Title of the Presentation This is the Subtitle · Business Suite GRC Real time Integration across...
Transcript of Title of the Presentation This is the Subtitle · Business Suite GRC Real time Integration across...
Effective Cross-Enterprise
Governance, Risk and Compliance:
How SAP helps customers achieve a
unified approach to GRC
Ranga BodlaGovernance, Risk & Compliance Solution Marketing
Speakers
Ranga Bodla, Sr. Director, Governance, Risk and Compliance – SAP
650.796.8252
Jerry Helton, Sr. Director, Greenlight Technologies
407.405.6869
© SAP 2008 / Page 2
Agenda
• Objective overview of how to successfully prioritize, manage
and analyze multi-platform compliance initiatives with real life
case studies.
• Attendees will develop an understanding of leading best
practices to help organizations stay compliant and manage
enterprise risk
• Attendees will also get an overview of various solutions to
achieve a unified view of enterprise compliance
© SAP 2008, /4
Compliance
Board of directors
Finance
Legal
Sales
Contracts
HR
Controller
IT
Policy mgmt.
Audit and compliance
Treasury
Compliance
Compliance
Compliance
U.S.
Germany
Japan
U.K.
France
China
Canada
India
Compliance
Governance
Compliance
Risk mgmt.
GovernanceRisk mgmt.
Risk mgmt.
Governance
Risk mgmt.
Risk Mgmt.
Risk mgmt.
Governance
HCM FinancialsManu-
facturing Sourcing Supply chain
Sales Marketing Service Billing
SOX JSOXCreditrisk
OSHAMSHA
RevenuerecognitionFDA
ROHS
WEEEKyoto
Compliance
Risk mgmt.
Governance
GRC often crosses across the enterprise
© SAP 2008 / Page 5
The IT Management Nightmare
CMO CSO VP Customer
Service VP R&DVP Mfg /
COOVP Supply
Chain / COOVP
Procurement VP HR CFO CIO
All areas of the organization are affected by Regulatory Requirements
IT is forced to come up with approaches for all of these driving the cost of
compliance
Proof of Compliance is required
Business Processes are the “connector” across silo organizations
FinancialLabor, Environmental, Health, Industry Specific
Clean Air
RCRA
FMLA
FDA
ERISA
Customs
Waste / Superfund (SARA)
FAA
OSHAISO
Clean WaterREACH
FERC
NERC
Privacy
Privacy
Anti-spam
SOX
OMB A-123
ISO/IEC 27001
AS8015-2005
HIPAA
GLBA
PCI DSS
Basel-II
Security
© SAP 2009 / Page 6
Typical Approach to Addressing GRC
People – Middleware
USERMANAGEMENT
ARCHIVE
WORK FLOW
ARCHIVE
BUSINESS INTELLIGENCE
WORK FLOW
PORTAL
BUSINESS INTELLIGENCE
WORK FLOW
PORTAL
BUSINESS INTELLIGENCE
WORK FLOW
BUSINESS INTELLIGENCE
ARCHIVE
USER MANAGEMENT
GRC is layered on top of
and/or separate from the
core business processes
Unified Approach Optimizes Performance
Embedding GRC in the Process
People – Middleware
ARCHIVE
WORK FLOW
BUSINESS INTELLIGENCE
WORK FLOW
ARCHIVE
PORTAL
BUSINESS INTELLIGENCE
WORK FLOW
BUSINESS INTELLIGENCE
ARCHIVE
USER MANAGEMENT
USERMANAGEMENT
PORTAL
BUSINESS INTELLIGENCE
WORK FLOW
GRC Management By
Exception: Proactive &
Preventative
© SAP 2009 / Page 7
Effective GRC must go across the enterprise
Compliance Across Heterogeneous Applications and Systems
Cross-Application
PeopleSoft
Hire-to-Retire
Reconcile-to-Report
Procure-to-Pay
Order-to-Cash
Production-to-Delivery
Cro
ss
-Fu
nctio
nal
SAP Cross-Application Support
© SAP 2008 / Page 9
Maximize Strategic and Operational Performance
SAP BusinessObjects Solutions for GRC
Increase visibility across risk and compliance initiatives
Standardize on a common language for risk and compliance
Align controls with strategic objectives
Monitor performance against requirements
Reduce cost
Design and implement automated controls to support
any framework
Move to automated testing of controls
Manage the effectiveness of controls at any time, across
any system
Manage risk across the enterprise
Unify management of strategic, financial, operational and compliance risks
Identify and manage risks before they impact the business
Proactively monitor risk across end-to-end business processes
Governance
Controls &
Compliance
Risk
Management
Leverage GRC Across SAP and Non-SAP
ORCL PSFT JDE HYP Siebel Baan Legacy
Security
Models
False
Positives
Controls
Content
Mitigating
Controls
Change
ControlsResQ
Ad-hoc
Reports
Business
Suite
GRC
Real time Integration across all Enterprise Systems
Greenlight Technologies
Trusted co-development partner providing leading GRC control
automation solutions since 2004
Over 70 Enterprise customers
GRC-Middleware solution
Industry’s most comprehensive automated controls portfolio
Oracle, Peoplesoft, Hyperion, JDE, Ariba, I-many and Legacy systems
Real-Time, cross platform continuous compliance
SAP Relationship
