SAP Solutions for Governance-Risk-Compliance

7/31/2019 SAP Solutions for Governance-Risk-Compliance

1/20

SAP SOLUTIONS FOR GOVERNANCE,RISK, AND COMPLIANCE

SOLUTION OVERVIEW

AP Solutions for Governance, Risk and Compliance

access this document, please complete all fields below and click 'Read Document'.

completing this form, you agree to the collection, use, disclosure and transfer of the profile information collected ein by TechTarget and the owner of the document. Based on the information provided, you may receive updates

m the TechTarget network of IT-specific websites (and/or the document owner) to inform you of the latest White er, product, and content launches as they relate to your informational needs.

ce registration is complete, you will have access to all similar documents without having to fill out additional forms.

rst Name:

ast Name:

mail Address:

b Title:

usiness Phone:

ompany:

ddress 1:ddress 2:

ty:

ate/Province: -- Select One --

p/Postal Code:

ountry: UNITED STATES

of Employees: -- Select # of employees --

epartment: -- Select your department --

dustry: -- Select your industry --

Abstract: SAP Solutions for governance, risk andcompliance (GRC) form an integrated portfolio ofapplications that embed and optimize all governance, riskand compliance activities to overcome the problems causedby business fragmentation and disjointed approaches toGRC management.

Download this white paper to learn how to leverageinformation within your existing business applications to

evaluate risk and apply controls directly within businessprocesses. Achieve greater transparency and predictability,enabling your organization to improve GRC activities andoverall enterprise performance.

Learn how SAP solutions for GRC work together toautomate end-to-end GRC activities including:

Corporate governance and oversight. Risk management. Control testing and remediation case management. User access and authorization. Global trade services. Environment, health, and safety management.

Read Document Cancel

ormation entered on this page and other data about your use of the attached document will be stored

a file on your computer and transmitted to TechTarget over the Internet. TechTarget may provide this

ormation to the owners of the document and either party may use this data to contact you and/or

ck your use of the document. In consideration of access to the attached document, you agree to such

rage and uses as more fully described in the TechTar et Privacy Policy.


2/20

A UNIFIED APPROACH TO GOVERNANCE, RISK, AND COMPLIANCE

General Mills uses SAP as the global platform for integrated transaction

processing and segregation of duties in ensuring Sarbanes-Oxley compliance

in the area of information systems. Software and business processes that

streamline and advance a companys risk management and compliance

capabilities are an important aspect of corporate governance. SAP tools

that deliver an integrated solution across the enterprise are an importantand welcome new advance in this important area.

Michael Carr, Director of Information Systems, General Mills Inc.

To access this document, please return to page 1 to complete the

orm.

By completing this form once, you will have access to all similar

documents without needing to register again.


3/20

. . . MAXIMIZES ENTERPRISE INTEGRITY AND VALUE

SAP solutions for governance, risk, and compliance (SAP solutions for GRC) form an integrated portfolio

of applications that embed and optimize all governance, risk, and compliance activities to overcome the

problems caused by business fragmentation and disjointed approaches to GRC management. SAP solu-

tions for GRC are powered by the SAP NetWeaver platform, which provides a common technical foun-

dation that integrates with mySAP Business Suite and third-party applications. As a result, SAP solutions

for GRC can leverage information within your existing business applications so you can evaluate risk and

apply controls directly within business processes. This results in greater transparency and predictability,

enabling you to improve GRC activities and overall enterprise performance.

SAP solutions for GRC work together to automate end-to-end GRC activities, including corporate

governance and oversight; risk management; control testing and remediation case management; user

access and authorization; global trade services; and environment, health, and safety management.

The solutions support the following business-critical functions: Central management of GRC information in a single system of record, including corporate policies,

regulations, compliance and control frameworks, business process flows, and risk and control libraries

Proactive identification, analysis, and monitoring to forecast and respond to potential threats

Automated controls to ensure appropriate user access and authorization

Monitoring of business processes to promote desired behaviors and maximize results

Streamlined management of global trade compliance and environment, health, and safety

requirements

SAPs holistic approach to governance, risk, and compliance provides you with a strategic business

weapon to protect brand and reputation, master uncertainty, optimize opportunity, and free resources

for innovation and growth.


orm.




