Upload
wikendro-djumin
View
225
Download
0
Embed Size (px)
Citation preview
7/31/2019 SAP Solutions for Governance-Risk-Compliance
1/20
SAP SOLUTIONS FOR GOVERNANCE,RISK, AND COMPLIANCE
SOLUTION OVERVIEW
AP Solutions for Governance, Risk and Compliance
access this document, please complete all fields below and click 'Read Document'.
completing this form, you agree to the collection, use, disclosure and transfer of the profile information collected ein by TechTarget and the owner of the document. Based on the information provided, you may receive updates
m the TechTarget network of IT-specific websites (and/or the document owner) to inform you of the latest White er, product, and content launches as they relate to your informational needs.
ce registration is complete, you will have access to all similar documents without having to fill out additional forms.
rst Name:
ast Name:
mail Address:
b Title:
usiness Phone:
ompany:
ddress 1:ddress 2:
ty:
ate/Province: -- Select One --
p/Postal Code:
ountry: UNITED STATES
of Employees: -- Select # of employees --
epartment: -- Select your department --
dustry: -- Select your industry --
Abstract: SAP Solutions for governance, risk andcompliance (GRC) form an integrated portfolio ofapplications that embed and optimize all governance, riskand compliance activities to overcome the problems causedby business fragmentation and disjointed approaches toGRC management.
Download this white paper to learn how to leverageinformation within your existing business applications to
evaluate risk and apply controls directly within businessprocesses. Achieve greater transparency and predictability,enabling your organization to improve GRC activities andoverall enterprise performance.
Learn how SAP solutions for GRC work together toautomate end-to-end GRC activities including:
Corporate governance and oversight. Risk management. Control testing and remediation case management. User access and authorization. Global trade services. Environment, health, and safety management.
Read Document Cancel
ormation entered on this page and other data about your use of the attached document will be stored
a file on your computer and transmitted to TechTarget over the Internet. TechTarget may provide this
ormation to the owners of the document and either party may use this data to contact you and/or
ck your use of the document. In consideration of access to the attached document, you agree to such
rage and uses as more fully described in the TechTar et Privacy Policy.
7/31/2019 SAP Solutions for Governance-Risk-Compliance
2/20
A UNIFIED APPROACH TO GOVERNANCE, RISK, AND COMPLIANCE
General Mills uses SAP as the global platform for integrated transaction
processing and segregation of duties in ensuring Sarbanes-Oxley compliance
in the area of information systems. Software and business processes that
streamline and advance a companys risk management and compliance
capabilities are an important aspect of corporate governance. SAP tools
that deliver an integrated solution across the enterprise are an importantand welcome new advance in this important area.
Michael Carr, Director of Information Systems, General Mills Inc.
To access this document, please return to page 1 to complete the
orm.
By completing this form once, you will have access to all similar
documents without needing to register again.
7/31/2019 SAP Solutions for Governance-Risk-Compliance
3/20
. . . MAXIMIZES ENTERPRISE INTEGRITY AND VALUE
SAP solutions for governance, risk, and compliance (SAP solutions for GRC) form an integrated portfolio
of applications that embed and optimize all governance, risk, and compliance activities to overcome the
problems caused by business fragmentation and disjointed approaches to GRC management. SAP solu-
tions for GRC are powered by the SAP NetWeaver platform, which provides a common technical foun-
dation that integrates with mySAP Business Suite and third-party applications. As a result, SAP solutions
for GRC can leverage information within your existing business applications so you can evaluate risk and
apply controls directly within business processes. This results in greater transparency and predictability,
enabling you to improve GRC activities and overall enterprise performance.
SAP solutions for GRC work together to automate end-to-end GRC activities, including corporate
governance and oversight; risk management; control testing and remediation case management; user
access and authorization; global trade services; and environment, health, and safety management.
