Achieving effective risk management and continuous compliance with Deloitte and SAP

Similar documents
CFOs in a new global environment Sandy Cockrell, Deloitte

The Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory

Cybersecurity and the role of internal audit An urgent call to action

Oracle Buys Automated Applications Controls Leader LogicalApps

OVERVIEW BROCHURE GRC. When you have to be right

Pave the way: Build a value driven SAP GRC roadmap March 2015

Financial institutions in the new regulatory environment. Giam Ei Leen, Southeast Asia Risk & Regulatory Advisory Leader, Deloitte Southeast Asia

Digital Directors: The board s role in the cyber world. Thio Tse Gan, Southeast Asia Leader - Cyber Security

Symantec Data Center Transformation

Multi-factor authentication enrollment guide for Deloitte client or business partner user

Improve Internal Controls with Governance, Risk, and Compliance Solutions

#DeloitteInnovation: In-Time How efficiently do you use your SAP HANA?

Accelerate Your Enterprise Private Cloud Initiative

Customer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach

Risk Advisory Academy Training Brochure

Better together. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations. kpmg.com

MFA Enrollment Guide. Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment

Adopting SSAE 18 for SOC 1 reports

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Protection of clients information in the age of IT ECBA Spring Conference Prague 2017 Jan Balatka, Analytic & Forensic Technology

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

Cyber Risk Services Going beyond limits

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Spread your wings Professional qualifications and development at Deloitte. What impact will you make? careers.deloitte.com

Deloitte Discovery Caribbean & Bermuda Countries Guide

Real estate predictions 2017 What changes lie ahead?

Heading Text. Manage your Organization s Governance, Risks, and Compliance Requirements and Transform your Business Potential with SAP GRC

#DeloitteInnovation: In-Time Uncover the Potential of SAP HANA

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Cyber Security is it a boardroom issue?

Achieving third-party reporting proficiency with SOC 2+

SAP Security Remediation: Three Steps for Success Using SAP GRC

The New Healthcare Economy is rising up

INTELLIGENCE DRIVEN GRC FOR SECURITY

ISO 27001:2013 certification

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Are we breached? Deloitte's Cyber Threat Hunting

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Bharath Chari Cyber Risk Sr. Manager, Deloitte & Touche LLP

Vulnerability Management. June Risk Advisory

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)

GDPR: A QUICK OVERVIEW

Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow

KYAUK PHYU SPECIAL ECONOMIC ZONE DEVELOPMENT. Kyauk Phyu, Rakhine State, MYANMAR

Cyber Espionage A proactive approach to cyber security

SAP Security Remediation: Three Steps for Success Using SAP GRC

Turning Risk into Advantage

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

DATACENTER SERVICES DATACENTER

Emerging Technologies The risks they pose to your organisations

IT Consulting and Implementation Services

The Value of Force.com as a GRC Platform

ISO/ IEC (ITSM) Certification Roadmap

Jane s Defence Industry & Markets Intelligence Centre. Develop Advantage. Mitigate Risk. Capture Opportunity.

Saving Time Amanda McPherson, CCBIA Vice President/Internal Audit Manager Colorado East Bank & Trust

MetricStream GRC Summit 2013: Case Study

From Dabbling to Doing The Age of the Intuitive Enterprise

How to get the Enterprise to Understand the Value of Security

Introduction. When it comes to GDPR compliance, is OK for now enough? Minds made for protecting financial services

Navigating the Clouds Fortifying ITIL for Cloud Governance

IT Audit Process. Prof. Mike Romeu. January 30, IT Audit Process. Prof. Mike Romeu

DECLOUT S 1H 2014 REVENUE UP 65% TO $45.6 MILLION ON STRONG PERFORMANCE BY IT INFRASTRUCTURE SERVICES SEGMENT

Optimisation drives digital transformation

Effective COBIT Learning Solutions Information package Corporate customers

How Secure is Blockchain? June 6 th, 2017

Cyber security: everybody s imperative. A guide for the C-suite and boards on guarding against cyber risks

CipherCloud CASB+ Connector for ServiceNow

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan

THE MADRID PROTOCOL. A single trademark registration supports regional economic integration. A Case Study

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response

GDPR Privacy Webinar. Prioritizing Your Path towards GDPR Compliance Annika Sponselee and Nicole Vreeman 28 February 2018

BHConsulting. Your trusted cybersecurity partner

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Deloitte Forensic Caribbean & Bermuda Countries Guide

A Framework for Managing Crime and Fraud

Association for International PMOs. Expert. Practitioner. Foundation PMO. Learning.

