Upload
vikas-bhan
View
140
Download
4
Embed Size (px)
Citation preview
Short Presentation TitleSpeaker’s Name/Department (delete if not needed)Month 00, 2011
SAP GRCHow to achieve continuous monitoring with SAP Process Control and SAP Risk ManagementAntoine Wüthrich, PwC Senior Manager, LausanneEmmanuel Hofmann, PwC Manager, LausanneMay 17, 2011
© 2011 SAP AG. All rights reserved. 2
Agenda
PwC as your PartnerThe Need to Optimize Value Proposition of SAP GRCAchieving Results with SAPSummary
© 2011 SAP AG. All rights reserved. 3
What you should know about PwC
33
What we do for youPwC is the leading auditing and consulting firm in Switzerland and worldwide providing:
• Audit services• Advisory services• Tax consulting
Who are our clients Our expertise is appreciated by public authorities, global andlocal leading firms – ranging from family businesses to global corporations.
© 2011 SAP AG. All rights reserved. 4
What you should know about PwC
44
What makes us different We are about 161’000 people worldwide including lawyers, auditing experts , technicians, and Specialists.
We have about 120 SAP experts in Switzerland and 2’300 worldwide.
Where to find usWe are present in 154 countries and have 17 offices in Switzerland.
Genève
Lausanne
Sion
Neuchâtel Ber
ne
Bâle
Lugano
Lucerne
Zug
AarauZuric
h
Coire
Saint-Gall
Thoune
Winterthur
© 2011 SAP AG. All rights reserved. 5
Agenda
PwC as your PartnerThe Need to Optimize Value Proposition of SAP GRCAchieving Results with SAPSummary
© 2011 SAP AG. All rights reserved. 6
Advantage for SAP Customers Closed-loop strategy to execution
Strategy
Execution
© 2011 SAP AG. All rights reserved. 7
Advantage for SAP Customers Closed-loop strategy to execution
Profitability andCost Management
Dashboards and Visualization
Strategy Management
Spend Performance Management
Enterprise Performance Management
Reporting Analysis
Business Intelligence
Advanced Analytics
XBRL Publishing
Planning, Budgeting, and Forecasting
Data Exploration
Risk Management
Sustainability Performance Management
Master Data Management
Data Integration
Enterprise Information Management
Governance, Risk, and Compliance
Access Control
Environment al Health &
Safety
Data Quality Management
Metadata Management
Process Control
GTS
Interactive
Consolidation
© 2011 SAP AG. All rights reserved. 8
Key Message
“In the end, I will be the one that is asked to explain”
© 2011 SAP AG. All rights reserved. 9
Key Message
“Is everyone still doing things the way they should be done?”
© 2011 SAP AG. All rights reserved. 10
Compliance Department
“If the auditors can rely on our reports, we can reduce audit costs. I want to ensure that the main risks are covered and that the rule set is standardized.”
Internal/External Audit
“The tools need to show us a clear view of who poses a risk to the financial statements.”
Business
“What are SoDs? They don’t help me achieve my sales goals.”
IT
“How can this tool help us to provide only access that is necessary?”
How do you satisfy all four?
© 2011 SAP AG. All rights reserved. 11
Agenda
PwC as your PartnerThe Need to Optimize Value Proposition of SAP GRC Achieving Results with SAPSummary
What‘s new within the new SAP BO GRC platform and what makes it unique?
© 2011 SAP AG. All rights reserved. 12
Advantage for SAP Customers Closed-loop strategy to execution
Profitability andCost Management
Dashboards and Visualization
Strategy Management
Spend Performance Management
Enterprise Performance Management
Reporting Analysis
Business Intelligence
Advanced Analytics
XBRL Publishing
Planning, Budgeting, and Forecasting
Data Exploration
Risk Management
Sustainability Performance Management
Master Data Management
Data Integration
Enterprise Information Management
Governance, Risk, and Compliance
Access Control
Environment al Health &
Safety
Data Quality Management
Metadata Management
Process Control
GTS
Interactive
Consolidation
© 2011 SAP AG. All rights reserved. 13
Managing risk and compliance is not easy
Risk Management- Formal integration of risk management with strategy - Repeatable framework to analyze and mitigate risk- Continuously monitor key risk indicators across strategic objectives
Process Control
Automated control and transaction monitoring to evaluate compliance effectiveness and business process acceptability
- Configuration
- Master Data
- Business transactions
Access Control
- Segregation of duties
- Fraud, safeguard of assets
- User access management
- Compliance
© 2011 SAP AG. All rights reserved. 14
What‘s new in SAP GRC 10.0What Does It Do? What Is the Value?Focus Area
Unifies Risk Management, Access Control, and Process Control data model on a common technology (ABAP) platform
Provides common look and feel with configurable role-based user access for GRC functions from the SAP Portal or NetWeaver Business Client
Allows customization without programming to display component and compliance regulation data fields through configuration
Enables business users to display ABAP-based reports in Crystal format by leveraging the ALV-Crystal integration framework
Provides end-to-end management of corporate policies aligned with risk and compliancemanagement including creation, localization, distribution and acknowledgement
Improves flexibility of user-defined monitoring rules including ability to monitor more backend systems, and to fully reconstruct configuration and master data for reliable monitoring
Enables the content ecosystem by supporting version control, packaging, import and export of content; supports parallel evolution of content and subsequent partner updates to it
Common Technical Platform and Unified Master Data
Reduces TCO with lower implementation, administrative and maintenance costs
Enhances solution usability with a unified user experience
Reduces the cost and effort required to manage and customize master data UI
Empowers business users with the ability to present information in the desired format and reduces the time spent on reporting needs
Improves corporate governance with management guidance for the organization’s behavior, actions, and decision-making processes
More controls can be automaticallymonitored, leading to more timely and reliable compliance checks.
Reduces implementation time, and enables the partner ecosystem to deliver, expand and update risk and compliance content for customers
Continuous Monitoring
Improved Reporting
Configurable User Interface
Content Lifecycle Management
Enhanced Visualization and Streamlined Navigation
Enhanced Policy Management
© 2011 SAP AG. All rights reserved. 15
Agenda
PwC as your PartnerThe Need to Optimize Value Proposition of SAP GRCAchieving Results with SAPSummary
© 2011 SAP AG. All rights reserved. 16
Value proposition
SAP GRC 10.0 can help you:
• Reduce costs
• Improve efficiency
• Increase responsiveness
• Reduce time spent on non value adding activities
• Achieve compliance
-
© 2011 SAP AG. All rights reserved. 17
Some of your key objectives
Business people
• Improve process efficiency
• Ensure accuracy of reports used
• Enforce standard process
• Ensure compliance
• Prevent fraud
IT people
• Efficiently manage users and
reduce maintenance costs
• Efficiently manage authorizations
• Ensure system availability
• Monitor system usage (processes,
licenses)
-
© 2011 SAP AG. All rights reserved. 18
Tangible benefits
Operating Costs - Reduce losses/risk events 25%-75% - Reduce insurance premiums 10%-30% - ERM productivity improvements 30%-60% - Reduce borrowing costs 0%-40% - Reduce Control testing costs 25%-75% - Reduce audit preparation cost 10%-30% - Reduce audit costs 30%-70% - Reduce compliance costs 30%-60% - Reduce user administration costs 50%-75% - Reduce role management and SOD costs 80%-90% Revenue - Increase success rate of new initiatives/strategies 10%-25% Working Capital - Reduction in reserves to cover risk appetite 10%-30%
© 2011 SAP AG. All rights reserved. 19
How can PwC help
Design, Implement, Enhance, Operate• Risk Management• Process Control• Access Control
Design, Implement, Enhance, Operate• Risk Management• Process Control• Access Control
Implementation review
• GRC technology review (comparison of current practices to the PwC maturity model, and
performing the subsequent gap
analysis)
Implementation review
• GRC technology review (comparison of current practices to the PwC maturity model, and
performing the subsequent gap
analysis)
Others• SAP Role Design• User Management
and Compliance Procedures Design• PMO, Change
Management
Others• SAP Role Design• User Management
and Compliance Procedures Design• PMO, Change
Management
© 2011 SAP AG. All rights reserved. 20
How can PwC help
• Implement quickly – Tools (Accelerators) and experience• Content and libraries• User analyzer• Project management
• Avoid pitfalls / Lessons learned• Stakeholders involvement & planning• Custom tcodes
© 2011 SAP AG. All rights reserved. 21
Key points to take home
SAP GRC 10.0 has drastically evolved from the previous version
SAP GRC 10.0 helps you focus on the essentials
SAP GRC helps you better trust your system and processes
SAP GRC can bring value to all sectors of your company (NOT only IT)
PwC can help you
© 2011 SAP AG. All rights reserved. 22
Key Message
“In the end, I will be the one that is asked to explain”