The solutions support the following business-critical functions: Central management of GRC information in a single system of record, including corporate policies,
regulations, compliance and control frameworks, business process flows, and risk and control libraries
Proactive identification, analysis, and monitoring to forecast and respond to potential threats
Automated controls to ensure appropriate user access and authorization
Monitoring of business processes to promote desired behaviors and maximize results
Streamlined management of global trade compliance and environment, health, and safety
requirements
SAPs holistic approach to governance, risk, and compliance provides you with a strategic business
weapon to protect brand and reputation, master uncertainty, optimize opportunity, and free resources
for innovation and growth.
To access this document, please return to page 1 to complete the
orm.
By completing this form once, you will have access to all similar
documents without needing to register again.
7/31/2019 SAP Solutions for Governance-Risk-Compliance
4/20
BUSINESS FRAGMENTATION HINDERSINNOVATION AND GROWTH
KEY CHALLENGES
Much of the value creation and
innovation within companies takes
place as a consequence of the relation-
ships between people, processes, and
systems all of which may be frag-
mented across different organizations,functions, and geographies. Given the
complexity and uncertainty of todays
business environment, this fragmenta-
tion can hold your enterprise back in
a number of ways:
Organizational fragmentation
Organizational fragmentation caused
by disconnected, department-driven
GRC activities can result in incon-
sistent policies, difficulty predicting
risk, a lack of enterprise transpar-ency, and duplication of effort. As
you increase collaboration with
partners and suppliers, the conse-
quences of having no central body
coordinating GRC activities enter-
prise-wide intensify because most
legislation holds you accountable
for good governance and compliance
within your own organization,
as well as across your extended
enterprise.
System fragmentation
Most businesses lack GRC infor-
mation integrity because their
departments use different metrics,
standards, software, and methodol-
ogies for analyzing risk and com-pliance information. This makes it
difficult to aggregate data, gain a
complete view of enterprise risk,
effectively monitor compliance and
risk, and adjust business processes to
meet changing requirements, market
trends, and regulatory mandates.
Regional fragmentation
In most cases, policies and risks
are generally defined and measured
at the local level, without properconsideration for their impact on
the global, multinational, national,
or regional mandates with which
an organization must also comply.
Decision makers are often unaware
of the interdependencies between
mandates and the risks of non-
compliance in specific regions
and markets.
Internal GRC discipline
fragmentation
At the corporate level, as well as
the departmental or regional levels,
there is general uncertainty around
the meaning and scope of the
disciplines of governance, risk
management, and compliance
(see the sidebar). Most important,
your management team may not
recognize that these disciplines are
inextricably linked and interdepen-
dent, and as a result, must function
interdependently as part of an
integrated strategy.
Success requires that you align your
corporate strategy with effective
oversight and institutionalized policysetting, risk management, and business
process control; you can only accom-
plish this through a holistic approach
to governance, risk, and compliance
that unifies these areas of fragmenta-
tion. As a result, you can capture new
information about emerging threats
and opportunities and exploit them for
competitive advantage.
A Definition of Governance, Risk, and Compliance
Heres a simple way to think about GRC:
Governance manages the strategic directives a company
wants to follow.
Risk management assesses the areas of exposure and
potential impacts.
Compliance is the tactical action to mitigate risk.
SAP Snaps Up Virsa Systems to Enhance Compliance Story, AMR Research,
April 3, 2006.
To access this document, please return to page 1 to complete the
orm.
By completing this form once, you will have access to all similar
documents without needing to register again.
7/31/2019 SAP Solutions for Governance-Risk-Compliance
5/20
. . . THAT DEMAND INNOVATIVE SOLUTIONS
Fragmented GRC activities may be the
status quo, but they are costing your
business more than you think. AMR
Research reports that compliance
spending will reach $27.3 billion in 2006.
And approximately two-thirds of the
cost is in people because fragmented
GRC efforts tend to result in people-
powered GRC ineff icient, manual
processes that are duplicated across
departments. Of even greater signifi-cance is the lost opportunity that
results from a tactical, fragmented
approach to managing GRC. Without
a comprehensive and cohesive GRC
strategy, you are deprived of a powerful
tool for effectively navigating todays
highly regulated business environ-
ments, as well as a critical driver of
revenue and competitive advantage.
