Embed Size (px)
Citation preview
Helping enhance the real value of SAP GRC through RouteONE Managed Services
Contents
Business context: Where success with Governance, Risk and Compliance begins
RouteONE: SAP GRC Support
RouteONE: Key benefits
Want to learn more? Insights on governance, risk and compliance
Contacts
Where success with Governance, Risk and Compliance beginsA successful implementation of SAP GRC is not the end of your journey; it’s where the journey really starts. The ongoing use and management of the Governance, Risk and Compliance (GRC) approach is critical to realizing a return on your investment in the technology, as well as in the time, energy and resources you’ve committed to your GRC program.
You will have designed a new operating model during your implementation, and how efficiently and effectively you run your GRC operations now feeds into your wider business-application maintenance model.It is imperative to see GRC as more than just a tool. It is a business practice that is only successful if it reaches out beyond your controls and risk community, and becomes part of your wider organization’s culture. The Open Compliance and Ethics Group (OCEG) calls this concept ”Interact.”1 It is defined as “enabling the capability with technology to manage information so that it efficiently and accurately flows up, down and across the organization, the extended enterprise and to appropriate stakeholders.”
In reality, such a vision can be a challenge to make happen. It means seeing beyond compliance and truly believing that your risk management capabilities should continuously evolve to provide you with a clear competitive advantage. GRC can help give you this by safeguarding your reputation so that your organization is seen as transparent by your customers and stakeholders.
From a GRC perspective, this also means that your supporting operations will need a greater level of GRC sophistication than an IT-only focused SAP support center might be comfortable providing.
RouteONE Managed Services for SAP GRC
3Helping enhance the real value of SAP GRC through RouteONE Managed Services |
1. ©Open Compliance and Ethics Group (OCEG)
4 | Helping enhance the real value of SAP GRC through RouteONE Managed Services
RouteONE Managed Services for SAP GRC
RouteONE SAP GRC Support RouteONE SAP GRC Support Services cover the following core areas: SAP GRC application maintenance, incident reporting and resolution, onsite and remote skilled resourcing, business operations support and advisory services as well as continuous improvement and innovation.
The service is modular and can be tailored to fit with your wider enterprise support strategy, providing you with a GRC operation that integrates seamlessly with your broader service environment. Efficient service integration is a key priority, so you can enjoy the benefits of a GRC center of excellence (CoE), while helping reduce your total cost of ownership as much as possible.
You choose which service components best fit your current situation and future plans, and we’ll help you architect a clearly defined and robust GRC support model that suits your organization, whatever the size.
When selecting the service components, it is important to focus on the big picture. Using the GRC approach to engage the business control operations, as well as provide compliance information, means it is vital that you have full confidence in the approach and GRC operational processes. You simply need to know that the solution you use to provide compliance and audit information is reliable.
The familiar “garbage in, garbage out” analogy applies here; you have invested time, effort and money during your GRC program on your GRC data, so a strong business application maintenance solution is needed to maintain that data.
The key elements of the service are detailed below:
1. SAP GRC application maintenance These are the more traditional service activities that form a base for the day-to-day support operations of a GRC approach. It delivers SAP GRC lifecycle management from initial design and transition of the service catalog to its ongoing management and upkeep. The service provides ongoing maintenance activity, as well as the responsive management of incidents, problems and service requests. It also provides integration and compliance with IT system updates while supporting release management for patch application and version rollouts.
Figure 1: SAP GRC application maintenance
Service criticality and reporting
Application lifecycle management
Incident or Problem management
5Helping enhance the real value of SAP GRC through RouteONE Managed Services |
RouteONE Managed Services for SAP GRC
3. Continuous improvement and innovation As GRC business support operations become more complex and the challenges of a constantly changing regulatory landscape and risk profile increase, the need to stay ahead and innovate becomes essential. This can put strain on existing risk and compliance, business support and IT teams. Often these teams don’t have the time to assess fully how new technology may make life easier and can overlook the critical role culture plays in making GRC successful. With RouteONE SAP GRC support, you can access skilled GRC resources who understand your business to identify opportunities to do things faster, better and at a lower cost, helping you protect your investment and innovate at the right pace. Where possible, we can help you identify and implement cultural improvements to help make the organization more resilient against the risk and compliance challenges that are sure to come.
