Embed Size (px)
DESCRIPTION
GGoovveerrnnaannccee R Risiskk a anndd C Coommpplilaianncce
Citation preview
SAP GRC Overview
Paul PessuttiDirector, Strategic ApplicationsSAP GRC
SAP AG 2006, GRC Update
Managing Risk Is Everyone’s Job
Supply Chain Customers & Channel
Human ResourcesEmployee safetycompliance
FinanceComplex, internationalcompliance requirements
Compliance / Risk OfficeDisconnected risk analysis
IT OperationsData security issues
? Sales, ServiceHigh credit riskcustomers
ProcurementSupplier
“black lists”
Board, Audit CommitteeExecutive compensation issues
Executives & ManagersIncomplete global riskprofile
SAP AG 2006, GRC Update
Unidentified risks impact performance
National Headlines“US Imposes Record $100Million Penalty for Export
Control Violations”March 27, 2007, Washington Post
“Data Theft at Nuclear AgencyWent Unreported for
9 Months”June 10, 2006, New York Times
“Bomb Scare shuts Port’sTerminal 18”
Aug 18, 2006, The Seattle Times
“Brand Name High TechManufacturer Violates E.U.
Pollution Law”Jul 06, 2006, CIO Tech Informer
Failure inOperationalControl
Failure inOperationalControl
Disruptsmajor
operations
Disruptsmajor
operations
ImpairsCustomerService
ImpairsCustomerService
ReducesInvestor &
MarketConfidence
ReducesInvestor &
MarketConfidence
IncreasesBusiness
Costs
IncreasesBusiness
Costs
Impacts Performancein the MarketImpacts Performancein the Market
Results inCloserScrutiny
Results inCloserScrutiny
SAP AG 2006, GRC Update
Overcome fragmentation, gain transparency with GRC
Supply Chain Customers & Channel
Board, Audit CommitteeEvidence for decisions & directives
Compliance / Risk OfficeIntegrated risk analysis
Executives & ManagersIncreased confidencein business results
IT OperationsSecure IT infrastructure
ProcurementAnti-terrorist
trade practices
FinanceGlobal financial reportingcompliance
Human ResourcesEnvironmental health& safety compliance
Sales, ServiceBalancedcredit profile
SALARIES
SAP AG 2006, GRC Update
A holistic solution for GRC Management
Serv
ice
Part
ners
Con
tent
Par
tner
s
Tech
nolo
gy P
artn
ers
Business Process
Business Process Platform
SAP Solutions for GRC
Cross-Industry GRC
Access Controls Global Trade Environment Process Controls
Risk Management
GRC Repository: Documentation and Monitoring
Industry-Specific GRC
Business Applications
Automates and embedsGRC processes intobusiness processes
Delivers transparencyfor balanced global riskprofile
Standardizes oncommon GRC contentand rules
Drives higher marginsand shareholder value
Promotes a culturewhich values effectiveGRC
SAP AG 2006, GRC Update
GRC Business Drivers
Governance Risk and ComplianceGovernance Risk and Compliance
Financial ComplianceFinancial Compliance Trade ManagementTrade Management Environment RegulationsEnvironment Regulations
• SOX mandate (Section 404and 302)• Segregation of Dutiesanalysis & enforcement• Reduce fraud and risk
• SOX mandate (Section 404and 302)• Segregation of Dutiesanalysis & enforcement• Reduce fraud and risk
• Certify the sign-off processfor executives• Identify controls fororganizations• Provide auditors withcomplete audit trail
• Certify the sign-off processfor executives• Identify controls fororganizations• Provide auditors withcomplete audit trail
• Enforcement is on therise, esp. after 9/11• Companies need tostrictly adhere to changingregulations such as ITARand EAR or risk costly fines• Security initiativesrequiring more internalcontrol, record keeping andaudit trail
• Enforcement is on therise, esp. after 9/11• Companies need tostrictly adhere to changingregulations such as ITARand EAR or risk costly fines• Security initiativesrequiring more internalcontrol, record keeping andaudit trail
• “Green” supply chain ascompetitive advantage• Corporations need tocomply with environmentlaws and regulation suchas RoHS and REACH• Mandate of Clean Air Act• Streamline environmentalreporting• Health care riskassessment and prevention• Worker safety andhazardous materials needto be documented andidentified
