customer presentation - grc access control (august '08)
TRANSCRIPT
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
1/40
SAP GRC Ac c ess Cont rolProtec t in format ion and prevent f raud
May 2008
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
2/40
SAP 2008 / Page 2
Disc la imer
This presentation outlines our general product direction and should not be relied onin making a purchase decision. This presentation is not subject to your licenseagreement or any other agreement with SAP. SAP has no obligation to pursue anycourse of business outlined in this presentation or to develop or release anyfunctionality mentioned in this presentation.
This presentation and SAP's strategy and possible future developments are subjectto change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied,including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement. SAP assumes no responsibility for errors or
omissions in this document, except if such damages were caused by SAP
intentionally or grossly negligent.
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
3/40
SAP 2008 / Page 3
Fragmentat ionManaging w i th c onf idence i s d i f f i cu l t i n an increas ing ly
comp l ex w or ld
Compliance
Board ofDirectors
Finance
Legal
Sales
Contracts
HR
Controller
IT
Policy Mgmt.
Audit &Compliance
Treasury
Compliance
Compliance
Compliance
U.S.
Germany
Japan
U.K.
France
China
Canada
India
Compliance
Governance
Compliance
Risk Mgmt.
GovernanceRisk Mgmt.
Risk Mgmt.
Governance
Risk
Mgmt.
Risk Mgmt.
Risk Mgmt.
Governance
SecurityProj.
Mgmt.Doc.
Mgmt. Contracts Planning Customers ERP Production Billing
SOX JSOXCreditRisk
HumanCapital
Risk
Segregationof DutiesFDA
ROHS
WEEEProject
Risk
Compliance
Risk Mgmt.
Governance
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
4/40
SAP 2008 / Page 4
SegregationOf Duties
SegregationOf Duties
Compliance
Compliance
Compliance
Compliance
Compliance
Governance
Compliance
Risk Mgmt.
GovernanceRisk Mgmt.
Risk Mgmt.
Governance
Risk
Mgmt.
Risk Mgmt.
Risk Mgmt.
Governance
Compliance
Risk Mgmt.
Governance
In t egrated GRCForward look ing organizat ions are seek ing a uni f ied
approac h to GRC
U.S.
Germany
Japan
U.K.
France
China
Canada
India
SecurityProj.
Mgmt.Doc.
Mgmt. Contracts Planning Customers ERP Production Billing
SOX JSOXCreditRisk
HumanCapital
Risk
SegregationOf DutiesFDA
ROHS
WEEEProject
Risk
Board ofDirectors
Finance
Legal
Sales
Contracts
HR
Controller
IT
Policy Mgmt.
Audit &Compliance
Treasury
SegregationOf Duties
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
5/40
SAP 2008 / Page 5
Acc ess and Author izat ion RisksManaging acc ess r isks is everyones job
Human Resources
Inefficient & non-compliant employeeprovisioning and de-provisioning
Finance5% of annual revenue lostto fraud1
Internal AuditTime and effort for audits
? OperationsUncontrolled rolemanagement
Information SecurityNo monitoring of
sensitive transactions
Executives & Managers
Responsibility forSegregation of Duties?
