Vous êtes sur la page 1sur 25

SAP GRC Over vi ew

Paul Pessutti
Director, Strategic Applications
SAP GRC
SAP AG 2006, GRC Update
Managi ng Ri sk I s Ever yones J ob
Suppl y Chain Customers & Channel
Human Resources
Employee safety
compliance
Finance
Complex, international
compliance requirements
Compli ance / Ri sk Office
Disconnected risk analysis
IT Operati ons
Data security issues
?
Sales, Service
High credit risk
customers
Procurement
Supplier
black lists
Board, Audit Committee
Executive compensation issues
Executives & Managers
Incomplete global risk
profile
SAP AG 2006, GRC Update
Uni dent i f i ed r i sk s i mpac t per f or manc e
National Headlines
US Imposes Record $100
Million Penalty for Export
Control Violations
March 27, 2007, Washington Post
Data Theft at Nuclear Agency
Went Unreported for
9 Months
J une 10, 2006, New York Times
Bomb Scare shuts Ports
Terminal 18
Aug 18, 2006, The Seattle Times
Brand Name High Tech
Manufacturer Violates E.U.
Pollution Law
J ul 06, 2006, CIO Tech Informer
Failure in
Operational
Control
Failure in
Operational
Control
Disrupts
major
operations
Disrupts
major
operations
Impairs
Customer
Service
Impairs
Customer
Service
Reduces
Investor &
Market
Confidence
Reduces
Investor &
Market
Confidence
Increases
Business
Costs
Increases
Business
Costs
Impacts Performance
in the Market
Impacts Performance
in the Market
Results in
Closer
Scrutiny
Results in
Closer
Scrutiny
SAP AG 2006, GRC Update
Over c ome f r agment at i on, gai n t r anspar enc y w i t h GRC
Suppl y Chain Customers & Channel
Board, Audit Committee
Evidence for decisions & directives
Compli ance / Ri sk Office
Integrated risk analysis
Executives & Managers
Increased confidence
in business results
IT Operati ons
Secure IT infrastructure
Procurement
Anti-terrorist
trade practices
Finance
Global financial reporting
compliance
Human Resources
Environmental health
& safety compliance
Sales, Service
Balanced
credit profile
SALARIES
SAP AG 2006, GRC Update
A hol i st i c sol ut i on f or GRC Management
S
e
r
v
i
c
e