• “Green” supply chain ascompetitive advantage• Corporations need tocomply with environmentlaws and regulation suchas RoHS and REACH• Mandate of Clean Air Act• Streamline environmentalreporting• Health care riskassessment and prevention• Worker safety andhazardous materials needto be documented andidentified
SAP AG 2006, GRC Update
GRC Solution Overview
Governance Risk and ComplianceGovernance Risk and Compliance
Financial ComplianceFinancial Compliance Trade ManagementTrade Management Environment RegulationsEnvironment Regulations
GRC Access ControlSuite
GRC Access ControlSuite
GRC Process ControlsGRC Process Controls
GRC Global TradeServices
GRC Global TradeServices
EH&SEnvironmental Compliance
(EC)Compliance for Products
(CfP)
EH&SEnvironmental Compliance
(EC)Compliance for Products
(CfP)
GRC Risk ManagementGRC Risk Management
SAP AG 2006, GRC Update
SAP GRC Access ControlSustainable prevention of segregation of duties violations
Cross-enterprise library of best practice segregation of duties rules
Compliant UserProvisioning
Prevent SoDviolations at
run time
Superuser PrivilegeManagement
Close #1 audit issuewith temporary
emergency access
Periodic AccessReview and Audit
Focus on remainingchallenges duringrecurring audits
(Stay in Control)(Stay Clean)
Risk analysis, remediation and prevention services
Enterprise RoleManagement
Enforce SoDcompliance atdesign time
Risk Identificationand Remediation
Rapid, cost-effectiveand comprehensive
initial clean-up
(Get Clean)
MinimalTime To Compliance
ContinuousAccess Management
EffectiveManagement Oversight
and Audit
SAP AG 2006, GRC Update
The framework for an integrated approach to ERM
Risk Identificationand Analysis Risk Response Risk MonitoringRisk Planning
Collaborate andaggregate across
the enterprise
Balance cost ofrisk avoidance and
opportunity
Actionable role-based
dashboards andalerts
Establish riskappetite andthresholds
SAP GRC Risk ManagementBalance business opportunities with financial, legal, and operational exposure to
minimize the market penalties from high-impact events
SAP GRC Risk ManagementRisk-adjusted management of enterprise performance
Balance business opportunities with financial, legal, and operational exposure tominimize the market penalties from high-impact events
SAP AG 2006, GRC Update
SAP GRC Global Trade ServicesSolving global trade challenges
ImportManagement
TradePreference
Management
RestitutionManagement
ExportManagement
Expedite customsclearance to reducecostly buffer stock
Make the most ofinternational trade
agreements
Take advantageof export refunds
Avoid delays atborders to ensure
fast delivery tocustomers
SAP GRC Global Trade ServicesEnsure full regulatory compliance, expedite customs clearance, mitigate financial risk of
global transactions, take full advantage of international trade agreements
SAP AG 2006, GRC Update
SAP GRC EH&S and Environmental ComplianceSolving environmental, health, safety challenges
Applications for EH&S Compliance Management
SAP EH&SComprehensive and complete business solution for environment, health and safety management
Industry SpecificCross-Industry
SAPEnvironmental
Compliance
TechniDataCompliance
forProducts
CfP
OccupationalHealth
IndustrialHygiene
and Safety
WasteManagement
Air, Soil, WaterWaste
Management
ProductCompliance
HazardousSubstance
ManagementProductSafety
DangerousGoods
Management
SAPREACH
Compliance
ChemicalMgmt
SAP AG 2006, GRC Update
Manage With ConfidenceOver 2200 customers worldwide rely on SAP Solutions for GRC
Improve occupational health with SAP Environment Health & Safety
Incident numbers and cost down; replaced 11 legacy systems
Grow and stay compliant with multiple regulatory changes using SAP GlobalTrade Services
Reduced cycle times (5 2 days)
Effectively manage increasing trade regulations with SAP Global Trade Services
Automated 99.9% of export processes; Reduced headcount (450 14)
Reduce compliance costs with Virsa Compliance Calibrator
Eliminated 4,800 Staff Hours annually; audit costs 23% below norm
Mitigate horizontal risks with SAP Global Trade Services and VirsaAccess Enforcer for SAP
Extended core processes with GRC; over 1 M compliance screenings/month
SAP Global Trade Services
SAP AG 2006, GRC Update
More than Export Control
What is SAP Global Trade Services (SAP GTS)?
