Post on 25-Feb-2023
IBM SAP GRC Process Control Team
1
SAP Pearl - IBM
Introduction to SAP GRC and
SAP GRC Process Control Overview
Author Mohammed K MasoodIndiaIBM
IBM SAP GRC Process Control Team
2
What is GRCGRC is an integrated holistic approach to organization-wide governance risk and compliance ensuring that an organization acts ethically correct and in accordance with its risk appetite internal policies and external regulations through the alignment of strategy processes technology and people thereby improving efficiency and effectivenessldquo
bull Governance describes the overall management approach through which senior executives direct and control the entire organization using a combination of management information and hierarchical management control structures Governance activities ensure that critical management information reaching the executive team is sufficiently complete accurate and timely to enable appropriate management decision making and provide the control mechanisms to ensure that strategies directions and instructions from management are carried out systematically and effectively
bull Risk management is the set of processes through which management identifies analyzes and where necessary responds appropriately to risks that might adversely affect realization of the organizations business objectives The response to risks typically depends on their perceived gravity and involves controlling avoiding accepting or transferring them to a third party Whereas organizations routinely manage a wide range of risks (eg technological risks commercialfinancial risks information security risks etc) external legal and regulatory compliance risks are arguably the key issue in GRC
bull Compliance means conforming with stated requirements At an organizational level it is achieved through management processes which identify the applicable requirements (defined for example in laws regulations contracts strategies and policies) assess the state of compliance assess the risks and potential costs of non-compliance against the projected expenses to achieve compliance and hence prioritize fund and initiate any corrective actions deemed necessary
IBM SAP GRC Process Control Team
3
Why GRCWidespread interest in GRC was sparked by the US Sarbanes-Oxley Act and the need for US listed companies to design and implement suitable governance controls for SOX compliance but the focus of GRC has since shifted towards adding business value through improving operational decision making and strategic planning It therefore has relevance beyond the SOX worldGovernance Risk and Compliance or GRC is an increasingly recognized term that reflects a new way in which organizations are adopting an integrated approach to these aspects of their business
IBM SAP GRC Process Control Team
4
Summary of the Sarbanes-Oxley Act of 2002
1048708 Enacted by the US Congress on July 30 20021048708 Defined a new paradigm for corporate accountability1048708 Applies to all companies registered with the Securities and Exchange Commission (SEC)1048708 Clearly defines corporate responsibilities
1048708 Audit Committee1048708 Chief Executive Officer (CEO)1048708 Chief Financial Officer (CFO)
1048708 Created a new standard for the design implementation and operation of an internal control structure
Sound internal controls are no longer just a best practice they are required by law
SOX and Public Company Accounting Oversight Board (PCAOB)In 2002 Congress passed the Sarbanes-Oxley Act (the Act) which among other things
established new provisions related to internal control over financial reportingSections 302 and 404 of the Act require company management to assess and report on the effectiveness of the companys internal control process
PCAOB published Auditing Standard 2 (AS2) in 2004 Auditing Standard 5 (AS5) was published in
July 2007 to replace Audit Standard 2 PCAOB inspects registered external auditors to ensure they
are following PCAOBrsquos auditing standards
The goal of the consultant is not to interpret Sarbanes-Oxley or Audit Standard 5 but to highlight the
information published by the PCAOB as it relates to the Process Control product
IBM SAP GRC Process Control Team
5
Internal Controls Environmentsupported by SAP GRC Products
IBM SAP GRC Process Control Team
6
SAP GRC ndash The ProductSAP BusinessObjects governance risk and compliance solutions (SAP BusinessObjects GRC solutions) offer your organization a preventive real-time approach to governance risk and compliance Automated risk and compliance monitoring activities can help you proactively prevent risk events and compliance violations helping you protect the value of your organization
Whats more SAP BusinessObjects GRC solutions can empower you to incorporate risk management and compliance into your strategy planning and operational execution ndash helping you leverage GRC as a competitive differentiator and optimize performance
bull Enterprise GRC ndash Automate risk management compliance and monitoring activities and minimize the associated cost and effort required
bull Access risk management ndash Confidently manage and reduce access risk across the enterprise with a single solution to manage a centralized strategy for governance risk and compliance