P
a
r
t
n
e
r
s
C
o
n
t
e
n
t

P
a
r
t
n
e
r
s
T
e
c
h
n
o
l
o
g
y

P
a
r
t
n
e
r
s
Busi ness Process
Business Process Platform
SAP Solutions for GRC
Cross-Industry GRC
Access Controls Global Trade Environment Process Controls
Risk Management
GRC Repository: Documentati on and Monitori ng
Industry-Speci fi c GRC
Business Applications
Automates and embeds
GRC processes into
business processes
Delivers transparency
for balanced global risk
profile
Standardizes on
common GRC content
and rules
Drives higher margins
and shareholder value
Promotes a culture
which values effective
GRC
SAP AG 2006, GRC Update
GRC Busi ness Dr i ver s
Governance Risk and Compliance
Governance Risk and Compliance
Financial Compliance
Financial Compliance
Trade Management
Trade Management
Environment Regulations
Environment Regulations
SOX mandate (Section 404
and 302)
Segregation of Duties
analysis & enforcement
Reduce fraud and risk
SOX mandate (Section 404
and 302)
Segregation of Duties
analysis & enforcement
Reduce fraud and risk
Certify the sign-off process
for executives
Identify controls for
organizations
Provide auditors with
complete audit trail
Certify the sign-off process
for executives
Identify controls for
organizations
Provide auditors with
complete audit trail
Enforcement is on the
rise, esp. after 9/11
Companies need to
strictly adhere to changing
regulations such as ITAR
and EAR or risk costly fines
Security i nitiatives
requiri ng more internal
control, record keeping and
audit trail
Enforcement is on the
rise, esp. after 9/11
Companies need to
strictly adhere to changing
regulations such as ITAR
and EAR or risk costly fines
Security i nitiatives
requiri ng more internal
control, record keeping and
audit trail
Green supply chain as
competitive advantage
Corporations need to
comply with environment
laws and regulation such
as RoHS and REACH
Mandate of Clean Air Act
Streamline envi ronmental
reporting
Health care risk
assessment and prevention
Worker safety and
hazardous materials need
to be documented and
identified
Green supply chain as
competitive advantage
Corporations need to
comply with environment
laws and regulation such
as RoHS and REACH
Mandate of Clean Air Act
Streamline envi ronmental
reporting
Health care risk
assessment and prevention
Worker safety and
hazardous materials need
to be documented and
identified
SAP AG 2006, GRC Update
GRC Sol ut i on Over vi ew
Governance Risk and Compliance
Governance Risk and Compliance
Financial Compliance
Financial Compliance
Trade Management
Trade Management
Environment Regulations
Environment Regulations
GRC Access Control
Suite
GRC Access Control
Suite
GRC Process Controls
GRC Process Controls
GRC Global Trade
Services
GRC Global Trade
Services
EH&S
Environmental Compliance
(EC)
Compliance for Products
(CfP)
EH&S
Environmental Compliance
(EC)
Compliance for Products
(CfP)
GRC Risk Management
GRC Risk Management
SAP AG 2006, GRC Update
SAP GRC Ac c ess Cont r ol
Sust ai nabl e pr event i on of segr egat i on of dut i es vi ol at i ons
Cross-enterprise library of best practice segregation of duties rules
Compliant User
Provisioni ng
Prevent SoD
violations at
run ti me
Superuser Privilege
Management
Close #1 audit issue
wi th temporary
emergency access
Periodic Access
Review and Audit
Focus on remaining
chal lenges during
recurri ng audits
(Stay in Control) (Stay Clean)
Risk analysis, remediation and prevention services
Enterprise Role
Management
Enforce SoD
compliance at
design time
Risk Identification
and Remediation
Rapid, cost-effective
and comprehensive
initial clean-up
(Get Clean)
Mi nimal
Time To Compli ance
Continuous
Access Management
Effective
Management Oversight
and Audit
SAP AG 2006, GRC Update
The f r amew or k f or an i nt egr at ed appr oac h t o ERM
Risk Identification
and Anal ysis
Risk Response Risk Moni tori ng Risk Pl anning
Collaborate and
aggregate across
the enterprise
Balance cost of
risk avoidance and
opportunity
Actionable role-
based
dashboards and
alerts
Establish risk
appetite and
thresholds
SAP GRC Risk Management
Balance busi ness opportunities with financial, legal, and operati onal exposure to
minimize the market penalties from high-impact events
SAP GRC Ri sk Management
Ri sk -adj ust ed management of ent erpr i se per f ormanc e
Balance busi ness opportunities with financial, legal, and operati onal exposure to
minimize the market penalties from high-impact events
SAP AG 2006, GRC Update
SAP GRC Gl obal Tr ade Ser vi c es
Sol vi ng gl obal t r ade c hal l enges
Import
Management
Trade
Preference
Management
Restituti on
Management
Export
Management
Expedite customs
clearance to reduce
costly buffer stock
Make the most of
international trade
agreements
Take advantage
of export refunds
Avoid delays at
borders to ensure
fast delivery to
customers
SAP GRC Global Trade Services
Ensure full regulatory compliance, expedite customs clearance, mi tigate financial risk of
global transacti ons, take full advantage of internati onal trade agreements
SAP AG 2006, GRC Update
SAP GRC EH& S and Envi r onment al Compl i anc e
Sol vi ng envi r onment al , heal t h, saf et y c hal l enges
Applications for EH&S Compliance Management
SAP EH&S
Comprehensi ve and compl ete business solution for environment, health and safety management
Industry Specific Cross-Industry
SAP
Environmental
Compliance
TechniData
Compliance
for
Products
CfP
Occupational
Health
Industrial
Hygiene
and Safety
Waste
Management
Ai r, Soi l, Water
Waste
Management
Product
Compliance
Hazardous
Substance
Management
Product
Safety
Dangerous
Goods
Management
SAP
REACH
Compliance
Chemical
Mgmt
SAP AG 2006, GRC Update
Manage Wi t h Conf i denc e
Over 2200 c ust omer s w or l dw i de r el y on SAP Sol ut i ons f or GRC
Improve occupational health with SAP Environment Health & Safety
