Solutions for GRC eBook

Confidence Powers Success.SAP® Solutions for Governance, Risk, and Compliance.

SAP solutions for Governance, Risk, and Compliance

© 2014 SAP SE or an SAP affiliate company. All rights reserved.

2

Table of Contents

3) Build trust to achieve business results Introduction

4-5) Gain clarity from greater insight SAP Risk Management

6-7) Control who accesses your data SAP Access Control

8-9) Reduce risk with effective policies and controls SAP Process Control

10) Protect against fraud SAP Fraud Management

11-12) SAP Audit Management Transform audit, move beyond assurance

13) SAP solutions for Governance, Risk, and Compliance A portfolio of solutions


© 2014 SAP SE or an SAP affiliate company. All rights reserved.

3

Whatever your business, confidence is key.

Confidence comes from knowing your organization is anticipating and effectively responding to ever-changing risks and compliance requirements. By managing risks effectively and making business processes more transparent and efficient, you’ll assure stakeholders that investments in people, processes, and technology are protected and well-managed.

With SAP® solutions for governance, risk, and compliance (GRC), you can move forward with confidence. You’ll gain greater clarity into how risks impact business value, be able to protect against unanticipated losses, and discover how risk and controls management drive performance and accountability in your organization.

You will be equipped to provide assurance to the business that governance, risk and compliance is well managed

It’s time to act with greater insight into risk and compliance; it’s time to drive business value.

Find out more >

68%of organizations surveyed admit they were caught off guard by an operational surprise in the last five years (Source: Beasley, Branson, and Hancock, July 2012)

66%of executives surveyed consider enterprise risk management somewhat or extremely important (Source: SAPinsider Research)

90%of companies surveyed that have integrated governance, risk, and compliance have had results that met or exceeded their expectations (Source: OCEG 2012 Maturity Survey)

50%of companies surveyed are using outdated risk management solutions (Source: SAPinsider Research)

Build trust to achieve business results

SAP® SOLUTIONS FOR GOVERNANCE, RISK, AND COMPLIANCE


© 2014 SAP SE or an SAP affi liate company. All rights reserved.

4

Learn moreRisk Management: The Value Proposition.

Watch the video >

It’s one thing to know the risks your organization faces; it’s another to understand their causes and impacts.

The SAP Risk Management application will help you formalize the way you plan, identify, analyze, monitor, and respond to risks in order to drive business value.

By automating risk indicators and controls and reducing redundancy, you can cut the cost of managing risks.

You’ll have the confi dence that comes from understanding what drives your business risk and knowing you respond to risk eff ectively.

The SAP Risk Management application will enable you to:

1 Preserve and grow the value of your business through better collaboration and eff ective communication

2 Manage risk with increased reliability

3 Respond more eff ectively by drawing on clear insight into relationships between drivers, risk indicators, events, and eff ects

4 Maximize gains frombusiness opportunities

5 Reduce the impact of losses through early mitigation.

Gain clarity from greater insight

Aberdeen Report –Eff ective GRC Management Strategies for Mitigating Risks and Sustaining Growth in the Tough Economy.

Find out more >

SAP RISK MANAGEMENT

Solution in Detail: SAP® Risk Management.

Find out more >



5

South African diversifi ed mining company Exxaro Resources was seeking integrated enterprise and operational risk management to ensure a uniform and eff ective risk culture in the organization. This desired change in culture included a shift in focus from a “check the box” and compliance-related exercise to real risk mitigation, which would allow the organization to achieve its strategic objectives.

By using SAP Risk Management, Exxaro was able to establish this desired risk culture, highlighting relevant and new topics from the operational level all the way up to the board level. Items previously

Know your risks,respond better.Nearly two thirds of companies surveyed say they’re facing more complex risks than fi ve years ago.

View the infographic >

Learn how the SAP® Risk Management application, combined with the SAP Process Control application, can help you monitor any aspect of your organization to mitigate risk.

Watch the product demo >

Taking Risk Management to the Next Level at Exxaro Resources.

Read Exxaro Resources Integrated Report for 2012 >

Watch the interview with Saret van Loggerenberg, Director of Risk and Compliance for Exxaro Resources.

Watch the video >

Learn more

Case studyExxaro Resources

SAP RISK MANAGEMENT

overlooked are now discussed with a focus on what responses are needed to mitigate signifi cant risks. Exxaro now audits diff erently, with a more refi ned risk-based approach linking key controls and compliance initiatives as part of the overall response.

Exxaro Resources was seeking integrated enterprise and operational risk management to ensure a uniform and eff ective risk culture.



6

Giving the right access to the right users – in a timely manner – is essential to running your business smoothly.

Granting too much access, however, can be risky and result in compliance violations and fraud.

