wise men- sap grc webinar deck- march 2015

SAP Solutions for Governance, Risk and Compliance

Wise Men Confidential

www.wisemen.com | [email protected] | +1 281-953-4500

Rajendra Ponangi (Raj) SAP BASIS & GRC PRACTICE HEAD

March 12, 2015

Kevin McCollom Global Vice President & General ManagerSAP Governance, Risk & ComplianceSAP Labs

mailto:[email protected]


Agenda

Introduction- Speakers

SAP GRC Overview

Company Background

Wise Men SAP GRC Capabilities

SAP GRC Implementation / Upgrade & Support Services.

Customer Case Studies

GRC Migration Process Flow

Q & A

2


Speaker’s Bio

3

Kevin McCollomGlobal Vice President & General ManagerSAP Governance, Risk & ComplianceSAP Labs

Kevin McCollom is Global Solution Owner for SAP GRC. He and his team are responsible for market requirements roll-in and solution go-to-market. In close collaboration with SAP GRC Product Development, he and his team are also globally responsible for general management of all SAP GRC solution aspects including solution strategy and roadmap. Kevin has held this role since 2011 and has been part of the SAP GRC management team since 2008.

Rajendra Ponangi is an industry leader with over 10 years of experience in SAP BASIS & GRC Support, Implementations, Upgrades. He currently heads the SAP BASIS & GRC Practice. He has the best of vertical knowledge in Manufacturing, Energy & Utilities, Pharma, FMCG, and Automotive sectors.

Rajendra Ponangi (Raj) Head SAP BASIS & GRC PracticeWise Men

Wise Men Confidential 4

Brakes

Seatbelts

Car seats

Airbags

License plate and annual registration

Maintenance records

Temperature gauge

Fuel gauge

Crash avoidance

What is GRC?

http://go.sap.com/assetdetail/2014/02/9cfb09b1-087c-0010-b35a-e9db8ae710fc.html

http://go.sap.com/assetdetail/2014/02/9cfb09b1-087c-0010-b35a-e9db8ae710fc.html


Multilateral

Instrument

52-111

Toxic Substances

Management

(ITAR) International

Traffic in Arms

Regulations

22 CFR 120-130

FCPA (Foreign

Corruption Practices

Act)

FDA compliance

GxP

21 CFR

International

Emergency

Economic Powers

Act (S. 1612)

Sarbanes-Oxley

Data Privacy Laws

CA-SB 1386, HIPAA

Gramm-Leach-Bliley

Act, COPPA

Switzerland:- Corp. Governance SWX

- Code of Obligations

EU: Foreign Trade

Administration Act

EU Company Law

Directives 4, 7, and 8

EU: REACHRegistration, Evaluation,

and Authorization of

Chemicals

UK Anti-Bribery Act

European Data

Protection Directive

Foreign Exchange

Order

JSOX

Hong Kong:

Code on Corporate

Governance Practices

PNEMEN

National Policy of

Exports of Military

Goods

King II Report

Clause 49

of the Listing

Agreement

Regulation 13E of the

Customs (Prohibited

Exports) Regulations

Corporate Law

Economic Reform

Program (CLERP) 9

Hazardous Waste Act

Air Toxics NEPM

EU Company Law

Directives 4, 7, and 8

What our customers and the marketplace are saying

Increasing regulations and risks challenge growth


Bribery and corruption,

spills, explosions

Trading conflicts, currency

manipulation, laundering,

restricted trading parties

Off-label marketing,

product recalls, price

fixing

Conduct, transmission,

ownership, manipulation, disruptions

The cost is real

Lack of control and poorly managed risk events are costly


Costs resulting from non-compliance can’t be ignored

$3.5 Million

$9.4 Million

Source: Ponemon Institute LLC

The True Cost of Compliance 2011

Enforcement is 2.7 times higher than investing in compliant processes


But what’s the real cost?

Control failures / Risk

event

Lowers customer

satisfaction

Reduces investor confidence

Raises business costs

Increases scrutiny

Performance Impact

Unachieved objectives

Disrupts operations


Conversely, there is potential for a positive impact

Brand enhanced

Controls enhance

performance

Opportunities

identified

Risks anticipated and

managed

Customer demands

met

Major disruptions

avoided

Shareholder value attained

OptimizedPerformance


SAP solutions for Governance, Risk, and Compliance

SIMPLIFY GAININSIGHT STRENGTHEN

Automation

Integration

SAP

Monitor

Visualize

Predict

Anticipate

Prepare

Respond

Simplify governance, risk and compliance by integrating GRC activities into your underlying business processes

Gain insight to help make better decisions visualizing and predicting how risk may impact performance

Strengthen the business by employing the right combination of GRC solutions

Proactively balance risk and opportunity


SAP Solutions for Governance, Risk, and Compliance

11

And endorsed partner solutions...

