Governance,
Risk and Compliance
Management
SAP Solutions for GRC
Holly Roland
GRC Solutions Marketing
SAP
Fragmentation increases risk
Managing risks is everyone’s job
Human Resources Employee safety compliance Finance Complex, international compliance requirements
Compliance / Risk Office
Disconnected risk analysis
?
Sales, ServiceHigh credit risk customers
Procurement
Supplier “black lists”
Executives & Managers
Incomplete global
risk profile
IT Operations
Data leakage & security
SALARIES
Board, Audit Committee
Unidentified risks impact performance
National Headlines
“Agency Delayed Reporting
Theft of Veterans’ Data”
May 24, 2006, New York Times
“Data Theft at Nuclear Agency
Went Unreported for
9 Months”
June 10, 2006, New York Times
“Bomb Scare shuts Port’s
Terminal 18”
Aug 18, 2006, The Seattle Times
“High Tech Manufacturer
Violates E.U. Pollution Law”
Overcome fragmentation, gain transparency
with GRC
Supply Chain Customers & Channel
Board, Audit Committee
Evidence for decisions & directives
Compliance / Risk Office
Integrated risk analysis
Executives & Managers
Increased confidence
in business results
IT Operations Secure IT infrastructure Procurement Anti-terrorist trade practices FinanceGlobal financial reporting compliance
Human Resources
Environmental health & safety compliance
Sales, Service
Balanced credit profile SALARIES
Implement management by exception
Turn GRC into a strategic advantage
Available for Investment Holistic Approach Tactical Approach Cost of GRC # of GRC projects
SAP Solutions for GRC
The framework for a holistic approach to GRC
Business Process
Business Process Platform
SAP Solutions for GRC
Cross-Industry GRC
Access Controls Global
Trade Environment Process Controls
Risk Management
GRC Repository: Documentation & Monitoring
Industry-Specific GRC
SAP GRC Ecosystem
2
Build the community, deliver best practices, extend the value
SAP GRC Ecosystem
2
Business Process
Business Process Platform
SAP Solutions for GRC
Cross-Industry GRC
Access Controls Global
Trade Environment Process Controls
Risk Management
GRC Repository: Documentation & Monitoring
Industry-Specific GRC
SAP GRC Repository
Central system of record drives governance, increases transparency
Centralizes knowledge base
of content contributed from
GRC Ecosystem
2Rationalizes controls against
multiple frameworks
Stores evidence to support
executive decisions and
board directives
Performance Measures & Benchmarks Regulations & IndustryMandates Risk & Control Libraries Corporate Policies & Procedures BOD & Committee Minutes
GRC
Repository
Best Practices Control Frameworks (COBIT, JSOX, …) Advisory Services (Auditors, Attorneys) Internal Policies Governmental Agencies Influence Councils
Plan Identify & Analyze
Respond
Monitor
SAP GRC Risk Management
Award-winning application balances opportunity and risk
Balances opportunities
with financial, legal, and
operational risks
Increases accuracy and
predictability of risks at all
levels of the enterprise
Minimizes impact of market
penalties from high-impact
events
Establish risk appetite Collaborate and aggregate
across the enterprise Balance cost of risk avoidance
and opportunity Actionable, role-based
Environmental Product Compliance
Compliance for Products - based on SAP Environment, Health and Safety
SAP EH&S
Comprehensive and complete business solution for environment, health and safety management
Industry Specific
Cross-Industry
SAP xEM Emissions Management CfP Compliance for Products Occupational Health Industrial Hygiene and Safety WasteManagement ManagementEmissions ComplianceProduct Hazardous Substance Management Product Safety Dangerous Goods Management
Implemented “Design for Environment & Compliance” to reduce operational costs (by 505 in some areas) while staying compliant
Cross-Industry GRC
Secure and expedite cross-border transactions
Import Management Trade Preference Management Restitution Management Export Management Expedite customs clearance to reduce
costly buffer stock
Make the most of international trade agreements Take advantage of export refunds Avoid delays at borders to ensure fast delivery to customers
SAP Global Trade Services
Ensure full regulatory compliance, expedite customs clearance, mitigate financial risk of global transactions, take full advantage of international trade agreements
35 documents for cross-border shipments
600 trade laws
Effective GRC pays off
Up 27% Up 25.7% Down 5.7% I-C weakness in 04, but none in 05 No I-C weaknesses in 04 or 05 Reported I-C weakness in both 04 and 05Share-price performance of companies complying with
internal-control rules called for under SOX
Automated GRC management will
increase the gap in shareholder value
Up 30% Up 20% Down 10% Remediated Internal Control weaknesses from previous year No Internal Control weaknesses Continued Internal Control weakness reported
SAP’s Commitment
Most Comprehensive
Framework
Part of Every Process
Risk Intelligence
GRC Partner Ecosystem
SIMPLICITY
A holistic solution for governance, risk and compliance management
Service Partners Content Partners Technology Partners Business Process Business Process Platform
SAP Solutions for GRC
Cross-Industry GRC
Access
Controls Global Trade Environment Process Controls
Risk Management
GRC Repository: Documentation and Monitoring
Industry-Specific GRC