The Way Forward
In the face of shifting industry condi-
tions, compliance mandates, and
governance requirements set forth
by executives and the board, you need
to take a broader, more structured
approach to managing governance,
risk, and compliance. Doing so allows
you to proactively identify inefficiencies
and errors, adopt a risk-based approach
toward embedding controls in business
processes, and continuously monitor
operations to optimize and guide futurepolicy. SAP solutions for governance,
risk, and compliance deliver applications
to help you achieve all of this and
more.
The High Cost of Point Solutions
Organizations that choose individual solutions for each regulatory challenge
they face will spend 10 times more on compliance projects than those that
leverage each implementation for multiple requirements (0.9 probability).
Gartner Symposium/ITxpo, Technologies for Compliance: Automating Your Way Out
of Confusion, French Caldwell, October 2005.
To access this document, please return to page 1 to complete the
orm.
By completing this form once, you will have access to all similar
documents without needing to register again.
7/31/2019 SAP Solutions for Governance-Risk-Compliance
6/20
SAP: TURNING GRC INTOCOMPETITIVE ADVANTAGE
A HOLISTIC SOLUTION FOR GOVERNANCE, RISK, AND COMPLIANCE
SAP solutions for GRC deliver the
industrys first comprehensive, inte-
grated portfolio of applications that
embed and optimize all governance,
risk, and compliance activities to
overcome the problems of fragmenta-
tion across the enterprise. These solu-
tions give you the visibility needed to
stop simply reacting to business risks
and events and to improve business
predictability and performance.
Business Process
SAP Solutions for
Industry-Specific GRC
Business Process Platform
Business Applications
SAPNetWeaver
Cross-Industry GRC
GRC Repository: Documentation and Monitoring
Risk Management
Access Controls EnvironmentGlobal Trade Process Controls
Oracle
PeopleSoftSAP
Technology
Service
Figure 1: SAP Solutions for Governance, Risk, and Compliance
These solutions deliver world-class,
integrated applications that leverage
a common software platform and a
central GRC data repository. When
deployed together, these applications
form a holistic solution for GRC. And
because all the applications are inte-
grated, they can break down require-
ments and relationships across different
regulations and mandates. (See Figure 1.)
These applications reach deep into your
existing SAP and non-SAP software to
embed compliance functions across the
enterprise and beyond, giving you the
real-time visibility you need to ensure
compliance and maximize competitive
advantage.
The GRC RepositoryThe SAP GRC Repository application
centrally documents and stores records
for all governance, risk, and compli-
ance information. The repository
centrally manages all GRC content,
including frameworks, policies, pro-
cesses, risks, controls, test plans,
applications, systems, remediation
cases, and evidence. It ensures consis-
tent, effective, and efficient coverage of
regulatory frameworks, laws, andinternal company policies by providing
visibility into related requirements and
by cross-referencing organizational
policies and procedures with regulatory
requirements.
Content
Legacy
To access this document, please return to page 1 to complete the
orm.
By completing this form once, you will have access to all similar
documents without needing to register again.
7/31/2019 SAP Solutions for Governance-Risk-Compliance
7/20
. . . ENABLES REAL-TIME TRANSPARENCY
The repository gives you a complete,
enterprise-wide view of all GRC
activities so you can analyze risk, makeinformed decisions, and take a risk-
based approach to satisfying multiple
company initiatives and regulatory
mandates. You can link risks and
controls to multiple security and
control frameworks such as the
Committee of Sponsoring Organiza-
tions (COSO) and Control Objectives
for Information and Related Technol-
ogies (COBIT) and to mandates like
the Sarbanes-Oxley Act and U.S. Food
and Drug Administration (FDA)
regulations. This ability enables you to
take advantage of opportunities thatyou might not have noticed before to
improve efficiency, optimize risk and
return portfolios, and ultimately,
increase business predictability and
shareholder value. By providing a
central repository that is reusable and
flexible, SAP solutions for GRC also
minimize duplicate GRC efforts so you
can optimize effectiveness and combat
complexity over the long run.