Incident numbers and cost down; replaced 11 legacy systems
Grow and stay compliant with multiple regulatory changes usi ng SAP Global
Trade Services
Reduced cycle times (5 2 days)
Effectively manage increasing trade regulations with SAP Global Trade Services
Automated 99.9% of export processes; Reduced headcount (450 14)
Reduce compliance costs with Virsa Compliance Calibrator
Elimi nated 4,800 Staff Hours annually; audit costs 23% below norm
Mitigate horizontal risks with SAP Global Trade Services and Virsa
Access Enforcer for SAP
Extended core processes with GRC; over 1 M compliance screenings/month
SAP Gl obal Tr ade Ser vi c es
SAP AG 2006, GRC Update
More than Export Control
What i s SAP Gl obal Tr ade Ser vi c es (SAP GTS)?
SAP GTS
SAP Global Trade Services manages all complexities of international trade
including full regulatory compliance, interactions with customs and
management of risk while trading on a global basis. It consists of separate
modular components that enable companies to improve their supply chain
and comply with international regulations.
Exports
Imports
Export
Import
Trade
Preference
Restitution
More than Import Control
SAP AG 2006, GRC Update
Compr ehensi ve Suppor t For Al l Gl obal Tr ade Ac t i vi t i es
I mpor t
Management
Ensure full
regulatory import
compliance,
expedite customs
clearance, mitigate
risk
Tr ade
Pr ef er enc e
Management
Make the most of
international trade
agreements
Rest i t ut i on
Management
Take advantage of
export refunds
Ex por t
Management
Ensure full
regulatory export
compliance,
generate and file
customs
documents,
mitigate risk
SAP Gl obal Tr ade Ser vi c es
SAP AG 2006, GRC Update
SAP Gl obal Tr ade Ser vi c es (SAP GTS)
Dr i vi ng Ef f i c i ent Cr oss-Border Tr ade
Integrate
Systems,
Data and
Business
Partners
Adaptable
Business
Processes
Based on
Flexible
Technology
Platform
Increased
Productivity
and
Business
Insight
Logistics/ Trade
Team
Legal/ SOX
Compliance Team
Trade
Preference
Management
Restitution
Management
Export
Management
Import
Management
SAP Global Trade Servi ces
IT
Team
SAP Net Weaver
ERP
SCM/
SRM
CRM Legacy
HTS
ECCN,
etc
Duty
Rates
SPL
Data
Rules
Of
Origin
Customer
& Supplier
Banks
Freight
Forwarder
Customs
Agencies
Applications Data Business Partners
Import/
Export Officer
SAP AG 2006, GRC Update
Ti ght I nt egr at i on Wi t h Logi st i c s Out bound and I nbound Pr oc esses
ERP Syst em I mpor t Proc ess
Pr oduc t &
Busi ness
Mast er Dat a
(Suppl i er )
Shi ppi ng Not i f i c at i on Goods Rec ei pt Pur c hase Or der
ERP Syst em Ex por t Proc ess
Del i ver y (Pr o-f or ma) I nvoi c e Sal es Or der
Pr oduc t &
Busi ness
Mast er Dat a
(Cust omer )
SAP GTS
Ex por t / I mpor t
Compl i anc e Chec k
Bonded War ehouse
Dut y Cal c ul at i on
Cust oms
Communi c at i on
Ex por t / I mpor t
Doc ument Pr i nt i ng
L/C Compl i ant
Pr i nt i ng
Ex por t / I mpor t
Compl i anc e Chec k
I TAR/EAR Li c ense Det
Let t er of Cr edi t (L/C)
Chec k
Pr oduc t
Cl assi f i cat i on
(HTS, ECCN,
Sc hedul e B, )
SAP AG 2006, GRC Update
SAP Ex por t Management
Ensures Trade Compl i ance Ac ross Borders
SAP
Ex por t Management
Avoi d c ost l y f i nes and penal t i es
through facilitating tighter national security
Short er del i very t i mes
through automated trade compliance
processes
I mpr ove w or k er pr oduc t i vi t y
via moving to management-by-exceptions
Sec ur e your c or por at e br and
equi t y
by avoiding negative press
Be pr epar ed f or l egal audi t s
by having all required documentation at
hand
SAP
I mpor t Management
SAP
Tr ade Pr ef er enc e
Management
Benef i t s
Sanc t i oned Par t y Li st Sc r eeni ng
Screen business partners
Screen documents at every step (order-
to-cash and procure-to-pay process
Comprehensive documentation
Integration with Logistics, HR, Financial
Ex por t / I mpor t Cont r ol
Manage export and import licenses (incl.
Nested Licenses)
Manage TAA and MLAs
Automated assignment of licenses to a
specific business transaction
Ability to Interface with DDTC (D-Trade)
Web Portal access to License
Applications & Amendments (DSP-
5,61,73,85,119)
Track quantity and value depreciation
Content provider for USML (partner
solution)
Embar go Chec k
Check for potential embargo situations
Key Capabi l i t i es
SAP AG 2006, GRC Update
I TAR Compl i anc e w i t h SAP GTS
SAP GTS hel ps you manage I TAR Requi r ement s ac r oss your ent er pr i se
Pr oduc t Cl assi f i c at i on
Assign the correct USML numbers to your products
Export Li c ense Det er mi nat i on and Management
A single, central location for end-to-end license management
Embar go Chec k
Automatic screeni ng of desti nation country to identi fy potenti al ITAR issues
Sanc t i oned Par t y Li st Sc reeni ng
Screen business partner, employees and applications agai nst official sanctioned part y lists
Government Communi c at i on
Certifi ed support for electroni c communication with the US Government
Audi t i ng and Rec ord Keepi ng
Maintain a complete audit trail to show authori ties
SAP AG 2006, GRC Update
SAP GTS Has Si gni f i c ant Mar k et Moment um
SAP GTS is the leader in global trade management space
Over 450 Customers in 20 countries, i ncluding business world's
best-known brands
Business process knowledge and vast experience in 25 industries
SAP AG 2006, GRC Update
SAP AG 2006, GRC Update
Conc l usi on
SAP GTS hel ps you r educe RI SKS, TI ME and COSTS
I nc r ease Ef f i c i enc y
Automated, standardized processes
Tight integration into logistics processes
Reduc e Ri sk of Non-Compl i anc e
Avoi d costl y fines and penalties
Complete and accurate audit trail
Reduc e RI SKS, TI ME and COSTS
Reduc e TCO
One central global trade solution
Reduced software and hardware costs
Ac c el er at e Cr oss-bor der Tr ansac t i ons
Expedite customs clearance
Accel erate del ivery times
$


