Short Presentation TitleSpeaker’s Name/Department (delete if not needed)Month 00, 2011

SAP GRCHow to achieve continuous monitoring with SAP Process Control and SAP Risk ManagementAntoine Wüthrich, PwC Senior Manager, LausanneEmmanuel Hofmann, PwC Manager, LausanneMay 17, 2011

© 2011 SAP AG. All rights reserved. 2

Agenda

PwC as your PartnerThe Need to Optimize Value Proposition of SAP GRCAchieving Results with SAPSummary

© 2011 SAP AG. All rights reserved. 3

What you should know about PwC

33

What we do for youPwC is the leading auditing and consulting firm in Switzerland and worldwide providing:

• Audit services• Advisory services• Tax consulting

Who are our clients Our expertise is appreciated by public authorities, global andlocal leading firms – ranging from family businesses to global corporations.

© 2011 SAP AG. All rights reserved. 4

What you should know about PwC

44

What makes us different We are about 161’000 people worldwide including lawyers, auditing experts , technicians, and Specialists.

We have about 120 SAP experts in Switzerland and 2’300 worldwide.

Where to find usWe are present in 154 countries and have 17 offices in Switzerland.

Genève

Lausanne

Sion

Neuchâtel Ber

ne

Bâle

Lugano

Lucerne

Zug

AarauZuric

h

Coire

Saint-Gall

Thoune

Winterthur

© 2011 SAP AG. All rights reserved. 5

Agenda

PwC as your PartnerThe Need to Optimize Value Proposition of SAP GRCAchieving Results with SAPSummary

© 2011 SAP AG. All rights reserved. 6

Advantage for SAP Customers Closed-loop strategy to execution

Strategy

Execution

© 2011 SAP AG. All rights reserved. 7

Advantage for SAP Customers Closed-loop strategy to execution

Profitability andCost Management

Dashboards and Visualization

Strategy Management

Spend Performance Management

Enterprise Performance Management

Reporting Analysis

Business Intelligence

Advanced Analytics

XBRL Publishing

Planning, Budgeting, and Forecasting

Data Exploration

Risk Management

Sustainability Performance Management

Master Data Management

Data Integration

Enterprise Information Management

Governance, Risk, and Compliance

Access Control

Environment al Health &

Safety

Data Quality Management

Metadata Management

Process Control

GTS

Interactive

Consolidation

© 2011 SAP AG. All rights reserved. 8

Key Message

“In the end, I will be the one that is asked to explain”

© 2011 SAP AG. All rights reserved. 9

Key Message

“Is everyone still doing things the way they should be done?”

© 2011 SAP AG. All rights reserved. 10

Compliance Department

“If the auditors can rely on our reports, we can reduce audit costs. I want to ensure that the main risks are covered and that the rule set is standardized.”

Internal/External Audit

“The tools need to show us a clear view of who poses a risk to the financial statements.”

Business

“What are SoDs? They don’t help me achieve my sales goals.”

IT

“How can this tool help us to provide only access that is necessary?”

How do you satisfy all four?

© 2011 SAP AG. All rights reserved. 11

Agenda

PwC as your PartnerThe Need to Optimize Value Proposition of SAP GRC Achieving Results with SAPSummary

What‘s new within the new SAP BO GRC platform and what makes it unique?

© 2011 SAP AG. All rights reserved. 12

Advantage for SAP Customers Closed-loop strategy to execution

Profitability andCost Management

Dashboards and Visualization

Strategy Management

Spend Performance Management

Enterprise Performance Management

Reporting Analysis

Business Intelligence

Advanced Analytics

XBRL Publishing

Planning, Budgeting, and Forecasting

Data Exploration

Risk Management

Sustainability Performance Management

Master Data Management

Data Integration

Enterprise Information Management

Governance, Risk, and Compliance

Access Control

Environment al Health &

Safety

Data Quality Management

Metadata Management

Process Control

GTS

Interactive

Consolidation

© 2011 SAP AG. All rights reserved. 13

Managing risk and compliance is not easy

Risk Management- Formal integration of risk management with strategy - Repeatable framework to analyze and mitigate risk- Continuously monitor key risk indicators across strategic objectives

Process Control

Automated control and transaction monitoring to evaluate compliance effectiveness and business process acceptability

- Configuration

- Master Data

- Business transactions

Access Control

- Segregation of duties

- Fraud, safeguard of assets

- User access management

- Compliance

© 2011 SAP AG. All rights reserved. 14

What‘s new in SAP GRC 10.0What Does It Do? What Is the Value?Focus Area

Unifies Risk Management, Access Control, and Process Control data model on a common technology (ABAP) platform

Provides common look and feel with configurable role-based user access for GRC functions from the SAP Portal or NetWeaver Business Client

Allows customization without programming to display component and compliance regulation data fields through configuration

Enables business users to display ABAP-based reports in Crystal format by leveraging the ALV-Crystal integration framework

Provides end-to-end management of corporate policies aligned with risk and compliancemanagement including creation, localization, distribution and acknowledgement

Improves flexibility of user-defined monitoring rules including ability to monitor more backend systems, and to fully reconstruct configuration and master data for reliable monitoring

Enables the content ecosystem by supporting version control, packaging, import and export of content; supports parallel evolution of content and subsequent partner updates to it

Common Technical Platform and Unified Master Data

Reduces TCO with lower implementation, administrative and maintenance costs

Enhances solution usability with a unified user experience

Reduces the cost and effort required to manage and customize master data UI

Empowers business users with the ability to present information in the desired format and reduces the time spent on reporting needs

Improves corporate governance with management guidance for the organization’s behavior, actions, and decision-making processes

More controls can be automaticallymonitored, leading to more timely and reliable compliance checks.

Reduces implementation time, and enables the partner ecosystem to deliver, expand and update risk and compliance content for customers

Continuous Monitoring

Improved Reporting

Configurable User Interface

Content Lifecycle Management

Enhanced Visualization and Streamlined Navigation

Enhanced Policy Management

© 2011 SAP AG. All rights reserved. 15

Agenda

PwC as your PartnerThe Need to Optimize Value Proposition of SAP GRCAchieving Results with SAPSummary

© 2011 SAP AG. All rights reserved. 16

Value proposition

SAP GRC 10.0 can help you:

• Reduce costs

• Improve efficiency

• Increase responsiveness

• Reduce time spent on non value adding activities

• Achieve compliance

-

© 2011 SAP AG. All rights reserved. 17

Some of your key objectives

Business people

• Improve process efficiency

• Ensure accuracy of reports used

• Enforce standard process

• Ensure compliance

• Prevent fraud

IT people

• Efficiently manage users and

reduce maintenance costs

• Efficiently manage authorizations

• Ensure system availability

• Monitor system usage (processes,

licenses)

-

© 2011 SAP AG. All rights reserved. 18

Tangible benefits

Operating Costs - Reduce losses/risk events 25%-75% - Reduce insurance premiums 10%-30% - ERM productivity improvements 30%-60% - Reduce borrowing costs 0%-40% - Reduce Control testing costs 25%-75% - Reduce audit preparation cost 10%-30% - Reduce audit costs 30%-70% - Reduce compliance costs 30%-60% - Reduce user administration costs 50%-75% - Reduce role management and SOD costs 80%-90% Revenue - Increase success rate of new initiatives/strategies 10%-25% Working Capital - Reduction in reserves to cover risk appetite 10%-30%

© 2011 SAP AG. All rights reserved. 19

How can PwC help

Design, Implement, Enhance, Operate• Risk Management• Process Control• Access Control

Design, Implement, Enhance, Operate• Risk Management• Process Control• Access Control

Implementation review

• GRC technology review (comparison of current practices to the PwC maturity model, and

performing the subsequent gap

analysis)

Implementation review

• GRC technology review (comparison of current practices to the PwC maturity model, and

performing the subsequent gap

analysis)

Others• SAP Role Design• User Management

and Compliance Procedures Design• PMO, Change

Management

Others• SAP Role Design• User Management

and Compliance Procedures Design• PMO, Change

Management

© 2011 SAP AG. All rights reserved. 20

How can PwC help

• Implement quickly – Tools (Accelerators) and experience• Content and libraries• User analyzer• Project management

• Avoid pitfalls / Lessons learned• Stakeholders involvement & planning• Custom tcodes

© 2011 SAP AG. All rights reserved. 21

Key points to take home

SAP GRC 10.0 has drastically evolved from the previous version

SAP GRC 10.0 helps you focus on the essentials

SAP GRC helps you better trust your system and processes

SAP GRC can bring value to all sectors of your company (NOT only IT)

PwC can help you

© 2011 SAP AG. All rights reserved. 22

Key Message

“In the end, I will be the one that is asked to explain”

Thank You!

Contact information:

Antoine WüthrichSenior ManagerC-F Ramuz 451008 Pully+41 79 613 2923

Emmanuel HofmannManagerC-F Ramuz 451008 Pully+41 79 424 6137