Simplifying Segregation of Duties
The transformative power of a central GRC Repository can be illustrated
best through example. Consider the necessity of ensuring proper segre-
gation of duties for such mandates as the Sarbanes-Oxley Act, FDA
regulations, and the Gramm-Leach-Bliley Act. SAP solutions for GRC
include access control applications that are integrated with the SAP GRC
Repository application. All of an organizations policies, initiatives, and
regulations that require proper segregation of duties (or, alternatively,
need appropriate definition and assignment of compensating controls)
are automatically documented within SAP GRC Repository, complete
with links to the appropriate access controls for automated monitoring.
To access this document, please return to page 1 to complete the
orm.
By completing this form once, you will have access to all similar
documents without needing to register again.
7/31/2019 SAP Solutions for Governance-Risk-Compliance
8/20
MASTER UNCERTAINTY . . .
To access this document, please return to page 1 to complete the
orm.
By completing this form once, you will have access to all similar
documents without needing to register again.
7/31/2019 SAP Solutions for Governance-Risk-Compliance
9/20
likelihood of impact, as well as monitor
GRC activities and time frames at the
most granular level information that
is automatically aggregated to create
higher-level views and risk networks.
All of these activities are monitored
through executive-level dashboards
and reports that provide you with
visibility into key risk metrics and
policy compliance. The software
provides role-based dashboards to
provide transparency to managers at all
levels of your organization from line
managers to business unit, country,
division, and regional managers, and
ultimately, to executive managementand the board.
. . . AND OPTIMIZE OPPORTUNITY
Enterprise Risk Management
Executives recognize that proper risk
management improves decision
making and creates value. But compa-
nies often tackle risk reactively within
departmental silos and overlook critical
interactions between risks. At the same
time, because risk management is often
regarded as a theoretical exercise with
no practical methodology, front-line
managers arent equipped to properly
analyze risk-reward trade-offs and carry
out appropriate responses that are
backed by quantitative metrics.
The SAP GRC Risk Management
application addresses these issues by
enabling you to implement proactive,
collaborative processes to balanceopportunities with financial, legal, and
operational risks at all levels of the
enterprise. The software provides a
best-practice framework for enterprise
risk identification, collaborative risk
analysis, predefined risk responses, and
continuous risk monitoring and
reporting so that you can effectively
anticipate and respond to changing
business conditions. Key risk indicators
enable you to monitor the overall riskportfolio and to alert management
immediately when high-impact and
high-probability risks exceed company-
specific thresholds. Managers can
analyze risks in terms of severity and
A conservative estimate is thatorganizations are missing out on billions
of dollars in potential savings annually
through inefficient risk management
practices.
Source: Aberdeen Group, 2006
To access this document, please return to page 1 to complete the
orm.
By completing this form once, you will have access to all similar
documents without needing to register again.
7/31/2019 SAP Solutions for Governance-Risk-Compliance
10/20
CONTINUOUSLY IMPROVE CONTROLS
Business Process Control
The SAP GRC Process Control appli-
cation applies a risk-based approach to
setting up your control environment
and identifying the most effective and
efficient controls needed to achieve
compliance. The application integrates
directly with control documentation in
SAP GRC Repository, enabling you to
centralize control management and to
eliminate the need to integrate separate
tools for documentation, testing,
remediation, and control monitoring.
Upon completion of control documen-
tation, you can choose to implement
controls for key risks with a combina-
tion of automated controls monitor-
ing, manual controls tests, or self-
assessments. This powerful com-
bination works together to help you
establish controls that promote desired
employee behavior and optimize busi-
ness processes, as well as ensure that
your organization meets compliance
mandates on time and in a cost-
effective manner.