Certified SAP software partner
Solutions powered by NetWeaver
Market
Specific
Application
Specific
Greenlight is global provider for real time, cross platform connectors for
SAP GRC
HIPAA
FDA
FCPA
NERC
Basel II
Order to Cash
Procure to Pay
GR to production
Master Data
Transaction
Controls
Inventory
Warehouse and
QA
Hire to Retire
Access Control
Connectors RTAsAutomated GRC Controls Legacy Systems
•SOD Risk Analysis
• Compliant User
Provisioning
• Business Transaction
Controls
• Super User Management
RTA
Design Studio
ResQ
SAP-Greenlight Partnership
Over 25 Connectors• Oracle, PSFT, JDE
• Hyperion, Siebel,
Ariba, Lawson,
• And multiple third
party applications
Solution Approach
Consolidation and monitoring of enterprise access risk across non SAP
systems all from a SINGLE SAP GRC platform
Leverage SAP GRC and Greenlight connectors integration to have unified,
preventive, automated compliance management for financial andday to
day operational controls
Real time architecture enables alerts and preventive access controlsSTOP the violations before they occur
Rollout Plan Security setups assessment, role/task based security definitions, user groups
etc.
SOD risk identification and analysis (ex. Financial, Charge-back, Contracts, FDA
risks for Pharma)
Residual risk analysis
Risk mitigation process, business users empowerment
Utilize RTA Design Studio to deploy SOD and Compliant User
Provisioning connector for any/all future systems
RTA Design Studio
Greenlight introduces a New, Innovative , “Patent Pending” Technology
SAP & Greenlight Case Study # 1
NEEDS:
Significant non SAP landscape
Oracle, Hyperion, Legacy
systems
Automate SOD risk analysis,
compliant provisioning and superuser
access to non SAP systems
Saving of time and resource costs
>1700 roles in non SAP (Oracle)
makes manual analysis impossible
19,000 users across 7 SAP
landscapes including R/3, APO, HR,
and SEM
RESULTS:
Implemented Greenlight Real Time
Agent (RTA) solutions for SOD risk
analysis, compliant
provisioning
External auditor helped validate rule
set
Clean Access process, Moved from
detective to preventive
Expanding the coverage to Legacy
systems and ResQ (superuser-Oracle)
NEEDS:
Significant non SAP landscape
Oracle, JDE, Bookmaster and
20+ Legacy systems
Integrate SAP GRC with non SAP
systems for SOD risk analysis and
superuser access for Oracle
Automate legacy manual batch
extraction for SAP GRC
Reliable Audits, Saving of time and
resource costs
>1400 roles in system (Oracle)
15,000 users within Oracle
RESULTS:
Implemented Greenlight RTA solutions
for SOD risk analysis for Oracle
Clean SOD risk analysis, results
validated
next phase includes ResQ (Oracle-
Superuser) and Greenlight Design
Studio for Legacy systems
RTAs
Automated batch extraction
SAP & Greenlight Case Study # 2
Average Value Reported
Proven Customer Savings
in Cross Platform integration
Delivering Significant Reductions in Cost and Labor
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%
Reduction in audit report findings for security
Reduction in time cleaning up audit report findings for security
Reduction in time spent on external/internal audit
Reduction in time spent managing authorization risk
Reduction in internal/external audit costs
Reduction in costs on managing user authorization risk
35%
28%
44%
36%
41%
39%
Value Proposition of Integrated GRC
Consistent and Real time visibility of enterprise risk and compliance
throughout the enterprise to achieve preventive compliance
SOD Risk analysis, compliant provisioning across the enterprise systems
from SAP GRC
Real time, preventive, Cross-System compliance
Optimized and efficient audits – SIGNIFICANT savings of costs and time
Expanded audit scope and transparency for all the business processes
and systems within the company
Immediate ROI, Reliable and Consistent compliance
Leverage existing IT investment - No additional Hardware
Getting Started: GreenLight Remote Risk
Assessment
No Cost, No Risk, Partner-Enabled GRC Sales Opportunity
Demonstrate the value of cross-platform GRC using the
customer’s own data
Real Time Cross Platform SAP GRC and SOD risks
(GreenLight’s Access Control demo environment)
Supported by both SAP and GreenLight technical resources
Jerry HeltonSenior Director,
Markets Development
270 South Main Street
Flemington NJ 08822
Tel: 908-782-5700 x 122
Cell: 407-405-6869
Questions
Contact Info
Ranga Bodla, Sr. Director, Governance, Risk and Compliance – SAP
650.796.8252
Jerry Helton, Sr. Director, Greenlight Technologies
407.405.6869
© SAP 2008 / Page 21