

y The leading drivers behind Johnson & Johnson’s project, which included the company’s need for a sustain-able finance access management

y What initial elements need to be considered before implementing ERM, including those surrounding key role design, role ownership, and role governance processes

y The company’s method for identifying business risks and defining its global rule set as a foundational step to role design

y Lessons learned and watch-outs from the company’s approach for aligning the SAP global role design while also establishing governance around role change management

GRC customer networking roundtable

SAP Access ControlAre you currently working on or are in the planning stages and/or evaluation stages of an SAP Access Control project? Looking to meet with like-minded customers while at GRC 2015? Attend our 75-minute customer networking roundtable. There is no formal presentation; all that’s required is a willingness to come and exchange ideas, questions, and issues with fellow GRC attendees.

*Advanced sign-up at the session room will be required. Seats are limited.

Track 1 continued


Practical approaches for implementing and designing SAP HANA securitySachin Nayyar, SaviyntSAP HANA offers significant capabilities and benefits to its customers by being able to process a vast amount of data and provide more real-time insight to events instanta-neously. This kind of speed and insight also introduces new security challenges where sensitive information is enabled for access on the fly. Attend this session to:

y Learn key risks and what steps your organization can take during the imple-mentation to prevent breaches to its data

y Find out the implications imple-menting SAP HANA will have on your current security landscape

y Better understand the security architec-ture of SAP HANA including how the scenario for which you are using SAP HANA will impact the security approach

Five steps for building an effective SAP control optimization frameworkMichael Kosonog, Deloitte Walk through five required attributes to effectively track the SAP control optimiza-tion activities at your organization. Gather tips and tricks for applying the appropriate governance and organizational recommenda-tions within your current control environment to increase adoption and sustainability of optimization efforts. During this session, learn:

y How to align roles for internal audit, business owners, and controls resources for SAP controls optimization

y Various approaches to controls optimization, including top-down and bottom-up approaches

y What opportunities for technology enablement may exist in your organi-zation, including controls automation, controls testing, and how SAP GRC 10.1 can be used in these efforts

y Important considerations for global implementations and localiza-tion requirements during rollout

SAP security Part 1

A beginner’s guide to SAP Access Control and fundamental security concepts within SAP ECCRaymond Mastre, PwCThis session offers attendees with little or no previous knowledge of SAP ECC security the fundamentals for implementing a sound security architecture and design. During this session, you will:

y Get a detailed overview of each module within SAP Access Control, as well as a live demo that highlights the key areas that are important from an audit and compliance perspective

y Examine core security concepts within SAP such as roles, profiles, autho-rizations, fields, and values

y Understand the key differences and drivers between a task-based and job-based security methodology and tips for choosing the right method for your organization

Take home a list of standard delivered SAP tables and ways to incorporate them into your security approach.

SAP security Part 2

Advanced concepts for SAP Access Control and SAP ECC security and designMatt Bennett, PwCLooking for more advanced tips to enhance your SAP Access Control implementation? In this session, learn some of the more advanced security concepts, settings, and options in SAP Access Control and get detailed advice to:

y Use the BRF+ rule engine to customize processes, such as complex role approvals in SAP Access Control

y Adjust and modify the user interface of SAP Access Control more efficiently

y Set up and utilize business roles and link those roles to multiple systems without the need to go through a transport process

y Configure user access reviews to validate user assignments on a periodic basis

Take home a list of standard delivered SAP tables and a list of security objects to secure the user interface.

Transform your SAP organization and deliver business value through IDM-GRC integration and role redesign initiativesPeter Hobson, PwCThis session provides insight into how to transform your global SAP security operations through the implementation of common tools. Gain an understanding of how the implementation of common, global SAP roles, processes, and automated provisioning tools can be used to transform operations and deliver value to business, compliance, and IT stakeholders. Learn how to:

y Design a single set of SAP security roles to manage multiple business units, locations, and SAP systems

y Deploy an integrated identity access management solution — SAP Access Control 10.x (IDM-GRC) — to standardize and automate the SAP access request, approval, and provisioning processes

y Overcome cultural and language barriers to implement commons tools and processes and drive organizational transformation through initiatives tradi-tionally considered to be “IT only”

System security, IT governance, and control

optimization


Track 3

Track 1 continued


Track 3 continued

Get out the rubber ducky: Keeping SAP security clean with SAP Process ControlZachary Leahan, PwCSo you finally cleaned up your SAP roles and authorizations: now how do you keep your environment in line with your GRC and security design policy? Attendees of this session will understand how to leverage the automated monitoring capabilities of SAP Process Control to actively monitor key SAP security and GRC metrics. Find out:

y How to set up your data sources and the business rules for actively monitoring security in your SAP environment

y How to build analytics that kick off a remediation workflow to truly leverage the capabilities of SAP Process Control

y How to create an automated control, which includes defining the data source, applying the logic, and assigning issue owners

Take home example business rules and BRF+ code.

