Upload
hoangbao
View
230
Download
1
Embed Size (px)
Citation preview
Integrating SAP GRC RM, PC and AC:
An end-to-end solution
Antoine Wüthrich, PwC
March 14th, 2013
© 2011 SAP AG. All rights reserved. 2
Agenda
Partner
The Need to Optimize
Value Proposition of an integrated SAP GRC (AC, PC and RM)
Summary
© 2011 SAP AG. All rights reserved. 3
What you should know about PwC
3 3
What we do
PwC is the leading professional
services firm for :
• Audit services
• Advisory services
• Tax consulting
We have around 120 SAP
experts in Switzerland and
2’300 worldwide.
Who are our clients
Most of the companies running
SAP in Switzerland.
Genève
Lausanne
Sion
Neuchâtel Berne
Bâle
Lugano
Lucerne Zug
Aarau Zurich
Coire
Saint-Gall
Thoune
Winterthur
© 2011 SAP AG. All rights reserved. 4
Agenda
Partner
The Need to Optimize
Value Proposition of an integrated SAP GRC (AC, PC and RM)
Summary
© 2011 SAP AG. All rights reserved. 5
What is SAP GRC (Governance, Risk & Compliance)
5 5
AC
GTS
PC
RM
Access control
Who can do or see
what in SAP?
Risk Management
What are our risks
and how are they
addressed?
Process control
Who did what in
SAP and KPIs.
Global trade
Are we custom & trade
compliant and efficient?
© 2011 SAP AG. All rights reserved. 6
Process Control
Automated control and transaction
monitoring to evaluate compliance
effectiveness and business process
acceptability
• Configuration
• Master Data
• Business transactions
What is SAP GRC (Governance, Risk & Compliance)
Risk Management
• Formal integration of risk management with strategy
• Repeatable framework to analyze and mitigate risk
• Continuously monitor key risk indicators across strategic objectives
Access Control
• Segregation of duties
• Fraud, safeguard of assets
• User access management
• Compliance
PC
AC
RM
© 2011 SAP AG. All rights reserved. 7
What are the key SAP GRC trends
7 7
AC
PC
RM
Source: PwC SAP GRC Survey 2012
© 2011 SAP AG. All rights reserved. 8
Why companies are using SAP GRC Access controls?
8 8
Reduce access risk and
fraud
Reduce the cost of access
management
Reduce the cost of ongoing
compliance activities
Automatically detect and
remediate access risk
violations
Streamline requests for multiple
systems and embed preventative
compliance checks
Automate compliance reviews of
segregation of duties, critical
access, and superuser privileges
Source: adapted from SAP
AC
RM
PC
© 2011 SAP AG. All rights reserved. 9
Agenda
Partner
The Need to Optimize
Value Proposition of an integrated SAP GRC (AC, PC and RM)
Summary
© 2011 SAP AG. All rights reserved. 10
1. Continuously monitoring of data, configuration and transactions
2. Rationalizing the number of controls
3. Centralizing compliance management functions
4. Enabling sharing of risks and compliance data functions
5. Increasing accountability for controls
6. Creating a clear path to remediation for all control failures
7. Standardizing issue management practices
Value proposition: Integrating Process & Access Control in GRC 10
10 10
Substantial benefits in visibility, cost, and quality. Benefits include:
© 2011 SAP AG. All rights reserved. 11
KPI monitoring
Financial
Operational
Tax
For example:
Tax ruling checker
Cash finder
Closing process
Data loss prevention
System usage
Value proposition: Integrating Process & Access Control in GRC 10
How to create value beyond compliance
Increase SAP ROI
Identify SAP functionality
not being used
Transparency of user behaviour and impact on process
efficiency
Quantify usage over time ensuring
benefits are maintained
Identify training needs
Improved process
compliance and standardisation
Identification of data integrity issues
Enable benchmarking across business
units Improved management information
Indication of risk and control
issues
© 2011 SAP AG. All rights reserved. 12
When do companies implement SAP GRC
12 12
AC
GTS
PC
RM
SAP implementation / optimization
SAP global roll-out
SAP outsourcing
SAP shared service
SAP competency center
SAP security redesign
SSO / IdM project
Cost pressure on compliance
After a fraud / compliance issue
Sensitive data stolen
New governance rules
When specific
risks arise:
© 2011 SAP AG. All rights reserved. 13
Key points to take home
More and more companies are now using SAP GRC 10.0
Integrating SAP GRC 10.0 AC, PC and RM brings untapped potential
to improve the efficiency of your compliance process
SAP GRC bring value to your company (NOT just compliance)
You should expect a positive return on investment when
implementing SAP GRC
PwC can help !
Thank You!
Contact information:
Antoine Wüthrich
Senior Manager
Av. CF Ramuz 45, 1000 Lausanne