SAP GRC Process Control allows
you to monitor hundreds of critical
procure-to-pay, order-to-cash, and
reconcile-to-report configurations and
transactions, as well as IT controls. You
can deploy a single automated control
test for multiple combinations of
criteria, reducing the amount of set up
and ongoing maintenance required.
The software also automatically routes
manual control tests to the appropriate
personnel for timely performance
and guides testers with step-by-step
procedures and approved templates
to minimize errors. In addition, f lexible
survey creation functionality allows
you to perform self-assessments for
entity-level controls, as well as for
management sign-off.
SAP GRC Process Control pinpoints
risks of control violations through a
global heat map, making it easy for
executives and auditors to prioritize
corrective action and avoid the devel-
opment of material weaknesses in the
control environment. The software
automatically creates remediation
cases for each control exception,
immediately alerting control ownersand managers so that they can quickly
take action to address risk. To prevent
future risk from entering production
environments, you can use SAP GRC
Process Control to perform real-time
what-if analyses that simulate the
impact of application control changes
before changes are put into effect.
To access this document, please return to page 1 to complete the
orm.
By completing this form once, you will have access to all similar
documents without needing to register again.
7/31/2019 SAP Solutions for Governance-Risk-Compliance
11/20
DELIVER AS PROMISED
Global Trade Services
The SAP Global Trade Services (SAP
GTS) application helps you master the
manifold challenges of internationaltrade. You can automate and stream-
line complex import and export pro-
cesses, ensure regulatory compliance,
expedite customs clearance, mitigate
the financial risk of global transactions,
and take full advantage of international
trade agreements.
With SAP GTS, you can manage and
standardize trade compliance processes
throughout your organization. The
software automatically screens businesspartners against official sanctioned-
party lists, checks for embargo restric-
tions, and manages export and import
licenses. SAP GTS expedites customs
processes by facilitating interactions
between your enterprise and customs
agencies, driving the efficient move-
ment of goods and information across
international borders. SAP GTS also
lets you tap into the opportunities
Globalization is not an emerging trend; its a business reality. Whats changed is the increased
level of complexity and risk associated with moving goods across borders, especially after the
9/11 terrorist attacks. Technology is the key enabler of any global trade management strategy,
and companies must take a broader perspective and view their entire enterprise software platform
as a global trade management solution.
Adrian Gonzalez, Director, Logistics Executive Council, ARC Advisory Group
available through trade agreements,
such as the North American Free Trade
Agreement (NAFTA) and those of the
European Union, and automates andstreamlines all aspects of restitution
management to ensure more efficient
export refund processing and less risk
of forfeiting securities. The Unicode-
enabled software provides a single,
central solution for all of your global
trade requirements no matter
where you do business.
To access this document, please return to page 1 to complete the
orm.
By completing this form once, you will have access to all similar
documents without needing to register again.
7/31/2019 SAP Solutions for Governance-Risk-Compliance
12/20
accordance with laws and regulations.The softwares central database makes
it easy to manage product safety speci-
fications, hazardous substance inven-
tories, and dangerous goods for safe
handling, tracking, document manage-
ment, and risk calculation. You can
also create hazardous waste permits
and ensure that authorized waste
quantities are not exceeded by selecting
suitable disposal firms and by allocating
disposal costs among internal depart-ments. SAP EH&S also supports the full
range of industrial hygiene and safety
processes, centrally managing core
tasks, such as risk assessments, expo-
sure logs, incident management,
exposure profiles, and safety manage-
ment of specific work areas.
SAP xApp Emissions Management
The SAP xApp Emissions Management(SAP xEM) composite application,
which was jointly developed by SAP
and its special expertise partner
TechniData, helps you improve
manufacturing productivity by
Environment, Health, and Safety
SAP solutions for GRC include applications that help you efficiently manage your
business while ensuring compliance with complex environmental, health, and
safety processes and regulations, such as Restriction of Hazardous Substances (ROHS),
Waste from Electronics and Electronic Equipment (WEEE), the Health and Safety
at Work Act, and regulations around emissions trading schemes.