SAP AG 2006, GRC Update
I NDUSTRY ecosystems bringing together leading customers, partners & SAP
CreatingVALUE by focusing on priority industry needs & opportunities
With strongNETWORK collaboration, combined expertise, resources & solutions
I ndust r y Val ue Net w or k s
SAPs uni que i ndust r y ec osyst em i ni t i at i ve
SAP
IVN Lead & Enabl er
Syst em I nt egr at or s
Industry Services & Solutions
Tec hnol ogy Vendor s
Supporting Technology
Cust omers
Innovati on Needs &
Solution Validation
I SVs
Complementary Solutions
SAP AG 2006, GRC Update
Thank you!
Thank you!
For further information, please visit:
www.sap.com/grc
Paul Pessutti
Director, Strategic Applications
SAP GRC
paul.pessutti@sap.com
+1 (650) 283-8354
SAP AG 2006, GRC Update
Copyr i ght 2007 SAP AG. Al l Ri ght s Reser ved
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be
changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.
Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.
IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries, xSeries, zSeries, System i, System i5, System p, System
p5, System x, System z, System z9, z/OS, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, Informix, i5/OS, POWER, POWER5, POWER5+, OpenPower and PowerPC are
trademarks or registered trademarks of IBM Corporation.
Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries.
Oracle is a registered trademark of Oracle Corporation.
UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.
Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc.
HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C

, World Wide Web Consortium, Massachusetts Institute of Technology.


J ava is a registered trademark of Sun Microsystems, Inc.
J avaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape.
MaxDB is a trademark of MySQL AB, Sweden.
SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered
trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies.
Data contained in this document serves informational purposes only. National product specifications may vary.
The information in this document is proprietary to SAP. No part of this document may be reproduced, copied, or transmitted in any form or for any purpose without the express prior
written permission of SAP AG.
This document is a preliminary version and not subject to your license agreement or any other agreement with SAP. This document contains only intended strategies, developments,
and functionalities of the SAPproduct and is not intended to be binding upon SAP to any particular course of business, product strategy, and/or development. Please note that this
document is subject to change and may be changed by SAP at any time without notice.
SAP assumes no responsibility for errors or omissions in this document. SAP does not warrant the accuracy or completeness of the information, text, graphics, links, or other items
contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability,
fitness for a particular purpose, or non-infringement.
SAP shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials. This
limitation shall not apply in cases of intent or gross negligence.
The statutory liability for personal injury and defective products is not affected. SAP has no control over the information that you may access through the use of hot links contained in
these materials and does not endorse your use of third-party Web pages nor provide any warranty whatsoever relating to third-party Web pages.