SAP GRC Overview
Paul Pessutti
Director, Strategic Applications
SAP GRC
Managing Risk Is Everyone’s Job
Human Resources
Employee safety
compliance
Finance
Complex, international
compliance requirements
Compliance / Risk Office
Disconnected risk analysis
IT Operations
Data security issues
?
Sales, Service
High credit risk
customers
Procurement
Supplier
“black lists”
Board, Audit Committee
Executive compensation issues
Executives & Managers
Incomplete global risk
profile
Unidentified risks impact performance
National Headlines
“US Imposes Record $100
Million Penalty for Export
Control Violations”
March 27, 2007, Washington Post
“Data Theft at Nuclear Agency
Went Unreported for
9 Months”
June 10, 2006, New York Times
“Bomb Scare shuts Port’s
Terminal 18”
Aug 18, 2006, The Seattle Times
“Brand Name High Tech
Manufacturer Violates E.U.
Pollution Law”
Jul 06, 2006, CIO Tech Informer
Failure in
Operational
Control
Failure in
Operational
Control
Disrupts
major
operations
Disrupts
major
operations
Impairs
Customer
Service
Impairs
Customer
Service
Reduces
Investor &
Market
Confidence
Reduces
Investor &
Market
Confidence
Increases
Business
Costs
Increases
Business
Costs
Impacts Performance
in the Market
Impacts Performance
in the Market
Results in
Closer
Scrutiny
Results in
Closer
Scrutiny
Overcome fragmentation, gain transparency with GRC
Supply Chain
Customers & Channel
Board, Audit Committee
Evidence for decisions & directives
Compliance / Risk Office
Integrated risk analysis
Executives & Managers
Increased confidence
in business results
IT Operations
Secure IT infrastructure
Procurement
Anti-terrorist
trade practices
Finance
Global financial reporting
compliance
Human Resources
Environmental health
& safety compliance
Sales, Service
Balanced
credit profile
SALARIESA holistic solution for GRC Management
Servi
c
e Pa
rt
n
ers
Content Par
tners
Technol
ogy
Pa
rt
ne
rs
Business ProcessBusiness Process Platform
SAP Solutions for GRC
Cross-Industry GRC
Access Controls Global Trade Environment Process Controls
Risk Management
GRC Repository: Documentation and Monitoring
Industry-Specific GRC
Business Applications
Automates and embeds
GRC processes into
business processes
Delivers transparency
for balanced global risk
profile
Standardizes on
common GRC content
and rules
Drives higher margins
and shareholder value
Promotes a culture
which values effective
GRC
GRC Business Drivers
Governance Risk and Compliance
Governance Risk and Compliance
Financial Compliance
Financial Compliance
Trade Management
Trade Management
Environment Regulations
Environment Regulations
• SOX mandate (Section 404
and 302)
• Segregation of Duties
analysis & enforcement
• Reduce fraud and risk
• SOX mandate (Section 404
and 302)
• Segregation of Duties
analysis & enforcement
• Reduce fraud and risk
• Certify the sign-off process
for executives
• Identify controls for
organizations
• Provide auditors with
complete audit trail
• Certify the sign-off process
for executives
• Identify controls for
organizations
• Provide auditors with
complete audit trail
• Enforcement is on the
rise, esp. after 9/11
• Companies need to
strictly adhere to changing
regulations such as ITAR
and EAR or risk costly fines
• Security initiatives
requiring more internal
control, record keeping and
audit trail
•
Enforcement is on the
rise, esp. after 9/11
• Companies need to
strictly adhere to changing
regulations such as ITAR
and EAR or risk costly fines
• Security initiatives
requiring more internal
control, record keeping and
audit trail
• “Green” supply chain as
competitive advantage
• Corporations need to
comply with environment
laws and regulation such
as RoHS and REACH
• Mandate of Clean Air Act
• Streamline environmental
reporting
• Health care risk
assessment and prevention
• Worker safety and
hazardous materials need
to be documented and
identified
• “Green” supply chain as
competitive advantage
•
Corporations need to
comply with environment
laws and regulation such
as RoHS and REACH
• Mandate of Clean Air Act
• Streamline environmental
reporting
• Health care risk
assessment and prevention
• Worker safety and
hazardous materials need