With the SAP Access Control application, you can automate key processes to detect, remediate, and ultimately prevent access violations.

By automating access governance activities and embedding compliance into daily processes, you can effi ciently control access to your software systems, manage risk on an exception basis, and focus more on value-adding initiatives.

SAP Access Control will help you:

1 Reduce access risk – as well as levels of internal fraud and loss of revenue due to employee error

2 Cut costs of enterprise-wide access management

3 Enable effi cient, cost-eff ective audits and ongoing compliance activities

Control who accessesyour data

SAP ACCESS CONTROL

SAP Solution in DetailSAP Solutions for Governance, Risk, and Compliance

SAP Access Control

Minimize Access Risk and Prevent Fraud – With SAP® Access Control

© 2

013

SAP

AG o

r an

SAP

affilia

te c

ompa

ny. A

ll rig

hts

rese

rved

.

Learn moreThe SAP® Access ControlApplication Solution Brief.

Find out more >

Effi ciently control access to your software systems, manage risk on an exception basis, and focus more on value-adding initiatives.



7

Learn moreReduce fraud and increase effi ciency with automated access controls. Giving employees the right access to the right information is essential in helping ensure smooth operations and preventing fraud.

View the Infographic >

Who has access to your information?Find out more about the important part this solution can play in your business.

Watch the video >

When Brazil-based cosmetics and personal care products company Natura was faced with a high level of information security risk, it decided to strengthen its governance model for data and access control.

By upgrading to the SAP Access Control application, the company achieved a remarkable 87% reduction in its level of information security risk. The solution also enabled more complete and compliant reporting, with the time taken to prepare reports for auditing falling by 60%. And by allowing inactive profi les to be excluded, Natura’s access control

became leaner – with a resulting 30% drop in transaction volume per profi le.

Add the lower maintenance costs involved as a result of 50% fewer support calls, and it’s clear to see how SAP software has helped Natura to run more productively as well as more securely.

Natura business transformation study.Find out more >

Case studyNatura

SAP ACCESS CONTROL



8

The SAP Process Control application helps executives focus resources on high-impact processes, regulations, and risks – to drive eff ective controls and ongoing compliance.

Continuous control monitoringand automated testing enable businesses to identify control defi ciencies and control-related issues quickly, leading tofaster resolution.

Once you’re confi dent these controls are eff ective and accountability is assured, you can increase focus on optimizing business performance.

SAP Process Control can help your business to:

1 Increase consistency and confi dence in control information across the enterprise through centralization and standardization

2 Improve effi ciency and reliability of key business processes

3 Gain continuous insight into the status of compliance and controls for more timely decision making and intervention

4 Increase accountability through stronger user involvement and collaboration

5 Reduce regulatory compliance and audit costs through automated control testing, workfl ows, and standardized processes

6 Establish a culture of compliance through clear communication and acceptance of corporate policies

Learn moreSolution in Detail: The SAP® Process Control Application

Find out more >

Reduce risk with eff ective policies and controls

SAP PROCESS CONTROL



9

Sharp Electronics Corporation is a manufacturing and service company producing state-of-the-art solar system electronics. Formerly, the company had a decentralized control framework comprising 10 business units across North and South America – each with its own processes for identifying risks and controls to mitigate them.

Having introduced the SAP Process Control application, the company’s controls are now centralized. This has enabled Sharp to streamline operations by reducing their number from 350 to 230. By automating these to tie in with

business objectives, control owners can focus on resolving issues rather than merely identifying them – and the business as a whole can focus on delivering innovation rather than just managing processes.

Watch the video >

Case studySharp Electronics

SAP PROCESS CONTROL

Learn moreExperience the SAP® Process Control application in action.See how SAP Process Control can help you align compliance and control activities to key risks, regulations, and business processes.

Watch the product demo >



10

Detect fraud earlier with more eff ective protection.

The SAP Fraud Management analytic application safeguards against loss from fraud. It off ers greater accuracy, reduces false positives, and lowers investigation costs.

In addition, the solution’s advanced analytics help you uncover changing trends and fraud patterns for better ongoing prevention.

SAP Fraud Management enables your business to:

1 Uncover suspicious transactions and relationships in large amounts of data to detect fraud earlier

2 Reduce false positivesand increase investigation with powerful simulation features

3 Quickly adapt to evolving fraud patterns and enhance prevention with predictive analytics

4 Reduce the risk of fraud withadvanced analytic functionsand greater visibility

Learn more Discover the SAP® Fraud Management analytic application powered by the SAP HANA® platform – an application for detecting, investigating, and deterring fraud.

Watch the video >

SAP Fraud Management Solution Brief.

Find out more >

Protect against fraudSAP FRAUD MANAGEMENT

Uncover changing trends and fraud patterns for better ongoing prevention.



