Upload
wise-men
View
202
Download
0
Tags:
Embed Size (px)
Citation preview
SAP Solutions for Governance, Risk and Compliance
Wise Men Confidential
www.wisemen.com | [email protected] | +1 281-953-4500
Rajendra Ponangi (Raj) SAP BASIS & GRC PRACTICE HEAD
March 12, 2015
Kevin McCollom Global Vice President & General ManagerSAP Governance, Risk & ComplianceSAP Labs
Wise Men Confidential
Agenda
Introduction- Speakers
SAP GRC Overview
Company Background
Wise Men SAP GRC Capabilities
SAP GRC Implementation / Upgrade & Support Services.
Customer Case Studies
GRC Migration Process Flow
Q & A
2
Wise Men Confidential
Speaker’s Bio
3
Kevin McCollomGlobal Vice President & General ManagerSAP Governance, Risk & ComplianceSAP Labs
Kevin McCollom is Global Solution Owner for SAP GRC. He and his team are responsible for market requirements roll-in and solution go-to-market. In close collaboration with SAP GRC Product Development, he and his team are also globally responsible for general management of all SAP GRC solution aspects including solution strategy and roadmap. Kevin has held this role since 2011 and has been part of the SAP GRC management team since 2008.
Rajendra Ponangi is an industry leader with over 10 years of experience in SAP BASIS & GRC Support, Implementations, Upgrades. He currently heads the SAP BASIS & GRC Practice. He has the best of vertical knowledge in Manufacturing, Energy & Utilities, Pharma, FMCG, and Automotive sectors.
Rajendra Ponangi (Raj) Head SAP BASIS & GRC PracticeWise Men
Wise Men Confidential 4
Brakes
Seatbelts
Car seats
Airbags
License plate and annual registration
Maintenance records
Temperature gauge
Fuel gauge
Crash avoidance
What is GRC?
Wise Men Confidential 5
Multilateral
Instrument
52-111
Toxic Substances
Management
(ITAR) International
Traffic in Arms
Regulations
22 CFR 120-130
FCPA (Foreign
Corruption Practices
Act)
FDA compliance
GxP
21 CFR
International
Emergency
Economic Powers
Act (S. 1612)
Sarbanes-Oxley
Data Privacy Laws
CA-SB 1386, HIPAA
Gramm-Leach-Bliley
Act, COPPA
Switzerland:- Corp. Governance SWX
- Code of Obligations
EU: Foreign Trade
Administration Act
EU Company Law
Directives 4, 7, and 8
EU: REACHRegistration, Evaluation,
and Authorization of
Chemicals
UK Anti-Bribery Act
European Data
Protection Directive
Foreign Exchange
Order
JSOX
Hong Kong:
Code on Corporate
Governance Practices
PNEMEN
National Policy of
Exports of Military
Goods
King II Report
Clause 49
of the Listing
Agreement
Regulation 13E of the
Customs (Prohibited
Exports) Regulations
Corporate Law
Economic Reform
Program (CLERP) 9
Hazardous Waste Act
Air Toxics NEPM
EU Company Law
Directives 4, 7, and 8
What our customers and the marketplace are saying
Increasing regulations and risks challenge growth
Wise Men Confidential 6
Bribery and corruption,
spills, explosions
Trading conflicts, currency
manipulation, laundering,
restricted trading parties
Off-label marketing,
product recalls, price
fixing
Conduct, transmission,
ownership, manipulation, disruptions
The cost is real
Lack of control and poorly managed risk events are costly
Wise Men Confidential
Costs resulting from non-compliance can’t be ignored
$3.5 Million
$9.4 Million
Source: Ponemon Institute LLC
The True Cost of Compliance 2011
Enforcement is 2.7 times higher than investing in compliant processes
Wise Men Confidential
But what’s the real cost?
Control failures / Risk
event
Lowers customer
satisfaction
Reduces investor confidence
Raises business costs
Increases scrutiny
Performance Impact
Unachieved objectives
Disrupts operations
Wise Men Confidential
Conversely, there is potential for a positive impact
Brand enhanced
Controls enhance
performance
Opportunities
identified
Risks anticipated and
managed
Customer demands
met
Major disruptions
avoided
Shareholder value attained
OptimizedPerformance
Wise Men Confidential
SAP solutions for Governance, Risk, and Compliance
SIMPLIFY GAININSIGHT STRENGTHEN
Automation
Integration
SAP
Monitor
Visualize
Predict
Anticipate
Prepare
Respond
Simplify governance, risk and compliance by integrating GRC activities into your underlying business processes
Gain insight to help make better decisions visualizing and predicting how risk may impact performance
Strengthen the business by employing the right combination of GRC solutions
Proactively balance risk and opportunity
Wise Men Confidential
SAP Solutions for Governance, Risk, and Compliance
11
And endorsed partner solutions...