Case study

Leading lessons from Pfizer: How to successfully maintain security processes in a mature GRC landscapePatricia Rothenbacher, PfizerLearn how Pfizer, a multinational pharma-ceutical corporation that has been running SAP GRC for 10+ years, is able to successfully maintain its security and control environment. During this session:

y Hear firsthand how Pfizer created a global business governance structure to create business ownership for its security controls within multiple functional area

y Find out how Pfizer ensures users are mitigated for segregation of duties (SODs) before access is provisioned

y See firsthand how the company simplified the process for creating roles in a shared environment for 20,000+ users across the globe

y Walk through a provisioning strategy that includes business user access, GMP (Good Manufacturing Practice) access, temporary access, and critical access

Case study

How IHS approached the design, execution, and validation of its master data using the master data upload generator (MDUG) toolDiane Davis, IHSThis session will address important lessons learned from IHS’s multiple GRC solution deployments, including its recent SAP Access Control and SAP Process Control 10.1 upgrade projects. During this session, learn:

y How IHS structured its master data and organization hierarchy

y Key considerations the company had to account for when designing master data elements

y How the company success-fully utilized the master data upload generator (MDUG) tool

y Recommendations for timing and sequencing the loading and valida-tion of data at the various stages of the GRC implementation and upgrade

y What dependencies exist between GRC master data and continuous control monitoring (CCM) in SAP Process Control

Case study

How Honeywell standardized and streamlined the global management of risks and controls using SAP Process Control and SAP Risk ManagementPablo Hernandez, HoneywellStep through Honeywell’s journey to creating one consolidated view of its risks and controls using SAP Risk Management in conjunction with SAP Process Control. During this session:

y Understand the key challenges the company faced when trying to manage its risks and controls on a global scale

y Learn why Honeywell chose SAP GRC solutions to address these challenges in an effort to provide users with “one view of risk”

y Step through the company’s integrated project plan which was a critical component of its successful implementation of both tools

y Listen in as the key configuration and critical issues that were faced during the implementation are revealed and how the company was able to deter-mine acceptable workarounds

Deciphering security in SAP Process Control 10.1 and SAP Risk Management 10.1 Alpesh Parmar, ultimumITSecurity practices in SAP Process Control and SAP Risk Management differ from those in other GRC products as well as those in SAP ERP. This session will explore:

y The different pre-delivered roles and second level authorizations that exist in SAP Process Control and SAP Risk Management

y How to customize these roles and how doing so can either help or derail an SAP Process Control and/or SAP Risk Management implementation

y Dos and don’ts for designing, custom-izing, and building your SAP Process Control and SAP Risk Management roles

Auditing the security of an SAP HANA implementationMariano Nunez, OnapsisDo you know whether your SAP HANA imple-mentation is secure? Join us to understand the most common security threats affecting SAP HANA implementations, including live demonstrations of potential attacks on insecure platforms. By attending this session, you will:

y Learn how to perform security audits and vulnerability assessments of SAP HANA environments, identifying critical security gaps and remediation information

y Walk through an SAP HANA security audit cheat sheet which details several controls on how to ensure your platform is running securely and compliant

y Gain a clear understanding of the poten-tial business impact of a security breach on an insecure SAP HANA system

Take home a list with the top 10 security controls necessary to monitor whether an SAP HANA platform is deployed securely.


Track 1 continued


Track 3 continued

Actionable advice for kicking off a security role redesign projectMatt Villier, PwCSecurity roles are rarely the first priority during an SAP implementation. This session will discuss how to approach a security role redesign project from beginning to end. For each phase of the project, learn how to:

y Estimate the level of effort based on user base and the scope of trans-action codes in your design

y Understand the types of roles and responsibilities, and the time commitments needed

y Identify key tasks and decision points, evaluating pros and cons to the available options while avoiding common challenges

y Leverage tools such as SAP Access Control to simplify your scope of transactions and accurately assign new roles to users

Case study

Redesigning security at Stanley Black & Decker: How to create a more centralized and automated security processRebecca Hodge, Stanley Black & DeckerGet a picture of how Stanley Black & Decker conducted a global redesign of security from the ground up, resulting from manual security processes, ineffective role design, and incon-sistent security policies. Hear firsthand how the company:

y Revamped its customized segrega-tion of duties rule set in SAP Access Control so that it better aligned to business risks and overall risk tolerance

y Instituted a new global security gover-nance model for all SAP environments

y Replaced existing SAP roles with new task-based global roles free of SOD conflicts

y Created a new access control architec-ture which included upgrading from SAP Access Control 5.3 to version 10.0 and creating a three-tiered landscape

y Automated manual user provisioning processes using SAP Access Control 10.1

Track 1 continued


Best practices for continuous control monitoring in SAP Process ControlJan Gardiner, SAPMany companies are not sure how to get started with continuous control monitoring. Many even implement a monitoring product without first defining what they want to accomplish and exploring the best way to go about it. Attend this session to:

y Explore project approaches and techniques for getting the most value from continuous control monitoring and automated testing using SAP Process Control

y Leverage innovations with SAP HANA to continuously monitor big data

y Understand how recent enhancements simplify the rule building process

Taking the next step with your GRC roadmap and strategy: How to leverage SAP Process Control to extend your SAP Access Control investment Marie-Luise Wagener, SAP SE If your organization has implemented or is adopting SAP Access Control, attend this session to learn what’s next when tasked with the responsibility of streamlining and better managing your GRC initiatives. Come away from this session with a clear understanding of:

y Requirements and capabilities of the latest versions of SAP Process Control, including its architecture, framework, and key integration points with SAP Access Control

y Use cases that explore options for extending the capabilities of your GRC environment by integrating the functions and processes of SAP Access Control and SAP Process Control

y How to leverage SAP Process Control to automate monitoring of general computer controls