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

EY Consulting. Is your strategy planning for the future or creating it? #TransformativeAge

The Integrated Auditor: Becoming the Go-to Resource Your Company Needs APRIL 24, 2018

IT123: SABSA Foundation Training

ZICO HOLDINGS INC. TO ACQUIRE SHARE REGISTRAR, B.A.C.S. PRIVATE LIMITED, FOR S$8.6 MILLION

ISAE 3402 and SSAE 16 (replacing SAS 70) Reinforcing confidence through demonstration of effective controls

Cybersecurity Fortification Initiative (CFI) infrastructure whitepaper

VMware Cloud Operations Management Technology Consulting Services

Law & Policy Meets Data in the Cloud: Data Sovereignty Across Asia. Bernie Trudel Chairman, Asia Cloud Computing Association

Smart Data Center Solutions

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

The value of visibility. Cybersecurity risk management examination

Risk Based IT Auditing Master Class. Unlocking your World to a Sea of Opportunities

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

locuz.com SOC Services

2 The IBM Data Governance Unified Process

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

CIPP/E CIPT. Data Protection Technologist (DPT) Training Bundle Official IAPP Training and Certification

Creating your own payment card Joost Kremers MSc CEH

Transcription:

Achieving effective risk management and continuous compliance with Deloitte and SAP

2

Deloitte and SAP: collaborating to make GRC work for you Meeting Governance, Risk and Compliance (GRC) requirements is proving to be a very costly, time-consuming and material distraction from the core business activities of most organizations. Despite the cost, it is typically not providing the necessary information for senior management to be entirely comfortable with the compliance status of their business. Deloitte can help you establish your GRC needs and align your information and processes to meet those needs in a transparent fashion. Building upon your existing technology and processes, our proven methods can deliver cost effective approaches that provide the right information at the right time, taking advantage of new technologies where appropriate. Core to the strategy is the provision of a GRC roadmap and methodology and control frameworks that allow business risks and compliance requirements to be swiftly identified and addressed. These risks and requirements are then managed and monitored with an automated, modular suite of solutions that can be integrated into supporting governance and risk management technologies. SAP has a GRC vision which is enabled through a set of technology solutions that will support you when implemented as part of your GRC strategy. The solutions leverage additional benefits from existing technology investments by aligning your systems with GRC requirements, thus enhancing the quality of information available to senior management. Deloitte s GRC roadmap, methodology and control frameworks can be customized and built in these automated solutions to maintain the integrity of the business processes. By highlighting and recording changes which affect the control environment, risk exposure and control weaknesses can be reduced and the daily GRC burden removed from individuals, allowing them to focus on other value-added tasks and addressing compliance requirements. By working in partnership, Deloitte and SAP offer you strategic direction, the IT platform, a proven controls framework and the delivery roadmap to get you there. Our approach, enabled by the SAP GRC Suite, provides a top-down risk and compliance-based methodology which can be practically applied to your business. Deloitte has consistently been a leader in providing GRC roadmap, methodology and control frameworks that allow business risks and compliance requirements to be swiftly identified and addressed. These GRC activities and processes are then implemented, managed and monitored in an automated and integrated modular technology solution - SAP GRC. 3

The GRC Maturity Model Nothing Spreadsheet-Based Automation of Controls Sustained Compliance True Vision Lack of Visibility Lack of Cohesion Reactive and non-integrated approaches to managing the business Redundancy Approach not driven by risk Redundant Controls Manual business and IT processes and controls Inefficient and labour intensive testing Reactive approach to managing control issues Application-based business and IT process controls Efficient testing and operation of controls Automated testing capabilities User access and segregation of duties controls Rationalised controls Efficient operation of controls Proactive approach to control issues Demonstrated effectiveness of controls Sustainable compliance processes ROI/Business value Embedded governance Efficient and flexible operation of controls True corporate responsibility Increased stakeholder confidence Risk mitigation and analytics Improved business performance and sustainability Confusion Manual Automated Monitoring Benefit Benefits of GRC Accommodates key regulatory and governance requirements as well as business-related risks Facilitates business process optimisation through the use of risk intelligence for better decision-making Reduces cost of compliance through the automation of control activities Identifies, manages and reports on risks and opportunities resulting from changes to your business Provides a comprehensive product for process control ownership and documented testing Increases stakeholder confidence and market trust Case studies Large Electric Utility Company Large Multinational Bank Global Manufacturer Deloitte GRC services delivered to the client included automation of IT governance controls testing, control assessment and certification processes for SOX using workflow driven process, as well as an automated solution for access revocation and notification process for NERC CIP Regulation. In addition, SAP GRC is being leveraged as a customized centralized enterprise solution for multiregulatory compliance (SOX, FERC, NERC and HR, etc.). Deloitte also implemented SAP GRC Access Control 10.0. Deloitte GRC services delivered to this client focused on control framework optimization via the implementation of automated control monitoring rules and increased transparency and visibility of risk mitigation and remediation activities via workflow. Services provided also included the creation of a common scalable risk management platform to document, monitor, test and report on control effectiveness using a risk analysis rule set created by the Deloitte team. Deloitte has designed a GRC framework and implemented SAP GRC PC 10.1 and upgraded AC v5.3 to 10.1. This includes automated control monitoring and integration between the AC and PC components. The global roll-out occurred in June 2012. 4