PROTECT BRAND AND REPUTATION
SAP Environment, Health & SafetyThe SAP Environment, Health & Safety
(SAP EH&S) application streamlines all
activities necessary to implement EH&S
processes safely, effectively, and in
To access this document, please return to page 1 to complete the
orm.
By completing this form once, you will have access to all similar
documents without needing to register again.
7/31/2019 SAP Solutions for Governance-Risk-Compliance
13/20
aligning business processes with
required environmental regulations
worldwide. The software also allows
you to reap the financial benefits of
the emissions trading markets because
it determines and documents emission
credits and communicates emissions
credits with emission trading plat-
forms. SAP xEM tracks, analyzes, and
records emission data. Integration with
plant and equipment maintenance
systems supports equipment calibra-
tion and maintenance tasks; sophisti-
cated tools calculate emissions (such
as greenhouse gases) that cant be
measured directly. When a reference
value exceeds normal plant values for
operations, automatic notifications
are fired off to determine the impactand trigger changes necessary to
correct operations. The extensive
reporting functionality in SAP xEM
fulfills legal requirements for docu-
mentation and reporting to regulatory
authorities.
SAP Solution for Product Compliance
Compliance for Products is a solution for
environmental product compliance that
was developed on the SAP NetWeaver
platform by TechniData. The software
collects, organizes, analyzes, and
evaluates data about various products,
factories, suppliers, countries, and
customers information needed to
provide proof of compliance with
environmental directives that regulate
the development, manufacture,
distribution, disposal, or recyclingof products.
The software documents product
content and regulatory or sector-
specific substances lists, integrates
compliances checks and analyses with
central business processes, and auto-
mates communications with customers
and suppliers. For example, when a
product is being checked for compli-
ance with the ROHS directive, the
solution verifies that all the necessary
information, such as the lead content
of a supplied part, is in place. If this data
has not been provided, the solution
automatically requests the suppliers
manufacturing department to disclose
the exact lead weight percentage of the
product and notifies the user when the
supplier has provided the data.
. . . AND SAFEGUARD STAKEHOLDERS
To access this document, please return to page 1 to complete the
orm.
By completing this form once, you will have access to all similar
documents without needing to register again.
7/31/2019 SAP Solutions for Governance-Risk-Compliance
14/20
ENABLE COLLABORATION
Access Control
Proper segregation of duties (SOD) and
access control over sensitive transac-
tions is one of the most effective safe-
guards against fraud and a prerequisite
for sound corporate oversight. It is also
one of the most difficult controls to
effectively deploy and sustain given the
thousands of users, roles, and processes
that all require access and authoriza-tion evaluation, testing, and remedia-
tion. The immense task of managing
proper user and role access can only be
accomplished when business process
owners (who can determine appropri-
ate access in business terms) and IT
experts (who can define the underlying
technical objects that make up business
functions) work together. The problem
is that communication between the
two groups is typically disjointed and
unsuccessful because there is no bridgelinking business language with IT
capabilities.
To access this document, please return to page 1 to complete the
orm.
By completing this form once, you will have access to all similar
documents without needing to register again.
7/31/2019 SAP Solutions for Governance-Risk-Compliance
15/20
SAP solutions for GRC closes this gap
with a comprehensive set of access
control applications that enable all
corporate compliance stakeholders
including business managers, auditors,
and IT security managers to collab-
oratively manage proper SOD enforce-
ment. The applications include the
following:
Virsa Compliance Calibrator: The
Virsa Compliance Calibrator applica-
tion supports real-time compliance
by stopping security and controls
violations before they occur. With the
most comprehensive library of SOD
rules available for enterprise appli-
cations, such as SAP, Oracle, and
PeopleSoft, the application makes it
easy for business process owners toselect rules applicable to your
organization.