Getting the most from your SAP Process Control investment: Tips from recent implementation projectsJan Gardiner, SAPThis session sheds light on new features avail-able in SAP Process Control 10.1 and provides examples of how other customers have lever-aged them to maximize ROI. This session, designed for those with some familiarity with SAP Process Control, explores:

y Implementation and usage tips gathered from SAP Process Control customers

y How you can benefit from the newest features in SAP Process Control 10.1

y Best practice suggestions from SAP consultants and solution managers

Panel discussion

Customers share their successes and lessons learned from SAP Process Control projectsModerator: Jérôme Pugnet, SAP Panelists: Adam Lagacy, Caterpillar, Pablo Hernandez, Honeywell, Diane Davis, IHS, and Kathleen Deane, ChevronParticipate in this candid, moderated discus-sion with SAP customers who will share detailed insight, best practices, and lessons learned from their experiences so far with SAP Process Control and SAP Risk Management. Hear firsthand from these leading organiza-tions: :

y How they add business value by successfully managing their risks and risk responses

y Methods to measure the success of GRC efforts and to trouble-shoot implementation challenges

y What has and has not worked for other companies during pre-project business case development, project realization, and go-live phases

Hands-on lab

A practical guide to using key features in SAP Process Control 10.1Jan Gardiner and Joao Paulo Fortes, SAPThis hands-on session guides you through an introduction to key processes you’ll need to know to get the most of your SAP Process Control system. By attending, learn:

y How to leverage the standard deliv-ered reports in SAP Process Control to identify control exceptions

y How to properly make changes to controls master data

y The most effective methods for performing self-assessments and raising control issues

y How to leverage entry pages in SAP Process Control, a new feature with version 10.1

Unlocking the power of SAP solutions for GRC to simplify risk and compliance managementJérôme Pugnet, SAPThis session examines the range of capabili-ties and automation available in SAP solutions for GRC to monitor your business on multiple levels: risk, compliance, fraud, audit, and business process performance. Attend and discover ways to maximize the value of these features, including how to:

y Automate and standardize processes and controls

y Manage holistic views of risk and compli-ance exposures to improve assurance

y Generate dynamic and real-time risk and control intelligence and reporting

y Analyze risk indicators and manage exception-based decision making

y

y

y

y Case study

Process control, control automation, and

continuous control monitoring


Track 4

Track 1 continued


Track 4 continued

Case study

How The Hershey Company leverages SAP Process Control 10.1 for continuous monitoring and control self-assessmentsJonathan Laubenstine and Jeff Szmerda, The Hershey CompanyLike many organizations today, The Hershey Company faces an increasingly complex marketplace and continuously-changing risk landscape. This session discusses how The Hershey Company is meeting these challenges through the use of SAP Process Control 10.1 for continuous monitoring and self-assessments. You will learn:

y How to build a business case for imple-menting SAP Process Control and the factors that drove The Hershey Compa-ny’s decision to roll out continuous monitoring and control self-assess-ments functionality within the tool

y Key steps to building a continuous monitoring roadmap and how to identify which controls to implement

y How process control surveys are used to perform control self-assessments within The Hershey Company’s operations as well as with key third-party business partners

y Pitfalls to avoid and lessons learned throughout the SAP Process Control 10.1 implementation

Design strategies for building organizational and process hierarchies in SAP Process Control 10.xBill Smith, DeloitteThis session will explore various strategies for designing organizational and process hierarchies in SAP Process Control 10.X. By attending, you will get practical advice to:

y Effectively assess your organization’s regulatory reporting requirements, including how to determine whether or not your organization’s current structure will meet future regulatory and reporting

y Evaluate the various scenarios and options for building your organization hierarchy

y Build your organizational and process hierarchies using the appro-priate implementation techniques

y Design and develop custom fields within SAP Process Control master data hierarchies

Tips for developing an effective automation strategy Natalie Reuss, EYHaving a clear strategy to implement automa-tion at your organization is a key component of success. Attend this session for tons of practical tips and guidance to roll out a control automation strategy within your own organization. You will:

y Get valuable tips to help define your automation strategy and outline project goals

y Learn how a phased approach can help maximize the capabil-ities of your environment

y See firsthand via a live demonstration the types of automation rules which can be utilized in SAP Process Control

y Learn what continuous control monitoring techniques are most utilized in both SAP Process Control and other tools within the GRC suite

y Hear how other customers have success-fully deployed an automation strategy

Leveraging SAP Process Control to support the multiple compliance frameworksThomas Jeschke, EYLearn how to maximize the return of your GRC technology investment by leveraging SAP Process Control for multiple compliance regulations, not just Sarbanes-Oxley. During this session, you will:

y Gain a functional understanding on how SAP can support the manage-ment of compliance frameworks from an end-to-end perspective

y Receive instructions for assigning organi-zations, processes, and controls to multiple regulations to avoid data redundancies

y Learn how to be more efficient by sharing control test results with multiple regulations

y Learn key considerations and limita-tions when setting up multiple compliance frameworks

Take home a document that will support your business case to get more out of your SAP Process Control investment.

Hands-on lab

How to perform the configuration, set up, and use of SAP Process ControlKurt Hollis, Jessica Scott, and Rohit Kumar, Deloitte In this hands-on session, gain practical instruction to perform implementation steps of SAP GRC 10.1 with a specific focus on SAP Process Control. An expert instructor guides you through key processes and tasks, such as:

y An introduction to SAP Process Control configuration and technical architecture

y Assessment techniques within GRC

y Master data best practices including setting up and configuring the organization structures, processes, sub processes, and controls

y Key configurations within SAP Process Control

y How to enable real-time automated monitoring within your SAP GRC solutions


SAP Process ControlAre you currently working on or are in the planning and/or evaluation stages of an SAP Process Control project? Looking to meet with like-minded customers SAP Process Control customers at GRC 2015? Attend our 75-minute customer networking round-table covering the topic of SAP Process Control. There is no formal presentation; all that’s required is a willingness to come and exchange ideas, questions, and issues with fellow GRC attendees who are currently or will soon be embarking on an SAP Process Control project.


