Confidence Powers Success by Tom Warren

CONFIDENCE powers success

SAP Governance, Risk and Compliance (GRC) – a portfolio of solutions

SAP RISK MANAGEMENT

Table of Content 1

Introduction

Clarity creates opportunity SAP Risk Management

Control empowers your organization SAP Access Control

Continuity maintains effective control SAP Process Control Solution Brief

Cover prevents fraud SAP Fraud Management

SAP Governance, Risk and Compliance (GRC) a portfolio of solutions SAP Governance, Risk and Compliance

What are the threats to your business? SAP RISK MANAGEMENT

In reality they can come from anywhere and span a wide range of activities such as health & safety, IT security, financial reporting and credit risk exposure. Your business can be compromised by bribery, money laundering, off-label marketing and other illegal activities to oil spills, explosions, adverse weather conditions, product recalls and trading conflicts. Wouldnâ&#x20AC;&#x2122;t you like to manage these risks with confidence, and know with certainty that your business is assuming a responsible level of risk and not wasting resources on unnecessary controls? Many companies struggle to manage governance, risk and compliance in a consistent and efficient manner. Responsibilities can become dispersed, critical information can be hidden in bureaucratic silos, and risks and opportunities can be overlooked. SAP solutions for governance, risk, and compliance (GRC) can help you bring about integration, manage strategically and allow an enterprise-wide view. By implementing the relevant solutions, you can understand your business value drivers and gain insight into how value is created and destroyed by everyday activities. So youâ&#x20AC;&#x2122;ll be able to proactively balance risk and opportunity, and have the confidence to go forward and improve business performance. Under the SAP GRC portfolio, three primary products, Access Control, Process Control and Risk Management, can help you know your business, decide with confidence, be in complete control, and drive value. Find out more > 68% of organizations admit they were caught off guard by an operational surprise in the last five years (Source: Beasley, Branson, and Hancock, July 2012) 66% of executives consider enterprise risk management somewhat or extremely important (Source: SAP insider Research) 90% of companies that have integrated governance, risk, and compliance have had results that met or exceeded their expectations (Source: OCEG 2012 Maturity Survey) 50% of companies are using outdated risk management solutions (Source: SAP insider Research) SAP Governance, Risk and Compliance ÂŠ 2013 SAP AG or an SAP affiliate company. All rights reserved.

SAP RISK MANAGEMENT

Clarity creates opportunity

Once you know the risks your organization faces, you need to ensure you are completely prepared for them. SAP’s Risk Management solution will help you formalize the way you plan, identify, analyze, monitor and respond to risk. By streamlining risk response decisions and reducing unnecessary duplication, you can optimize the limited resources you have available for audit and compliance testing. You’ll receive timely warning of hidden trends and patterns in your data, which will enable you to protect your business against fraud. Structured, electronic sign-off procedures will ensure completeness and accountability. You’ll know you are totally ready for every eventuality and fully compliant in every market. And that means you can operate with the level of confidence that helps build trust in all your stakeholders which ultimately affects how highly your business is valued.

SAP’s Risk Management solution will enable you to: 1. Preserve and grow the value of your business – through better collaboration, productivity and communication 2. M anage risk – with increased reliability 3. R espond more effectively – by drawing on a clear insight into relationships among drivers, risk indicators events and consequences 4. M ake greater gains – from business opportunities 5. Reduce the impact of catastrophic losses – through early mitigation 6. C omply with confidence – and with oversight and disclosure SAP Process Control Solution Brief Find out more >

Effective GRC Management Strategies for Mitigating Risks and Sustaining growth in the Tough Economy Find out more >

SAP RISK MANAGEMENT

Risk Management: Webinar >

Case study – Baker Hughes Oilfield services company Baker Hughes was experiencing a lot of challenges integrating risk management into their project methodology. The root of the problem was that there was no single risk register. Instead, they were using a whole raft of different manual techniques and processes, and tracking thousands of risks on numerous spreadsheets. By using SAP’s Risk Management solution, they were able to create one single source where they could harmonize and rationalize all the risks. The result? Everyone – from the executive team to the teams on the rigs – could access the same information and share a vision about what the company was trying to achieve in terms of risk management.