to be documented and
identified
GRC Solution Overview
Governance Risk and Compliance
Governance Risk and Compliance
Financial Compliance
Financial Compliance
Trade Management
Trade Management
Environment Regulations
Environment Regulations
GRC Access Control
Suite
GRC Access Control
Suite
GRC Process Controls
GRC Process Controls
GRC Global Trade
Services
GRC Global Trade
Services
EH&S
Environmental Compliance
(EC)
Compliance for Products
(CfP)
EH&S
Environmental Compliance
(EC)
Compliance for Products
(CfP)
GRC Risk Management
SAP GRC Access Control
Sustainable prevention of segregation of duties violations
Cross-enterprise library of best practice segregation of duties rules
Compliant User
Provisioning
Prevent SoD
violations at
run time
Superuser Privilege
Management
Close #1 audit issue
with temporary
emergency access
Periodic Access
Review and Audit
Focus on remaining
challenges during
recurring audits
(Stay in Control)
(Stay Clean)
Risk analysis, remediation and prevention services
Enterprise Role
Management
Enforce SoD
compliance at
design time
Risk Identification
and Remediation
Rapid, cost-effective
and comprehensive
initial clean-up
(Get Clean)
Minimal
Time To Compliance
Continuous
Access Management
Effective
Management Oversight
and Audit
The framework for an integrated approach to ERM
Risk Identification
and Analysis
Risk Response
Risk Monitoring
Risk Planning
Collaborate and
aggregate across
the enterprise
Balance cost of
risk avoidance and
opportunity
Actionable
role-based
dashboards and
alerts
Establish risk
appetite and
thresholds
SAP GRC Risk Management
Balance business opportunities with financial, legal, and operational exposure to
minimize the market penalties from high-impact events
SAP GRC Risk Management
Risk-adjusted management of enterprise performance
Balance business opportunities with financial, legal, and operational exposure to
minimize the market penalties from high-impact events
SAP GRC Global Trade Services
Solving global trade challenges
Import
Management
Trade
Preference
Management
Restitution
Management
Export
Management
Expedite customs
clearance to reduce
costly buffer stock
Make the most of
international trade
agreements
Take advantage
of export refunds
Avoid delays at
borders to ensure
fast delivery to
customers
SAP GRC Global Trade Services
Ensure full regulatory compliance, expedite customs clearance, mitigate financial risk of
global transactions, take full advantage of international trade agreements
SAP GRC EH&S and Environmental Compliance
Solving environmental, health, safety challenges
Applications for EH&S Compliance Management
SAP EH&S
Comprehensive and complete business solution for environment, health and safety management
Industry Specific
Cross-Industry
SAP
Environmental
Compliance
TechniData
Compliance
for
Products
CfP
Occupational
Health
Industrial
Hygiene
and Safety
Waste
Management
Air, Soil, Water
Waste
Management
Product
Compliance
Hazardous
Substance
Management
Product
Safety
Dangerous
Goods
Management
SAP
REACH
Compliance
Chemical
Mgmt
Manage With Confidence
Over 2200 customers worldwide rely on SAP Solutions for GRC
Improve occupational health with SAP Environment Health & Safety
Incident numbers and cost down; replaced 11 legacy systems
Grow and stay compliant with multiple regulatory changes using SAP Global
Trade Services
Reduced cycle times (5
2 days)
Effectively manage increasing trade regulations with SAP Global Trade Services
Automated 99.9% of export processes; Reduced headcount (450
14)
Reduce compliance costs with Virsa Compliance Calibrator
Eliminated 4,800 Staff Hours annually; audit costs 23% below norm
Mitigate horizontal risks with SAP Global Trade Services and Virsa
Access Enforcer for SAP
More than Export Control
What is SAP Global Trade Services (SAP GTS)?
SAP GTS
SAP Global Trade Services manages all complexities of international trade
including full regulatory compliance, interactions with customs and
management of risk while trading on a global basis. It consists of separate
modular components that enable companies to improve their supply chain
and comply with international regulations.
