BCA_ICAI GRC Approach SAP.pdf

7/25/2019 BCA_ICAI GRC Approach SAP.pdf

1/33

Drive Enterprise ValueEnabled by SAP Governance Risk & Compliance solns

Murali Narayanamurthy


2/33

2011 SAP AG. All rights reserved. 2

Manage Enterprise Risk and Compliance

Manage access

risk and

prevent fraud

SAP GRC

Access Control

SAP GRC

Access

Approver -

mobile

application

Access Risk

Management

Controls &

Compliance

Monitoring

Ensure

effective

controls and

ongoing

complianceSAP GRC Process

Control

SAP GRC Policy

Survey - mobile

application

Enterprise Risk

Management

Preserve and

grow value

SAP GRC Risk

Management

Planning and

performing

Audits

Drive a unified

audit

management

function

SAP GRC Audit

Management

Fraud

detection and

investigation

Prevent, detect,

investigate,

and monitor

fraud patterns

and predictions

SAP GRC Fraud

Management


3/33


SAPs Approach: Unified Governance Risk & Compliance

Unified GRC

Framework

Organizational

Objectives

Monitor Key Risk

Indicators

Policy

Management

Legal Compliance

Internal Controls

Effectiveness

Prevent Frauds

Risk Based Audit

Segregation of

Duties


4/33


Standardizes on SAP Business workflow technology,supports more flexible and tailored access request and

approver views, simplifying the provisioning process Key Benefits

Business workflow

reduces manual tasks

and streamlines access

request processing

Leverage existing

resources for workflow

administration and

configuration

Faster and easier for

users to request the roles

they need.

Streamlined User Access Management

SAP

Business Suite

Other SAP

Applications

Heterogeneous

Environment

HR Systems

SAP HR

PeopleSoft HR

Other

IDM Systems

SAP IDM

Novell IDM

Other

Other

AC Direct Entry

Help Desk

More

Requestgenerated

RiskAnalysis

ManagerApproval

Automatedprovisioning

SOURCE CONFIGURABLE WORKFLOW RESULT

Mitigation

Exception

workflow

SAP

Mobility

Option

3


5/33


Business Control Monitoring:Supplier Relationship Management Process

Are suppliers forcritical materialsdelivering on time?

Identify &QualifyVendors

EvaluateBids

Award &NegotiateContract

Implement

Strategic

Agreements

CreatePurchase

Order

DispatchElectronic

PO to

Supplier

ReceiveGoods orServices;

Inspect

ApplyAgreement

Terms &

Conditions

ApplySourcing

Rules

Execute

Procurement

ReceiveElectronic

Invoice

PaySupplier

(EFT)

Pay

Suppliers

AnalyzePerformance

AdjustContracts

Drive

Continuous

Improvement

Were sourcingpolicies followed inawarding contracts?

Are any criticalmaterials singlesourced?

Were any supplierpayment termschanged?


6/33


Combining the power of different approachesSAP Fraud Management covers the full spectrum of fraud detection

Know fraud

behaviors

Unusual

behaviors

Similar, butdifferent from

known behaviors

Unknown fraud

behaviors

Know PatternsUnknown/complex

Patterns

Rules

Predictive

Algorithms

Hybrid combination of

Rules and Predictive Algorithms to detect fraud


7/33 2011 SAP AG. All rights reserved. 7

Investigation

Detection

Prevention

Monitoring

Alert

Notification

Fraud ManagementA Closed-loop, Cross-Functional Process

Fraud

Pattern

Analysis

Claim Handling

& Settlement

Inquire &

AnalyzeInvestigation

Integratio

n

Configuration

Platform

Evaluation &

Decision

Fraud Monitoring & Performance Optimization

From Claim Notification to Claim Closure

Define Rules

& Predictive

Models

Setup

Fraud Detection

Strategy

Calibration &

Simulation

Online

Detection

Mass

Detection

Fraud

Investigator

Business

AnalystCIO

Head of Claim

Management

Head of Fraud

Investigation

SAPFraudMan

agementforInsurance


8/33


9/33


10/33


11/33


12/33


13/33


14/33


15/33 2011 SAP AG. All rights reserved. 15

USER FRIENDLY INTERFACE TO HELPMATURE ALGORITHMS


16/33


17/33


18/33


19/33


20/33


21/33


22/33


23/33


24/33


25/33


Monitor thresholds, effectiveness

of risk responses, and corrective

actions

Respond to risk after

balancing costs and

benefits

Analyze risk via scenarios, modeling,

& other factors to understand

exposure

Link risks, risk drivers,

risk indicators,

impacts and

responses

Plan risk management

within the context of value

to the organization

SAP Risk ManagementPreserve and grow value


26/33


Intuitive Risk eat maps for prioritization and

action


27/33


Define the context within which business risks are to be managed

Risk Planning(Bow-tie Builder)


28/33


Identify and assess the impact of risk events on the business

Risk AssessmentBusiness context based assessments


29/33


Evaluate and select the risks to be addressed and create risk responses

Risk ResponseImplement responses Superior mitigation with automation


30/33


Monitor the effectiveness and completeness of the response actions

Risk MonitoringProactive risk management and prevention


31/33


Enterprise Wide Integrated Governance Risk &

Compliance Example using SAP GRC Solutions

Develop andPackage External

Content

Enterprise Risks

Responses

ReduceControlAvoidAccept Transfer

RegulationsProcess

Procure to Pay

Vendor Mgmt

AP Invoicing

Process Risks

Fraudulent

invoices paid

Valid

invoices not

entered

Access Risks

User can

enter vendor

& POUser can

enter invoices

& payments

Controls

Review of new

vendors and

related invoice

support

AP SOD

rules in AC

Review of

uninvoiced

goods

receipts

Monitor

Access

Status

Mitigate

Access

Violations

Policies

Update and roll

out strengthened

security policy

Fraud


32/33


Unified GRC

is the key step en route

to building the linkagefrom strategy to

execution, because you

can prove that linkage

works.

Increased visibility into

the impact of risk

against performance.

Improve predictability

and performance.

Allocate resources

and capital where it is

most needed

Achieving Benefits with Enterprise Risk and Control

Management

Confident Decisions

Predictable Performance

Strategic Alignment


33/33

Thank You!

Murali Narayanamurthy

Director Office of the CFO & GRC

Solutions

SAP India Private Limited

(+91) 9820972906

[email protected]

Documents

BCA_ICAI GRC Approach SAP.pdf