Integrating SAP GRC RM, PC and AC:

An end-to-end solution

Antoine Wüthrich, PwC

March 14th, 2013

© 2011 SAP AG. All rights reserved. 2

Agenda

Partner

The Need to Optimize

Value Proposition of an integrated SAP GRC (AC, PC and RM)

Summary

© 2011 SAP AG. All rights reserved. 3

What you should know about PwC

3 3

What we do

PwC is the leading professional

services firm for :

• Audit services

• Advisory services

• Tax consulting

We have around 120 SAP

experts in Switzerland and

2’300 worldwide.

Who are our clients

Most of the companies running

SAP in Switzerland.

Genève

Lausanne

Sion

Neuchâtel Berne

Bâle

Lugano

Lucerne Zug

Aarau Zurich

Coire

Saint-Gall

Thoune

Winterthur

© 2011 SAP AG. All rights reserved. 4

Agenda

Partner

The Need to Optimize

Value Proposition of an integrated SAP GRC (AC, PC and RM)

Summary

© 2011 SAP AG. All rights reserved. 5

What is SAP GRC (Governance, Risk & Compliance)

5 5

AC

GTS

PC

RM

Access control

Who can do or see

what in SAP?

Risk Management

What are our risks

and how are they

addressed?

Process control

Who did what in

SAP and KPIs.

Global trade

Are we custom & trade

compliant and efficient?

© 2011 SAP AG. All rights reserved. 6

Process Control

Automated control and transaction

monitoring to evaluate compliance

effectiveness and business process

acceptability

• Configuration

• Master Data

• Business transactions

What is SAP GRC (Governance, Risk & Compliance)

Risk Management

• Formal integration of risk management with strategy

• Repeatable framework to analyze and mitigate risk

• Continuously monitor key risk indicators across strategic objectives

Access Control

• Segregation of duties

• Fraud, safeguard of assets

• User access management

• Compliance

PC

AC

RM

© 2011 SAP AG. All rights reserved. 7

What are the key SAP GRC trends

7 7

AC

PC

RM

Source: PwC SAP GRC Survey 2012

© 2011 SAP AG. All rights reserved. 8

Why companies are using SAP GRC Access controls?

8 8

Reduce access risk and

fraud

Reduce the cost of access

management

Reduce the cost of ongoing

compliance activities

Automatically detect and

remediate access risk

violations

Streamline requests for multiple

systems and embed preventative

compliance checks

Automate compliance reviews of

segregation of duties, critical

access, and superuser privileges

Source: adapted from SAP

AC

RM

PC

© 2011 SAP AG. All rights reserved. 9

Agenda

Partner

The Need to Optimize

Value Proposition of an integrated SAP GRC (AC, PC and RM)

Summary

© 2011 SAP AG. All rights reserved. 10

1. Continuously monitoring of data, configuration and transactions

2. Rationalizing the number of controls

3. Centralizing compliance management functions

4. Enabling sharing of risks and compliance data functions

5. Increasing accountability for controls

6. Creating a clear path to remediation for all control failures

7. Standardizing issue management practices

Value proposition: Integrating Process & Access Control in GRC 10

10 10

Substantial benefits in visibility, cost, and quality. Benefits include:

© 2011 SAP AG. All rights reserved. 11

KPI monitoring

Financial

Operational

Tax

For example:

Tax ruling checker

Cash finder

Closing process

Data loss prevention

System usage

Value proposition: Integrating Process & Access Control in GRC 10

How to create value beyond compliance

Increase SAP ROI

Identify SAP functionality

not being used

Transparency of user behaviour and impact on process

efficiency

Quantify usage over time ensuring

benefits are maintained

Identify training needs

Improved process

compliance and standardisation

Identification of data integrity issues

Enable benchmarking across business

units Improved management information

Indication of risk and control

issues

© 2011 SAP AG. All rights reserved. 12

When do companies implement SAP GRC

12 12

AC

GTS

PC

RM

SAP implementation / optimization

SAP global roll-out

SAP outsourcing

SAP shared service

SAP competency center

SAP security redesign

SSO / IdM project

Cost pressure on compliance

After a fraud / compliance issue

Sensitive data stolen

New governance rules

When specific

risks arise:

© 2011 SAP AG. All rights reserved. 13

Key points to take home

More and more companies are now using SAP GRC 10.0

Integrating SAP GRC 10.0 AC, PC and RM brings untapped potential

to improve the efficiency of your compliance process

SAP GRC bring value to your company (NOT just compliance)

You should expect a positive return on investment when

implementing SAP GRC

PwC can help !

Thank You!

Contact information:

Antoine Wüthrich

Senior Manager

Av. CF Ramuz 45, 1000 Lausanne

Antoine.wuthrich@ch.pwc.com