IT OperationsManual, error-prone
administration
SALARIES
Board, Audit CommitteeReactive approach
1 Association of Certified Fraud Examiners, 2006 Report to the Nation on Occupational Fraud and Abuse
Supply Chain Customers & Channel
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
6/40
SAP 2008 / Page 6
Ac cess And Aut hor iza t ion Managem entOvercome f ragment a t ion , ga in com prehens ive access
con t ro l
Supply Chain Customers & Channel
Board, Audit CommitteePreventive approach
Internal AuditLower cost of audit and
audit-related fees
Executives & Managers
Manage ComplianceWith Confidence
IT OperationsImprove efficiency by
automating corecompliance/securitytasks
FinanceVulnerability to unwantedfinancial activity fixed
Human Resources
Efficient and compliantuser provisioning
SALARIES
OperationsCompliant, role-based accesscontrol
Information SecuritySensitive transaction
monitoring
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
7/40
SAP 2008 / Page 7
Compl ianc e TrendsGartner s 2007 Planning Guidance for Compl iance
By 2010, auditors will expect regulated organizations to detect fraud byperforming transaction monitoring on a continuous basis, and 60% ofregulated firms will have such an automated process in place1
The broader market for GRC products will subsume this market by 2010, andSoD controls will be offered primarily as embedded capabilities in GRC
products/suites (0.8 probability).1
Process owners are looking to simplify and reduce the cost of compliance 2
Spending on security, segregation of duties, and other solutions that supportcontrols monitoring and automation will increase 2
1 Gartner - MarketScope for Segregation of Duties Controls Within ERP, 2007
2 Gartner The 2006 Planning Guidance for Compliance: Risk-Orientation, Standardization, and Automation, April 2006
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
8/40
SAP 2008 / Page 8
Governance, Risk , Compl ianc e - requi red
to es t ab l i sh Corpora te Acc ountab i l i t y
SAP GRCProcess Control
Control Monitoringfor BusinessProcesses
SAP GRC AccessControl
Secure SOD &Compliant
IDM/Provisioning
SAP GRC GlobalTrade Services
Streamline TradeCompliance
SAP Environment,Health & Safety
ComplianceManagement
Ensure EH&SOversight
SAP GRC Risk Management
Aggregated Detection of Risks andControl Monitoring
Provides a unified, business-userfocused approach
Organizes all compliancerequirements
Creates a common method tomeasure risks
Ensures strategy considers risks
Implements and monitors controlsin business processes
Detects and alerts to exceptionsfor risks and controls
Promotes sustainable operations
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
9/40
SAP 2008 / Page 9
SAP GRC Ac c ess Cont rolCont ro l Access and Author i zat ions Across Your Enterpr i se
Analyz
eand
Remediate
Enterpriserole
management
Analyze andremediate risk
Compliantuser
provisioning
Documentand
Audit
IdentityManagement
Automate Reviews
Modeland
Control
Superuserprivilege
management
SoD Rules & RegulationsCorporate PoliciesBest Practices
Embed cross-platform
Embed cross-function
FIN SCM SRM MFG HR
Manage by exception Collaborate acrossfunctions
Protect information and prevent fraud Automatically eliminate access and
authorization risks with out-of-the-box rules
Enforce segregation of duties acrossapplications and departments
Prevent improper access instead of reacting toproblems
Optimize operations
Automate segregation of duties management
Automate access management
Promote IT and Line of Business collaboration
Enforce accountability with review and approvalprocesses
Ease compliance and avoid authorization risk
Minimize time and cost for financialcompliance
Provide proof and reliability with control testsand audit trail for SOD controls
Report and review key risk indicators for systemaccess
Em
bedand
E
xecute
Provide proofStreamline audits
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
10/40
SAP 2008 / Page 10
SAP GRC Ac c ess Cont rolSustainable prevent ion of segregat ion of dut ies v io lat ions
Cross-enterprise library of best practice segregation of duties rules
Compliant UserProvisioning
Prevent SoDviolations at
run time
Superuser PrivilegeManagement
Close #1 audit issuewith temporary
emergency access
Periodic AccessReview and Audit
Focus on remaining
challenges duringrecurring audits
(Stay in Control)(Stay Clean)
Risk analysis, remediation and prevention services
Enterprise RoleManagement
Enforce SoDcompliance atdesign time
Risk Analysisand Remediation
Rapid, cost-effectiveand comprehensive
initial clean-up
(Get Clean)
Minimal
Time To Compliance
Continuous
Access Management
Effective
Management Oversightand Audit
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
11/40
SAP 2008 / Page 11
Risk Analysisand Remediation
Get Clean
SAP GRC Ac c ess Cont rolMinimal t ime t o compl iance
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
12/40
SAP 2008 / Page 12
EnterpriseRole Management
SuperuserPrivilege Management
Risk Analysisand Remediation
CompliantUser Provisioning
Stay Clean
Get Clean
SAP GRC Ac c ess Cont rolCont inuous acc ess management
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
13/40
SAP 2008 / Page 13
Management Oversight Internal Audit
EnterpriseRole Management
SuperuserPrivilege Management
Risk Analysisand Remediation
Stay inControl
Stay Clean
Get Clean
CompliantUser Provisioning
SAP GRC Ac c ess Cont rolEf fec t ive management oversight and aud i t
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
14/40
SAP 2008 / Page 14 SAP 2007-2008 / Page 14
Risk Analys is, Remediat ion, and Prevent ion ServicesDel iver 24/7, real -t im e compl ianc e by s topping secur i t y and contro ls v io lat ions
befo re they occur
Reporting
RiskIdentification
Elimin
ation
Prevention
Acc ess Risks Serv ices
Rules
Acc ess Risks L ibrary
SAP GRC Access Control, with itscomprehensive preconfigured ruleset, reflected deep expertise withinSAP that would have taken us avery long time to replicate.Deepak Mehrotra, SOX Compliance Manager,Synopsys Inc.