Track 1 continued


An up-to-date guide to reporting and analytics options for SAP solutions for GRCSwetta Singh, SAPExamine the many reporting options avail-able to view and analyze the information you manage, monitor, and record with the latest release of SAP solutions for GRC. During this session, you will:

y Learn how to integrate the reporting capabilities of SAP solutions for GRC (version 10.1) with SAP Business Warehouse (SAP BW) and SAP BusinessObjects business intelligence (BI) solutions

y Examine what options exist to customize reports for mobile devices using SAP solutions for GRC with SAP BusinessObjects Mobile 4.0

y Walk through a demonstration of analytical scenarios showing data integration and aggregation, data quality checks, and both tactical reports and management-level analytics

Tips for interpreting access reports: How to create a clean, sustainable security environmentJonathan Pasquale, KPMGAfter the installation and configuration of a rule set in the access risk analysis (ARA) functionality of SAP Access Control, clients are often unsure of the next steps and how to interpret all that data. By attending, you will:

y Gather tips for reading and interpreting reports and understanding what they say about your current security design

y Better understand what your reports indicate about your users and how security access should then be mapped to those users

y Learn how to embark on the task of cleaning up the segregation of duties violations that ARA is now uncovering

How to facilitate value-adding analytics and reports from SAP GRC solutionsSimon Persin, Turnkey ConsultingIn this session, the fundamentals of how SAP GRC 10.1 stores information within the system’s databases across SAP Access Control, SAP Process Control, and SAP Risk Manage-ment will be examined. By attending, you will:

y Gain a clear grasp of how data is used within the standard reporting capabil-ities and how it can be configured to support customer requirements

y Review the available data struc-tures in SAP’s GRC solutions

y Walk through important consid-erations that users of GRC analytic solutions should be aware of

y Understand key GRC reporting require-ments and how they can be met with current functionality in SAP GRC 10.1

Creating custom reports in GRC: Is it really necessary and where do I start?John Livingood, ProtivitiGRC solutions come with a vast array of standard, out-of-the-box reports, however, depending on how the master data is setup and the level of detail needed, customization may be required to better manage risks or satisfy compliance requirements. This session will provide step-by-step guidance to:

y Take full advantage of the standard reporting capabili-ties that come with SAP GRC

y Determine when standard reports will not be sufficient and how customizations can be added to meet organizational needs

y Build custom reports that assist with SAP security remediation, redesign efforts, and more

y Maximize reporting capabilities with key critical design and configuration consid-erations such as naming conventions and setting up your GRC master data

A detailed guide to setting up the new reporting and analytic view in SAP GRC 10.1 Rupesh Tyagi, CognizantGain an understanding of the capabilities, requirements, and setup of the new reporting and analytic view (remediation view) in SAP GRC 10.1 for both SAP Access Control and SAP Process Control. By attending, you will:

y Get tips for setting up a consol-idated view of segregation of duties risks in your system

y Examine the prerequisite which needs to be activated in system to make the remediation view work correctly

y Learn how to configure your system so corrective actions can be triggered directly from your reports

y Get to know the common errors encountered during configu-ration of the remediation view and how to resolve them

Building, interpreting, and adding custom capabilities


Track 5

Track 1 continued


Track 5 continued

Designing a user-friendly, front-end web interface for your GRC reports to improve the user experienceKyle Kitsch, PwCAttend this session for an in-depth look at design and customization techniques for the GRC front-end web interface (SAP NetWeaver Business Client). You will learn how these techniques can be utilized to enhance the GRC user experience. This session will walk through:

y Steps for designing a user-friendly front-end web interface to allow for easy access and navigation by the end user community, from an everyday user to GRC administrators

y Tips and tricks that will allow your business to fully realize reporting capabilities and support processes through the GRC front-end web client

y Leading practices for setting up custom t-codes and queries within SAP to allow users to perform a number of functions, including access custom reporting

A detailed look at the new risk report application in SAP GRCJochen Thierer and Daniel Welzbacher, SAPSenior executives require a constant update on critical risks and an overview on the legal and regulatory compliance to ensure the success of their company. Attend this session to:

y Learn how the new SAP GRC Enter-prise Risk Report Fiori application aggregates data from multiple sources, including SAP Process Control and SAP Risk Management, to provide a holistic view of risk and compliance status

y Obtain information about new risks which may emerge, for example, through a shift in strategy, opera-tions, or competitive landscape

y Learn key considerations for imple-menting this application and how to ulitize it to better meet the GRC expec-tations of your executive team

Track 1 continued


SAP Access Control in the cloud: Implementation considerations, best practices, and lessons learnedChris Radkowski, SAPAttend this session to uncover the latest capabilities of SAP Access Control run in the cloud. During this session, examine:

y The available cloud deployment options for SAP Access Control

y How the new cloud-based capabili-ties of SAP Access Control can automate and accelerate your process for detecting, remediating, and preventing access risk and fraud violations

y Steps for building a secure and trusted cloud computing infra-structure for SAP Access Control

y Lessons learned from recent customer implementations of SAP Access Control in the cloud including key challenges and resolutions

y Practical advice for building a business case for SAP Access Control in the cloud with key use cases