Optimize global trade and screen restricted parties

Manage access risk and prevent fraud

SAP AccessControl

SAP ProcessControl

SAP RiskManagement

SAP Global Trade Services

Preserve and grow value

Ensure effective controls and ongoing compliance

SAP Nota FiscalEletrónica

Meet electronic invoicing

requirements for Brazil

SAP AuditManagement

Drive increased audit efficiency and effectiveness

SAP FraudManagement

Better detect and prevent fraud

SAP Identity Analytics

Gain insights into user roles

and optimize decision making

SAP Security Suite

Enhance security and simplify user

experience

SAP Access Violation Management by Greenlight

Technologies

SAP Regulation Management by

Greenlight Technologies

Identify and quantify the impact

of actual access risk violations

Manage regulatory

requirements and align with

internal control activities

Simplify, Gain Insight, Strengthen


Simplifying SOD Management with SAP® Access Control

and SAP Access Violation Management

CompanySharp Electronics Corporation

United States HeadquartersMahwah, New Jersey

IndustryHigh tech

Products and ServicesHome electronics, appliances, mobile devices, and business solutions

Web Sitewww.sharpUSA.com

Top objectives Leverage technology to streamline access governance processes

across enterprise applications Contextualize the segregation of duty (SOD) risk in terms of

financial exposure to the business

Resolution Deployed the SAP® Access Control application as the company’s

centralized access governance solution Deployed the SAP Access Violation Management application by

Greenlight to automate SOD controls and to provide insight into financial exposure due to SOD violations

Established this centralized solution as the basis for security as a shared service and as a platform for further expansion

Key benefits Automation that reduced manual efforts for managing access

governance and SOD procedures across the enterprise Reduction in external audit costs Reduction in the IT security team – from five employees to one

“The synergy between system solutions and procedure and technology and humanity empowers and frees companies to focus on core

business functions. Leveraging innovative solutions like SAP Access Control and SAP Access Violation Management allows Sharp to do

more and maximize resources.”

Wyatt MacManus, Associate Director, Information Security, Sharp Electronics Corporation

80%Reduction in IT personnel time required to manage access governance and SOD controls

300 hoursReduction in time spent per month on SOD control monitoring

33%Increase in the number of systems managed by SAP Access Control

Case Study

http://www.sharpusa.com/


Consolidating a Governance Model to Lower Information Security Risk with

SAP® Access Control

CompanyNatura

HeadquartersSao Paulo, Brazil

IndustryConsumer Products

Products and ServicesCosmetics, Fragrances and Products for personal care

Employees7000 with 1.4 million Sales Consultants

RevenueUS $2.7 Billion

Web Sitewww.natura.net

Top objectives Strengthen Natura’s governance model for data and access control Optimize strategies for managing access and segregation of duties Reduce level of risk Strengthen awareness process for security risk management

The Resolution Upgrade to latest version of the SAP® Access Control application Create a leaner risk matrix Involve all business areas Train 400 key users

Key benefits Lower security risk to the business Employee awareness created via dissemination of the risk control

culture Greater alignment between the management of information

security and all business area Reduced maintenance cost due to reduction in volume of support

calls made to customer service Faster preparation of audit reports

“Natura established a solid strategy for managing access, with strong employee involvement, and thus significantly reduced the company’s security risk.”

Newton Rossetto, Information Security Manager, Natura

87%Total reduction in informationsecurity risk level

60%Faster preparation of auditingreports

30%Fewer transactions per profile

Case Study

http://www.natura.net/

Company Background



About Us

15

Wise Men: US-based WMBE

Established in 1997

Technology and Supply Chain solutions

GHQ: Houston, Texas, US

Canada & Dubai

CoE India: Hyderabad and Pune

ISO 9001:2008

2010, 2011 E&Y: Finalist of the year

2009 & 2008: Top 10 - Fast 100 List

2009 & 2008: Top 10 - 50 Fastest growing

Women-owned companies

2010 BP: Vendor of the Year

2010 and 2009 INC Magazine

2011 MWBE Vendor of the Year

SAP Governance, Risk and Compliance



SAP Solutions for GRC

Manage, Protect, Perform


GRC technology is on ABAP programming language.

GRC latest version has extended features with Common look and

feel; streamlined navigation.

