Integrating SAP GRC RM, PC and AC: An end-to-end solution Antoine Wüthrich, PwC March 14th, 2013
Agenda Partner The Need to Optimize Value Proposition of an integrated SAP GRC (AC, PC and RM) Summary 2011 SAP AG. All rights reserved. 2
What you should know about PwC What we do PwC is the leading professional services firm for : Who are our clients Most of the companies running SAP in Switzerland. Audit services Advisory services Tax consulting We have around 120 SAP experts in Switzerland and 2 300 worldwide. Neuchâtel Lausanne Genève Bâle Aarau Zurich Winterthur Saint-Gall Lucerne Zug Berne Thoune Coire Sion Lugano 3 2011 SAP AG. All rights reserved. 3
Agenda Partner The Need to Optimize Value Proposition of an integrated SAP GRC (AC, PC and RM) Summary 2011 SAP AG. All rights reserved. 4
What is SAP GRC (Governance, Risk & Compliance) Access control Who can do or see what in SAP? AC PC Process control Who did what in SAP and KPIs. Risk Management What are our risks and how are they addressed? RM GTS Global trade Are we custom & trade compliant and efficient? 5 2011 SAP AG. All rights reserved. 5
What is SAP GRC (Governance, Risk & Compliance) Risk Management Formal integration of risk management with strategy Repeatable framework to analyze and mitigate risk Continuously monitor key risk indicators across strategic objectives RM Access Control Segregation of duties Fraud, safeguard of assets User access management Compliance AC Process Control Automated control and transaction monitoring to evaluate compliance effectiveness and business process acceptability Configuration Master Data PC Business transactions 2011 SAP AG. All rights reserved. 6
What are the key SAP GRC trends AC PC RM Source: PwC SAP GRC Survey 2012 7 2011 SAP AG. All rights reserved. 7
Why companies are using SAP GRC Access controls? Reduce access risk and fraud Reduce the cost of access management Reduce the cost of ongoing compliance activities Automatically detect and remediate access risk violations Streamline requests for multiple systems and embed preventative compliance checks Automate compliance reviews of segregation of duties, critical access, and superuser privileges RM AC PC Source: adapted from SAP 8 2011 SAP AG. All rights reserved. 8
Agenda Partner The Need to Optimize Value Proposition of an integrated SAP GRC (AC, PC and RM) Summary 2011 SAP AG. All rights reserved. 9
Value proposition: Integrating Process & Access Control in GRC 10 Substantial benefits in visibility, cost, and quality. Benefits include: 1. Continuously monitoring of data, configuration and transactions 2. Rationalizing the number of controls 3. Centralizing compliance management functions 4. Enabling sharing of risks and compliance data functions 5. Increasing accountability for controls 6. Creating a clear path to remediation for all control failures 7. Standardizing issue management practices 10 2011 SAP AG. All rights reserved. 10
Value proposition: Integrating Process & Access Control in GRC 10 How to create value beyond compliance KPI monitoring Financial Operational Tax For example: Tax ruling checker Cash finder Closing process Data loss prevention System usage Indication of risk and control issues Improved process compliance and standardisation Enable benchmarking across business units Identify training needs Increase SAP ROI Improved management information Transparency of user behaviour and impact on process efficiency Quantify usage over time ensuring benefits are maintained Identification of data integrity issues Identify SAP functionality not being used 2011 SAP AG. All rights reserved. 11
When do companies implement SAP GRC When specific risks arise: AC RM PC GTS SAP implementation / optimization SAP global roll-out SAP outsourcing SAP shared service SAP competency center SAP security redesign SSO / IdM project Cost pressure on compliance After a fraud / compliance issue Sensitive data stolen New governance rules 12 2011 SAP AG. All rights reserved. 12
Key points to take home More and more companies are now using SAP GRC 10.0 Integrating SAP GRC 10.0 AC, PC and RM brings untapped potential to improve the efficiency of your compliance process SAP GRC bring value to your company (NOT just compliance) You should expect a positive return on investment when implementing SAP GRC PwC can help! 2011 SAP AG. All rights reserved. 13
Thank You! Contact information: Antoine Wüthrich Senior Manager Av. CF Ramuz 45, 1000 Lausanne Antoine.wuthrich@ch.pwc.com