4/20

BUSINESS FRAGMENTATION HINDERSINNOVATION AND GROWTH

KEY CHALLENGES

Much of the value creation and

innovation within companies takes

place as a consequence of the relation-

ships between people, processes, and

systems all of which may be frag-

mented across different organizations,functions, and geographies. Given the

complexity and uncertainty of todays

business environment, this fragmenta-

tion can hold your enterprise back in

a number of ways:

Organizational fragmentation

Organizational fragmentation caused

by disconnected, department-driven

GRC activities can result in incon-

sistent policies, difficulty predicting

risk, a lack of enterprise transpar-ency, and duplication of effort. As

you increase collaboration with

partners and suppliers, the conse-

quences of having no central body

coordinating GRC activities enter-

prise-wide intensify because most

legislation holds you accountable

for good governance and compliance

within your own organization,

as well as across your extended

enterprise.

System fragmentation

Most businesses lack GRC infor-

mation integrity because their

departments use different metrics,

standards, software, and methodol-

ogies for analyzing risk and com-pliance information. This makes it

difficult to aggregate data, gain a

complete view of enterprise risk,

effectively monitor compliance and

risk, and adjust business processes to

meet changing requirements, market

trends, and regulatory mandates.

Regional fragmentation

In most cases, policies and risks

are generally defined and measured

at the local level, without properconsideration for their impact on

the global, multinational, national,

or regional mandates with which

an organization must also comply.

Decision makers are often unaware

of the interdependencies between

mandates and the risks of non-

compliance in specific regions

and markets.

Internal GRC discipline

fragmentation

At the corporate level, as well as

the departmental or regional levels,

there is general uncertainty around

the meaning and scope of the

disciplines of governance, risk

management, and compliance

(see the sidebar). Most important,

your management team may not

recognize that these disciplines are

inextricably linked and interdepen-

dent, and as a result, must function

interdependently as part of an

integrated strategy.

Success requires that you align your

corporate strategy with effective

oversight and institutionalized policysetting, risk management, and business

process control; you can only accom-

plish this through a holistic approach

to governance, risk, and compliance

that unifies these areas of fragmenta-

tion. As a result, you can capture new

information about emerging threats

and opportunities and exploit them for

competitive advantage.

A Definition of Governance, Risk, and Compliance

Heres a simple way to think about GRC:

Governance manages the strategic directives a company

wants to follow.

Risk management assesses the areas of exposure and

potential impacts.

Compliance is the tactical action to mitigate risk.

SAP Snaps Up Virsa Systems to Enhance Compliance Story, AMR Research,

April 3, 2006.


orm.




5/20

. . . THAT DEMAND INNOVATIVE SOLUTIONS

Fragmented GRC activities may be the

status quo, but they are costing your

business more than you think. AMR

Research reports that compliance

spending will reach $27.3 billion in 2006.

And approximately two-thirds of the

cost is in people because fragmented

GRC efforts tend to result in people-

powered GRC ineff icient, manual

processes that are duplicated across

departments. Of even greater signifi-cance is the lost opportunity that

results from a tactical, fragmented

approach to managing GRC. Without

a comprehensive and cohesive GRC

strategy, you are deprived of a powerful

tool for effectively navigating todays

highly regulated business environ-

ments, as well as a critical driver of

revenue and competitive advantage.

The Way Forward

In the face of shifting industry condi-

tions, compliance mandates, and

governance requirements set forth

by executives and the board, you need

to take a broader, more structured

approach to managing governance,

risk, and compliance. Doing so allows

you to proactively identify inefficiencies

and errors, adopt a risk-based approach

toward embedding controls in business

processes, and continuously monitor

operations to optimize and guide futurepolicy. SAP solutions for governance,

risk, and compliance deliver applications

to help you achieve all of this and

more.

The High Cost of Point Solutions

Organizations that choose individual solutions for each regulatory challenge

they face will spend 10 times more on compliance projects than those that

leverage each implementation for multiple requirements (0.9 probability).