A technical primer: Step-by-step guidelines for upgrading your GRC solutionsAnkur Baishya, SAP LabsAttend this unique session and get technical guidance from an expert on SAP solutions for GRC 10.1 implementations and upgrades. Examine how to:

y Prepare your system landscape and architecture for the upgrade

y Arm yourself with a detailed under-standing of the key success factors and best practices for an imple-mentation or upgrade

y Execute the upgrade with a proven step-by-step process for migrating from previous releases

y Customize the user inter-face and leverage other available standard SAP tools

y Overcome and avoid common poten-tial technical pitfalls by learning from successful customer approaches

Panel discussion

SAP Access Control customers share their implementation successes and lessons learnedModerator: Erin Hughes, SAPPanelists include: Tammy Holiness, AlagascoTodd Rhodes, The Andersons, Inc , and Erin Kucharczuk, Stanley Black and DeckerParticipate in this candid, moderated discus-sion with SAP customers who will share detailed insight, best practices, and lessons learned from their experiences with SAP Access Control. Find out how these leading organizations are working to:

y Automate the process of analyzing users and roles for segregation of duties (SoD) and critical access risks and moving to a preventa-tive rather than reactive approach

y Measure the success of GRC efforts and troubleshoot implementation challenges through the pre-project business case development, project realization, and go-live phases

y Reap the benefits of including SAP Access Control in their initial SAP ERP implementation to immedi-ately address security risk

Case study

How Bridgestone prepared and built a case for its SAP Access Control 10.1 upgrade projectTim Holleman, Bridgestone This session will provide attendees with examples of how Bridgestone planned a successful SAP Access Control 10.1 upgrade business case, including:

y How the company was able to identify and determine what functional improve-ments were required for its system

y Steps for establishing the timeline for the project so as not to conflict with any other critical ongoing tasks

y Bridgestone’s strategy for effec-tively developing its deployment plan by focusing on quick wins

y KPIs needed to be considered when planning the upgrade

Case study

Lessons from Honeywell’s use of SAP Access Control 10.1 as an enabler of its risk-based security methodologyTom LaBonte, HoneywellHear how Honeywell implemented and continues to use SAP Access Control 10.1, including Access Risk Analysis (ARA), access request management (ARM), and emergency access management (EAM). Explore how to:

y Globally deploy and maximize the poten-tial of ARM in SAP Access Control 10.1

y Configure your system to set up multiple alerts

y Manage financial segrega-tion of duties violations within a role-based authorization concept that is fully automated using ARM

y Create reports to assist with audit and compliance — specifi-cally, how to monitor what you did do versus what you could do


Implementations, upgrades, and migrations

Track 6


Track 1 continued


Track 6 continued

Auditing the security of an SAP HANA implementationMariano Nunez, OnapsisDo you know whether your SAP HANA imple-mentation is secure? Join us to understand the most common security threats affecting SAP HANA implementations, including live demonstrations of potential attacks on insecure platforms. By attending this session, you will:

y Learn how to perform security audits and vulnerability assessments of SAP HANA environments, identifying critical security gaps and remediation information

y Walk through an SAP HANA security audit cheat sheet which details several controls on how to ensure your platform is running securely and compliant

y Gain a clear understanding of the poten-tial business impact of a security breach on an insecure SAP HANA system

Take home a list with the top 10 security controls necessary to monitor whether an SAP HANA platform is deployed securely.


SAP Risk ManagementAre you currently working on or are in the planning and/or evaluation stages of an SAP Risk Management project? Looking to meet with like-minded customers while at GRC 2015? Attend our 75-minute customer networking roundtable. There is no formal presentation; all that’s required is a willingness to come and exchange ideas, questions, and issues with fellow GRC attendees.


SAP and Concur travel solutions: An overview Debbie Peake, SAP Labs This session provides an up-to-date overview of SAP travel solutions including the Concur offering. Attend this session and:

y See firsthand what the new SAP Travel Management with SAP Fiori UI looks like and learn how you can leverage it

y Understand the status of SAP Travel Management ERP, the SAP Cloud for Travel and Expense solution, and the strategy around these solutions

y Get an overview of the Concur products for business travel, including the expense solution, an online booking component

See a demo of the Concur Messaging Tool, a Travel/HR risk management tool.

Track 1 continued


Reduce auditing expenses and improve the efficiency of your GRC landscape using SAP Audit ManagementBruce McCuaig, SAPAttend this session and learn how SAP’s new audit management tool provides support for the end-to-end audit cycle. Get recommenda-tions and strategies to:

y Enable the assessments of risk for purposes of audit planning to ensure audits are aligned with business risks and objectives

y Successfully utilize business controls to plan and conduct audits

y Drive internal audits from risks identified by the business

y Streamline communication with executive management and the audit committee

Hands-on lab

How to speed up audit processing with SAP Audit ManagementJames Chiu, SAPThis hands-on session explores practical, step-by-step advice for managing resources, schedules, tasks, and remediation activities using SAP Audit Management. Participants will gain practical experience and proficiency that can be put to immediate use back at the office, including lessons to:

y Create, process, and manage audit plans

y Integrate auditing activities across multiple applications for different business requirements

y See firsthand what new enhance-ments are available for internal audit risk management as part of SAP GRC 10.1

How to detect and investigate fraud for improved financial processesTomás Kong, SAPWith the amount of data growing exponen-tially every day, this session will explore how SAP Fraud Management can help you keep up with changing behaviors and patterns in fraud and misuse of financial data and assets to ensure that your operations run efficiently. During this session, you will:

y Gain in-depth understanding of how to identify unknown fraud patterns that aren’t detected by current detection methods

y Understand the planning, scoping, and realization, as well as the integration aspects into the GRC solution portfolio — not only from an IT perspective, but also from a business perspective

y Learn firsthand from experts about the top technical tips and tricks and how to take your project and audit activi-ties to the next level, including how SAP InfiniteInsight for predictive analytics complements SAP Fraud Management