Real-time SOD Risk Analysis
Critical Transaction Monitoring
Cross-Application Integration
Remediation Management
Mitigation Management
Common services across allSAP GRC Access Controlcapabilities
Alerts Framework
Reporting
Real-time Simulation
Mandatory Prevention
Cross-Enterprise Rules Database
Cross-Enterprise Rules Architect
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
15/40
SAP 2008 / Page 15 SAP 2007-2008 / Page 15
Risk Analys is and Remediat ionGett ing Clean
Reporting
Risk Elimination
Risk
Identification
Prevention
In i t ia l R isk Analys is and Remediat ion
The cleanup process hasbrought a tremendous degree of
discipline to the way we thinkabout and manage user accessand authorizations.Deepak Mehrotra, SOX Compliance Manager,Synopsys Inc.
Access Risk Identification
Access Risk Elimination
Reporting
Prevention
End-to-EndAutomation
Facilitates collaborationbetween Business and IT toclean up access risks
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
16/40
SAP 2008 / Page 16 SAP 2007-2008 / Page 16
Role Role
Ent erpr ise Role Def in i t ionEnables enterpr ise ro le def in i t ion and main tenance in a s ing le locat ion
Centra l ized Role Managem ent
Across app l i ca t i ons
Audit logSAP GRCAccess Control
28% time savings in rolemanagement Customer Survey, 3/2006Compl iant enterpr ise ro les
Reduce cost of rolemaintenance
Ease compliance and avoidauthorization risk
Eliminate errors and enforcebest practices
Assure audit-ready traceabilityand security checks
New role mapping of businessroles to technical roles with SAPGRC Access Control 5.3
EnterpriseRules
Role RoleRole RoleRole Role
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
17/40
SAP 2008 / Page 17
Com pl iant User Provis ioningProb lem: Ine f f ic ien t and unaud i tab le user provis ion ing
Current approachinefficient, not compliant
Accessrequest
Manager
approval
Roleowner
IT security
Manualprovisioning
e-mail
e-mail
spreadsheets,paper forms
spreadsheets,paper forms
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
18/40
SAP 2008 / Page 18 SAP 2007-2008 / Page 18
Com pl iant User Provis ioningEnables compliant end-to-end provisioning hire to ret ire
Compl ian t p rov i sion ing w i t h dynamic w ork f l ow
Path workflowbasedon request type anduser attributes
Escalationworkflow
Exceptionworkflow
Via e-mail
One-click preventivesimulation
100% automated
We reduced provisioning from 2weeks to 2 days Web Seminar Rockwell Collins, 3/2005
Embed cross-enterprisepreventive compliance inbusiness process
Reduce cost of useradministration
Improve productivity of end
users
Provide auditable tracking forauditors
HR event
Employeehired/retired
Requestgenerated
100% automated
Mgrapproval
Riskanalysis
Automatedprovisioning
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
19/40
SAP 2008 / Page 19 SAP 2007-2008 / Page 19
Superuser Pr iv ilege ManagementEnables compl iance-focused emergenc y acc ess for SAP ERP
Compl ian t super user acc ess
New session New session New session New session
SAP_ALL
Preassigned FireFighter IDs Access restrictions Validity dates Field-level changes tracked in audit log
Superuser
Super users and auditors love it Web Seminar Lincoln Electric, 3/2006
Close #1 open audit issue
Avoid business obstructions withfaster emergency response
Reduce audit time
Reduce time to perform critical
tasks
Firecall ID
Log
Firecall ID
FICO
Firecall ID
MM
Firecall ID
SD
LogLogLog
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
20/40
SAP 2008 / Page 20 SAP 2007-2008 / Page 20
Management Oversight and Audi t sPeriod ic rev iew s; comprehensive and e f f ic ien t aud i ts
ReviewUser Provisioning
Review
Potential Risks
Review Actual Risks
Review Policy
ReviewEmergency Access
Management
1) Validate
via sampling that
changes to access
were appropriately
authorized
2) Validate that
segregation of duties
risks are appropriatelymitigated on a sample
basis
Internal Audit
Equips internal and external auditorsto complete comprehensive andefficient testing
Saves audit and audit-related fees
Management by exception
Automated, pre-built access controlsreporting
Review of roles, users and mitigationcontrols
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
21/40
SAP 2008 / Page 21
Comprehensive Ac c ess Contro lsEnables bus iness managers, audi to rs , and IT secur i ty to c o l labora te
