improve internal controls with governance, risk, and...
TRANSCRIPT
WWW.SCE.COM 0 Southern California Edison Southern California Edison
Improve Internal Controls with Governance, Risk, and Compliance Solutions
Jay Castleberry Director, Technology Delivery & Maintenance Southern California Edison
WWW.SCE.COM 1 Southern California Edison
Southern California Edison (SCE) Company Overview
One of the largest electric utilities in North America
More than 14 million customers
More than 17,000 employees
Major organizational units: – Transmission & Distribution, – Nuclear Generation, – Supply Chain Operations, – Customer Service, – Information Technology
SAP landscape – HCM, FICO, OS, EAM, SRM, CRM, SUS, BW, GRC, etc.
WWW.SCE.COM 2 Southern California Edison
Governance, Risk, and Compliance (GRC*) Drivers
Business Drivers
Integrate Compliance
Realize operational
efficiencies
Enhance executive visibility
Leverage best practices
Opportunities
Provide reasonable
assurance
Promote compliance excellence and personal responsibility
Ensure clear line of sight
Leverage best practices across the company
Overarching standards, processes, and priorities
* In this context, 'GRC' does not refer to 'General Rate Case'
WWW.SCE.COM 3 Southern California Edison
Leveraging Existing SAP GRC Investment
Strategic, long-term investment in SAP’s GRC technology
Baseline
Install SAP Access Control 5.2 and SAP Process Control 2.5
Build
Enhance and Build onto Existing
Baseline Functionality
Upgrade
Migrate Existing Functionality to version 10.0 &
Leverage Inherent Enhancements
Expand
Implement SAP Risk Management 10.0
and Enable Integrated
Capabilities
WWW.SCE.COM 4 Southern California Edison
GRC Maturity at SCE
Past, Current, and Desired Future State
Sta
keh
old
er
Valu
e
2012
2013+
2011 2010 2009
SOX Compliance IT Compliance NERC CIP GRC 10.0 Upgrade,
ERM and ECMS Access, EH&S,
HR, etc
Stages of GRC Capability Maturity at SCE
WWW.SCE.COM 5 Southern California Edison
GRC Maturity at SCE – SOX Compliance
Benefits
Automated segregation of duties (SoD)
Continuous controls monitoring
Workflow automation
Single system of record
SOX Compliance 2009
WWW.SCE.COM 6 Southern California Edison
GRC Maturity at SCE – IT Compliance
Benefits
Enabled monitoring
Enabled automation
Leveraged workflow
Qualifications
Revocations
Access List
IT Compliance and NERC CIP 2010-2011
WWW.SCE.COM 7 Southern California Edison
GRC Maturity at SCE – Enterprise Compliance
Benefits
• Catalog
• Workflow / Controls automation
• Policy management
• Increased performance and robustness
• Ease of use
• Business role management
GRC 10.0 Upgrade and ECMS 2012
WWW.SCE.COM 8 Southern California Edison
GRC Maturity at SCE – Risk Management
Benefits
Ability to quickly survey
Focus on most relevant key risks
Automation of workflow and data approval
Systematic sign-off of enterprise risk data
Version control
Customizable reporting
Addition of SAP Risk Management 2012
WWW.SCE.COM 9 Southern California Edison
GRC Maturity at SCE
Past, Current, and Desired Future State
2012
2013+
2011 2010 2009
SOX Compliance IT Compliance NERC CIP GRC 10.0 Upgrade,
ERM and ECMS Access, EH&S,
HR, etc
• Continue to broaden use of
v10.0 to other areas of
compliance and enable
linkage of data elements
• Enterprise Wide Identity
Access Management
Sta
keh
old
er
Valu
e
WWW.SCE.COM 10 Southern California Edison
SCE’s Vision for 2013 and Beyond
Moving to the Risk-Intelligent Maturity State
Expand continuous control monitoring
Increase visibility to further compliance areas
Enable linkage between data elements
Replace additional legacy compliance systems
Expand and integrate enterprise wide identity access
management capabilities with GRC
WWW.SCE.COM 11 Southern California Edison
Ensure adequate level of executive sponsorship
Look for value beyond compliance
Define a roadmap for execution
Start communication early
Involve subject matter experts (SMEs)
Leverage existing assets and investments
Use a common methodology to continuously assess risk
Develop a platform for current and future requirements
Lessons Learned
WWW.SCE.COM 12 Southern California Edison
Thank You for Attending
Jay Castleberry
www.SCE.com