SAP GRC Overview. Paul Pessutti Director, Strategic Applications SAP GRC

(1)

SAP GRC Overview

Paul Pessutti

Director, Strategic Applications

SAP GRC

(2)

Managing Risk Is Everyone’s Job

Human Resources

Employee safety

compliance

Finance

Complex, international

compliance requirements

Compliance / Risk Office

Disconnected risk analysis

IT Operations

Data security issues

?

Sales, Service

High credit risk

customers

Procurement

Supplier

“black lists”

Board, Audit Committee

Executive compensation issues

Executives & Managers

Incomplete global risk

profile

(3)

Unidentified risks impact performance

National Headlines

“US Imposes Record $100

Million Penalty for Export

Control Violations”

March 27, 2007, Washington Post

“Data Theft at Nuclear Agency

Went Unreported for

9 Months”

June 10, 2006, New York Times

“Bomb Scare shuts Port’s

Terminal 18”

Aug 18, 2006, The Seattle Times

“Brand Name High Tech

Manufacturer Violates E.U.

Pollution Law”

Jul 06, 2006, CIO Tech Informer

Failure in

Operational

Control

Failure in

Operational

Control

Disrupts

major

operations

Disrupts

major

operations

Impairs

Customer

Service

Impairs

Customer

Service

Reduces

Investor &

Market

Confidence

Reduces

Investor &

Market

Confidence

Increases

Business

Costs

Increases

Business

Costs

Impacts Performance

in the Market

Impacts Performance

in the Market

Results in

Closer

Scrutiny

Results in

Closer

Scrutiny

(4)

Overcome fragmentation, gain transparency with GRC

Supply Chain

Customers & Channel

Board, Audit Committee

Evidence for decisions & directives

Compliance / Risk Office

Integrated risk analysis

Executives & Managers

Increased confidence

in business results

IT Operations

Secure IT infrastructure

Procurement

Anti-terrorist

trade practices

Finance

Global financial reporting

compliance

Human Resources

Environmental health

& safety compliance

Sales, Service

Balanced

credit profile

SALARIES

(5)

A holistic solution for GRC Management

Servi

c

e Pa

rt

n

ers

Content Par

tners

Technol

ogy

Pa

rt

ne

rs

Business Process

Business Process Platform

SAP Solutions for GRC

Cross-Industry GRC

Access Controls Global Trade Environment Process Controls

Risk Management

GRC Repository: Documentation and Monitoring

Industry-Specific GRC

Business Applications

Automates and embeds

GRC processes into

business processes

Delivers transparency

for balanced global risk

profile

Standardizes on

common GRC content

and rules

Drives higher margins

and shareholder value

Promotes a culture

which values effective

GRC

(6)

GRC Business Drivers

Governance Risk and Compliance

Financial Compliance

Trade Management

_{Trade Management}

Environment Regulations

_{Environment Regulations}

• SOX mandate (Section 404

and 302)

• Segregation of Duties

analysis & enforcement

• Reduce fraud and risk

• SOX mandate (Section 404

and 302)

• Segregation of Duties

analysis & enforcement

• Reduce fraud and risk

• Certify the sign-off process

for executives

• Identify controls for

organizations

• Provide auditors with

complete audit trail

• Certify the sign-off process

for executives

• Identify controls for

organizations

• Provide auditors with

complete audit trail

• Enforcement is on the

rise, esp. after 9/11

• Companies need to

strictly adhere to changing

regulations such as ITAR

and EAR or risk costly fines

• Security initiatives

requiring more internal

control, record keeping and

audit trail

• Enforcement is on the

rise, esp. after 9/11

• Companies need to

strictly adhere to changing

regulations such as ITAR

and EAR or risk costly fines

• Security initiatives

requiring more internal

control, record keeping and

audit trail

• “Green” supply chain as

competitive advantage

• Corporations need to

comply with environment

laws and regulation such

as RoHS and REACH

• Mandate of Clean Air Act

• Streamline environmental

reporting

• Health care risk

assessment and prevention

• Worker safety and

hazardous materials need

to be documented and

identified

• “Green” supply chain as

competitive advantage

• Corporations need to

comply with environment

laws and regulation such

as RoHS and REACH

• Mandate of Clean Air Act

• Streamline environmental

reporting

• Health care risk

assessment and prevention

• Worker safety and

hazardous materials need

to be documented and

identified

(7)

GRC Solution Overview

Governance Risk and Compliance

Financial Compliance

Trade Management

_{Trade Management}

Environment Regulations

_{Environment Regulations}

GRC Access Control

Suite

GRC Access Control

Suite

GRC Process Controls

GRC Global Trade

Services

GRC Global Trade

Services

EH&S

Environmental Compliance

(EC)

Compliance for Products

(CfP)

EH&S

Environmental Compliance

(EC)