SAP has extended GRC with more Configurable user interface &

Content lifecycle management

Enhanced Solution on GRC 10.x


Reporting Within GRC 10.x

Unified User Interface


Reporting Within GRC 10.x


Solution Enhancements

Additional reports and dashboards that enable high-

speed collection and review of key issues related to

access control, policy control, and risk management

Device-agnostic report presentation

Use of reporting tools in SAP software to construct

comprehensive and flexible GRC reports

Key Benefits

High-volume processing of GRC data

Accelerated reporting for faster review and action

Review analytics information on any device – desktop

or mobile.

GRC - SAP HANA


SAP GRC – SAP PAM

GRC 5.3

End of Mainstream Maintenance

• 12/31/2015

GRC 10.0


12/31/2020

GRC 10.1

Ready for SAP HANA


• 12/31/2020


SAP Architecture Management. Implementation / Support SAP Architecture to meet changes in business like Cluster

Configuration, Virtualizations VMWare, MSCS, HP, IBM AIX.

SAP ABAP & JAVA Application Support. Experts in implementation of stack level technical environment

Stack level migration requests. JAVA STACK TO ABAP STACK MIGRATION

SAP Security GRC & SOD. Business requirement analysis, SoD configuration, FF configuration (Centralized /

Decentralized user Management), Mitigation/Risk management configurations, Notification alert management

Experts in GRC 5.3 JAVA stack migration to ABAP Stack. SAP Standard Workflow, BRF+ configuration, custom workflow configurations.



SAP Product and Service Support. End to End SAP Installations, SAP Version Upgrades, SAP Add-on implementations,

Support services. GRC, ECC, Solution Manager, BI, BODS, SMP, EWM, TM, CRM, SCM, HANA…

SAP Implementation & Support Operations. Managing hardware & OS software installation & configuration related to SAP.

Administering / Supporting OS file systems & OS security in relation to SAP.

Engineering and Technical Support Services. Identify and correct potential performance, reliability, capacity, security and fail-over

issues before they go into production, Execute any projects to upgrade the SAP software products.

Collaborate with the Key Technology Providers.


Customer Case Study



Customer Case Study

27

Company

• Cost reduction with offshore support model• Quick implementation of any change request due to reduction of turnaround time and

continuous daily monitoring of critical system process and agents• Additional onsite overhead reduction

SAP Standard GRC Migration tool along with GRC Expert configurations and consulting process

SAP GRC 5.3 JAVA, GRC 10.1 ABAP, ECC 6.0

10 weeks

Leader in the design, manufacture and supply of memory and storage solutions

Project

Objective

Benefits to Customer

Process

Technologies

Project Timeline

GRC Migration Project [GRC 5.3 JAVA stack to GRC 10.1 ABAP Stack]

Asses existing configurations of SAP GRC 5.3 system and Migrate to SAP GRC 10.1 ABAP Stack

Highlights

• Migration / Upgrade of GRC DEV and PRD systems from ‘5.3 SP11 Java Stack’ to ‘10.1 ABAP Stack’. • Data export of Super User Privilege Management (SPM) data from AC 5.3 (ABAP).• Data export of Compliant User Provisioning (CUP), Risk Analysis & Remediation (RAR), and

Enterprise Role Management (ERM) data from AC 5.3 (Java). • Data import into Access Control 10.1.• Customer activated Rule Set to be analyzed. • The existing configured workflows in 5.3 will be analyzed and migrated / recreated to 10.1


Migration Pre-requisites - SAP Access Control from 5.3 to 10.1

AC 5.3 to AC 10.1 Pre-requisites.

Downloading and Installing the Migration Tool.

Target System Pre-requisites.

Maintaining Configuration Settings.

Creating the Users.

Creating the Organization Unit.



Export Process Steps in GRC Access Control 5.3

Exporting Configuration and Master Data in AC 5.3

Exporting AC 5.3 (CUP) Data

Exporting AC 5.3 (RAR) Data

Exporting AC 5.3 (ERM) Data

Exporting AC 5.3 (SPM) Data



Import Process Steps in GRC Access Control 10.1

Importing Data into AC 10.1

Importing CUP Repository Data

Importing RAR Data

Importing Workflow Data

Importing ERM Repository Data

Importing SPM Data

Workflow

MSMP

BRF+

User Access Request

Reporting



Q&A

wise men- sap grc webinar deck- march 2015

Technology

sap basis grc support

sap grc solution aspects

sap grc management team

sap grc product development

sap solutions

governance swx code

general management

solution strategy