Gartner Symposium/ITxpo, Technologies for Compliance: Automating Your Way Out

of Confusion, French Caldwell, October 2005.


orm.




6/20

SAP: TURNING GRC INTOCOMPETITIVE ADVANTAGE

A HOLISTIC SOLUTION FOR GOVERNANCE, RISK, AND COMPLIANCE

SAP solutions for GRC deliver the

industrys first comprehensive, inte-

grated portfolio of applications that

embed and optimize all governance,

risk, and compliance activities to

overcome the problems of fragmenta-

tion across the enterprise. These solu-

tions give you the visibility needed to

stop simply reacting to business risks

and events and to improve business

predictability and performance.

Business Process

SAP Solutions for

Industry-Specific GRC

Business Process Platform

Business Applications

SAPNetWeaver

Cross-Industry GRC

GRC Repository: Documentation and Monitoring

Risk Management

Access Controls EnvironmentGlobal Trade Process Controls

Oracle

PeopleSoftSAP

Technology

Service

Figure 1: SAP Solutions for Governance, Risk, and Compliance

These solutions deliver world-class,

integrated applications that leverage

a common software platform and a

central GRC data repository. When

deployed together, these applications

form a holistic solution for GRC. And

because all the applications are inte-

grated, they can break down require-

ments and relationships across different

regulations and mandates. (See Figure 1.)

These applications reach deep into your

existing SAP and non-SAP software to

embed compliance functions across the

enterprise and beyond, giving you the

real-time visibility you need to ensure

compliance and maximize competitive

advantage.

The GRC RepositoryThe SAP GRC Repository application

centrally documents and stores records

for all governance, risk, and compli-

ance information. The repository

centrally manages all GRC content,

including frameworks, policies, pro-

cesses, risks, controls, test plans,

applications, systems, remediation

cases, and evidence. It ensures consis-

tent, effective, and efficient coverage of

regulatory frameworks, laws, andinternal company policies by providing

visibility into related requirements and

by cross-referencing organizational

policies and procedures with regulatory

requirements.

Content

Legacy


orm.




7/20

. . . ENABLES REAL-TIME TRANSPARENCY

The repository gives you a complete,

enterprise-wide view of all GRC

activities so you can analyze risk, makeinformed decisions, and take a risk-

based approach to satisfying multiple

company initiatives and regulatory

mandates. You can link risks and

controls to multiple security and

control frameworks such as the

Committee of Sponsoring Organiza-

tions (COSO) and Control Objectives

for Information and Related Technol-

ogies (COBIT) and to mandates like

the Sarbanes-Oxley Act and U.S. Food

and Drug Administration (FDA)

regulations. This ability enables you to

take advantage of opportunities thatyou might not have noticed before to

improve efficiency, optimize risk and

return portfolios, and ultimately,

increase business predictability and

shareholder value. By providing a

central repository that is reusable and

flexible, SAP solutions for GRC also

minimize duplicate GRC efforts so you

can optimize effectiveness and combat

complexity over the long run.

Simplifying Segregation of Duties

The transformative power of a central GRC Repository can be illustrated

best through example. Consider the necessity of ensuring proper segre-

gation of duties for such mandates as the Sarbanes-Oxley Act, FDA

regulations, and the Gramm-Leach-Bliley Act. SAP solutions for GRC

include access control applications that are integrated with the SAP GRC

Repository application. All of an organizations policies, initiatives, and

regulations that require proper segregation of duties (or, alternatively,

need appropriate definition and assignment of compensating controls)

are automatically documented within SAP GRC Repository, complete

with links to the appropriate access controls for automated monitoring.


orm.




8/20

MASTER UNCERTAINTY . . .


orm.




9/20

likelihood of impact, as well as monitor

GRC activities and time frames at the

most granular level information that

is automatically aggregated to create

higher-level views and risk networks.

