Improve Internal Controls with Governance, Risk, and Compliance Solutions

Transcription

1 Improve Internal Controls with Governance, Risk, and Compliance Solutions Jay Castleberry Director, Technology Delivery & Maintenance 0

2 (SCE) Company Overview One of the largest electric utilities in North America More than 14 million customers More than 17,000 employees Major organizational units: Transmission & Distribution, Nuclear Generation, Supply Chain Operations, Customer Service, Information Technology SAP landscape HCM, FICO, OS, EAM, SRM, CRM, SUS, BW, GRC, etc. 1

3 Governance, Risk, and Compliance (GRC*) Drivers Overarching standards, processes, and priorities Business Drivers Integrate Compliance Realize operational efficiencies Enhance executive visibility Leverage best practices Opportunities Provide reasonable assurance Promote compliance excellence and personal responsibility Ensure clear line of sight Leverage best practices across the company * In this context, 'GRC' does not refer to 'General Rate Case' 2

4 Leveraging Existing SAP GRC Investment Strategic, long-term investment in SAP s GRC technology Expand Baseline Install SAP Access Control 5.2 and SAP Process Control 2.5 Build Enhance and Build onto Existing Baseline Functionality Upgrade Migrate Existing Functionality to version 10.0 & Leverage Inherent Enhancements Implement SAP Risk Management 10.0 and Enable Integrated Capabilities 3

5 Stakeholder Value GRC Maturity at SCE Past, Current, and Desired Future State Stages of GRC Capability Maturity at SCE SOX Compliance IT Compliance NERC CIP GRC 10.0 Upgrade, ERM and ECMS Access, EH&S, HR, etc 4

6 GRC Maturity at SCE SOX Compliance SOX Compliance 2009 Benefits Automated segregation of duties (SoD) Continuous controls monitoring Workflow automation Single system of record 5

7 GRC Maturity at SCE IT Compliance IT Compliance and NERC CIP Benefits Enabled monitoring Enabled automation Leveraged workflow Qualifications Revocations Access List 6

8 GRC Maturity at SCE Enterprise Compliance Benefits Catalog Workflow / Controls automation Policy management Increased performance and robustness Ease of use Business role management GRC 10.0 Upgrade and ECMS

9 GRC Maturity at SCE Risk Management Benefits Ability to quickly survey Focus on most relevant key risks Automation of workflow and data approval Systematic sign-off of enterprise risk data Version control Addition of SAP Risk Management 2012 Customizable reporting 8

10 Stakeholder Value GRC Maturity at SCE Past, Current, and Desired Future State SOX Compliance IT Compliance NERC CIP GRC 10.0 Upgrade, ERM and ECMS Access, EH&S, HR, etc Continue to broaden use of v10.0 to other areas of compliance and enable linkage of data elements Enterprise Wide Identity Access Management 9

11 SCE s Vision for 2013 and Beyond Moving to the Risk-Intelligent Maturity State Expand continuous control monitoring Increase visibility to further compliance areas Enable linkage between data elements Replace additional legacy compliance systems Expand and integrate enterprise wide identity access management capabilities with GRC 10

12 Lessons Learned Ensure adequate level of executive sponsorship Look for value beyond compliance Define a roadmap for execution Start communication early Involve subject matter experts (SMEs) Leverage existing assets and investments Use a common methodology to continuously assess risk Develop a platform for current and future requirements 11

13 Thank You for Attending Jay Castleberry 12