Enabling business to take accountability for accessCollaboration Businessand IT
IT Security
Identification and elimination ofPotential access risks (e.g. segregation of duties violations) and
Actual risks (e.g. sensitive transaction monitoring)
Real-time detective and preventive controls cross-enterprise
Access RiskIdentification andElimination
BusinessUsers
ManagementOversight
SoD-compliant role-design and management to address the root ofthe problem
Role Design AndManagement
Automated, pre-built access controls reporting
Review of roles, users and mitigation controls
Periodic AccessReview
Provide documentation to help validate that the business team isfollowing the control process
Audit CycleManagement
Internal Audit
Owner
Efficient and effective superuser privilege management, withtracking of all activity
Privileged User Access
Efficient and SoD-compliant user provisioning and de-provisioningfrom hire to retire
Compliant UserProvisioning
SAP Benef i t sey Areas
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
22/40
SAP 2008 / Page 22
GRC Management by Ex c ept ionTurning regulatory requi rements in to s t rategic advantage
Tomorrow
Savings forInnovation
GRC Spend
COST
Today
MultipleTools
ManualEfforts
ComplianceManagemen
t byException
EmbeddedCompliance
CommonFoundation
Increase
transparency
Gain flexibility andspeed
Lower cost of auditand audit-related fees
Achieve higherconfidence
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
23/40
SAP 2008 / Page 23 SAP 2007-2008 / Page 23
Cross-Ent erpr ise Solut ionIdent i fy and remedia te conf l ic ts across funct ions and app l ica t ions
Hire-to-Retire
Reconcile-to-Report
Procure-to-Pay
Order-to-Cash
Production-to-Delivery
Cross-Enterprise
GRC
Cross-Funct
ional
Cross-Application
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
24/40
SAP 2008 / Page 24
HR/Payroll
Procure to Pay
Order to Cash
Finance
General Accounting
Consolidations
HR
Procure to Pay
Order to Cash
Finance
General Accounting
Fixed Assets
System Administration
HR
Procure to Pay
Order to Cash
Finance
General Accounting
Project Systems
Fixed Assets
System Administration
HR
Procure to Pay
Order to Cash
Finance
General Accounting
Project Systems
Fixed Assets
Basis, Security andSystem Administration
Materials Management
APO
SRM
CRM
Consolidations
JD EdwardsPeopleSoftOracleSAP
Cross-Ent erpr ise Capabi l i t iesSAP GRC Acc ess Contro l del ivers best pract ice SoD
rules l ibrary
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
25/40
SAP 2008 / Page 25
Business and IT Col laborat ionEnabl ing Bus iness t o Take Acc ountab i l i t y fo r Acc ess
Business
Make decisions
IT
Enable decisions
SAP GRC Access Control enables crucial collaboration
Business owns the responsibility for Segregation of Duties
IT understands the technology to grant or revoke user access
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
26/40
SAP 2008 / Page 26 SAP 2007-2008 / Page 26
BusinessDr iven Ident i ty Management
CFO
BusinessControls
CIO
SystemsAccess
SAP GRCAccess Control
IdentityManagement
Additional user provisioning
Identity synchronization andvirtualization
Privilege management forapplications and resources
User provisioning
Risk analysis
Audit and compliance, includingaudit repository
Approval workflows
Privilege management for businesstransactions
SAP will offer an integrated solution
SAP addresses compliance issues across the organization
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
27/40
SAP 2008 / Page 27 SAP 2007-2008 / Page 27
SAP GRC Acc ess Cont rol 5.3Ident i ty management in tegrat ion
SAP GRC Access Control approach to Identity management:
SAPGRC
AccessControl
Enterpriserole
management
Risk analysisand
remediation
Compliantuser
provisioning
Identity
Managem
ent Applications
SAP NetweaverIdM
IBM SUN
Superuserprivilege
management
SAP_ALL
HRHR
authoritativesource
Auditing andreview
HR
Self-service
Authoritativesource
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
28/40
SAP 2008 / Page 28
What our cus t omers saySAP GRC Access Contro l del ivers value
Effect ive and Ef f ic ient
The SAP applications not onlyhelp to ensure good governanceand compliance, they also reducethe effort involved so that ourpeople can focus on the business.