All of these activities are monitored

through executive-level dashboards

and reports that provide you with

visibility into key risk metrics and

policy compliance. The software

provides role-based dashboards to

provide transparency to managers at all

levels of your organization from line

managers to business unit, country,

division, and regional managers, and

ultimately, to executive managementand the board.

. . . AND OPTIMIZE OPPORTUNITY

Enterprise Risk Management

Executives recognize that proper risk

management improves decision

making and creates value. But compa-

nies often tackle risk reactively within

departmental silos and overlook critical

interactions between risks. At the same

time, because risk management is often

regarded as a theoretical exercise with

no practical methodology, front-line

managers arent equipped to properly

analyze risk-reward trade-offs and carry

out appropriate responses that are

backed by quantitative metrics.

The SAP GRC Risk Management

application addresses these issues by

enabling you to implement proactive,

collaborative processes to balanceopportunities with financial, legal, and

operational risks at all levels of the

enterprise. The software provides a

best-practice framework for enterprise

risk identification, collaborative risk

analysis, predefined risk responses, and

continuous risk monitoring and

reporting so that you can effectively

anticipate and respond to changing

business conditions. Key risk indicators

enable you to monitor the overall riskportfolio and to alert management

immediately when high-impact and

high-probability risks exceed company-

specific thresholds. Managers can

analyze risks in terms of severity and

A conservative estimate is thatorganizations are missing out on billions

of dollars in potential savings annually

through inefficient risk management

practices.

Source: Aberdeen Group, 2006


orm.




10/20

CONTINUOUSLY IMPROVE CONTROLS

Business Process Control

The SAP GRC Process Control appli-

cation applies a risk-based approach to

setting up your control environment

and identifying the most effective and

efficient controls needed to achieve

compliance. The application integrates

directly with control documentation in

SAP GRC Repository, enabling you to

centralize control management and to

eliminate the need to integrate separate

tools for documentation, testing,

remediation, and control monitoring.

Upon completion of control documen-

tation, you can choose to implement

controls for key risks with a combina-

tion of automated controls monitor-

ing, manual controls tests, or self-

assessments. This powerful com-

bination works together to help you

establish controls that promote desired

employee behavior and optimize busi-

ness processes, as well as ensure that

your organization meets compliance

mandates on time and in a cost-

effective manner.

SAP GRC Process Control allows

you to monitor hundreds of critical

procure-to-pay, order-to-cash, and

reconcile-to-report configurations and

transactions, as well as IT controls. You

can deploy a single automated control

test for multiple combinations of

criteria, reducing the amount of set up

and ongoing maintenance required.

The software also automatically routes

manual control tests to the appropriate

personnel for timely performance

and guides testers with step-by-step

procedures and approved templates

to minimize errors. In addition, f lexible

survey creation functionality allows

you to perform self-assessments for

entity-level controls, as well as for

management sign-off.

SAP GRC Process Control pinpoints

risks of control violations through a

global heat map, making it easy for

executives and auditors to prioritize

corrective action and avoid the devel-

opment of material weaknesses in the

control environment. The software

automatically creates remediation

cases for each control exception,

immediately alerting control ownersand managers so that they can quickly

take action to address risk. To prevent

future risk from entering production

environments, you can use SAP GRC

Process Control to perform real-time

what-if analyses that simulate the

impact of application control changes

before changes are put into effect.


orm.




11/20

DELIVER AS PROMISED

Global Trade Services

The SAP Global Trade Services (SAP

GTS) application helps you master the

manifold challenges of internationaltrade. You can automate and stream-

line complex import and export pro-

cesses, ensure regulatory compliance,

expedite customs clearance, mitigate

the financial risk of global transactions,

and take full advantage of international

trade agreements.

With SAP GTS, you can manage and

standardize trade compliance processes

throughout your organization. The

software automatically screens businesspartners against official sanctioned-

party lists, checks for embargo restric-

tions, and manages export and import

licenses. SAP GTS expedites customs

processes by facilitating interactions

between your enterprise and customs

agencies, driving the efficient move-

ment of goods and information across

international borders. SAP GTS also

lets you tap into the opportunities

Globalization is not an emerging trend; its a business reality. Whats changed is the increased

level of complexity and risk associated with moving goods across borders, especially after the

9/11 terrorist attacks. Technology is the key enabler of any global trade management strategy,

and companies must take a broader perspective and view their entire enterprise software platform

as a global trade management solution.