11

Internal audit functions are challenged to reach for newheights and contribute to their organizations in more meaningful ways. In today’s context of market volatility, complexity, and regulatory change, this means evolving your focus and

maximizing your value– or potentially risk being marginalized, as otherfunctions become more instrumental in yourorganization’s riskmanagement eff orts.

Transform audit, movebeyond assurance

SAP AUDIT MANAGEMENT

Learn moreA day in the life of an internal auditorThis short video shows how SAP Audit Management can help auditors streamline processes and add strategic insight.

Watch the video >

Audit Management infographicDiscover what internal auditors need to do to evolve from compliance offi cers to strategic business advisors.

View the infographic >

Try SAP Audit Management freefor 3 daysThis end-to-end audit management solution can help you plan and prepare audits, analyse relevant information, communicate results and monitor progress. Try it fi rst-hand with a free 3-day evaluation.

Try it free >



12

• Streamline auditswith monitoring andmobile capabilities

• Organize and shareworking papers forimproved collaboration

• Gain insight into key business risks, with confi gurable management reporting

• Benefi t from a fl exibleaudit universe with resource planning and scheduling

SAP AUDIT MANAGEMENT

Learn more

Deloitte CFO InsightsThis report illustrates how internal auditors can go beyond serving as the eyes and ears of the board and management to serve as an integral part of the team for identifying andcombating risk.

Read the report >

PwC 2014 State of IA Profession StudyPwC’s annual survey results suggest that alignment of stakeholder expectations, and matching skills and capabilities to these expectations, helps internal audit enhance the value delivered to the organization.

Read the fi ndings >

Know your business risks, provide strategicadvice, act with insight, and confi dently drive business value.

Prepare for the journey



13

By automating your access governance activities and embedding compliance into daily processes, SAP Access Control effi ciently controls access to your software systems, manages risks on an exception basis, and focuses more on value-adding initiatives.

With SAP Process Control, you can focus resources on high-impact processes, regulations, and risks. You can gain confi dence and ensure accountability through continuous insight into the eff ectiveness of policies and controls.

By streamlining risk response decisions and reducing unnecessary duplication, SAP Risk Management will help you optimize resources, seize value-adding opportunities, and protect existing business value.

Learn more Solution in Detail: Manage Enterprise Risk and Compliance.

Find out more >

Improving internal controls and reducing access risk – Southern California Edison and American Water share their success at the SAPPHIRE® NOW conference.

Southern California Edison >

American Water >

SAP solutions for governance, risk, and compliance

SAP SOLUTIONS FOR GOVERNANCE, RISK, AND COMPLIANCE

SAP Fraud Management off ers earlier detection and more eff ective protection against loss from fraud – with greater accuracy that reduces false positives and lowers investigation costs.

SAP Audit Management powered by HANA streamlines the day to day assurance activities of the internal audit department, provides integration into other GRC solutions and elevates the role of internal audit to one of trusted advisor.

Managing risks and compliance across each of these areas with a common technology platform allows you to:

• Employ a unifi ed approach• Improve workfl ow

and collaboration• Reduce redundant controls

and responses• Use native integration• Provide users with an intuitive

and familiar experience

More informationIf you’d like to know more about SAP solutions for governance, risk, and compliance – and see how they can bring confi dence to your business – please call your SAP representative or visit sap.com/grc.

Focus resources on high-impact processes, regulations, and risks.

www.sap.com/contactsap

CMPxxxx (YY/MM) © 2014 SAP SE or an SAP affi liate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affi liate company.

SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affi liate company) in Germany and other countries. Please see http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices. Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors.

National product specifi cations may vary.

These materials are provided by SAP SE or an SAP affi liate company for informational purposes only, without representation or warranty of any kind, and SAP SE or its affi liated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP SE or SAP affi liate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.

In particular, SAP SE or its affi liated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation, and SAP SE’s or its affi liated companies’ strategy and possible future developments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affi liated companies at any time for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to diff er materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions.

Contact us

Thank you for your interest in SAP. Let us know how we can help improve your business practices and processes with SAP solutions and services.

Visit www.sap.com


No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affi liate company.

SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affi liate company) in Germany and other countries. Please see http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices. Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors.

National product specifi cations may vary.

These materials are provided by SAP SE or an SAP affi liate company for informational purposes only, without representation or warranty of any kind, and SAP SE or its affi liated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP SE or SAP affi liate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.

In particular, SAP SE or its affi liated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation, and SAP SE’s or its affi liated companies’ strategy and possible future developments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affi liated companies at any time for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to diff er materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions.

Solutions for GRC eBook

Documents

Transcript of Solutions for GRC eBook