SAP GTS
SAP Global Trade Services manages all complexities of international tradeincluding full regulatory compliance, interactions with customs andmanagement of risk while trading on a global basis. It consists of separatemodular components that enable companies to improve their supply chainand comply with international regulations.
Exports Imports
• Export
• Import
• TradePreference
• Restitution
More than Import Control
SAP AG 2006, GRC Update
Comprehensive Support For All Global Trade Activities
ImportManagement
Ensure fullregulatory import
compliance,expedite customs
clearance, mitigaterisk
TradePreference
Management
Make the most ofinternational trade
agreements
RestitutionManagement
Take advantage ofexport refunds
ExportManagement
Ensure fullregulatory export
compliance,generate and file
customsdocuments,mitigate risk
SAP Global Trade Services
SAP AG 2006, GRC Update
SAP Global Trade Services (SAP GTS)Driving Efficient Cross-Border Trade
IntegrateSystems,Data andBusinessPartners
AdaptableBusinessProcessesBased onFlexibleTechnologyPlatform
IncreasedProductivityandBusinessInsight
Logistics/ TradeTeam
Legal/ SOXCompliance Team
TradePreference
Management
RestitutionManagement
ExportManagement
ImportManagement
SAP Global Trade Services
ITTeam
SAP NetWeaver
ERP SCM/SRM CRM Legacy
HTSECCN,
etc
DutyRates
SPLData
RulesOf
OriginCustomer& Supplier Banks Freight
ForwarderCustomsAgencies
Applications Data Business Partners
Import/Export Officer
SAP AG 2006, GRC Update
Tight Integration With Logistics Outbound and Inbound Processes
ERP System Import ProcessProduct &BusinessMaster Data(Supplier)
Shipping Notification Goods ReceiptPurchase Order
ERP System Export Process
Delivery (Pro-forma) InvoiceSales Order
Product &BusinessMaster Data(Customer)
SAP GTS•Export/ ImportCompliance Check
•Bonded Warehouse•Duty Calculation
•CustomsCommunication
•Export/ ImportDocument Printing
•L/C CompliantPrinting
•Export/ ImportCompliance Check
• ITAR/EAR License Det•Letter of Credit (L/C)Check
ProductClassification(HTS, ECCN,Schedule B, …)
SAP AG 2006, GRC Update
SAP Export ManagementEnsures Trade Compliance Across Borders
SAPExport Management
Avoid costly fines and penaltiesthrough facilitating tighter national security
Shorter delivery timesthrough automated trade complianceprocesses
Improve worker productivityvia moving to management-by-exceptions
Secure your corporate brandequityby avoiding negative press
Be prepared for legal auditsby having all required documentation athand
SAPImport Management
SAPTrade Preference
Management
BenefitsSanctioned Party List Screening
Screen business partnersScreen documents at every step (order-to-cash and procure-to-pay processComprehensive documentationIntegration with Logistics, HR, Financial
Export/ Import ControlManage export and import licenses (incl.Nested Licenses)Manage TAA and MLAsAutomated assignment of licenses to aspecific business transactionAbility to Interface with DDTC (D-Trade)Web Portal access to LicenseApplications & Amendments (DSP-5,61,73,85,119)Track quantity and value depreciationContent provider for USML (partnersolution)
Embargo CheckCheck for potential embargo situations
Key Capabilities
SAP AG 2006, GRC Update
ITAR Compliance with SAP GTSSAP GTS helps you manage ITAR Requirements across your enterprise
Product ClassificationAssign the correct USML numbers to your products
Export License Determination and ManagementA single, central location for end-to-end license management
Embargo CheckAutomatic screening of destination country to identify potential ITAR issues
Sanctioned Party List ScreeningScreen business partner, employees and applications against official sanctioned party lists
Government CommunicationCertified support for electronic communication with the US Government
Auditing and Record KeepingMaintain a complete audit trail to show authorities
SAP AG 2006, GRC Update
SAP GTS Has Significant Market Momentum
SAP GTS is the leader in global trade management space