How to keep your SAP Process Control system compliant: Key things your auditor is looking forDon O’Hair, EYThis session will provide detail on how companies using SAP Process Control can leverage the functionality to further improve the efficiency and effectiveness of your next audit.

y Understand all the functionality avail-able in SAP Process Control that will help to speed up the time it takes for your external audit to be completed as well provide your auditors with visibility into the managements of SOX activities and results

y Get tips for developing a benchmarking strategy that will demonstrate not only what controls are being monitored but how you are monitoring them

y Learn what steps you can take to proac-tively address PCAOB comments BEFORE your auditors arrive leveraging SAP Process Control functionality


SAP Audit ManagementAre you currently working on or are in the planning stages and/or evaluation stages of an SAP Audit Management project? Looking to meet with like-minded customers while at GRC 2015? Attend our 75-minute customer networking roundtable. There is no formal presentation; all that’s required is a willingness to come and exchange ideas, questions, and issues with fellow attendees surrounding the topic of SAP Audit Management.


Strategies for a successful external audit alignment: From project inception through the post-go-live phase Shivraj Patil, EYFor most implementation and upgrade projects, managing compliance needs while balancing budget and operational constraints can be particularly challenging; this may be driven by one or many factors. This session will:

y Discuss key compliance challenges faced by organizations going through people, process, or technology changes

y Provide proven strategies to manage external audit alignment and expectations throughout the project lifecycle and beyond

y Examine key lessons learned during external audit alignment activities

y Divulge key benefits of optimally planning the audit alignment activity and impact on cost and sustainability

y Discuss exception scenarios and key audit management strategies

Fraud and audit management

Track 7


Track 1 continued


Track 7 continued

Tactics and procedures to successfully audit segregation of duties in SAP Vincent Calabrese, KPMGSegregation of duties (SoD) continues to be a challenge for companies faced with audit requirements and auditing segregation of duties for SAP can be quite complex and technical. This presentation will provide:

y Top procedures for auditing SoD, regardless of the tool you are using

y Leading practices for bringing together both the IT and Financial auditors through the SoD auditing process

y A key listing of the key documenta-tion requirements that are needed to support your SoD audit

y Tips for validating SoD rule set and minimizing false positives

Successfully integrate SAP Audit Management with the SAP GRC solution portfolio Shola Oguntunde, EYThis session offers expert tips to streamline internal audit engagements and help build a business case for investing in the new SAP Audit Management system. By attending, you will:

y Gain a solid understanding of the functionality within SAP Audit Management

y Get tips on leveraging the integra-tion between SAP Audit Management and SAP Fraud Management for data analytics and continuous transaction monitoring

y Learn how to leverage the integration between SAP Audit Management and SAP Risk Management specifically for risk assessment and planning activities

y Explore the integration capabilities that exist between SAP Audit Manage-ment and SAP Process Control

How to enhance your internal audit function with SAP Audit ManagementBruce McCuaig, SAPAttend this session and learn how to exploit the full capabilities SAP Audit Management to streamline the internal audit cycle and expand the capabilities of the internal audit function beyond the core traditional audits. During this session:

y Learn how to enable the internal audit cycle, from scoping to reporting, with SAP Audit Management

y Get real-world advice on how to set up an audit plan in SAP Audit Management

y Understand the key integration points between SAP Audit Manage-ment and SAP Process Control and the value derived from the integration

y Understand the reporting capabilities available in SAP Audit Management

How to perform a system audit and technical review of SAP Access ControlKehinde Eseyin, Turnkey ConsultingA technical system review of SAP Access Control is usually performed both pre- and post-go-live, as well as on an ongoing basis to ensure continuous compliance. Attend this session to:

y Learn what steps are required to adopt a risk management approach that evaluates the threats, vulner-ability, and risk implications of a compromise of any kind to the imple-mented controls in your system

y Gain deeper insights into the pre-conditions which must be in place for a successful system review of SAP Access Control

y Walk through leading practices for the administration and management of batch jobs in SAP Access Control

y Examine what is needed for the ongoing maintenance of workflow and approval processes


SAP Fraud ManagementAre you currently working on or are in the planning stages of an SAP Fraud Manage-ment project? Looking to meet with like-minded customers while at GRC 2015? Attend our 75-minute customer networking roundtable. There is no formal presentation; all that’s required is a willingness to come and exchange ideas, questions, and issues with fellow attendees surrounding the topic of SAP Fraud Management.


