29 sap governance risk and compliance

7/29/2019 29 Sap Governance Risk and Compliance

1/15

Governance,

Risk and Com pl ianc e

ManagementSAP Solu t ions fo r GRC

Holly RolandGRC Solutions MarketingSAP


2/15

SAP AG 2006, ESA /

Fragm ent a t ion inc reases r iskManaging r isk s is ever yones job

Supply Chain Customers & Channel

Human Resources

Employee safetycompliance

FinanceComplex, internationalcompliance requirements

Compliance / Risk OfficeDisconnected risk analysis

? Sales, ServiceHigh credit riskcustomers

ProcurementSupplier

black lists

Executives & Managers

Incomplete globalrisk profile

IT OperationsData leakage &

security

SALARIES

Board, Audit CommitteeExecutive compensation practices


3/15

SAP AG 2006, ESA /

Unident i f ied r i sk s im pac t perfor m ance

National Headlines

Agency Delayed ReportingTheft of Veterans DataMay 24, 2006, New York Times

Data Theft at Nuclear Agency

Went Unreported for

9 MonthsJune 10, 2006, New York Times

Bomb Scare shuts Ports

Terminal 18Aug 18, 2006,The Seattle Times

High Tech Manufacturer

Violates E.U. Pollution LawJul 06, 2006, CIO Tech Informer


4/15

SAP AG 2006, ESA /

Overc om e f ragm enta t ion , ga in t ransparency

w i t h GRC

Supply Chain Customers & Channel

Board, Audit CommitteeEvidence for decisions & directives

Compliance / Risk Office

Integrated risk analysis

Executives & Managers

Increased confidencein business results

IT OperationsSecure IT

infrastructure

ProcurementAnti-terrorist

trade practices

Finance

Global financial reportingcompliance

Human ResourcesEnvironmental health& safety compliance

Sales, ServiceBalancedcredit profile

SALARIES


5/15

SAP AG 2006, ESA /

Imp lement m anagem ent by exc ept ionTurn GRC in t o a s t ra te g ic advanta ge

Available

forInvestment

HolisticApproach

TacticalApproach

Cost of GRC

# of GRC projects


6/15

SAP AG 2006, ESA /

SAP Solut ions fo r GRCThe f ramew ork fo r a hol i s t i c approach t o GRC

Business Process

Business Process Platform

SAP Solutions for GRC

Cross-Industry GRC

Access Controls GlobalTrade

Environment

Process Controls

Risk Management

GRC Repository: Documentation & Monitoring

Industry-Specific GRC

Business Applications


7/15

SAP AG 2006, ESA /

SAP GRC Ec osys t em 2Bui ld the com muni t y, de l iver best prac t ices, ex t end the va lue

SAP GRC Ecosystem2

Business Process

Business Process Platform


Cross-Industry GRC

Access Controls GlobalTrade

Environment

Process Controls

Risk Management

GRC Repository: Documentation & Monitoring




8/15

SAP AG 2006, ESA /

SAP GRC Repos it or yCentr a l syst em of r ecor d dr ives governance, inc reases t ransparency

Centralizes knowledge baseof content contributed fromGRC Ecosystem2

Rationalizes controls againstmultiple frameworks

Stores evidence to supportexecutive decisions andboard directives

Performance

Measures &

Benchmarks

Regulations

& Industry

MandatesRisk & Control

Libraries

Corporate

Policies &

Procedures

BOD &

Committee

Minutes

GRC

Repository

Best PracticesControl

Frameworks

(COBIT, JSOX, )

Advisory Services

(Auditors, Attorneys)

Internal

Policies

Governmental

Agencies

Influence

Councils


9/15

SAP AG 2006, ESA /

Plan

Identify&

Analyze

Respond

Monitor

SAP GRC Risk Mana gem entAw ard-w inning appl ic at ion balanc es oppor t uni t y and r isk

Balances opportunitieswith financial, legal, andoperational risks

Increases accuracy andpredictability of risks at alllevels of the enterprise

Minimizes impact of marketpenalties from high-impactevents

Establish risk appetite

and thresholds

Collaborate and aggregateacross the enterprise

Balance cost of risk avoidanceand opportunity

Actionable, role-baseddashboards & alerts


10/15

SAP AG 2006, ESA /

Envi ronm ent a l Produc t Com pl ianceCom pl ianc e for Produc t s - based on SAP Environm ent , Heal t h and Safet y

SAP EH&SComprehensive and complete business solution for environment, health and safety management

Industry SpecificCross-Industry

SAP xEMEmissions

Management

CfPCompliance

forProducts

OccupationalHealth

IndustrialHygiene

and Safety

WasteManagement

EmissionsManagement

ProductCompliance

HazardousSubstance

Management

ProductSafety

DangerousGoods

Management

Implemented Design for Environment & Compliance to reduce operationalcosts (by 505 in some areas) while staying compliant

Simplified environmental reporting and transparency


11/15

SAP AG 2006, ESA /

Cross-Indust r y GRCSec ure and exped i t e cross-border t ransac t ions

ImportManagement

TradePreference

Management

RestitutionManagement

ExportManagement

Expedite customsclearance to reducecostly buffer stock

Make the most ofinternational trade

agreements

Take advantageof export refunds

Avoid delays atborders to ensure

fast delivery tocustomers

SAP Global Trade Services

Ensure full regulatory compliance, expedite customs clearance, mitigate financial risk of

global transactions, take full advantage of international trade agreements

35 documents for cross-border shipments

600 trade laws

500 trade agreements


12/15

SAP AG 2006, ESA /

Ef fec t ive GRC pays of f

Up 27%

Up

25.7%

Down 5.7%

I-C weaknessin 04, but none

in 05

No I-Cweaknesses

in 04 or 05

Reported I-Cweakness in

both 04 and 05

Share-pr ice per fo rm ance o f com pan ies com ply ing w i th

in t ernal -c ontr o l ru les ca l led for under SOX

Source: Wall Street Journal, Lord & Benoit, LLC


13/15

SAP AG 2006, ESA /

Aut om at ed GRC m anagem ent w i l l

inc rease t he gap in shareho lder va lue

Up 30%

Up 20%

Down 10%

RemediatedInternal Control

weaknesses fromprevious year

No InternalControl

weaknesses

ContinuedInternal Control

weakness reported


14/15

SAP AG 2006, ESA /

SAPs Commitment

Most ComprehensiveFramework

Part of Every Process

Risk Intelligence

GRC Partner Ecosystem

SIMPLICITYA hol is t ic solut ion for gover nanc e, r isk and c om pl ianc e m anagem ent

ServicePartners

Co

ntentPartners

Technolo

gyPartners

Business Process

Business ProcessPlatform


Cross-Industry GRC

AccessControls

Global Trade Environment ProcessControls

Risk Management

GRC Repository: Documentation and Monitoring




15/15

Governance,

Risk and Com pl ianc e

ManagementSAP Solu t ions fo r GRC

29 sap governance risk and compliance

Documents