Adrian Gonzalez, Director, Logistics Executive Council, ARC Advisory Group

available through trade agreements,

such as the North American Free Trade

Agreement (NAFTA) and those of the

European Union, and automates andstreamlines all aspects of restitution

management to ensure more efficient

export refund processing and less risk

of forfeiting securities. The Unicode-

enabled software provides a single,

central solution for all of your global

trade requirements no matter

where you do business.


orm.




12/20

accordance with laws and regulations.The softwares central database makes

it easy to manage product safety speci-

fications, hazardous substance inven-

tories, and dangerous goods for safe

handling, tracking, document manage-

ment, and risk calculation. You can

also create hazardous waste permits

and ensure that authorized waste

quantities are not exceeded by selecting

suitable disposal firms and by allocating

disposal costs among internal depart-ments. SAP EH&S also supports the full

range of industrial hygiene and safety

processes, centrally managing core

tasks, such as risk assessments, expo-

sure logs, incident management,

exposure profiles, and safety manage-

ment of specific work areas.

SAP xApp Emissions Management

The SAP xApp Emissions Management(SAP xEM) composite application,

which was jointly developed by SAP

and its special expertise partner

TechniData, helps you improve

manufacturing productivity by

Environment, Health, and Safety

SAP solutions for GRC include applications that help you efficiently manage your

business while ensuring compliance with complex environmental, health, and

safety processes and regulations, such as Restriction of Hazardous Substances (ROHS),

Waste from Electronics and Electronic Equipment (WEEE), the Health and Safety

at Work Act, and regulations around emissions trading schemes.

PROTECT BRAND AND REPUTATION

SAP Environment, Health & SafetyThe SAP Environment, Health & Safety

(SAP EH&S) application streamlines all

activities necessary to implement EH&S

processes safely, effectively, and in


orm.




13/20

aligning business processes with

required environmental regulations

worldwide. The software also allows

you to reap the financial benefits of

the emissions trading markets because

it determines and documents emission

credits and communicates emissions

credits with emission trading plat-

forms. SAP xEM tracks, analyzes, and

records emission data. Integration with

plant and equipment maintenance

systems supports equipment calibra-

tion and maintenance tasks; sophisti-

cated tools calculate emissions (such

as greenhouse gases) that cant be

measured directly. When a reference

value exceeds normal plant values for

operations, automatic notifications

are fired off to determine the impactand trigger changes necessary to

correct operations. The extensive

reporting functionality in SAP xEM

fulfills legal requirements for docu-

mentation and reporting to regulatory

authorities.

SAP Solution for Product Compliance

Compliance for Products is a solution for

environmental product compliance that

was developed on the SAP NetWeaver

platform by TechniData. The software

collects, organizes, analyzes, and

evaluates data about various products,

factories, suppliers, countries, and

customers information needed to

provide proof of compliance with

environmental directives that regulate

the development, manufacture,

distribution, disposal, or recyclingof products.

The software documents product

content and regulatory or sector-

specific substances lists, integrates

compliances checks and analyses with

central business processes, and auto-

mates communications with customers

and suppliers. For example, when a

product is being checked for compli-

ance with the ROHS directive, the

solution verifies that all the necessary

information, such as the lead content

of a supplied part, is in place. If this data

has not been provided, the solution

automatically requests the suppliers

manufacturing department to disclose

the exact lead weight percentage of the

product and notifies the user when the

supplier has provided the data.

. . . AND SAFEGUARD STAKEHOLDERS


orm.