Virsa Role Expert: The Virsa Role
Expert application centralizes and
standardizes enterprise role manage-
ment, eliminating manual errors and
enforcing best practices. The appli-
cation empowers business managers
to define functional roles, as well as
IT managers to define the associated
technical permissions.Virsa FireFighter for SAP: The
Virsa FireFighter application for SAP
enables your super users to perform
emergency activities outside the
parameters of their normal role, but
to do so within a controlled, fully
auditable environment. The appli-
cation assigns a temporary ID that
grants the super user broad, yet
regulated access and tracks and
logs every activity the super user
performs using that temporary ID.
Virsa Access Enforcer: The Virsa
Access Enforcer application supports
fully compliant user provisioning
throughout the employee life cycle.
Leveraging the applications dynamic
workflow functions, you can
automate even the most complex
approval processes, as well as preventrisks from entering production
environments by performing real-
time analysis on proposed user
access.
Partnering for Success
Recognizing the importance of external
collaboration for innovation, SAP is
committed to establishing a robust
GRC ecosystem that includes recog-
nized domain experts and thought
leaders in diverse fields, including, but
not limited to, audit, management, and
risk consultancies; key software and
technology partners; and information
and content partners. Key software and
technology partners integrate applica-
tions through the SAP NetWeaver
platform to provide much needed
transparency over the extended GRCecosystem. In addition, professional
services partners support the GRC
ecosystem by delivering deep intellec-
tual capital and by bringing decades
of proven best-practice content and
methodologies.
Virsa [software] allowed us to significantly reduce
the amount of time to document and test the
effectiveness of our compliance with segregation
of duties requirement in SAP [software].
Jayne Gibbon, Internal Audit Manager, Kimberly-Clark Corporation
. . . AND PARTNER FOR SUCCESS
To access this document, please return to page 1 to complete the
orm.
By completing this form once, you will have access to all similar
documents without needing to register again.
7/31/2019 SAP Solutions for Governance-Risk-Compliance
16/20
SIGNIFICANT RETURN ON INVESTMENT
By embarking on an integrated strategy
and employing a comprehensive GRC
solution, you can proactively achieve
significant returns on your investment.
Consider the following:
Customers who have used the access
controls applications have reported
a 25% savings in audit costs, a 28%
reduction in the cost of managing
user authorization risk, and a 32%
savings in time spent on managing
user authorization risk.
Typical user and role approval
processes are reduced from two
weeks to two days. Customers can automate nearly 100%
of their export processes, enabling
them to reduce headcount and
redeploy employees on more
strategic activities.
Customers can ensure that they
do not deal with sanctioned parties
in millions of trade compliance
screenings per month.
A WEALTH OF BENEFITS
Here are some of the ways that your
business can benefit from SAP solutions
for GRC:
Free resources for innovation and
growth
Integrate GRC applications to
simplify GRC tasks and reduce total
cost of ownership
Shift from manual, resource-
intensive control activities to
embedded and automated control
processes
Rationalize and reuse corporate
controls and risk responses to reduce
effort and increase productivity
Manage by exception with actionable
dashboards and key performance
indicators, threshold-based alerts,and automated escalation
procedures
Protect brand and reputation
Identify and resolve potential points
of failure by continuously monitor-
ing control activities across the
enterprise
Prevent issues and weaknesses using
mandatory risk analysis for critical
processes Ensure compliance with global
import and export regulations
Improve transparency with threshold-
based global dashboards that aggre-
gate financial exposure to control
deficiency risks
Prevent brand erosion from environ-
mental, health, and safety catastro-
phes by automatically classifying
and tracking hazardous substances
To access this document, please return to page 1 to complete the
orm.
By completing this form once, you will have access to all similar
documents without needing to register again.
7/31/2019 SAP Solutions for Governance-Risk-Compliance
17/20
Safeguarding Your Success
SAP solutions for GRC are delivered
by SAPs experienced and knowledge-able professional services team who
can help you realize the full value of
your investment. Leveraging SAP
experts, methodologies, tools, and
certified partners, our professional
services teams can accelerate imple-
mentations, meet deadlines, transfer
knowledge, and enable long-term
success, no matter how large or how
complex the project. Equally important,you are assured that no factors are
overlooked that might jeopardize the
achievement of your goals. And once
your solution is in place, our compre-
hensive, customized training programs
make it easy to ramp up employees
and ensure successful adoption across
your enterprise.