Compliance for Products

(CfP)

GRC Risk Management

(8)

SAP GRC Access Control

Sustainable prevention of segregation of duties violations

Cross-enterprise library of best practice segregation of duties rules

Compliant User

Provisioning

Prevent SoD

violations at

run time

Superuser Privilege

Management

Close #1 audit issue

with temporary

emergency access

Periodic Access

Review and Audit

Focus on remaining

challenges during

recurring audits

(Stay in Control)

(Stay Clean)

Risk analysis, remediation and prevention services

Enterprise Role

Management

Enforce SoD

compliance at

design time

Risk Identification

and Remediation

Rapid, cost-effective

and comprehensive

initial clean-up

(Get Clean)

Minimal

Time To Compliance

Continuous

Access Management

Effective

Management Oversight

and Audit

(9)

The framework for an integrated approach to ERM

Risk Identification

and Analysis

Risk Response

Risk Monitoring

Risk Planning

Collaborate and

aggregate across

the enterprise

Balance cost of

risk avoidance and

opportunity

Actionable

role-based

dashboards and

alerts

Establish risk

appetite and

thresholds

SAP GRC Risk Management

Balance business opportunities with financial, legal, and operational exposure to

minimize the market penalties from high-impact events

SAP GRC Risk Management

Risk-adjusted management of enterprise performance

Balance business opportunities with financial, legal, and operational exposure to

minimize the market penalties from high-impact events

(10)

SAP GRC Global Trade Services

Solving global trade challenges

Import

Management

Trade

Preference

Management

Restitution

Management

Export

Management

Expedite customs

clearance to reduce

costly buffer stock

Make the most of

international trade

agreements

Take advantage

of export refunds

Avoid delays at

borders to ensure

fast delivery to

customers

SAP GRC Global Trade Services

Ensure full regulatory compliance, expedite customs clearance, mitigate financial risk of

global transactions, take full advantage of international trade agreements

(11)

SAP GRC EH&S and Environmental Compliance

Solving environmental, health, safety challenges

Applications for EH&S Compliance Management

SAP EH&S

Comprehensive and complete business solution for environment, health and safety management

Industry Specific

Cross-Industry

SAP

Environmental

Compliance

TechniData

Compliance

for

Products

CfP

Occupational

Health

Industrial

Hygiene

and Safety

Waste

Management

Air, Soil, Water

Waste

Management

Product

Compliance

Hazardous

Substance

Management

Product

Safety

Dangerous

Goods

Management

SAP

REACH

Compliance

Chemical

Mgmt

(12)

Manage With Confidence

Over 2200 customers worldwide rely on SAP Solutions for GRC

Improve occupational health with SAP Environment Health & Safety

Incident numbers and cost down; replaced 11 legacy systems

Grow and stay compliant with multiple regulatory changes using SAP Global

Trade Services

Reduced cycle times (5

2 days)

Effectively manage increasing trade regulations with SAP Global Trade Services

Automated 99.9% of export processes; Reduced headcount (450

14)

Reduce compliance costs with Virsa Compliance Calibrator

Eliminated 4,800 Staff Hours annually; audit costs 23% below norm

Mitigate horizontal risks with SAP Global Trade Services and Virsa

Access Enforcer for SAP

(13)

(14)

More than Export Control

What is SAP Global Trade Services (SAP GTS)?

SAP GTS

SAP Global Trade Services manages all complexities of international trade

including full regulatory compliance, interactions with customs and

management of risk while trading on a global basis. It consists of separate

modular components that enable companies to improve their supply chain

and comply with international regulations.

Exports

Imports

• Export

• Import

• Trade

Preference

• Restitution

(15)

Comprehensive Support For All Global Trade Activities

Import

Management

Ensure full

regulatory import

compliance,

expedite customs

clearance, mitigate

risk

Trade

Preference

Management

Make the most of

international trade

agreements

Restitution

Management

Take advantage of

export refunds

Export

Management

Ensure full

regulatory export

compliance,

generate and file

customs

documents,

mitigate risk

(16)

SAP Global Trade Services (SAP GTS)

Driving Efficient Cross-Border Trade

Integrate

Systems,

Data and

Business

Partners

Adaptable

Business

Processes

Based on

Flexible

Technology

Platform

Increased

Productivity

and

Business

Insight

Logistics/ Trade

Team

Legal/ SOX

Compliance Team

Trade

Preference

Management

Restitution

Management

Export

Management

Import

Management

SAP Global Trade Services

IT

Team

SAP NetWeaver

ERP SCM/ SRM CRM Legacy HTS ECCN, etc Duty Rates SPL Data Rules Of Origin Customer

& Supplier Banks

Freight Forwarder

Customs Agencies

Applications

Data

Business Partners

Import/

Export Officer

(17)