Prevent iveA key internal control in anyorganization is segregation ofduties (SoD), which is arduousto achieve manually with all thedifferent transactional accessavailable in SAP software. SAPGRC Access Control automated
this function and enabled us tochange our process andimplement a preventive solutionfor future ongoing compliance.
Easy
SAP GRC Access Control is
easy to implement, and easy touse, and most importantly givesus the ability to ensure we meetregulatory requirements withminimal impact on our staff andbusiness operations.
Proact iveWe used to be in a reactionmode with SAP GRC AccessControl we are now in aproactive mode.
Automated
We clearly would not have beenas successful without thisapplication, in terms of ourexternal reporting requirementsfor the SEC and the PublicCompany Accounting OversightBoard.
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
29/40
SAP 2008 / Page 29
Average value reported
Proven resul t s for c ustom ersCus tomers repor t sign i f ican t reduc t ions in compl iance
cos t and labor
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%
Source: Customer Survey, March 2006
Reduction in timespentmaking changes to users and roles
Reduction in timerequired to clean upaudit report findings for security
Reduction in timespent onexternal/internal audit
Reduction in timespentmanaging authorization risk
(Number of responses = 130)
Reduction in internal/external audit costs
Reduction in costsfor managing userauthorization risk
30%
25%
32%
28%
28%
31%
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
30/40
SAP 2008 / Page 30
Gart ner St rong Posi t iveSAP GRC Acc ess Contro l rec eives h ighest rat ing f rom
Gartner 1
About SAP GRC Access Control SAP is the only vendor with a Gartner recommends rating
in all technique categories (Static analysis, provisioning support, integratedprovisioning workflow, transaction monitoring and emergency access)
offers one of the strongest product sets in our analysis, comprehensivelyaddressing all SoD issues across multiple SAP instances.
capable of running on multiple ERP platforms
1 Gartner - MarketScope for Segregation of Duties Controls Within ERP, 2007
Strong PositivePositivePromisingCautionStrongNegative
Rating
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
31/40
SAP 2008 / Page 31 SAP 2007-2008 / Page 31
ReferencesDel iver ing rea l wor ld va lue to our c ustomers
Real-World
Value
Saved time and costs, with
single, integrated system
Faster approval of access
and authorization requests
Created a highly responsive
audit environment that
enables rapid response and
remediation to SOD issues
Established audit
response processes to
minimize audit time and
cost
Improved strategy for
resolving SOD conflict
problems
Achieved ROI in less than 3
months through productivity
improvements and reduced
audit costs
Enforce key SOD control
at lowest total cost of
ownership
89% reduction in
administrative costs dueto self-service workflow
GTS and Access Control part
of a large solution selected
over Oracle / Hyperion
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
32/40
SAP 2008 / Page 32
Synopsys, Inc .
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
33/40
SAP 2008 / Page 33
Canadian Pac i f ic Rai lw ay
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
34/40
SAP 2008 / Page 34
Canadian Pac i f ic Rai lw ay
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
35/40
SAP 2008 / Page 35
Bacard i
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
36/40
SAP 2008 / Page 36
Pr int ronix
Virsa Compliance Calibrator is easy to implement and
easy to use, and most importantly gives us the ability to
ensure we meet regulatory requirements with minimal
impact on our staff and business operations.