Figure 3: Continuous improvement
Functional and design advice
GRC solution strategy advice
GRC roadmap definition
2. Business operations supportThis part of the service is focused on helping realize the value from your GRC investment through the effective management of GRC related business activities. This includes supporting roles and authorization requests, responding to workflow and control definition queries, as well as the aggregation and analysis of the management information that resides within your SAP GRC systems. The approach also includes a controls test monitoring service to manage and report on risk and compliance activities across your business.
This service area supports two key elements of your GRC strategy:
1. A segregated service as defined by the controls or compliance team
2. Implementation of changes as requested by the same team (or business)
Figure 2: Process control testing phases
Process control testing schedules and planning
Define Do
Compliance team defines the control test frequency
EY Managed Services set this up on system
Review
Compliance team reviews this timetable has been deployed and monitors responses to control tests
This service area uses SAP GRC technology and dashboards to monitor your risks and controls and identify any exceptions and violations, which can then be dealt with accordingly.
6 | Helping enhance the real value of SAP GRC through RouteONE Managed Services
RouteONE Managed Services for SAP GRC
SAP GRC elements supported• Core SAP security and authorizations
• SAP GRC Access Control
• SAP GRC Process Control
• SAP GRC Risk Management
• SAP GRC Access Violation Management
Key benefits of RouteONE SAP GRC Support
• A clearly defined and robust GRC support model that is flexible and can be tailored to fit your broader business and IT strategy
• Quicker resolution of tasks and issues through a GRC helpdesk
• Higher productivity through the use of intelligent analytics and automated tools
• Continuous monitoring and management of your SAP GRC systems, and your risk and compliance activities
• Accelerated innovation and improvement to help increase competitive edge
• Supports risk and compliance teams to focus on monitoring compliance rather than reporting
7Helping enhance the real value of SAP GRC through RouteONE Managed Services |
RouteONE Managed Services for SAP GRC
Creating trust in the digital world: EY’s Global Information Security Survey 2015
ey.com/GISS
Want to learn more?Insights on governance, risk and compliance is an ongoing series of thought leadership reports focused on IT and other business risks, and the many related challenges and opportunities. These timely and topical publications are designed to help you understand the issues and provide you with valuable insights about our perspective. Please view our Insights on governance, risk and compliance series at www.ey.com/GRCinsights.
Enhancing your security operations with Active Defense
ey.com/GRCinsights
Centralized operations: the future of operating models for Risk, Control and Compliance functions
ey.com/GRCinsights
Metrics matter: How Internal Audit can help organizations assess performance measurement
ey.com/GRCinsights
There’s no reward without risk: EY’s global governance, risk and compliance survey 2015
ey.com/GRCinsights
Maximizing value from your lines of defense
ey.com/LOD
Step up to the challenge: helping Internal Audit keep pace with a volatile risk landscape
ey.com/IArisks
Expecting more from risk management: drive business results through harnessing uncertainty
ey.com/REPM
Unlocking the value of your program investments: how predictive analytics can help in achieving successful outcomes
ey.com/PRM
Harnessing the power of data: how Internal Audit can embed data analytics and drive more value
ey.com/IAanalytics
Megatrends 2015: making sense of a world in motion
ey.com/megatrends
Improve your business performance: transform your governance, risk and compliance program
ey.com/transformGRC
About EYEY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.
EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.
About EY’s Advisory ServicesIn a world of unprecedented change, EY Advisory believes a better working world means helping clients solve big, complex industry issues and capitalize on opportunities to grow, optimize and protect their businesses.
From C-suite and functional leaders of Fortune 100 multinationals to disruptive innovators and emerging market small and medium-sized enterprises, EY Advisory works with clients — from strategy through execution — to help them design better outcomes and realize long-lasting results.
A global mindset, diversity and collaborative culture inspires EY consultants to ask better questions. They work with their clients, as well as an ecosystem of internal and external experts, to create innovative answers. Together, EY helps clients’ businesses work better.
The better the question. The better the answer. The better the world works.
© 2016 EYGM Limited. All Rights Reserved.
EYG no. 00460-162GBLBMC AgencyGA 0000_05058
ED None
In line with EY’s commitment to minimize its impact on the environment, this document has been printed on paper with a high recycled content.
This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice.
ey.com/sap
Follow us on Twitter: EY_SAP
EY | Assurance | Tax | Transactions | AdvisoryContactsMarcus GötzPartner, Advisory [email protected] +49 89 14331 23471
Gavin CampbellPartner, Advisory [email protected] +971 4 332 4000
Werner van HaelstPartner, Advisory [email protected] +31 88 407 1167
Martyn ProctorExecutive Director, Advisory [email protected] +44 20 7951 3989