Track 1 continued


GRC for finance teams: How to identify and resolve key areas of risks within your financial processesStephanie Gruber, SAP AmericaFinance professionals continue to be under pressure to not only manage ever-changing regulatory requirements, but to do so with fewer and fewer resources. This session will illustrate:

y How SAP solutions for GRC can help you do more with less by monitoring end-to-end business processes and alerting you to high-risk areas and control excep-tions — as well as suspicious activity

y What steps you can take to trans-form your organization’s approach from manual and reactive to an automated and proactive approach

y How to gain timely insights into key areas of risks within financial processes and techniques for process improve-ment and corrective actions

Key processes, risks, and controls for financial control compliance in SAP Sandeep Malik, PwCGain an understanding as to why the monitoring of financial controls is critical to reduce financial risk and accuracy of financial statements and how failure to do so can derail the financial compliance effectiveness of an organization. As an attendee, you will:

y Get leading practices to effec-tively utilize SAP Process Control to attain better confidence around the health of financial statement

y Understand the full scope of an automated monitoring framework (AMF), including its limitations, pitfalls, and leading practices for managing

y Learn how enabler technologies like SAP HANA can assist in the manage-ment of financial data monitoring

Stop money from walking out the door: Tips for creating controls to monitor the purchasing and accounts payable processes Jamie Levitt, PwCInternal mistakes, fraud, and vendor inconsistencies can wreak havoc on your accounts payable and purchasing activi-ties. Understand how to implement both standard ERP and SAP GRC functionality to solve these common problems. Attend this session to:

y Learn the common business problems associated with the payables process

y Find out how to utilize configura-tions, continuous control analytics, and continuous transaction analytics to better control key processes, save costs, and avoid identified pitfalls

y Reduce the effort required for controls analytics and at the same time, achieve business process improve-ments and compliance objectives

y Identify ways to achieve ROI by utilizing existing technology investment in SAP or other GRC technologies

Mitigate risks and continuously monitor controls within the record-to-report process using SAP Process Control Brian Perotto, PwCUnderstanding your risks and appropriately designing configurable controls to mitigate these risks is instrumental to your financial statement reporting process. In this session, you will learn:

y The most common risks in the record-to-report process and SAP configurations to manage and mitigate these risk

y How SAP configurations can save the business time and money when leveraged in lieu of or in combi-nation with manual controls

y How companies that have implemented continuous controls monitoring (CCM) tools are able to streamline control and compli-ance activities for these key configurations

y How SAP Process Control provides an end-to-end, workflow-driven solution for issue identification and remediation

Leveraging analytics and data visualization techniques for performance and compliance analysis and auditingBrian Greenberg, KPMGOrganizations continue to do more with less. It is important to identify ways to continually improve audit coverage and effectiveness to protect your organizations — not only from a compliance perspective, but from a business performance perspective. This session will provide:

y Insights into the most current trends in data, analytics, technology, and continuous monitoring

y Expert techniques for incorporating data analytics and data visualiza-tion techniques in the audit process from planning and scoping to execution through reporting

y Critical advice for transforming analytical results into business insights utilizing analytics

GRC and regulatory updates for finance teams


Track 8

Track 1 continued


Track 8 continued

Cost-efficient options to address compliance in SAP ERP Financial projects: How to do more with lessMithilesh Kotwal, ProtivitiMany organizations are managing to tighten budgets and deadlines, and very often, compliance requirements are addressed toward the end of SAP projects or even after go-live. This presentation will include “how tos” and lessons learned surrounding the most critical SAP governance and compliance requirements that should be addressed in SAP projects, including:

y A full review of the most common compliance risks surrounding SAP projects

y How to build your own interim tools to ensure compliance requirements are still addressed until a more comprehensive tool like SAP GRC can be implemented

y Critical SAP security requirements and options to help minimize security remediation/redesign after go-live

y How to leverage standard SAP reports for compliance purposes

Doing business in Latin America: Managing the risk and cost of compliance Steve Sprague, Invoiceware InternationalElectronic invoicing and tax policies continue to change in Latin America. Both Brazil’s SEFAZ regulations (Nota fiscal) and Mexico’s SAT have launched legislation that includes changes to customer and supplier invoicing. During this session you will:

y Learn the latest mandates to help simplify your day-to-day manage-ment of Latin America e-invoicing

y Walk through the three primary classifi-cations of Brazil’s e-invoicing mandates including Nota Fiscal, Brazil Electronic Invoice for Services (NFE-s), and Brazil Transportation Document (CT-e)

y Learn how to avoid the risk of non-compliance, which places your organization at risk for customer collec-tion issues, delayed shipments, large fines, and criminal penalties as it is considered a form of tax evasion

Comply with FASB/IASB lease accounting standards utilizing SAP Real Estate Management Tom Anderson, SAPA challenging economic environment is forcing organizations to closely examine massive real estate-related expenditures incurred through the entire real estate lifecycle. This presentation will provide:

y An overview of how real estate lifecycle management simplifies the optimization of real estate assets

y What proposed FASB/IASB lease accounting standards will have a signif-icant impact on organizations balance sheet and income statements, bringing real estate leasing under intense scrutiny by the organization’s CFO

y Guidance for managing both the finan-cial and non-financial aspects of lease administration, including postings, rent escalations, critical date monitoring, and financial analysis required by new lease accounting regulations

Managing tax through an SAP transformation projectAndrew O’Brien, KPMGAttend this session and get leading advice to help your tax function thrive and not just survive an SAP implementation. The presenta-tion will include:

y Key tax concepts that are critical to the project success of an SAP implementation, including how to correctly define "tax", connect tax to the enterprise processes, and integrate tax across work streams

y Lessons on how incorporating a tax business case can achieve tax improve-ments within the SAP project and contribute to the overall SAP project ROI

y Effective strategies and alterna-tives for managing constrained and geographically disbursed tax resources during an SAP implementation

y Tax change management considerations

Panel discussion

How to prepare for the deployment of SAP functionality for revenue recognition Moderator: Pete Graham, SAPPanelists: Julie R. Zielke, EY; Arnold Nel, PwC; David Furgason, Deloitte Consulting; Ken Gabriel, KPMG; and Mike Szabo, SAPAttendees of this session panel discussion will learn how to effectively evaluate SAP’s newly released revenue recognition solution for strategic fit within their organization, including key revenue and process transition impacts, configuration and data migration/transformation impacts, system integra-tion requirements, comprehensive testing, resource planning, and deployment issues that will need to be addressed. You will:

y Walk through key evaluation criteria to better understand the benefits, risks, and impacts of SAP’s newly released revenue recognition solution

y See firsthand the framework that is needed to complete a solution fit and gap analysis of SAP’s revenue recogni-tion to your industry and organization

y Find out from a resource and effort planning perspective how long it will take to ensure a successful project