Kate SquyresManager, IT CompliancePrintronix
PrintronixCompany
Global enterprise printing solutions forindustrial manufacturing and distributionsupply chain
Products/Services
Virsa Compliance CalibratorSAPSolutions and Services
$128 millionRevenue
785Employees
Irvine, CaliforniaLocation
High TechIndustry
www.printronix.comWeb Site
Challenges and Oppor tuni t ies Ensure the company has the internal control
environment for financial statements to be incompliance with latest regulatory disclosurerequirements
Minimize time and cost of annual audits
Object ives
Enable compliance that is easy to implement andreadily accepted by the audit community
Implement a solution that is easy to use bybusiness process owners and has minimal impacton IT resources
Im p l em en ta t i on H i gh l igh t s
Implementation was completed on time and withinbudget; total time to completion was less than sixmonths and met end-of-year audit requirements
Wh y SA P Virsa Compliance Calibrator is integrated to SAP
ERP, enabling streamlined, real-time review ofsecurity set-up
Depth of functionality and ease of use
Benef i t s
Established readily accepted, audit responseprocesses that have minimized audit time andcost
Created a highly responsive audit environmentthat enables rapid response and remediation toSegregation of Duty (SoD) violations
http://www.printronix.com/http://www.printronix.com/ -
8/6/2019 Customer Presentation - GRC Access Control (August '08)
37/40
SAP 2008 / Page 37
Xerox Europe
-
8/6/2019 Customer Presentation - GRC Access Control (August '08)
38/40
SAP 2008 / Page 38
Wolver ine
Challenges and Opportunit ies
Difficulty documenting Segregation of Duties (SoD)controls
Assessing & monitoring internal controls takessignificant time
Home-grown solutions are inconsistent and notcomprehensive
Compliance requires high level of changemanagement
Objectives Segregation of duty capabilities
Sarbanes-Oxley Section 302/404 Compliance
Risk management
Real-time detection of violations
Implementat ion Highlights
Compliance Calibrator implemented in two weeks
Why SAP Integration with SAP applications helps speed
implementation
SAP GRC solutions give Wolverine compliancemanagers the ability to identify conflicts
Satisfies compliance audit requirements
Alleviates concerns about data integrity
Benefits
Simplified compliance with Sarbanes-Oxley
Reduced consulting and audit effort and cost Reduced time needed to make user profile changes
Improved ability to develop strategy for resolving SoDconflict problems
Enabled implementation of governance best practices
Reduced internal efforts to maintain, control andperform analysis
Ability to run simulations by user role
The SAP application has given the security team amethod to quickly identify risks within the system. Thesimulation feature has been a significant tool to aid inconflict mitigation.
Kiki Lown,Director of Compliance & Administration,Wolverine World Wide, Inc.
Wolverine World Wide, Inc.Company
Apparel and accessoriesProducts/Services
SAP Solutions for Governance, Risk andCompliance; Virsa Compliance Calibrator
SAP Solutions and Services
$1 BillionRevenue
4,500Employees
Rockford, MichiganLocationConsumer ProductsIndustry
PricewaterhouseCoopersPartner
www.wolverineworldwide.comWeb Site
Wolverine World Wide, Inc.Company
Apparel and accessoriesProducts/Services
SAP Solutions for Governance, Risk andCompliance; Virsa Compliance Calibrator
SAP Solutions and Services
$1 BillionRevenue
4,500Employees
Rockford, MichiganLocationConsumer ProductsIndustry
PricewaterhouseCoopersPartner
www.wolverineworldwide.comWeb Site
Wolverine World Wide, Inc.Company
Apparel and accessoriesProducts/Services
SAP Solutions for Governance, Risk andCompliance; Virsa Compliance Calibrator
SAP Solutions and Services
$1 BillionRevenue
4,500Employees
Rockford, MichiganLocationConsumer ProductsIndustry
PricewaterhouseCoopersPartner
www.wolverineworldwide.comWeb Site
http://www.wolverineworldwide.com/http://www.wolverineworldwide.com/http://www.wolverineworldwide.com/http://www.wolverineworldwide.com/http://www.wolverineworldwide.com/http://www.wolverineworldwide.com/ -
8/6/2019 Customer Presentation - GRC Access Control (August '08)
39/40
SAP 2008 / Page 39 SAP 2007-2008 / Page 39
Resources
www.sap.com/GRC
Solutions for automated end-to-end GRC Processes
www.sap.com/solutions/grc/accessandauthorization/index.epx
SAP GRC Access Control
www.sap.com/solutions/grc/brochures/index.epx
SAP Solutions for GRC: Brochures & whitepapers
www.sap.com/solutions/grc/demos/index.epx
SAP Solutions for GRC: Demos
http://www.sap.com/GRChttp://www.sap.com/solutions/grc/accessandauthorization/index.epxhttp://www.sap.com/solutions/grc/brochures/index.epxhttp://www.sap.com/solutions/grc/demos/index.epxhttp://www.sap.com/solutions/grc/demos/index.epxhttp://www.sap.com/solutions/grc/brochures/index.epxhttp://www.sap.com/solutions/grc/accessandauthorization/index.epxhttp://www.sap.com/GRC -
8/6/2019 Customer Presentation - GRC Access Control (August '08)
40/40
SAP Solut ions for Governanc e, Risk , and Com pl ianc e