Optimize global trade and screen restricted parties
Manage access risk and prevent fraud
SAP AccessControl
SAP ProcessControl
SAP RiskManagement
SAP Global Trade Services
Preserve and grow value
Ensure effective controls and ongoing compliance
SAP Nota FiscalEletrónica
Meet electronic invoicing
requirements for Brazil
SAP AuditManagement
Drive increased audit efficiency and effectiveness
SAP FraudManagement
Better detect and prevent fraud
SAP Identity Analytics
Gain insights into user roles
and optimize decision making
SAP Security Suite
Enhance security and simplify user
experience
SAP Access Violation Management by Greenlight
Technologies
SAP Regulation Management by
Greenlight Technologies
Identify and quantify the impact
of actual access risk violations
Manage regulatory
requirements and align with
internal control activities
Simplify, Gain Insight, Strengthen
Wise Men Confidential 12
Simplifying SOD Management with SAP® Access Control
and SAP Access Violation Management
CompanySharp Electronics Corporation
United States HeadquartersMahwah, New Jersey
IndustryHigh tech
Products and ServicesHome electronics, appliances, mobile devices, and business solutions
Web Sitewww.sharpUSA.com
Top objectives Leverage technology to streamline access governance processes
across enterprise applications Contextualize the segregation of duty (SOD) risk in terms of
financial exposure to the business
Resolution Deployed the SAP® Access Control application as the company’s
centralized access governance solution Deployed the SAP Access Violation Management application by
Greenlight to automate SOD controls and to provide insight into financial exposure due to SOD violations
Established this centralized solution as the basis for security as a shared service and as a platform for further expansion
Key benefits Automation that reduced manual efforts for managing access
governance and SOD procedures across the enterprise Reduction in external audit costs Reduction in the IT security team – from five employees to one
“The synergy between system solutions and procedure and technology and humanity empowers and frees companies to focus on core
business functions. Leveraging innovative solutions like SAP Access Control and SAP Access Violation Management allows Sharp to do
more and maximize resources.”
Wyatt MacManus, Associate Director, Information Security, Sharp Electronics Corporation
80%Reduction in IT personnel time required to manage access governance and SOD controls
300 hoursReduction in time spent per month on SOD control monitoring
33%Increase in the number of systems managed by SAP Access Control
Case Study
Wise Men Confidential 13
Consolidating a Governance Model to Lower Information Security Risk with
SAP® Access Control
CompanyNatura
HeadquartersSao Paulo, Brazil
IndustryConsumer Products
Products and ServicesCosmetics, Fragrances and Products for personal care
Employees7000 with 1.4 million Sales Consultants
RevenueUS $2.7 Billion
Web Sitewww.natura.net
Top objectives Strengthen Natura’s governance model for data and access control Optimize strategies for managing access and segregation of duties Reduce level of risk Strengthen awareness process for security risk management
The Resolution Upgrade to latest version of the SAP® Access Control application Create a leaner risk matrix Involve all business areas Train 400 key users
Key benefits Lower security risk to the business Employee awareness created via dissemination of the risk control
culture Greater alignment between the management of information
security and all business area Reduced maintenance cost due to reduction in volume of support
calls made to customer service Faster preparation of audit reports
“Natura established a solid strategy for managing access, with strong employee involvement, and thus significantly reduced the company’s security risk.”
Newton Rossetto, Information Security Manager, Natura
87%Total reduction in informationsecurity risk level
60%Faster preparation of auditingreports
30%Fewer transactions per profile
Case Study
Wise Men Confidential
About Us
15
Wise Men: US-based WMBE
Established in 1997
Technology and Supply Chain solutions
GHQ: Houston, Texas, US
Canada & Dubai
CoE India: Hyderabad and Pune
ISO 9001:2008
2010, 2011 E&Y: Finalist of the year
2009 & 2008: Top 10 - Fast 100 List
2009 & 2008: Top 10 - 50 Fastest growing
Women-owned companies
2010 BP: Vendor of the Year
2010 and 2009 INC Magazine
2011 MWBE Vendor of the Year
Wise Men Confidential
GRC technology is on ABAP programming language.
GRC latest version has extended features with Common look and
feel; streamlined navigation.