14/20

ENABLE COLLABORATION

Access Control

Proper segregation of duties (SOD) and

access control over sensitive transac-

tions is one of the most effective safe-

guards against fraud and a prerequisite

for sound corporate oversight. It is also

one of the most difficult controls to

effectively deploy and sustain given the

thousands of users, roles, and processes

that all require access and authoriza-tion evaluation, testing, and remedia-

tion. The immense task of managing

proper user and role access can only be

accomplished when business process

owners (who can determine appropri-

ate access in business terms) and IT

experts (who can define the underlying

technical objects that make up business

functions) work together. The problem

is that communication between the

two groups is typically disjointed and

unsuccessful because there is no bridgelinking business language with IT

capabilities.


orm.




15/20

SAP solutions for GRC closes this gap

with a comprehensive set of access

control applications that enable all

corporate compliance stakeholders

including business managers, auditors,

and IT security managers to collab-

oratively manage proper SOD enforce-

ment. The applications include the

following:

Virsa Compliance Calibrator: The

Virsa Compliance Calibrator applica-

tion supports real-time compliance

by stopping security and controls

violations before they occur. With the

most comprehensive library of SOD

rules available for enterprise appli-

cations, such as SAP, Oracle, and

PeopleSoft, the application makes it

easy for business process owners toselect rules applicable to your

organization.

Virsa Role Expert: The Virsa Role

Expert application centralizes and

standardizes enterprise role manage-

ment, eliminating manual errors and

enforcing best practices. The appli-

cation empowers business managers

to define functional roles, as well as

IT managers to define the associated

technical permissions.Virsa FireFighter for SAP: The

Virsa FireFighter application for SAP

enables your super users to perform

emergency activities outside the

parameters of their normal role, but

to do so within a controlled, fully

auditable environment. The appli-

cation assigns a temporary ID that

grants the super user broad, yet

regulated access and tracks and

logs every activity the super user

performs using that temporary ID.

Virsa Access Enforcer: The Virsa

Access Enforcer application supports

fully compliant user provisioning

throughout the employee life cycle.

Leveraging the applications dynamic

workflow functions, you can

automate even the most complex

approval processes, as well as preventrisks from entering production

environments by performing real-

time analysis on proposed user

access.

Partnering for Success

Recognizing the importance of external

collaboration for innovation, SAP is

committed to establishing a robust

GRC ecosystem that includes recog-

nized domain experts and thought

leaders in diverse fields, including, but

not limited to, audit, management, and

risk consultancies; key software and

technology partners; and information

and content partners. Key software and

technology partners integrate applica-

tions through the SAP NetWeaver

platform to provide much needed

transparency over the extended GRCecosystem. In addition, professional

services partners support the GRC

ecosystem by delivering deep intellec-

tual capital and by bringing decades

of proven best-practice content and

methodologies.

Virsa [software] allowed us to significantly reduce

the amount of time to document and test the

effectiveness of our compliance with segregation

of duties requirement in SAP [software].

Jayne Gibbon, Internal Audit Manager, Kimberly-Clark Corporation

. . . AND PARTNER FOR SUCCESS


orm.




16/20

SIGNIFICANT RETURN ON INVESTMENT

By embarking on an integrated strategy

and employing a comprehensive GRC

solution, you can proactively achieve

significant returns on your investment.

Consider the following:

Customers who have used the access

controls applications have reported

a 25% savings in audit costs, a 28%

reduction in the cost of managing

user authorization risk, and a 32%

savings in time spent on managing

user authorization risk.

Typical user and role approval

processes are reduced from two

weeks to two days. Customers can automate nearly 100%

of their export processes, enabling

them to reduce headcount and

redeploy employees on more

strategic activities.

Customers can ensure that they

do not deal with sanctioned parties

in millions of trade compliance

screenings per month.

A WEALTH OF BENEFITS

Here are some of the ways that your

business can benefit from SAP solutions

for GRC:

Free resources for innovation and

growth

Integrate GRC applications to

simplify GRC tasks and reduce total

cost of ownership

Shift from manual, resource-

intensive control activities to

embedded and automated control

processes

Rationalize and reuse corporate

controls and risk responses to reduce

effort and increase productivity

Manage by exception with actionable

dashboards and key performance

indicators, threshold-based alerts,and automated escalation

procedures

Protect brand and reputation

Identify and resolve potential points

of failure by continuously monitor-

ing control activities across the

enterprise

Prevent issues and weaknesses using

mandatory risk analysis for critical

processes Ensure compliance with global

import and export regulations

Improve transparency with threshold-

based global dashboards that aggre-

gate financial exposure to control

deficiency risks

Prevent brand erosion from environ-

mental, health, and safety catastro-

phes by automatically classifying

and tracking hazardous substances


orm.




