Governance, Risk and Compliance Management SAP Solutions for GRC

Marina Simonians, Director - Strategic Apps, CFO COE, SAP Applications for Environmental Compliance

Managing Risk Is Everyone’s Job

Supply Chain Customers & Channel

Human Resources Employee safetycompliance

Finance Complex, internationalcompliance requirements

Compliance / Risk OfficeDisconnected risk analysis

IT OperationsData security issues

? Sales, ServiceHigh credit risk customers

ProcurementProcurement

supplierlongevity

Board, Audit CommitteeExecutive compensation issues

Executives & ManagersIncomplete global risk profile

Unidentified risks impactperformance

Failure in Operational Control

Failure in Operational Control

Disruptsmajor

operations

Disruptsmajor

operations

Impairs CustomerService

Impairs CustomerService

ReducesInvestor &

Market Confidence

ReducesInvestor &

Market Confidence

IncreasesBusiness

Costs

IncreasesBusiness

Costs

Impacts Performancein the MarketImpacts Performancein the Market

Results in Closer Scrutiny

Results in Closer Scrutiny

National Headlines“Agency Delayed Reporting

Theft of Veterans’ Data”May 24, 2006, New York Times

“Data Theft at Nuclear Agency Went Unreported for

9 Months”June 10, 2006, New York Times

“Bomb Scare shuts Port’s Terminal 18”

Aug 18, 2006, The Seattle Times

“Brand Name High Tech Manufacturer Violates E.U.

Pollution Law”Jul 06, 2006, CIO Tech Informer

FragmentationManaging with confidence is difficult in an

increasingly complex world

Compliance

Board of Directors

Finance

Legal

Sales

Contracts

HR

Controller

IT

Policy Mgmt.

Audit & Compliance

Treasury

Compliance

Compliance

Compliance

U.S.

Germany

Japan

U.K.

France

China

Canada

India

Compliance

Governance

Compliance

Risk Mgmt.

Governance Risk Mgmt.

Risk Mgmt.

GovernanceRisk

Mgmt.Risk Mgmt.

Risk Mgmt.

Governance

SecurityProj.

Mgmt.Doc.

Mgmt. Contracts Planning Customers ERP Production Billing

SOX JSOX CreditRisk

HumanCapital

RiskRevenue

RecognitionFDAREACH

RoHS/WEEEProject

Risk

Compliance

Risk Mgmt.

Governance

Opportunity CostThe cost of fragmented GRC is more than

just money

0

30

*Source: SAP research, 2006

$27.0B

2004 2006

Total Compliance Spend* Not Including Risk and Governance Cost

$10.5B

33%

25%

Headcount

42%

Services

Technology

GRC spend only likely to go up

– GRC Cost > $27 Bill

– Share price / performance

– Missed opportunities

Integrated GRCIngrain GRC at every level

InformalAd-hoc Phase

Reactive, Fragmented

Implementation Phase

Consolidation Phase

Operational Excellence Phase

Continuous process

improvementCreate inventory

of G, R and C initiatives

Rush projects to react to mandates

Maturity

Ad-hoc, “must-do”activities only

Start on a unified GRC approach

Source: SAP Research

Time

2 – 5 yearsToday

Integrated GRCForward looking organizations are seeking a unified approach to GRC

ComplianceCompliance

Compliance

Compliance

Compliance

Governance

Compliance

Risk Mgmt.

Governance Risk Mgmt.

Risk Mgmt.

GovernanceRisk

Mgmt.Risk Mgmt.

Risk Mgmt.

Governance

Compliance

Risk Mgmt.

GovernanceU.S.

Germany

Japan

U.K.

France

China

Canada

India

SecurityProj.

Mgmt.Doc.

Mgmt. Contracts Planning Customers ERP Production Billing

SOX JSOX CreditRisk

HumanCapital

RiskRevenue

RecognitionFDAREACH

RoHS/WEEEProject

Risk

Board of Directors

Finance

Legal

Sales

Contracts

HR

Controller

IT

Policy Mgmt.

Audit & Compliance

Treasury

A holistic solution for GRC management

Automates and embeds GRC processes into business processesDelivers transparency for balanced global risk profileStandardizes on common GRC content and rulesDrives higher margins and shareholder value

Serv

ice

Part

ners

Con

tent

Par

tner

s

Tech

nolo

gy P

artn

ers

Business Process

Business Process Platform

SAP Solutions for GRC

Cross-Industry GRC

Access Controls Global Trade Environment Process Controls

Risk Management

GRC Repository: Documentation and Monitoring

Industry-Specific GRC

Business Applications

Governance Risk and Compliance

GRC Business Drivers

Financial ComplianceFinancial Compliance Trade ManagementTrade Management Environment RegulationsEnvironment Regulations

• SOX mandate (Section 404 and 302)• Segregation of Duties analysis & enforcement• Reduce fraud and risk

• SOX mandate (Section 404 and 302)• Segregation of Duties analysis & enforcement• Reduce fraud and risk

• Certify the sign-off process for executives• Identify controls for organizations• Provide auditors with complete audit trail

• Certify the sign-off process for executives• Identify controls for organizations• Provide auditors with complete audit trail

• Enforcement is on the rise, esp. after 9/11 • Companies need to strictly adhere to changing regulations or risk costly fines• Security initiatives requiring more internal control, record keeping and audit trail• Additional regulations such as Anti-boycott/ Anti-terrorism Regulations and Export Administration Regulations (EAR)

• Enforcement is on the rise, esp. after 9/11 • Companies need to strictly adhere to changing regulations or risk costly fines• Security initiatives requiring more internal control, record keeping and audit trail• Additional regulations such as Anti-boycott/ Anti-terrorism Regulations and Export Administration Regulations (EAR)

•Corporations need to comply with environment laws and regulation as it relates to their employees health and safety; Air, Water, Soil pollution; product and chemical safety •Some of the regulatory Agencies:

•OSHA - Occupational Safety & Health Administration•Local state and Gouvernemental agencies•European Chemical Agency •EU RoHS/WEEE enfoncement authority

•Corporations need to comply with environment laws and regulation as it relates to their employees health and safety; Air, Water, Soil pollution; product and chemical safety •Some of the regulatory Agencies:

•OSHA - Occupational Safety & Health Administration•Local state and Gouvernemental agencies•European Chemical Agency •EU RoHS/WEEE enfoncement authority

Governance Risk and Compliance

GRC Solution Overview

Financial ComplianceFinancial Compliance Trade ManagementTrade Management Environment RegulationsEnvironment Regulations

Access Control (SOD)Compliance Calibrator

Role ExpertFirefighter

Access Enforcer

Access Control (SOD)Compliance Calibrator

Role ExpertFirefighter

Access Enforcer

Monitoring of Internal Controls and Documentation

Process Control

Monitoring of Internal Controls and Documentation

Process Control

Global Trade Management (GTS)

Global Trade Management (GTS)

EH&SEmissions Mgt (xEM)

EH&SEmissions Mgt (xEM)

Thank You!