Deloitte is unique in the GRC marketplace because it offers comprehensive advisory services in GRC approach and framework, and also integrates them into a more automated and strategic technology solution. 5

Deloitte s GRC vision GRC operation and management Business process owner Internal auditor Compliance officer IT governance officer Plan Assess Monitor Response Optimise Deep SAP GRC implementation technical skills GRC technology enablement Access Control GRC Repository Process Control Governance strategy and content integration Control automation and workflow automation A robust GRC methodology and Deloitte control framework GRC foundation setup Organization Business Process Risks Finance AP Risk A Deloitte Control Framwork Control 001 Compliance Requirement Requirement 1 Policy/Regulation IT Governance Vietnam GL Control 002 Requirement 2.1 Procurement Risk B AR Control 003 Requirement 2.2 Accountability Risk Management Compliance Management SOX SAP GRC The SAP GRC incorporates a growing number of governance, risk and compliance components, supported and integrated by the SAP GRC foundation layer. Current solutions operating effectively in the SAP marketplace include: GRC Access Control Mature SAP users recognise that implementing SAP security is a complex business and risk management topic. Deloitte is Access Control Framework and SAP Access Management practice can be implemented in this module, which will ensure the risk, such as excessive access, segregation of duties and sensitive access risks are remediated or mitigated, and also ensure continuous compliance in SAP user provisioning, role maintenance and emergency access management. GRC Process Control A tougher financial audit climate and a greater need for regulatory compliance have increased the demands on management. Deloitte s Process Control Framework can be implemented in this module. It enables Deloitte s knowledge in SAP transaction and master data monitoring controls, configuration controls and manual process controls, across majority business processes in your organization. It will identify the risks associated with daily operations and to define and monitor controls that mitigate these risks. These controls are reliable, effective and auditable. Deloitte and SAP are able to deliver a solution that can be used to implement or improve controls to address key risks with automated monitoring, alerting and accelerated remediation. This will enable the business to monitor critical processes, ensure compliance with industry and government regulations and report to the board of directors. Deloitte GRC Services Deloitte has consistently been a leader in Governance, Risk and Compliance, an area where selecting a strategic partner who has a deep understanding of the issues is essential. To achieve effective risk management and continuous compliance, Deloitte can help create a GRC vision that is sustainable through: A long term GRC roadmap We have developed a long term strategic roadmap which has identified key stages of delivery while also providing the opportunity for companies to take a staged approach. A robust GRC methodology and Deloitte control framework Deloitte utilizes a proven methodology in establishing the GRC environment that links your organizations, business processes, risks, regulations and compliance requirements to a comprehensive SAP control framework. This Deloitte control framework is customized to fit your business needs based on the Deloitte-SAP Control Best Practice. Deep SAP GRC implementation technical skills Deloitte has one of the largest global SAP practices. We have a strong track record of SAP GRC implementation, SAP control assurance and risk consulting. By implementing SAP GRC, Deloitte will enable the GRC methodology and SAP control framework developed for your business to automate, manage and continuously monitor your risk management and compliance activities. Strategic Partnership with SAP Deloitte has a strategic relationship with SAP to deliver GRC solutions to the market. 6

Contacts To find out more, contact: Philip Chong Executive Director +65 6216 3113 pchong@deloitte.com Tang Ke Director +65 6216 3231 tke@deloitte.com Annie Lim Director +65 6216 3334 anlim@deloitte.com 7

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. Please see www.deloitte.com/sg/about to learn more about our global network of member firms. Deloitte provides audit & assurance, consulting, financial advisory, risk advisory, tax & legal and related services to public and private clients spanning multiple industries. Deloitte serves four out of five Fortune Global 500 companies through a globally connected network of member firms in more than 150 countries and territories bringing world-class capabilities, insights, and high-quality service to address clients most complex business challenges. To learn more about how Deloitte s approximately 264,000 professionals make an impact that matters, please connect with us on Facebook, LinkedIn, or Twitter. About Deloitte Southeast Asia Deloitte Southeast Asia Ltd a member firm of Deloitte Touche Tohmatsu Limited comprising Deloitte practices operating in Brunei, Cambodia, Guam, Indonesia, Lao PDR, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam was established to deliver measurable value to the particular demands of increasingly intra-regional and fast growing companies and enterprises. Comprising approximately 330 partners and 8,000 professionals in 25 office locations, the subsidiaries and affiliates of Deloitte Southeast Asia Ltd combine their technical expertise and deep industry knowledge to deliver consistent high quality services to companies in the region. All services are provided through the individual country practices, their subsidiaries and affiliates which are separate and independent legal entities. About Deloitte Singapore In Singapore, services are provided by Deloitte & Touche LLP and its subsidiaries and affiliates. 2018 Deloitte & Touche Enterprise Risk Services Pte Ltd

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback