SAP Road Map for Governance, Risk, and Compliance · PDF fileQ4 2016 SAP Road Map for...
Transcript of SAP Road Map for Governance, Risk, and Compliance · PDF fileQ4 2016 SAP Road Map for...
Q4 2016
SAP Road Map for Governance, Risk, and
Compliance Solutions
Customer
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 3CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Disclaimer
The information in this presentation is confidential and proprietary to SAP and may not be disclosed without the permission of
SAP. Except for your obligation to protect confidential information, this presentation is not subject to your license agreement or
any other service or subscription agreement with SAP. SAP has no obligation to pursue any course of business outlined in this
presentation or any related document, or to develop or release any functionality mentioned therein.
This presentation, or any related document and SAP's strategy and possible future developments, products and or platforms
directions and functionality are all subject to change and may be changed by SAP at any time for any reason without notice.
The information in this presentation is not a commitment, promise or legal obligation to deliver any material, code or functionality.
This presentation is provided without a warranty of any kind, either express or implied, including but not limited to, the implied
warranties of merchantability, fitness for a particular purpose, or non-infringement. This presentation is for informational
purposes and may not be incorporated into a contract. SAP assumes no responsibility for errors or omissions in this
presentation, except if such damages were caused by SAP’s intentional or gross negligence.
All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially
from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as
of their dates, and they should not be relied upon in making purchasing decisions.
Major Trends
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 6CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
TrendsImpacting risk, compliance, and security practices
Streamline compliance
process and reporting
Regulatory
Requirements
New Business
Models
Safeguard profitability
and growth
Economic and Political
Uncertainty
Mitigate external and
strategic risk
Digital
Transformation
Secure transactions and data
across hybrid IT landscapes
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 7CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Key themesIn risk, compliance, and security practices
Access
Governance
Manage identities,
authorized information
access, data use, and
sharing conditions
Monitor and prevent
access risk violations
Cybersecurity
Risk and
Governance
Protect data, control
access, and detect
threats
Help ensure
compliance with
information security
standards
Three Lines of
Defense
Manage risks and
controls in business
operations
Provide independent
assurance on risk and
compliance standards
International Trade
Management
Manage import and
export compliance in
global supply chains
Help ensure secure
movement of digital
goods and technical
data
Fraud
Management and
Screening
Prevent financial loss
quickly and effectively
with fraud management
Grow your network with
confidence
Solution Portfolio
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 9CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
SAP solutions for GRC, May 2015
Turn business policy into
automated information controls.
SAP Dynamic Authorization
Management by NextLabsSAP Audit Management
Transform the audit function
beyond assurance.Manage regulatory requirements &
align with internal controls.
SAP Regulation Management
by Greenlight
SAP Technical Data Export
Compliance by NextLabs
Automate trade compliance for
digital goods & technical data.
SAP Fraud Management
Better detect and prevent fraud
through in-memory technology.
SAP Access Violation Management
by GreenlightIdentify and quantify the impact of
access risk violations.
SAP Electronic Invoicing
for Brazil
Meet electronic invoicing
requirements for Brazil.
Gain insights into user roles, and
optimize decision making.
SAP Identity Analytics SAP Global Trade Services
Optimize global trade, and screen
restricted parties.
SAP Access Control
Manage access risk, and prevent
fraud.
SAP Risk Management
Focus compliance efforts and
spending on high risk areas.
SAP Process Control
Ensure effective controls and
ongoing compliance.
GRC Core
Global TradeSecurity
Solution Extensions HANA-Native
SAP solutions for GRC, May 2008
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 10CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
SAP solutions for GRC and
security
SAP solutions for governance, risk, and compliance (GRC)Select products included in road map presentation
SAP Access Control
Manage access risk, and prevent fraud.
SAP Process Control
Help ensure effective controls and ongoing compliance.
SAP Risk Management
Focus compliance efforts and spending on high-risk areas.
SAP Audit Management
Transform the audit function beyond assurance.
SAP Fraud Management
Detect and prevent fraud better.
SAP Business Partner Screening
Gain insights into user roles, and optimize decision making.