Demystifying the puzzle: SAP tax configuration tips and tricksTracy Davis, KPMGWhen rolling out SAP, it’s imperative that companies integrate tax into the entire lifecycle to maximize the efficiency of downstream tax processes. Virtually every business transaction has tax implications, so it is very important that dedicated tax resources be assigned to the implementation team to proactively integrate these tax data require-ments into the design of SAP. By attending, you learn:

y How the pieces of the “tax puzzle” fit together in SAP — including master data, configuration, common RICEFs and more

y When and how to best involve the tax department in an imple-mentation project

y Key tax considerations, potential tax value drivers, and an outline of a typical tax implementation approach

Take home leading practices and a sample process for accumulating tax requirements and translating those into SAP solutions.


Track 1 continued


Track 8 continued

How to improve efficiency for direct tax using SAP HANAPrabhukumar Chinnakonda, KPMGLearn how to successfully achieve “real-time” efficiency for direct tax computational (provi-sion, compliance) needs, leveraging financial data from SAP ERP and SAP Business Planning and Consolidation. You will:

y Learn the various SAP HANA technology components for direct tax automa-tion (provision, compliance) and how to use them as an effective tool for obtaining timely information at book-close and year-end tax filings

y Walk through practical advice on how to set up complex direct tax computa-tional scenarios using Excel 2013 and the SAP HANA “decision table” with minimal dependency on corporate IT groups

y Get tips on ways to improve corporate tax (Federal, State, Foreign) provision and compliance scenarios with real-time financial (consolidated and unconsoli-dated) data and analyze in real time

New revenue recognition standard is released! How to prepare your organization and supporting systems Ravi Krovidi, PwCWith the release of the new revenue recog-nition standard by IASB/FASB, the risk of revenue compliance will be higher unless companies take a comprehensive approach to adoption. This session will answer the four key questions that finance and IT stakeholders are faced with, including:

y What does the proposed revenue recog-nition standard mean to my company?

y What can we do to adopt the new standard?

y Is there a framework or tool to under-stand what we need to do from a process, system, and data perspective?

y How can I leverage my current invest-ment in SAP to address the future revenue recognition needs?

Is your organization ready to meet the proposed leasing regulatory standards? Pete Graham, SAPJoin this session to learn about the steps required to prepare for the upcoming regula-tory changes and the time/cost benefits that can be gained by preparing now. During this session:

y Learn how the SAP Lease Administra-tion application by Nakisa is specifically designed to provide visibility into your lease contract exposure, enabling you to optimize asset portfolio manage-ment and support accounting processes for more efficient cost control-ling and regulatory compliance

y Understand the benefits of optimizing not only your leasing accounting processes, but also transactional processes, including equipment and real estate management, supplier manage-ment, business planning, and more

Best practices for customer adoption of the new revenue recognition standard using SAP solutions and servicesPete Graham, SAPOn May 28, 2014, the IASB and the FASB published a new accounting standard for revenue recognition. Every publicly traded company worldwide will be forced to adopt these changes by January 1, 2017. Please join us in this session to learn:

y What’s included in the new revenue recognition standard and the tools and services that SAP has developed to ensure best practices for customers in adopting the new standards

y How to utilize the SAP solution to automate the revenue recognition and accounting process and to simplify the tasks of revenue accountants in following the new accounting guidelines

y Best practices in handling performance obligations, stand-alone selling prices, contract combinations, multiple-element arrangements, and migration strate-gies for adopting the new standard, including fulfillment of the necessary opening balance sheet requirements

Send your team! Bring your team and you can divide and conquer all of your learning objectives. Call Rodrigo Scaldaferri at +1-781-751-8857 to learn how your organization can take advantage of exclusive group rates.

LAS VEGAS March 17-20, 2015

Wynn Las Vegas

3131 Las Vegas Blvd. SouthLas Vegas, NV 89109

702-770-7000

www.GRC2015.comProduced by Wellesley Information Services, LLC, publisher of SAPinsider. ©2015 Wellesley Information Services. All rights reserved. WIS information products include SAPinsider and insiderPROFILES magazines, SAP Experts online libraries and anthologies, SAP Professional Journal, and SAPinsider

Seminars OnDemand. SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product and service names mentioned are the trademarks of their respective

companies. WIS is not affiliated with SAP SE or any of the SAP SE group of companies. GRC 2015 is conducted independently by WIS, publisher of SAPinsider, with permission from SAP SE.

Conference ratesConference

+ Pre-Conference WorkshopsMarch 16-20

Conference OnlyMarch 17-20

Pre-Conference Workshops Only

March 16

Early Bird DiscountPay by January 9 and

SAVE $200$2,499 $2,099 $899

Pay by February 13 and

SAVE $100 $2,599 $2,199 $899

Full price $2,699 $2,299 $899

SAPinsider Events @InsiderGRC | #GRC2015

March 17-20 • Las Vegas

march 17-20 • las vegaswpc.0b0c.edgecastcdn.net/000b0c/ems_rep/downloads/... · march 17-20 •...

Documents