View our overview video > Know Your Risks, Respond Better Nearly two-thirds of companies say they’re facing more and more complex risks than 5 years ago See our infographic >

Taking Risk Management to the Next Level at Baker Hughes Find out more >

SAP ACCESS CONTROL

Control empowers your organization

If a business is suspected of not fully understanding, or not protecting itself against the many risks it faces, confidence and trust is lost and its value can be seriously undermined. By taking a unified approach to risk management, you can assure your board, your teams and your shareholders that your organization and the investments you have made in your people and technologies are fully protected against every eventuality, including fraud. You will reduce the number of incidents and exposure to risk over time. Scheduling and assignment tracking will ensure accountability and automated policy management will set the proper tone. Compliance ratings can be increased from 55% to over 90%. With SAP’s Access Control solution, your business can move beyond manual processes for managing access risk. It will enable you to control segregation of duties (SoD), as well as critical, sensitive and superuser access efficiently and effectively. And by enabling you to manage access risk on an exception basis, you’ll be free to focus on initiatives that add real value.

It will help you: 1. R educe access risk – as well as levels of internal fraud and loss of revenue due to employee error 2. Cut costs – of enterprise-wide access management 3. E nable efficient, cost-effective audits and on-going compliance activities SAP Access Control Solution Brief Find out more >

Reduce Fraud and Increase Efficiency with Automated Access Controls Giving employees the right access to the right information is essential to help ensure smooth operations and prevent fraud Find out more >

SAP ACCESS CONTROL

Who has access to your information? Watch this video >

Case study: Natura When Brazil-based cosmetics and personal care products company Natura was faced with a high level of information security risk, it decided to strengthen its governance model for data and access control. By upgrading to SAP’s Access Control solution, the company achieved a remarkable 87% reduction in its level of information security risk. The solution also enabled more complete and compliant reporting, with the time taken to prepare reports for auditing falling by some 60%. And by allowing inactive profiles to be excluded, Natura’s Access Control became leaner – with a resulting 30% drop in transaction volume per profile. Add the lower maintenance costs involved as a result of 50% fewer support calls, and it’s clear to see how SAP has helped Natura to run more productively as well as securely.

Access the strengths of your company >

Natura BTS Find out more>

Access Control

Best Practices

An automated process for approving and tracking superuser access usage is in place

Approval workflows for changes to user access automatically generate comprehensive audit trails and reporting to support internal and external audits

A periodic, automated user access review process is in place

Simulation capabilities are in place to understand the impact role changes will have to existing users and to prevent introducing noncompliant roles into production

Segregation of Duties (SoD) risk identification and remediation is performed automatically, across multiple ERP environments and/or instances as appropriate

Access Control

Adoption of best practices varies at each stage of maturity

Best Practice Listing 1

The Results Access Control Adoption Maturity Model

Best Practice Ranking

1 = No Coverage 5 = Full Coverage

Rank 1 No Adoption

2 TOP 25% Customer Coverage

Average Customer Importance

Confidential

Rank 4 High Adoption

Rank 5 Full Adoption

Business users have partial visibility, for some changes and basic level of audit trail information is available

Business users have good visibility, for many changes and comprehensive audit trail information is available

Business users have full visibility and comprehensive audit trail information is instantly available

Segregation of duties (SoD) is performed manually except for few exceptions with no simulation capabilities existing and no alert notifications sent

Segregation of duties (SoD) is partially performed automatically with some simulation capabilities existing and few alert notifications sent

Segregation of duties (SoD) is mostly performed automatically with simulation capabilities existing and most of the alert notifications sent

Segregation of duties (SoD) is completely performed automatically with simulation capabilities fully in place and all alert notifications sent

Emergency Access Management

Emergency access management is manual with no alerts and audits available for sessions

Emergency access management is manual with few alerts and audits available for sessions

Emergency access management is partially automated with alerts and audits available for some sessions

Emergency access management is mostly automated with alerts and audits available for most sessions

Emergency access management is fully automated with alerts and audits available for all sessions

User Access Management

User access administration and management is manually conducted

User access administration and management is mostly manual except for some exceptions where few tasks are automatically done

User access administration and management is partially automated with some tasks related to approval notification and compliance verification done automatically

User access administration and management is mostly automated with majority of the tasks related to approval notification and compliance verification done automatically

User access administration and management is fully automated with all the tasks related to approval notification and compliance verification done automatically

Role Management

Role governance process is not centralized and simulation capabilities and audit trails are not available

Role governance process is partially centralized however simulation capabilities and audit trails are not available

Role governance process is partially centralized with some simulation capabilities and audit trails existing

Role governance process is mostly centralized with simulation capabilities and audit trails existing

Role governance process is fully centralized with simulation capabilities in place and comprehensive audit trails instantly available

Rank 3 Intermediate Adoption

Business users have little visibility and basic level of audit trail information is available, for some changes

Segregation of duties (SoD) is performed manually with no simulation capabilities existing and no alert notifications sent

1 0

Rank 2 Low Adoption

Business users have no visibility and audit trail information is not available

Access Risk Analysis

Strategy

5 4

Confidential

SAP PROCESS CONTROL

Continuity maintains effective control

To optimize performance, businesses need a clear understanding of the risks they face and the effects they can have. With efficient and co-ordinated risk and compliance management across your organization, you can integrate vital GRC information into your short-term and long-term decision-making.