17/20

Safeguarding Your Success

SAP solutions for GRC are delivered

by SAPs experienced and knowledge-able professional services team who

can help you realize the full value of

your investment. Leveraging SAP

experts, methodologies, tools, and

certified partners, our professional

services teams can accelerate imple-

mentations, meet deadlines, transfer

knowledge, and enable long-term

success, no matter how large or how

complex the project. Equally important,you are assured that no factors are

overlooked that might jeopardize the

achievement of your goals. And once

your solution is in place, our compre-

hensive, customized training programs

make it easy to ramp up employees

and ensure successful adoption across

your enterprise.

FREE RESOURCES FOR INNOVATION AND GROWTH

Master uncertainty and optimize

opportunity

Analyze risk exposure and trends tooptimize risk-return portfolio

Optimize capital allocation based on

insight into enterprise risk position

Implement effective controls to

promote desired behavior and

improve results of business processes

Identify and exploit opportunities in

international trade preference

agreements


orm.




18/20

SUPPORT FOR KEY BUSINESS PROCESSES

GOVERN. ASSESS. RESPOND. MONITOR. OPTIMIZE.

Activity Benefits

Governance Enable strong alignment between strategic objectives, r isk management, and complianceactivities to create stakeholder value

Minimize fragmentation of GRC information Reduce redundant efforts and resources spent on multiple GRC requirements Provide a foundation for risk-return portfolio optimization, business performance optimization,

business control, transparency, and predictability

Risk management Improve managements ability to achieve strategic objectives Understand key risks that organization faces to ensure that a comprehensive strategy is in place

to manage risks in the best manner Gain new insights for decision making and capital allocation across various risk classes

(for example, insurance, operational, external, and financial) Reduce the probability of default, credit downgrade, or serious financial loss

Business process control Strengthen managements confidence that business controls are well designed and operatingeffectively

Boost employee morale by focusing skilled resources on activities that require expertise andjudgment

Reduce cost and increase assurance by shifting from point-in-time testing to continuous controlsmonitoring

Evaluate and prioritize response to highest impact control violation risk

Global trade services Ensure vigilant trade compliance and help facilitate tighter national security Streamline electronic communications with customs authorities Mitigate the financial risk of global trade through automated handling of payment guarantees

Maximize opportunities offered by trade preference agreements

Environment, health, and safetymanagement

Deploy global EH&S processes while adapting them to practices in individual circumstances andgeographies

Ensure safe handling and tracking of hazardous substances, dangerous goods, and wasteproducts

Deliver full-scale health management to provide for employee health and well-being Ensure the compliance of individual products with ROHS, WEEE, and End of Life Vehicle (ELV)

regulations Improve manufacturing productivity by aligning business processes with the fulfillment of

environmental regulations for emissions management

Access and authorization control Enable all corporate compliance stakeholders to collaboratively manage proper segregation ofduties enforcement

Detect and resolve in real time segregation of duties and user authorization control violations Ensure efficient and compliant provisioning of user access throughout the entire employee life

cycleAllow super users privileged but controlled access to quickly address emergency requirements

or help mitigate situations where segregation of duties cant be accomplished


orm.




19/20

THE RIGHT CHOICE

A SOLID FOUNDATION FOR GRC

SAP solutions for GRC are the right choice for your business. A large number of

customers in a variety of industries including some of the worlds best-known

brands are already reaping the benefits of an integrated, comprehensive GRC

solution. To find out more, visit www.sap.com/grc.


orm.




20/20

www.sap.com/contactsap

50 081 153 (06/09)

2006 by SAP AG. All rights reserved. SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several othercountries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. Printed on environmentally friendly paper.


orm.



Documents

SAP Solutions for Governance-Risk-Compliance