GRC

Page 1

GRC (Governance, Risk and Compliance)

1

Birds-Eye View 2

Our Company THINKSEA Enterprise Risk Management and the view from CxO’s Compliance Pain Points SAP solution for GRC SAP GRC AC - Sustainable prevention of SoD Violations Risk Analysis and Remediation(RAR) Enterprise Role Definition Super User Assess Management Control Compliant Provisioning (Manual)

Benefits Client Side Inputs

THINKSEA 3

THINKSEA is a leading technology and services delivery organization.

Diversified range including SAP, Mobile Applications, staffing, projects and web applications.

Visit us @ http://sap.thinkseaconsulting.com

THINKSEA 4

THINKSEA has provided critical Project Management and technical expertise for comparing state of the art products from leading IT companies.

THINKSEA has been providing staffing services in SAP applications area.

In last one year THINKSEA has completed 4 projects for top computer companies.

Team Introduction 5

Uma Shankar Tekumudi

Sridhar BV

Uma has a vast experience in the area of IT Security and Information Audit, he has been playing critical role in SAP GRC implementation in multiple projects Having 7 years of experience in IT , including more than 5 years experience In SAP GRC and Security , He has previously worked with IBM , As SME GRC Center Of Excellence ( COE)

Over 6 years of SAP GRC and Security consulting experience, working in an onsite-offsite model for clients in North America. Gained valuable experience in handling a combination of implementation and support projects on ECC / R/3, BW, GRC

Siva Ram Krishna

Over 5 years of IT experience including the areas of IT Security and Audit. He has previously worked with IBM ,Has good experience in SAP GRC Implementations and Upgrade projects.

Enterprise Risk Management and the view from CxO’s 6

Owner: CEO Function: General Management

Market & Strategic Risks

Owner: CIO Function: IT IT Risks

Financial Compliance Risks Risks Owner: CFO Function: Finance

Owner: CRO Function: Compliance

Take-away Organizations are struggling with the question of how to manage risks enterprise-wide and holistically

Compliance Pain Points

“Common Compliance Pain Points�

7

Corporate information in SAP is not sufficiently protected from accidental or intentional manipulation, destruction or theft. Segregation of Duties conflicts neither monitored effectively nor appropriate risk mitigation strategies implemented. A major compliance observation. Unclear ownership & responsibilities for change management & approval. Time consuming further. An efficient Control Framework is truly not fully in place. Internal and external audit expects substantial compliance. Existing access related data (roles & users) requires clean up to reflect the changed business scenario. Need to move into a continuous compliance state A tool based approach to support the Control Framework of the business

SAP Solutions for GRC 8 Business Process

Transparency to balanced global risk profile

Industry-Specific GRC Life Sciences

Chemicals

Oil & Gas Banking

High Tech Cross-Industry GRC Risk Management

Risk Management

Compliance & Controls

Access Control

Process Control

common GRC content and rules

Automates and embeds GRC Global Environment Trade

GRC Repository

Business Process Platform

Business Applications

Standardization on

into business processes

SAP GRC AC - Sustainable prevention of SoD Violations 9

Minimal Time To Compliance (Get Clean)

Effective Management Oversight and Audit

Continuous Access Management (Stay Clean)

(Stay in Control)

Risk Identification and Remediation

Enterprise Role Management

Compliant User Provisioning

Rapid, costeffective and comprehensive initial clean-up

Enforce SoD compliance at design time

Prevent SoD violations at run time

Superuser Privilege Management Close audit issue with temporary emergency access

Risk analysis, remediation and prevention services Cross-enterprise library of best practice segregation of duties rules

Periodic Access Review and Audit

Focus on remaining challenges during recurring audits

Risk Analysis and Remediation(RAR) 10

Risk Identification

Risk Elimination

Reporting

Prevention

Enterprise Role Definition 11

Reduce cost of role

Centralized Role Management Enterprise Rules

SAP GRC Access Control

maintenance

Ease compliance and avoid Audit log

authorization risk

Eliminate errors and enforce best practices

Across applications

Assure audit-ready traceability ‌

Role

Role Role Role Role

Role

Role

Role

Role

Role

and security checks

28% time savings in role management Customer Survey, 3/2006

Compliant enterprise roles

SAP GRC AC -Superuser Access Management 12

The only compliance-focused emergency access solution Compliant Superuser Access

Key Functionality

Superuser

ID Administration

Security

Date Restrictions Log-in Restrictions Single User per ID

Notification

Specific Authorization Access

Reporti ng

Privileged Access New Session New Session New Session New Session Firecall ID

Firecall ID

Firecall ID

SD

MM

FICO

Firecall ID ...

Alert Framework Log Reporting Audit Logs

• • • •

Log

Log

Pre-assigned firecall IDs Access restrictions Validity dates Field-level changes tracked in audit log

Log

SAP GRC Access Control Compliant Provisioning 13

Current Approach—Inefficient, Not Compliant Access Request

email

email

Manager Approval

Enables Compliant End-to-End Provisioning “hire to retire”

Role Owner spreadsheets, paper forms spreadsheets, paper forms

Manual Provisioning

IT Security

GRC Access Control Compliant Provisioning 14 Compliant Provisioning with Dynamic Workflow HR Event

Request Generated

Employee Hired/Retire d Mgr Approval

100% Automated Path Workflow— based on request type and user attributes Via e-mail Escalation Workflow

Risk Analysis

1 “Click” Preventive Simulation Exception Workflow

Automated Provisionin g

“We reduced provisioning from 2 weeks to 2 days” – Web Seminar Rockwell Collins, 3/2005

100% Automated …

Key Solution Capabilities and Benefits 15

Identifies and prevents access and authorization risks in cross-enterprise IT systems to prevent fraud and reduce the cost of continuous compliance and control

Provides end-to-end automation for detecting, remediating, mitigating, and preventing access and authorization risk across the enterprise

Allows for true cross-enterprise SoD risk mitigation by integrating into SAP and non-SAP systems

Common Customer Challenges Addressed 16

Need to comply with SOX regulations for section 404, or similar regulations

Weak support for the audit process to ensure the right measures are in place to prevent fraud

Manual or people-intensive compliance processes involving emails, spreadsheets and/or paper

Uncontrolled role management Excessive super-user access

Value Proposition 17

Establish approach and process to manage risk rules Gain alerts on potential violations Identify business functions which produces risks when executed by same individual

Focus on prevention vs. “a point in time� detection Simplify compliant enterprise level role administration Enforce compliant security for Privileged Access Increase visibility through timely notification Deliver audit ready, detailed reporting

18

Questions?

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.