SAP Process Control Solution Brief Find out more >

Key risk indicators can help you monitor real-time risks and reduce the frequency and size of loss events, whilst formalized data capture and advanced modelling techniques can help drive the most efficient risk response. Automation and cross system monitoring saves time on auditing and compliance activities, and improved reporting gives managers greater visibility into business performance.

SAPâ&#x20AC;&#x2122;s Process Control solutions can help your business proactively balance risk and opportunity by enabling you to: 1. C ut the cost of compliance, risk and audit activities - through automation and resource optimization 2. Reduce your risk exposure - by continual monitoring and analysis 3. O ptimize performance - using comprehensive, real-time risk and compliance information 4. B oost the return on your business initiatives - by aligning risk with strategy 5. I mprove your decision-making - for more effective long-term strategy SAP Governance, Risk and Compliance ÂŠ 2013 SAP AG or an SAP affiliate company. All rights reserved.

SAP PROCESS CONTROL

Watch the 3 minute Video >

Case study: Sharp Electronics Sharp Electronics is a manufacturing and service company producing state-of-the-art solar system electronics. Formerly, the company had a decentralized control framework comprising ten business units across North and South America – each with its own processes for identifying risks and controls to mitigate them. Having introduced SAP’s Process Control solution, all the company’s controls are now centralized. This has enabled Sharp to streamline its operations by reducing their number from 350 to 230. By automating these to tie in with business objectives, control owners can focus on resolving issues rather than merely identifying them – and the business as a whole can focus on delivering innovation rather than just managing processes. Find out more >

SAP FRAUD MANAGEMENT

Cover prevents fraud

Fraud represents another big threat, with businesses at risk of losing assets and opportunities and being liable for compliance penalties and extra expenses. This amounts to an average 5% loss in revenue. With SAP’s Fraud Management solution, you can detect fraud early and protect against the financial losses that can be incurred.

Learn how SAP Fraud Management, an application for detecting, investigating and deterring fraud, is powered by the SAP HANA platform. View the 3-minute overview video >

With the clarity and insight that SAP can help you achieve everyone will have the confidence to make business decisions and make the most of every opportunity in even the toughest environments.

SAP Fraud Management enables your business to: 1. U ncover hidden trends and patterns in large amounts of data – to detect fraud in near real-time 2. Reduce false positives and increase productivity – with powerful simulation features

Press Release: SAP Takes Aim at US $3.5 Trillion of Fraud Find out more >

3. Q uickly adapt to evolving fraud patterns – and enhance prevention with improved fraud strategy management 4. R educe the risk of fraud – with advanced analytic capabilities and greater visibility

SECTION SUBHEADLINE RUNS AND HERE AND HERE AND HERE AND HERE AND HERE

SAP Governance, Risk and Compliance (GRC) – a portfolio of solutions

Our Access Control solution helps our customers identify and mitigate the critical user access and authorization risks in their key IT systems and business applications, and across core business processes. With Access Risk Management customers can better manage and better protect core systems and applications that support their business processes and strategies.

Solution in Detail Finance Manage Enterprise Risk and Compliance Read our overview brochure >

Our Process Control solution enables automation of compliance and controls management. Using this solution, companies can continuously monitor control effectiveness and embed compliance and control activities into their business processes. Our Risk Management solution protects the fundamental business value drivers by providing insight into the management of risk. It provides continuous visibility with proactive capabilities to prevent catastrophic value-destroying risk. Our Fraud Management solution enables organizations across all industries to detect, investigate, prevent, and monitor any irregular fraudulent activities in business environments that deal with ultra-high volumes of data, on SAP and non-SAP systems alike.

Brewing U

This article appeared in the APR MAY JUN 2013 issue of insiderPROFILES (http://insiderPROFILES.wispubs.com) and appears here with permission from WIS PUBLISHING.

More information If you’d like to know more about how governance, risk and compliance solutions from SAP can enable better risk and management compliance within your organization, please call your SAP representative or visit SAP.COM/GRC

SubScribe today. ViSit inSiderProFiLeS.wiSPubS.com.

Brewing Up Process Change Grupo Modelo Manages Risk with SAP’s Latest Solutions for GRC Find out more >

www.sap.com/contactsap

CMPxxxx (YY/MM)

© 2013 SAP AG or an SAP affiliate company. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP AG and its affiliated companies (“SAP Group”) for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Please see http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices.