protecting your data - sap grc & analytics ron corsello – coe finance lead nasc conference...
TRANSCRIPT
Protecting your data - SAP GRC & Analytics
Ron Corsello – COE Finance LeadNASC conference 2015
© 2014 SAP AG. All rights reserved. 2Customer
The information in this presentation is confidential and proprietary to SAP and may not be disclosed without the permission of SAP. This presentation is not subject to your license agreement or any other service or subscription agreement with SAP. SAP has no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation and SAP's strategy and possible future developments, products and or platforms directions and functionality are all subject to change and may be changed by SAP at any time for any reason without notice. The information in this document is not a commitment, promise or legal obligation to deliver any material, code or functionality. This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. This document is for informational purposes and may not be incorporated into a contract. SAP assumes no responsibility for errors or omissions in this document, except if such damages were caused by SAP´s willful misconduct or gross negligence.
All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions.
Legal disclaimer
© 2014 SAP AG. All rights reserved. 3Customer
Challenges with Governance, Risk & Compliance today
Usually a hodge-podge of systems for: - User Provisioning - Identity Mgt (incl web access) - Role Mgt - Segregation of Duties (SOD) - Compliance Reporting
Lack of Workflow
Lack of oversight by non-IT staff
Lack of mobile access
Internet access risks
© 2014 SAP AG. All rights reserved. 4Customer
Why GRC Matters
What is “top of mind” for management?
Avoid fines/penalties
Identify risks that will keep me
from meeting my objectives
Will we be the next Headline?
Data Quality
Reduce Compliance Cost
Brand
Protection
Continuous Improvement
VisibilityAccurate Governance
ImprovePerformance
FraudPrevention
Am I aware?
Avoid Surprises
© 2014 SAP AG. All rights reserved. 5Customer
Control failures / Risk event
Lowers public perception
Reduces confidence
Raises costs
Increases scrutiny
The real world implications
Performance Impact
Lack of transparency
Disrupts operations
© 2013 SAP AG. All rights reserved. 6Customer
Brand enhanced
Controls enhance performance
Opportunities identified
Risks anticipated and managed
The Potential for Positive Impact
Public demands met
Major disruptions avoided
Confidence attained
OptimizedPerformance
© 2014 SAP AG. All rights reserved. 7Customer
Ask yourself these questions
Are your employees and systems compliant?
What is the cost of compliance?
Are controls in place and shared across your organization?
What is the opportunity for fraud and errors?
Are risk responses ready and effective?
Are behaviors reflective of policies?
© 2014 SAP AG. All rights reserved. 8Customer
GRC involves many elements...
Compliance
Audit
Risk
Monitoring
Access management
Policy
Identity management
Legal
Quality
Regulatory reporting
© 2014 SAP AG. All rights reserved. 9Customer
What you achieve with GRC technology
Collaboration and engagement
Alignment and integration among GRC programs
Visibility into the status and controls
Automation and streamlining of tasks
Reduced number of compliance events & cost
Integrity and improvement of business processes
© 2014 SAP AG. All rights reserved. 10Customer
SAP solutions for Governance, Risk and ComplianceComplete and Integrated
Manage access risk and prevent fraud
SAP AccessControl
SAP ProcessControl
SAP RiskManagement
Preserve and grow value
Ensure effective controls and ongoing compliance
SAP AuditManagement
Drive increased audit efficiency and effectiveness
SAP FraudManagement
Better detect and prevent fraud
SAP Identity Analytics
Gain insights into user roles and optimize decision making
SAP Access Violation Management
SAP Regulation Management
Identify and quantify the impact of actual access risk violations
Manage regulatory requirements and align with
internal control activities
Controller
Governor, Agencies,
Visibility and confidence
Reduced cost of compliance
Public
© 2014 SAP AG. All rights reserved. 14Customer
Regulation Management Regulatory Collaboration & Execution
1 Regulatory Citations Capture, intake and reporting of
regulations
Leverage content from UCF,
LexisNexis, Thomson Reuters,
etc.
Regulatory alerts and monitoring
2 Requirements Version control and gap
analysis
Delta change management
Pre-built reports for regulatory
requirements
3
Collaboration Central repository for regulatory
content, requirement and reporting
Comment and interact from start to finish
Share and review best practices
Workflow Dynamic, multi-threaded
workflow capabilities
Review all or part of citations,
requirements or controls at any
time
Control Definition Best practice control mapping &
content creation
Unified control framework for all
regulatory agencies
Map controls back to citations
4 Controls Management Manage, monitor and test controls
against production systems*
Control Automation Automatically execute control tests
and import results*
Reporting and Documentation Capture, store and report results*
Manage and maintain findings*
IT ComplianceBusiness Audit Legal
* With SAP Process Control
© 2014 SAP AG. All rights reserved. 15Customer
Fraud is Typically Found Without TechnologyDetection through Automation can be leveraged to find more
Source: 2012 Report to the Nations on Occupational Fraud and Abuse,Association of Certified Fraud Examiners
© 2014 SAP AG. All rights reserved. 16Customer
Key Benefits• Track fraud as early as
possible before transactions are further processed
• Improve the efficacy of the fraud team and increase ROI of the fraud detection system
• Faster fraud processing to avoid blocking a transaction longer than needed
• Early identification of potential fraud situation enables business users to gather more data for their investigation
Real-time alerting & option to hold suspicious transactions and avoid damages
Fully integrated fraud processingAdvanced alert management
© 2014 SAP AG. All rights reserved. 17Customer
consumer user experience is the new standard
The world is changing
© 2014 SAP AG. All rights reserved. 18Customer
GRC AnalyticsSimple user interface
Key Benefits
Internal auditors view the status and action items anytime/anywhere
Provides e-mail reminders
with action items
Collaborate audit issues with colleagues
© 2014 SAP AG. All rights reserved. 19Customer
GRC Analytics
Key Benefits
Internal auditors can use the mobile app to identify sufficient, reliable, relevant, and useful information to achieve the engagement’s objectives.
Documentation is captured once and shared
Documentation can be reviewed by audit management
Audit Management example
© 2014 SAP AG. All rights reserved. 20Customer
MANAGE BETTER
PROTECT VALUE
OPTIMIZE PERFORMANCE
Automate manual tasks
Employ best practices
Unify the platform
Automate monitoring
Report and analyze
Leverage predefined content
Provide timely information to decision makers
Gain business process insights
Link to value drivers
Why a comprehensive GRC system?Proactively balance risk and opportunity
Thank You!
Ron CorselloFinance Lead, Center of [email protected]
© 2014 SAP AG. All rights reserved. 22Customer
Compliance and control management challenges
Manual, inefficient, slow and inaccurate
Lack of focus on most critical requirements, risks and processes
Not scalable
MISSION
HR
Finance
Manufacturing
Compliance Office
Information and data is spread across many people and systems
Inconsistent practices
Lack of accountability Risk Management
InternalControlsCompliance
FinanceOperations Internal Audit
Operations, Finance, Audit, Local GRC