FREE RESOURCES FOR INNOVATION AND GROWTH
Master uncertainty and optimize
opportunity
Analyze risk exposure and trends tooptimize risk-return portfolio
Optimize capital allocation based on
insight into enterprise risk position
Implement effective controls to
promote desired behavior and
improve results of business processes
Identify and exploit opportunities in
international trade preference
agreements
To access this document, please return to page 1 to complete the
orm.
By completing this form once, you will have access to all similar
documents without needing to register again.
7/31/2019 SAP Solutions for Governance-Risk-Compliance
18/20
SUPPORT FOR KEY BUSINESS PROCESSES
GOVERN. ASSESS. RESPOND. MONITOR. OPTIMIZE.
Activity Benefits
Governance Enable strong alignment between strategic objectives, r isk management, and complianceactivities to create stakeholder value
Minimize fragmentation of GRC information Reduce redundant efforts and resources spent on multiple GRC requirements Provide a foundation for risk-return portfolio optimization, business performance optimization,
business control, transparency, and predictability
Risk management Improve managements ability to achieve strategic objectives Understand key risks that organization faces to ensure that a comprehensive strategy is in place
to manage risks in the best manner Gain new insights for decision making and capital allocation across various risk classes
(for example, insurance, operational, external, and financial) Reduce the probability of default, credit downgrade, or serious financial loss
Business process control Strengthen managements confidence that business controls are well designed and operatingeffectively
Boost employee morale by focusing skilled resources on activities that require expertise andjudgment
Reduce cost and increase assurance by shifting from point-in-time testing to continuous controlsmonitoring
Evaluate and prioritize response to highest impact control violation risk
Global trade services Ensure vigilant trade compliance and help facilitate tighter national security Streamline electronic communications with customs authorities Mitigate the financial risk of global trade through automated handling of payment guarantees
Maximize opportunities offered by trade preference agreements
Environment, health, and safetymanagement
Deploy global EH&S processes while adapting them to practices in individual circumstances andgeographies
Ensure safe handling and tracking of hazardous substances, dangerous goods, and wasteproducts
Deliver full-scale health management to provide for employee health and well-being Ensure the compliance of individual products with ROHS, WEEE, and End of Life Vehicle (ELV)
regulations Improve manufacturing productivity by aligning business processes with the fulfillment of
environmental regulations for emissions management
Access and authorization control Enable all corporate compliance stakeholders to collaboratively manage proper segregation ofduties enforcement
Detect and resolve in real time segregation of duties and user authorization control violations Ensure efficient and compliant provisioning of user access throughout the entire employee life
cycleAllow super users privileged but controlled access to quickly address emergency requirements
or help mitigate situations where segregation of duties cant be accomplished
To access this document, please return to page 1 to complete the
orm.
By completing this form once, you will have access to all similar
documents without needing to register again.
7/31/2019 SAP Solutions for Governance-Risk-Compliance
19/20
THE RIGHT CHOICE
A SOLID FOUNDATION FOR GRC
SAP solutions for GRC are the right choice for your business. A large number of
customers in a variety of industries including some of the worlds best-known
brands are already reaping the benefits of an integrated, comprehensive GRC
solution. To find out more, visit www.sap.com/grc.
To access this document, please return to page 1 to complete the
orm.
By completing this form once, you will have access to all similar
documents without needing to register again.
7/31/2019 SAP Solutions for Governance-Risk-Compliance
20/20
www.sap.com/contactsap
50 081 153 (06/09)
2006 by SAP AG. All rights reserved. SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several othercountries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. Printed on environmentally friendly paper.
To access this document, please return to page 1 to complete the
orm.
By completing this form once, you will have access to all similar
documents without needing to register again.