Tight Integration With Logistics Outbound and Inbound Processes

ERP System

Import Process

Product &

Business

Master Data

(Supplier)

Shipping Notification

Goods Receipt

Purchase Order

ERP System

Export Process

Delivery

(Pro-forma) Invoice

Sales Order

Product &

Business

Master Data

(Customer)

SAP GTS

•Export/ Import

Compliance Check

•Bonded Warehouse

•Duty Calculation

•Customs

Communication

•Export/ Import

Document Printing

•L/C Compliant

Printing

•Export/ Import

Compliance Check

• ITAR/EAR License Det

•Letter of Credit (L/C)

Check

Product

Classification

(HTS, ECCN,

Schedule B, …)

(18)

SAP Export Management

Ensures Trade Compliance Across Borders

SAP

Export Management

Avoid costly fines and penalties

through facilitating tighter national security

Shorter delivery times

through automated trade compliance

processes

Improve worker productivity

via moving to management-by-exceptions

Secure your corporate brand

equity

by avoiding negative press

Be prepared for legal audits

by having all required documentation at

hand

SAP

Import Management

SAP

Trade Preference

Management

Benefits

Sanctioned Party List Screening

Screen business partners

Screen documents at every step

(order-to-cash and procure-to-pay process

Comprehensive documentation

Integration with Logistics, HR, Financial

Export/ Import Control

Manage export and import licenses (incl.

Nested Licenses)

Manage TAA and MLAs

Automated assignment of licenses to a

specific business transaction

Ability to Interface with DDTC (D-Trade)

Web Portal access to License

Applications & Amendments

(DSP-5,61,73,85,119)

Track quantity and value depreciation

Content provider for USML (partner

solution)

Embargo Check

Check for potential embargo situations

(19)

ITAR Compliance with SAP GTS

SAP GTS helps you manage ITAR Requirements across your enterprise

Product Classification

Assign the correct USML numbers to your products

Export License Determination and Management

A single, central location for end-to-end license management

Embargo Check

Automatic screening of destination country to identify potential ITAR issues

Sanctioned Party List Screening

Screen business partner, employees and applications against official sanctioned party lists

Government Communication

Certified support for electronic communication with the US Government

Auditing and Record Keeping

(20)

SAP GTS Has Significant Market Momentum

SAP GTS is the leader in global trade management space

Over 450 Customers in 20 countries, including business world's

best-known brands

(21)

(22)

Conclusion

SAP GTS helps you reduce RISKS, TIME and COSTS

Increase Efficiency

Automated, standardized processes

Tight integration into logistics processes

Reduce Risk of Non-Compliance

Avoid costly fines and penalties

Complete and accurate audit trail

Reduce RISKS, TIME and COSTS

Reduce TCO

One central global trade solution

Reduced software and hardware costs

Accelerate Cross-border Transactions

Expedite customs clearance

Accelerate delivery times

$

£ ¥

€

§

(23)

INDUSTRY ecosystems bringing together leading customers, partners & SAP

Creating

VALUE by focusing on priority industry needs & opportunities

With strong

NETWORK collaboration, combined expertise, resources & solutions

Industry Value Networks

SAP’s unique industry ecosystem initiative

SAP

IVN Lead & Enabler

System Integrators

Industry Services & Solutions

Technology Vendors

Supporting Technology

Customers

Innovation Needs &

Solution Validation

ISVs

(24)

Thank you!

For further information, please visit:

www.sap.com/grc

Paul Pessutti

Director, Strategic Applications

SAP GRC

paul.pessutti@sap.com

(25)

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.

Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.

IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries, xSeries, zSeries, System i, System i5, System p, System p5, System x, System z, System z9, z/OS, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, Informix, i5/OS, POWER, POWER5, POWER5+, OpenPower and PowerPC are

trademarks or registered trademarks of IBM Corporation.

Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation.

UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.

Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®_{, World Wide Web Consortium, Massachusetts Institute of Technology.}

Java is a registered trademark of Sun Microsystems, Inc.

JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. MaxDB is a trademark of MySQL AB, Sweden.

SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.

The information in this document is proprietary to SAP. No part of this document may be reproduced, copied, or transmitted in any form or for any purpose without the express prior written permission of SAP AG.

This document is a preliminary version and not subject to your license agreement or any other agreement with SAP. This document contains only intended strategies, developments, and functionalities of the SAP® product and is not intended to be binding upon SAP to any particular course of business, product strategy, and/or development. Please note that this document is subject to change and may be changed by SAP at any time without notice.

SAP assumes no responsibility for errors or omissions in this document. SAP does not warrant the accuracy or completeness of the information, text, graphics, links, or other items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.

SAP shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials. This limitation shall not apply in cases of intent or gross negligence.

The statutory liability for personal injury and defective products is not affected. SAP has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third-party Web pages nor provide any warranty whatsoever relating to third-party Web pages.