Exports
Imports
• Export
• Import
• Trade
Preference
• Restitution
Comprehensive Support For All Global Trade Activities
Import
Management
Ensure full
regulatory import
compliance,
expedite customs
clearance, mitigate
risk
Trade
Preference
Management
Make the most of
international trade
agreements
Restitution
Management
Take advantage of
export refunds
Export
Management
Ensure full
regulatory export
compliance,
generate and file
customs
documents,
mitigate risk
SAP Global Trade Services (SAP GTS)
Driving Efficient Cross-Border Trade
Integrate
Systems,
Data and
Business
Partners
Adaptable
Business
Processes
Based on
Flexible
Technology
Platform
Increased
Productivity
and
Business
Insight
Logistics/ Trade
Team
Legal/ SOX
Compliance Team
Trade
Preference
Management
Restitution
Management
Export
Management
Import
Management
SAP Global Trade Services
IT
Team
SAP NetWeaver
ERP SCM/ SRM CRM Legacy HTS ECCN, etc Duty Rates SPL Data Rules Of Origin Customer& Supplier Banks
Freight Forwarder
Customs Agencies
Applications
Data
Business Partners
Import/
Export Officer
Tight Integration With Logistics Outbound and Inbound Processes
ERP System
Import Process
Product &
Business
Master Data
(Supplier)
Shipping Notification
Goods Receipt
Purchase Order
ERP System
Export Process
Delivery
(Pro-forma) Invoice
Sales Order
Product &
Business
Master Data
(Customer)
SAP GTS
•Export/ Import
Compliance Check
•Bonded Warehouse
•Duty Calculation
•Customs
Communication
•Export/ Import
Document Printing
•L/C Compliant
Printing
•Export/ Import
Compliance Check
• ITAR/EAR License Det
•Letter of Credit (L/C)
Check
Product
Classification
(HTS, ECCN,
Schedule B, …)
SAP Export Management
Ensures Trade Compliance Across Borders
SAP
Export Management
Avoid costly fines and penalties
through facilitating tighter national security
Shorter delivery times
through automated trade compliance
processes
Improve worker productivity
via moving to management-by-exceptions
Secure your corporate brand
equity
by avoiding negative press
Be prepared for legal audits
by having all required documentation at
hand
SAP
Import Management
SAP
Trade Preference
Management
Benefits
Sanctioned Party List Screening
Screen business partners
Screen documents at every step
(order-to-cash and procure-to-pay process
Comprehensive documentation
Integration with Logistics, HR, Financial
Export/ Import Control
Manage export and import licenses (incl.
Nested Licenses)
Manage TAA and MLAs
Automated assignment of licenses to a
specific business transaction
Ability to Interface with DDTC (D-Trade)
Web Portal access to License
Applications & Amendments
(DSP-5,61,73,85,119)
Track quantity and value depreciation
Content provider for USML (partner
solution)
Embargo Check
Check for potential embargo situations
ITAR Compliance with SAP GTS
SAP GTS helps you manage ITAR Requirements across your enterprise
Product Classification
Assign the correct USML numbers to your products
Export License Determination and Management
A single, central location for end-to-end license management
Embargo Check
Automatic screening of destination country to identify potential ITAR issues
Sanctioned Party List Screening
Screen business partner, employees and applications against official sanctioned party lists
Government Communication
Certified support for electronic communication with the US Government
Auditing and Record Keeping
SAP GTS Has Significant Market Momentum
SAP GTS is the leader in global trade management space
Over 450 Customers in 20 countries, including business world's
best-known brands
Conclusion
SAP GTS helps you reduce RISKS, TIME and COSTS
Increase Efficiency
Automated, standardized processes
Tight integration into logistics processes
Reduce Risk of Non-Compliance
Avoid costly fines and penalties
Complete and accurate audit trail
Reduce RISKS, TIME and COSTS
Reduce TCO
One central global trade solution
Reduced software and hardware costs
Accelerate Cross-border Transactions
Expedite customs clearance
Accelerate delivery times
$
£ ¥
€
§
§
§
INDUSTRY ecosystems bringing together leading customers, partners & SAP
Creating
VALUE by focusing on priority industry needs & opportunities
With strong
NETWORK collaboration, combined expertise, resources & solutions
Industry Value Networks
SAP’s unique industry ecosystem initiative
SAP
IVN Lead & Enabler
System Integrators
Industry Services & Solutions
Technology Vendors
Supporting Technology
Customers
Innovation Needs &
Solution Validation
ISVs
Thank you!
Thank you!
For further information, please visit:
www.sap.com/grc
Paul Pessutti
Director, Strategic Applications
SAP GRC
paul.pessutti@sap.com
Copyright 2007 SAP AG. All Rights Reserved
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.
IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries, xSeries, zSeries, System i, System i5, System p, System p5, System x, System z, System z9, z/OS, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, Informix, i5/OS, POWER, POWER5, POWER5+, OpenPower and PowerPC are
trademarks or registered trademarks of IBM Corporation.
Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation.
UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.
Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology.
Java is a registered trademark of Sun Microsystems, Inc.
JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. MaxDB is a trademark of MySQL AB, Sweden.
SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.
The information in this document is proprietary to SAP. No part of this document may be reproduced, copied, or transmitted in any form or for any purpose without the express prior written permission of SAP AG.
This document is a preliminary version and not subject to your license agreement or any other agreement with SAP. This document contains only intended strategies, developments, and functionalities of the SAP® product and is not intended to be binding upon SAP to any particular course of business, product strategy, and/or development. Please note that this document is subject to change and may be changed by SAP at any time without notice.
SAP assumes no responsibility for errors or omissions in this document. SAP does not warrant the accuracy or completeness of the information, text, graphics, links, or other items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.
SAP shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials. This limitation shall not apply in cases of intent or gross negligence.
The statutory liability for personal injury and defective products is not affected. SAP has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third-party Web pages nor provide any warranty whatsoever relating to third-party Web pages.