SAP has extended GRC with more Configurable user interface &
Content lifecycle management
Enhanced Solution on GRC 10.x
Wise Men Confidential
Solution Enhancements
Additional reports and dashboards that enable high-
speed collection and review of key issues related to
access control, policy control, and risk management
Device-agnostic report presentation
Use of reporting tools in SAP software to construct
comprehensive and flexible GRC reports
Key Benefits
High-volume processing of GRC data
Accelerated reporting for faster review and action
Review analytics information on any device – desktop
or mobile.
GRC - SAP HANA
Wise Men Confidential
SAP GRC – SAP PAM
GRC 5.3
End of Mainstream Maintenance
• 12/31/2015
GRC 10.0
End of Mainstream Maintenance
12/31/2020
GRC 10.1
Ready for SAP HANA
End of Mainstream Maintenance
• 12/31/2020
Wise Men Confidential 24
SAP Architecture Management. Implementation / Support SAP Architecture to meet changes in business like Cluster
Configuration, Virtualizations VMWare, MSCS, HP, IBM AIX.
SAP ABAP & JAVA Application Support. Experts in implementation of stack level technical environment
Stack level migration requests. JAVA STACK TO ABAP STACK MIGRATION
SAP Security GRC & SOD. Business requirement analysis, SoD configuration, FF configuration (Centralized /
Decentralized user Management), Mitigation/Risk management configurations, Notification alert management
Experts in GRC 5.3 JAVA stack migration to ABAP Stack. SAP Standard Workflow, BRF+ configuration, custom workflow configurations.
Wise Men SAP GRC Capabilities
Wise Men Confidential 25
SAP Product and Service Support. End to End SAP Installations, SAP Version Upgrades, SAP Add-on implementations,
Support services. GRC, ECC, Solution Manager, BI, BODS, SMP, EWM, TM, CRM, SCM, HANA…
SAP Implementation & Support Operations. Managing hardware & OS software installation & configuration related to SAP.
Administering / Supporting OS file systems & OS security in relation to SAP.
Engineering and Technical Support Services. Identify and correct potential performance, reliability, capacity, security and fail-over
issues before they go into production, Execute any projects to upgrade the SAP software products.
Collaborate with the Key Technology Providers.
Wise Men SAP GRC Capabilities
Wise Men Confidential
Customer Case Study
27
Company
• Cost reduction with offshore support model• Quick implementation of any change request due to reduction of turnaround time and
continuous daily monitoring of critical system process and agents• Additional onsite overhead reduction
SAP Standard GRC Migration tool along with GRC Expert configurations and consulting process
SAP GRC 5.3 JAVA, GRC 10.1 ABAP, ECC 6.0
10 weeks
Leader in the design, manufacture and supply of memory and storage solutions
Project
Objective
Benefits to Customer
Process
Technologies
Project Timeline
GRC Migration Project [GRC 5.3 JAVA stack to GRC 10.1 ABAP Stack]
Asses existing configurations of SAP GRC 5.3 system and Migrate to SAP GRC 10.1 ABAP Stack
Highlights
• Migration / Upgrade of GRC DEV and PRD systems from ‘5.3 SP11 Java Stack’ to ‘10.1 ABAP Stack’. • Data export of Super User Privilege Management (SPM) data from AC 5.3 (ABAP).• Data export of Compliant User Provisioning (CUP), Risk Analysis & Remediation (RAR), and
Enterprise Role Management (ERM) data from AC 5.3 (Java). • Data import into Access Control 10.1.• Customer activated Rule Set to be analyzed. • The existing configured workflows in 5.3 will be analyzed and migrated / recreated to 10.1
Wise Men Confidential 29
Migration Pre-requisites - SAP Access Control from 5.3 to 10.1
AC 5.3 to AC 10.1 Pre-requisites.
Downloading and Installing the Migration Tool.
Target System Pre-requisites.
Maintaining Configuration Settings.
Creating the Users.
Creating the Organization Unit.
GRC Migration Process Flow
Wise Men Confidential 30
Export Process Steps in GRC Access Control 5.3
Exporting Configuration and Master Data in AC 5.3
Exporting AC 5.3 (CUP) Data
Exporting AC 5.3 (RAR) Data
Exporting AC 5.3 (ERM) Data
Exporting AC 5.3 (SPM) Data
GRC Migration Process Flow
Wise Men Confidential 31
Import Process Steps in GRC Access Control 10.1
Importing Data into AC 10.1
Importing CUP Repository Data
Importing RAR Data
Importing Workflow Data
Importing ERM Repository Data
Importing SPM Data
Workflow
MSMP
BRF+
User Access Request
Reporting
GRC Migration Process Flow