Over 450 Customers in 20 countries, including business world'sbest-known brands
Business process knowledge and vast experience in 25 industries
SAP AG 2006, GRC Update
SAP AG 2006, GRC Update
ConclusionSAP GTS helps you reduce RISKS, TIME and COSTS
Increase EfficiencyAutomated, standardized processesTight integration into logistics processes
Reduce Risk of Non-ComplianceAvoid costly fines and penaltiesComplete and accurate audit trail
Reduce RISKS, TIME and COSTS
Reduce TCOOne central global trade solutionReduced software and hardware costs
Accelerate Cross-border TransactionsExpedite customs clearanceAccelerate delivery times
$£ ¥€
§§§
SAP AG 2006, GRC Update
INDUSTRY ecosystems bringing together leading customers, partners & SAP
Creating VALUE by focusing on priority industry needs & opportunities
With strong NETWORK collaboration, combined expertise, resources & solutions
Industry Value NetworksSAP’s unique industry ecosystem initiative
SAPIVN Lead & Enabler
System IntegratorsIndustry Services & Solutions
Technology VendorsSupporting Technology
CustomersInnovation Needs &
Solution Validation
ISVsComplementary Solutions
SAP AG 2006, GRC Update
Thank you!
Thank you!For further information, please visit:
www.sap.com/grc
Paul PessuttiDirector, Strategic ApplicationsSAP GRC
[email protected]+1 (650) 283-8354
SAP AG 2006, GRC Update
Copyright 2007 SAP AG. All Rights Reserved
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may bechanged without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.
Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.
IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries, xSeries, zSeries, System i, System i5, System p, Systemp5, System x, System z, System z9, z/OS, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, Informix, i5/OS, POWER, POWER5, POWER5+, OpenPower and PowerPC aretrademarks or registered trademarks of IBM Corporation.
Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries.
Oracle is a registered trademark of Oracle Corporation.
UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.
Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc.
HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology.
Java is a registered trademark of Sun Microsystems, Inc.
JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape.
MaxDB is a trademark of MySQL AB, Sweden.
SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registeredtrademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies.Data contained in this document serves informational purposes only. National product specifications may vary.
The information in this document is proprietary to SAP. No part of this document may be reproduced, copied, or transmitted in any form or for any purpose without the express priorwritten permission of SAP AG.
This document is a preliminary version and not subject to your license agreement or any other agreement with SAP. This document contains only intended strategies, developments,and functionalities of the SAP® product and is not intended to be binding upon SAP to any particular course of business, product strategy, and/or development. Please note that thisdocument is subject to change and may be changed by SAP at any time without notice.
SAP assumes no responsibility for errors or omissions in this document. SAP does not warrant the accuracy or completeness of the information, text, graphics, links, or other itemscontained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability,fitness for a particular purpose, or non-infringement.
SAP shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials. Thislimitation shall not apply in cases of intent or gross negligence.
The statutory liability for personal injury and defective products is not affected. SAP has no control over the information that you may access through the use of hot links contained inthese materials and does not endorse your use of third-party Web pages nor provide any warranty whatsoever relating to third-party Web pages.