SAP solutions for GRC
Solutions
for security
from SAP
Solution
extensions
Innovation Focus Areas
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 12CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
SAP solutions for governance, risk, and complianceInnovation focus areas
Support for GRC experts and the
business
Co-innovation through customer
connect
Tightly integrated into processes
and business networks
Products and solutions built for
cloud and on premise
Products and solutions built to
“manage” the cloud
Embedded Compliance
Business Processes Integration
User Experience
Across All Devices
Consumption
Cloud or On Premise
Solution Road Map
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 15CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Today Future directionPlanned innovations
SAP solutions for governance, risk, and complianceInnovation highlights
SAP Access Control – Access risk: find,
remediate, and manage access risk across SAP and
third-party systems
SAP Process Control – Controls and compliance
management: help ensure effective controls and
ongoing compliance
SAP Risk Management – Enterprise risk: identify,
analyze, mitigate, and monitor risk across the
organization
SAP Audit Management – End-to-end audit
management: plan, perform, and follow up on your
audit activities
SAP Fraud Management – Fraud detection and
prevention: detect, investigate, and prevent fraud
SAP Business Partner Screening – Screening
and investigation: effectively screen and decide on
business partners
SAP Cloud Identity Access Governance – Access
compliance: cloud services around access
governance, integrated with SAP Cloud Identity
Service
SAP Access Control – User risk analysis: mass
loading and simulation for roles to reduce access risk
SAP Process Control, SAP Risk Management –
Embedded controls: pre-built control and risk
monitoring capabilities for SAP S/4HANA
SAP Audit Management – Audit analytics: analyze
and build evidence on transactional data
SAP Fraud Management – Machine learning:
improved decision and classification support for
alerts leveraging
SAP Business Partner Screening – Screening
extensions: pre-built integration with SAP Master
Data Governance
SAP Cloud Identity Access Governance – Service
enablement: provide identity management,
certification, and role governance services
SAP Process Control, SAP Risk Management –
IT risk and compliance management:
associate risks, and controls with IT assets, support
assessment of IT control failures
SAP Risk Management – Assessment
workshops: organize, perform, and follow up on
results from risk assessment workshops
SAP Fraud Management – Tax compliance*:
analyze VAT compliance, and avoid financial and
legal penalties
SAP Business Partner Screening – Business
network integration: transaction screening for SAP
Ariba solutions, SAP SuccessFactors solutions
* Subject to SAP Executive Board approval
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 23CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Today Future directionPlanned innovations
SAP solutions for governance, risk, and complianceInnovation highlights
SAP Access Control – Access risk: find,
remediate, and manage access risk across SAP and
third-party systems
SAP Process Control – Controls and compliance
management: help ensure effective controls and
ongoing compliance
SAP Risk Management – Enterprise risk: identify,
analyze, mitigate, and monitor risk across the
organization
SAP Audit Management – End-to-end audit
management: plan, perform, and follow up on your
audit activities
SAP Fraud Management – Fraud detection and
prevention: detect, investigate, and prevent fraud
SAP Business Partner Screening – Screening
and investigation: effectively screen and decide on
business partners
SAP Cloud Identity Access Governance – Access
compliance: cloud services around access
governance, integrated with SAP Cloud Identity
Service
SAP Access Control – User risk analysis: mass
loading and simulation for roles to reduce access risk
SAP Process Control, SAP Risk Management –
Embedded controls: pre-built control and risk
monitoring capabilities for SAP S/4HANA
SAP Audit Management – Audit analytics: analyze
and build evidence on transactional data
SAP Fraud Management – Machine learning:
improved decision and classification support for
alerts leveraging
SAP Business Partner Screening – Screening
extensions: pre-built integration with SAP Master
Data Governance
SAP Cloud Identity Access Governance – Service
enablement: provide identity management,
certification, and role governance services
SAP Process Control, SAP Risk Management – IT
risk and compliance management: associate risks,
and controls with IT assets, support assessment of
IT control failures
SAP Risk Management – Assessment
workshops: organize, perform, and follow up on
results from risk assessment workshops
SAP Fraud Management – Tax compliance*:
analyze VAT compliance, and avoid financial and
legal penalties
SAP Business Partner Screening – Business
network integration: transaction screening for SAP
Ariba solutions, SAP SuccessFactors solutions
* Subject to SAP Executive Board approval
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 24CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Planned
Innovations
This is the current state of planning and may be changed by SAP at any time.
SAP Cloud Identity Access Governance*Business-driven access governance
Scope Key benefits
Access governance solution based on
SAP HANA Cloud Platform
No installation requirements other than a
Web browser
Complements and extends the existing SAP
Access Control application around access
risk analysis
Intuitive user interface design on SAP
Fiori user experience
Minimal to no training for the end user
required
Information can be personalized by the end
user
Graphical views drive analysis and
refinement process
Instant visibility into access issues Improved application security and
compliance
Immediate reaction to issues enabled
through fast response and calculation times
Support for cloud applications Managing access risk centrally across
heterogeneous landscapes
Expanded scope for improved governance
and compliance
* In beta shipment as of Q2, 2016
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 25CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Planned
Innovations
This is the current state of planning and may be changed by SAP at any time.
Scope Key benefits
Simulating access risk evaluations on
large data sets
Easier to run and more easily configured risk
analysis simulations
Access risk analysis embedded in role
management
Helping to ensure that new business roles
are developed with minimal access risk to
improve application security and compliance
Integration with SAP Process Control on
mitigation handling
Sharing control status information from SAP
Process Control to manage mitigations in
SAP Access Control
Increased effectiveness around mitigation
control handling through the ability to update
and manage mitigation controls that are no
longer valid
Interoperability with SAP Cloud Identity
Access Governance* service
Undisrupted user experience and
consumption around user risk analysis on
premise (SAP Access Control) or in the cloud
(SAP Cloud Identity Access Governance*)
SAP Access ControlUser risk analysis
* In beta shipment as of Q2, 2016
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 26CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Product Roadmap for SAP Access ControlInnovation highlights
Recent innovations Future directionPlanned innovations
New Fiori Apps and Smart Business tiles.
User access review with business role
Business role versioning
Firefighter mass maintenance
Import multiple roles during access request
process
Access request risk analysis upon submission
in background
Manage invalid mitigation
Reporting enhancements
New User Risk analysis features
Add, remove, and mass loading of roles for
simulation.
Mandatory risk analysis during role
methodology.
Leverage control status for access risk
mitigation..
Emergency access new features
Fire Fighter ID Review
Logon customization
Simplified Access Request enhancements
Extend Access Control
Cloud applications along with S/4 HANA SFSF,
Ariba, Concur, C4C.
User Access Review standard notifications to
users on removal
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 28CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Planned
Innovations
This is the current state of planning and may be changed by SAP at any time.
Scope Key benefits
Embedded process controls and risk
indicators in key business processes
supported by SAP S/4HANA
No change to existing SAP S/4HANA
installation required when monitoring
process controls through SAP Process
Control or risk indicators through SAP Risk
Management
Issue resolution Instantly detect, prevent, and mitigate
noncompliant activities in key business
processes supported by SAP S/4HANA
SAP Process Control, SAP Risk ManagementEmbedded controls and KRIs
OPERATIONAL PROCESS(IN SAP S/4 HANA)
COMPLIANCE PROCESS
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 29CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Facts & figures:
Supported roles:Compliance Manager, Internal
Control Manager,
Prerequisites:NetWeaver 7.40 SP13 and SAP
Process Control 10.1 SP14
Business challenges
Compliance Manager summaries control effectiveness
results and other information from multiple channels are
time consuming. Control effectiveness results cannot be
provided in time. Testers and issue owners do not
complete tasks in time. Testing results overview is hard
to get from system
Value proposition
With this Fiori app, Compliance Manager can get
transparent and complete results from control
effectiveness testing. It helps to save efforts of
summarizing control status from multiple channels.
Compliance Manager can also use it to make sure
control testing is performed and identified issues
are remediated, and enable responsible person to
complete task in time.
Monitor Control Status Fiori application
Key features
Monitor control effectiveness testing status and
results
Analyze the results from both organizations and
processes view
Remind responsible person to take action
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 30CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Planned
Innovations
This is the current state of planning and may be changed by SAP at any time.
Scope Key benefits
Shared reporting across the three
lines of defense
Enables the company to have a unified
view of risks and allows better
collaboration on mitigation
Harmonize user interfaces across
SAP GRC solutions and SAP
S/4HANA
Minimizes learning curve and provides
better user experience with support for
multiple devices
Enhanced Harmonization
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 31CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Planned
Innovations
This is the current state of planning and may be changed by SAP at any time.
Enhanced policy management
Scope Key benefits
Cloud-based policy management offered on a
subscription basis
Rapid and efficient deployment of user-friendly
publishing and acceptance of policies for use
with multiple devices
Integrate with SAP SuccessFactors Learning to
track policy-related training requirements
Improved policy compliance and support for
regulatory training requirements
Determine relevant policy and training by role
and hiring status from HR system integration
with SuccessFactors
Reduced effort and timely policy dissemination
and acceptance as employees are hired or
change roles within an organization
Policy compliance dashboard showing status
and overdue policy acceptance for all policies
• Easy visibility of current status and potential
acceptance issues to improve enforcement and
auditability
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 32CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Planned
Innovations
This is the current state of planning and may be changed by SAP at any time.
SAP Audit ManagementAudit analytics
Scope Key benefits
Integrated analytics capability
Audit analytics powered by the SAP
HANA platform
Leverage Big Data to increase the audit
efficiency and expand audit coverage
Examine higher data volumes at greater
speed
Open interface to consume analytical
results
Predefined analytical audit
procedures
Reduce effort for auditors to execute
audits, increase collaboration between
auditor and process owner
• User-friendly creation of custom
analytical audit procedure
Increase auditor insight, minimize
noncompliance issues
Elevate auditor to trusted advisor role
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 33CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Planned
Innovations
This is the current state of planning and may be changed by SAP at any time.
Scope Key benefits
Decision support and scoring for new
alerts
Learning algorithms analyze past
transactions and resolutions in high volume,
which allows fraud investigators to focus on
value-adding tasks
Better and more efficient decisions lead to
significantly increased proven fraud (true
positives)
• Automatic classification through “one
size fits most” algorithms
Incorporate learnings from closed
investigations to free up time for fraud
investigators and optimize their workloads
SAP Fraud ManagementMachine learning
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 34CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Planned
Innovations
This is the current state of planning and may be changed by SAP at any time.
Scope Key benefits
Pre-delivered integration with SAP
Master Data Governance
Improve business partner compliance with
checks during on-boarding or change
process in SAP Master Data Governance
Resolve alerts in SAP Business Partner
Screening for checks arising from SAP
Master Data Governance
Feed additional context information on
screened business partner back to SAP
Master Data Governance
Additional screening fields, such as
Bank Identifier Code (BIC), date of birth,
and e-mail address
Enable additional screening scenarios for
SAP Business Partner Screening, including
the screening of payments on BIC
SAP Business Partner ScreeningScreening extensions
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 35CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Today Future directionPlanned innovations
SAP solutions for governance, risk, and complianceInnovation highlights
SAP Access Control – Access risk: find,
remediate, and manage access risk across SAP and
third-party systems
SAP Process Control – Controls and compliance
management: help ensure effective controls and
ongoing compliance
SAP Risk Management – Enterprise risk: identify,
analyze, mitigate, and monitor risk across the
organization
SAP Audit Management – End-to-end audit
management: plan, perform, and follow up on your
audit activities
SAP Fraud Management – Fraud detection and
prevention: detect, investigate, and prevent fraud
SAP Business Partner Screening – Screening
and investigation: effectively screen and decide on
business partners
SAP Cloud Identity Access Governance – Access
compliance: cloud services around access
governance, integrated with SAP Cloud Identity
Service
SAP Access Control – User risk analysis: mass
loading and simulation for roles to reduce access risk
SAP Process Control, SAP Risk Management –
Embedded controls: pre-built control and risk
monitoring capabilities for SAP S/4HANA
SAP Audit Management – Audit analytics: analyze
and build evidence on transactional data
SAP Fraud Management – Machine learning:
improved decision and classification support for
alerts leveraging
SAP Business Partner Screening – Screening
extensions: pre-built integration with SAP Master
Data Governance
SAP Cloud Identity Access Governance – Service
enablement: provide identity management,
certification, and role governance services
SAP Process Control, SAP Risk Management –
IT risk and compliance management: associate
risks, and controls with IT assets, support
assessment of IT control failures
SAP Risk Management – Assessment
workshops: organize, perform, and follow up on
results from risk assessment workshops
SAP Fraud Management – Tax compliance*:
analyze VAT compliance, and avoid financial and
legal penalties
SAP Business Partner Screening – Business
network integration: transaction screening for SAP
Ariba solutions, SAP SuccessFactors solutions
* Subject to SAP Executive Board approval
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 36CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Enhanced user experience and productivity with optimized access definition – YouWYN (You get
everything What You Need)
Role designer service
Reduce complexity in managing access for business applications
Bottoms up role design based on role mining and activity
Ensuring users have optimized appropriate access assignments
Rule-based role design and access refinement
Integrated processes for design and management of business roles
SAP Cloud Identity Access Governance Access Compliance - Role designer service
This is the current state of planning and may be changed by SAP at any time.
Mine Roles• Roles, privileges and
authorizations.
• User access
• Usage activity
Optimize Access• Analyze mined Access
information
• Discover optimal granularity of authorizations
Refine Access• Propose optimal user
access
• Orchestrate access for an end to end business process
Impact Analysis• Proposal to adjust role
content to remediate risks
• Mitigate risks as applicable
Provision Users• Assign the access to users
• Notify users
Future
Innovations
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 37CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Streamlined access certification process, automates periodic/adhoc access review process and
reduces access maintenance activity when there are organizational changes that impact user access.
Certification service
Automate periodic access reviews
Enable reviews specific to organizational needs
Ability to support large scale reviews
Management of the review process
Data driven views for review process
This is the current state of planning and may be changed by SAP at any time.
Define Review•Select users by group, system, organization
•Security reviews by activity
•Usage activity
Review Type•User access review
•Risk review
•Role review
Admin Review•Check reviews prior to distribution
•Edit review items
Distribution•Send review notices to managers
•Review Instructions
Monitor•Resolve review issues
•Track review progress
Update Access• Incorporate access, risk, role changes
•Audit reporting
SAP Cloud Identity Access Governance Access Compliance – access certification service
Future
Innovations
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 38CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
SAP Cloud Identity Access Governance
Sensitive/privileged access monitoring
Policy–based authorizations
Business risk–based authorizations
This is the current state of planning and may be changed by SAP at any time.
Future
Innovations
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 40CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Future
Direction
This is the current state of planning and may be changed by SAP at any time.
Scope Key benefits
Associate IT assets with controls, policies,
and risks
IT-focused documentation and reporting of
risks with potential impact on IT assets
Review the effectiveness of defined
mitigations by controls and policies to
detect gaps in the IT control framework
Integration with SAP Regulation
Management application by Greenlight, cyber
edition
Comply with IT regulatory and best-
practice frameworks to strengthen IT
practices
Integration with SAP Enterprise Threat
Detection application
Integrate summarized threat details with
continuous control monitoring information
in SAP Process Control
Help business experts – in addition to IT–
to understand the potential impact of
cybersecurity issues
Provide additional insight on the
effectiveness of IT controls
SAP Process Control, SAP Risk ManagementIT risk and compliance management
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 41CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Future
Direction
This is the current state of planning and may be changed by SAP at any time.
Enhanced continuous control monitoring (CCM)
Scope Key benefits
Continuous auditing by sharing CCM capabilities
of Process Control with SAP Audit Management
Improved assurance and planning with reduced
cost and more timely reporting of weaknesses
Shared CCM rule framework with SAP Risk
Management (KRIs)
Easier and more flexible creation of KRIs and
other metrics from a single rule engine
Use of SAP HANA analytic content for SAP ERP
and other applications with CCM
Improved time-to-value by leveraging existing
content
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 42CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Future
Direction
This is the current state of planning and may be changed by SAP at any time.
Scope Key benefits
Management of risk assessment workshops
from setup, execution, and follow-up
Link workshops with day-to-day risk
management approach to fully embed this
part of the process
Documentation and consolidation of the
information
Management of follow-up sessions
Facilitate follow-up and monitoring of
workshops
SAP Risk ManagementAssessment workshops
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 43CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Future
Direction
This is the current state of planning and may be changed by SAP at any time.
SAP Fraud ManagementTax compliance – customer co-innovation project*
* Subject to SAP Executive Board approval
Scope Key benefits
• VAT analysis Enables companies to analyze their VAT
compliance to avoid financial and legal
penalties
Detection and reconciliation Flexible definition of rules to detect
irregular tax postings
Initiation, execution, and documentation of
mitigation tasks to correct wrong postings
Reconciliation support for tax declaration
Scheduling and monitoring Continuous monitoring and reduction of
wrong postings to minimize risk of
financial and legal penalties
Identifying and fixing root cause(s) for
wrong postings, such as incorrect master
data
Results in a simplified, fastened, and
confident period-end processing
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 44CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Future
Direction
This is the current state of planning and may be changed by SAP at any time.
SAP Business Partner ScreeningBusiness network integration
SAP Business Partner
Screening
Scope Key benefits
Screening extended to business networks,
such as SAP Ariba solutions and SAP
SuccessFactors solutions
Provide assurance and transparency
around business partner compliance in
business networks
More Information
More Information
Explore our solutions.
Find additional SAP road maps on the SAP
Service Marketplace extranet (logon required).
Enterprise Information Management External
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 49CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Thank youContact information:
Jochen Thierer
VP Development
LoB FIN – GRC
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 51CustomerThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate
company) in Germany and other countries. Please see http://global12.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices.
Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors.
National product specifications may vary.
These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP SE or its
affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP SE or SAP affiliate company products and
services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as
constituting an additional warranty.
In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop
or release any functionality mentioned therein. This document, or any related presentation, and SAP SE’s or its affiliated companies’ strategy and possible future
developments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time
for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-
looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place
undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions.