Post on 06-Feb-2018
Governance, Risk and Compliance Management SAP Solutions for GRC
Marina Simonians, Director - Strategic Apps, CFO COE, SAP Applications for Environmental Compliance
Managing Risk Is Everyone’s Job
Supply Chain Customers & Channel
Human Resources Employee safetycompliance
Finance Complex, internationalcompliance requirements
Compliance / Risk OfficeDisconnected risk analysis
IT OperationsData security issues
? Sales, ServiceHigh credit risk customers
ProcurementProcurement
supplierlongevity
Board, Audit CommitteeExecutive compensation issues
Executives & ManagersIncomplete global risk profile
Unidentified risks impactperformance
Failure in Operational Control
Failure in Operational Control
Disruptsmajor
operations
Disruptsmajor
operations
Impairs CustomerService
Impairs CustomerService
ReducesInvestor &
Market Confidence
ReducesInvestor &
Market Confidence
IncreasesBusiness
Costs
IncreasesBusiness
Costs
Impacts Performancein the MarketImpacts Performancein the Market
Results in Closer Scrutiny
Results in Closer Scrutiny
National Headlines“Agency Delayed Reporting
Theft of Veterans’ Data”May 24, 2006, New York Times
“Data Theft at Nuclear Agency Went Unreported for
9 Months”June 10, 2006, New York Times
“Bomb Scare shuts Port’s Terminal 18”
Aug 18, 2006, The Seattle Times
“Brand Name High Tech Manufacturer Violates E.U.
Pollution Law”Jul 06, 2006, CIO Tech Informer
FragmentationManaging with confidence is difficult in an
increasingly complex world
Compliance
Board of Directors
Finance
Legal
Sales
Contracts
HR
Controller
IT
Policy Mgmt.
Audit & Compliance
Treasury
Compliance
Compliance
Compliance
U.S.
Germany
Japan
U.K.
France
China
Canada
India
Compliance
Governance
Compliance
Risk Mgmt.
Governance Risk Mgmt.
Risk Mgmt.
GovernanceRisk
Mgmt.Risk Mgmt.
Risk Mgmt.
Governance
SecurityProj.
Mgmt.Doc.
Mgmt. Contracts Planning Customers ERP Production Billing
SOX JSOX CreditRisk
HumanCapital
RiskRevenue
RecognitionFDAREACH
RoHS/WEEEProject
Risk
Compliance
Risk Mgmt.
Governance
Opportunity CostThe cost of fragmented GRC is more than
just money
0
30
*Source: SAP research, 2006
$27.0B
2004 2006
Total Compliance Spend* Not Including Risk and Governance Cost
$10.5B
33%
25%
Headcount
42%
Services
Technology
GRC spend only likely to go up
– GRC Cost > $27 Bill
– Share price / performance
– Missed opportunities
Integrated GRCIngrain GRC at every level
InformalAd-hoc Phase
Reactive, Fragmented
Implementation Phase
Consolidation Phase
Operational Excellence Phase
Continuous process
improvementCreate inventory
of G, R and C initiatives
Rush projects to react to mandates
Maturity
Ad-hoc, “must-do”activities only
Start on a unified GRC approach
Source: SAP Research
Time
2 – 5 yearsToday
Integrated GRCForward looking organizations are seeking a unified approach to GRC
ComplianceCompliance
Compliance
Compliance
Compliance
Governance
Compliance
Risk Mgmt.
Governance Risk Mgmt.
Risk Mgmt.
GovernanceRisk
Mgmt.Risk Mgmt.
Risk Mgmt.
Governance
Compliance
Risk Mgmt.
GovernanceU.S.
Germany
Japan
U.K.
France
China
Canada
India
SecurityProj.
Mgmt.Doc.
Mgmt. Contracts Planning Customers ERP Production Billing
SOX JSOX CreditRisk
HumanCapital
RiskRevenue
RecognitionFDAREACH
RoHS/WEEEProject
Risk
Board of Directors
Finance
Legal
Sales
Contracts
HR
Controller
IT
Policy Mgmt.
Audit & Compliance
Treasury
A holistic solution for GRC management
Automates and embeds GRC processes into business processesDelivers transparency for balanced global risk profileStandardizes on common GRC content and rulesDrives higher margins and shareholder value
Serv
ice
Part
ners
Con
tent
Par
tner
s
Tech
nolo
gy P
artn
ers
Business Process
Business Process Platform
SAP Solutions for GRC
Cross-Industry GRC
Access Controls Global Trade Environment Process Controls
Risk Management
GRC Repository: Documentation and Monitoring
Industry-Specific GRC
Business Applications
Governance Risk and Compliance
GRC Business Drivers
Financial ComplianceFinancial Compliance Trade ManagementTrade Management Environment RegulationsEnvironment Regulations
• SOX mandate (Section 404 and 302)• Segregation of Duties analysis & enforcement• Reduce fraud and risk
• SOX mandate (Section 404 and 302)• Segregation of Duties analysis & enforcement• Reduce fraud and risk
• Certify the sign-off process for executives• Identify controls for organizations• Provide auditors with complete audit trail
• Certify the sign-off process for executives• Identify controls for organizations• Provide auditors with complete audit trail
• Enforcement is on the rise, esp. after 9/11 • Companies need to strictly adhere to changing regulations or risk costly fines• Security initiatives requiring more internal control, record keeping and audit trail• Additional regulations such as Anti-boycott/ Anti-terrorism Regulations and Export Administration Regulations (EAR)
• Enforcement is on the rise, esp. after 9/11 • Companies need to strictly adhere to changing regulations or risk costly fines• Security initiatives requiring more internal control, record keeping and audit trail• Additional regulations such as Anti-boycott/ Anti-terrorism Regulations and Export Administration Regulations (EAR)
•Corporations need to comply with environment laws and regulation as it relates to their employees health and safety; Air, Water, Soil pollution; product and chemical safety •Some of the regulatory Agencies:
•OSHA - Occupational Safety & Health Administration•Local state and Gouvernemental agencies•European Chemical Agency •EU RoHS/WEEE enfoncement authority
•Corporations need to comply with environment laws and regulation as it relates to their employees health and safety; Air, Water, Soil pollution; product and chemical safety •Some of the regulatory Agencies:
•OSHA - Occupational Safety & Health Administration•Local state and Gouvernemental agencies•European Chemical Agency •EU RoHS/WEEE enfoncement authority
Governance Risk and Compliance
GRC Solution Overview
Financial ComplianceFinancial Compliance Trade ManagementTrade Management Environment RegulationsEnvironment Regulations
Access Control (SOD)Compliance Calibrator
Role ExpertFirefighter
Access Enforcer
Access Control (SOD)Compliance Calibrator
Role ExpertFirefighter
Access Enforcer
Monitoring of Internal Controls and Documentation
Process Control
Monitoring of Internal Controls and Documentation
Process Control
Global Trade Management (GTS)
Global Trade Management (GTS)
EH&SEmissions Mgt (xEM)
EH&SEmissions Mgt (xEM)