bull Global trade services ndash Minimize global trade violations with a single integrated platform to meet complex and ever-changing global trade compliance requirements
bull Environment health and safety management ndash Empower your organization to address regulatory compliance integrate the management of operational risks related to environment health and safety and address corporate sustainability initiatives
bull Sustainability performance management ndash Help your organization track and communicate sustainability performance set goals and objectives manage risks and monitor activities
IBM SAP GRC Process Control Team
7
Overview SAP Business Objects Portfolio
Enterprise Performance Management
Strategy Management
Business Planning
Profitability andCost
Management
FinancialConsolidati
onSpend
Analytics
Data Integratio
n
Data Quality
Management
Master Data
Management
Metadata Management
Information Management
Governance Riskand Compliance
RiskManagement
Access Control
Process Control
Global Trade
ServicesEnvironment Health and Safety
Information Discovery and
DeliveryReporting Query
Reporting and Analysis
Dashboards and
Visualization
Search and Navigation
Advanced Analytics
IBM SAP GRC Process Control Team
8
Introduction to SAP GRC Process Control
The SAP BusinessObjects Risk Management and SAP BusinessObjects Process Control applications offer comprehensive functionality that supports the following
bull Automatic monitoring of key risk indicators and compliance effectivenessbull Automatic risk and compliance management delivered through predefined best practice
workflows assessments surveys and signoffbull Risk response and remediation tracking for easy assessment of effectiveness of
responsesbull Automated business process and system monitoring across heterogeneous landscapesbull Scalable support for multiple compliance and risk programsbull Risk-based scenario analysis provides insights into the potential impact of
increased risk levels and compliance violationsbull Predefined risk and regulatory content formulated for specific industries and lines
of businessbull Unified management and control of strategic financial operational and compliance
risksbull Unified framework that help you align business process compliance and risk
methodologiesbull Consolidated views that can help simplify risk and performance analysis across
multiple lines of businessbull Automated risk and compliance alerts notifications reports and workflows
SAP GRC Process Control deals with the SAP application for process control SAP GRC Process Control provides a risk-based procedure for creating a control framework and for indicating the most effective and powerful controls for business processes and cross-enterprise IT systems
IBM SAP GRC Process Control Team
9
SAP Process Control ndash Big Picture
Perform Assessment
s
TestAutomated Controls
Test Manual
Controls
Certify and Sign Off
Remediate Issues
Organization Process Sub-process Risk
Control
IT Infrastructure
Business Processes
hellip YesN
o
S U R V E
Y
Eval
uate
Monito
r Perform CAPA
Scop
e
Monitor Exceptions
Sign
Off
SOXEnterprise Integration
Risk Management
Access Control
Third-party applications
Data Privacy Event Systems
Enterprise Productivity
Reporting Crystal Reports Xcelsius Dashboard BI Reports Datasheets
Oracle PeopleSoft
Docu
ment
IBM SAP GRC Process Control Team
10
SAP Process Control ndash Application Life Cycle
IBM SAP GRC Process Control Team
11
Case Study PC consultant
A business case explained on how SAP GRC Process Control affects the life span of an enterprise and a consultant who works towards getting the enterprise Compliant
IBM SAP GRC Process Control Team
12
QampA
IBM SAP GRC Process Control Team
2
What is GRCGRC is an integrated holistic approach to organization-wide governance risk and compliance ensuring that an organization acts ethically correct and in accordance with its risk appetite internal policies and external regulations through the alignment of strategy processes technology and people thereby improving efficiency and effectivenessldquo
bull Governance describes the overall management approach through which senior executives direct and control the entire organization using a combination of management information and hierarchical management control structures Governance activities ensure that critical management information reaching the executive team is sufficiently complete accurate and timely to enable appropriate management decision making and provide the control mechanisms to ensure that strategies directions and instructions from management are carried out systematically and effectively
bull Risk management is the set of processes through which management identifies analyzes and where necessary responds appropriately to risks that might adversely affect realization of the organizations business objectives The response to risks typically depends on their perceived gravity and involves controlling avoiding accepting or transferring them to a third party Whereas organizations routinely manage a wide range of risks (eg technological risks commercialfinancial risks information security risks etc) external legal and regulatory compliance risks are arguably the key issue in GRC
bull Compliance means conforming with stated requirements At an organizational level it is achieved through management processes which identify the applicable requirements (defined for example in laws regulations contracts strategies and policies) assess the state of compliance assess the risks and potential costs of non-compliance against the projected expenses to achieve compliance and hence prioritize fund and initiate any corrective actions deemed necessary
IBM SAP GRC Process Control Team
3
Why GRCWidespread interest in GRC was sparked by the US Sarbanes-Oxley Act and the need for US listed companies to design and implement suitable governance controls for SOX compliance but the focus of GRC has since shifted towards adding business value through improving operational decision making and strategic planning It therefore has relevance beyond the SOX worldGovernance Risk and Compliance or GRC is an increasingly recognized term that reflects a new way in which organizations are adopting an integrated approach to these aspects of their business
IBM SAP GRC Process Control Team
4
Summary of the Sarbanes-Oxley Act of 2002
1048708 Enacted by the US Congress on July 30 20021048708 Defined a new paradigm for corporate accountability1048708 Applies to all companies registered with the Securities and Exchange Commission (SEC)1048708 Clearly defines corporate responsibilities
1048708 Audit Committee1048708 Chief Executive Officer (CEO)1048708 Chief Financial Officer (CFO)
1048708 Created a new standard for the design implementation and operation of an internal control structure
Sound internal controls are no longer just a best practice they are required by law
SOX and Public Company Accounting Oversight Board (PCAOB)In 2002 Congress passed the Sarbanes-Oxley Act (the Act) which among other things
established new provisions related to internal control over financial reportingSections 302 and 404 of the Act require company management to assess and report on the effectiveness of the companys internal control process
PCAOB published Auditing Standard 2 (AS2) in 2004 Auditing Standard 5 (AS5) was published in
July 2007 to replace Audit Standard 2 PCAOB inspects registered external auditors to ensure they
are following PCAOBrsquos auditing standards
The goal of the consultant is not to interpret Sarbanes-Oxley or Audit Standard 5 but to highlight the
information published by the PCAOB as it relates to the Process Control product
IBM SAP GRC Process Control Team
5
Internal Controls Environmentsupported by SAP GRC Products
IBM SAP GRC Process Control Team
6
SAP GRC ndash The ProductSAP BusinessObjects governance risk and compliance solutions (SAP BusinessObjects GRC solutions) offer your organization a preventive real-time approach to governance risk and compliance Automated risk and compliance monitoring activities can help you proactively prevent risk events and compliance violations helping you protect the value of your organization
Whats more SAP BusinessObjects GRC solutions can empower you to incorporate risk management and compliance into your strategy planning and operational execution ndash helping you leverage GRC as a competitive differentiator and optimize performance
bull Enterprise GRC ndash Automate risk management compliance and monitoring activities and minimize the associated cost and effort required
bull Access risk management ndash Confidently manage and reduce access risk across the enterprise with a single solution to manage a centralized strategy for governance risk and compliance
bull Global trade services ndash Minimize global trade violations with a single integrated platform to meet complex and ever-changing global trade compliance requirements
bull Environment health and safety management ndash Empower your organization to address regulatory compliance integrate the management of operational risks related to environment health and safety and address corporate sustainability initiatives
bull Sustainability performance management ndash Help your organization track and communicate sustainability performance set goals and objectives manage risks and monitor activities
IBM SAP GRC Process Control Team
7
Overview SAP Business Objects Portfolio
Enterprise Performance Management
Strategy Management
Business Planning
Profitability andCost
Management
FinancialConsolidati
onSpend
Analytics
Data Integratio
n
Data Quality
Management
Master Data
Management
Metadata Management
Information Management
Governance Riskand Compliance
RiskManagement
Access Control
Process Control
Global Trade
ServicesEnvironment Health and Safety
Information Discovery and
DeliveryReporting Query
Reporting and Analysis
Dashboards and
Visualization
Search and Navigation
Advanced Analytics
IBM SAP GRC Process Control Team
8
Introduction to SAP GRC Process Control
The SAP BusinessObjects Risk Management and SAP BusinessObjects Process Control applications offer comprehensive functionality that supports the following
bull Automatic monitoring of key risk indicators and compliance effectivenessbull Automatic risk and compliance management delivered through predefined best practice
workflows assessments surveys and signoffbull Risk response and remediation tracking for easy assessment of effectiveness of
responsesbull Automated business process and system monitoring across heterogeneous landscapesbull Scalable support for multiple compliance and risk programsbull Risk-based scenario analysis provides insights into the potential impact of
increased risk levels and compliance violationsbull Predefined risk and regulatory content formulated for specific industries and lines
of businessbull Unified management and control of strategic financial operational and compliance
risksbull Unified framework that help you align business process compliance and risk
methodologiesbull Consolidated views that can help simplify risk and performance analysis across
multiple lines of businessbull Automated risk and compliance alerts notifications reports and workflows
SAP GRC Process Control deals with the SAP application for process control SAP GRC Process Control provides a risk-based procedure for creating a control framework and for indicating the most effective and powerful controls for business processes and cross-enterprise IT systems
IBM SAP GRC Process Control Team
9
SAP Process Control ndash Big Picture
Perform Assessment
s
TestAutomated Controls
Test Manual
Controls
Certify and Sign Off
Remediate Issues
Organization Process Sub-process Risk
Control
IT Infrastructure
Business Processes
hellip YesN
o
S U R V E
Y
Eval
uate
Monito
r Perform CAPA
Scop
e
Monitor Exceptions
Sign
Off
SOXEnterprise Integration
Risk Management
Access Control
Third-party applications
Data Privacy Event Systems
Enterprise Productivity
Reporting Crystal Reports Xcelsius Dashboard BI Reports Datasheets
Oracle PeopleSoft
Docu
ment
IBM SAP GRC Process Control Team
10
SAP Process Control ndash Application Life Cycle
IBM SAP GRC Process Control Team
11
Case Study PC consultant
A business case explained on how SAP GRC Process Control affects the life span of an enterprise and a consultant who works towards getting the enterprise Compliant
IBM SAP GRC Process Control Team
12
QampA
IBM SAP GRC Process Control Team
3
Why GRCWidespread interest in GRC was sparked by the US Sarbanes-Oxley Act and the need for US listed companies to design and implement suitable governance controls for SOX compliance but the focus of GRC has since shifted towards adding business value through improving operational decision making and strategic planning It therefore has relevance beyond the SOX worldGovernance Risk and Compliance or GRC is an increasingly recognized term that reflects a new way in which organizations are adopting an integrated approach to these aspects of their business
IBM SAP GRC Process Control Team
4
Summary of the Sarbanes-Oxley Act of 2002
1048708 Enacted by the US Congress on July 30 20021048708 Defined a new paradigm for corporate accountability1048708 Applies to all companies registered with the Securities and Exchange Commission (SEC)1048708 Clearly defines corporate responsibilities
1048708 Audit Committee1048708 Chief Executive Officer (CEO)1048708 Chief Financial Officer (CFO)
1048708 Created a new standard for the design implementation and operation of an internal control structure
Sound internal controls are no longer just a best practice they are required by law
SOX and Public Company Accounting Oversight Board (PCAOB)In 2002 Congress passed the Sarbanes-Oxley Act (the Act) which among other things
established new provisions related to internal control over financial reportingSections 302 and 404 of the Act require company management to assess and report on the effectiveness of the companys internal control process
PCAOB published Auditing Standard 2 (AS2) in 2004 Auditing Standard 5 (AS5) was published in
July 2007 to replace Audit Standard 2 PCAOB inspects registered external auditors to ensure they
are following PCAOBrsquos auditing standards
The goal of the consultant is not to interpret Sarbanes-Oxley or Audit Standard 5 but to highlight the
information published by the PCAOB as it relates to the Process Control product
IBM SAP GRC Process Control Team
5
Internal Controls Environmentsupported by SAP GRC Products
IBM SAP GRC Process Control Team
6
SAP GRC ndash The ProductSAP BusinessObjects governance risk and compliance solutions (SAP BusinessObjects GRC solutions) offer your organization a preventive real-time approach to governance risk and compliance Automated risk and compliance monitoring activities can help you proactively prevent risk events and compliance violations helping you protect the value of your organization
Whats more SAP BusinessObjects GRC solutions can empower you to incorporate risk management and compliance into your strategy planning and operational execution ndash helping you leverage GRC as a competitive differentiator and optimize performance
bull Enterprise GRC ndash Automate risk management compliance and monitoring activities and minimize the associated cost and effort required
bull Access risk management ndash Confidently manage and reduce access risk across the enterprise with a single solution to manage a centralized strategy for governance risk and compliance
bull Global trade services ndash Minimize global trade violations with a single integrated platform to meet complex and ever-changing global trade compliance requirements
bull Environment health and safety management ndash Empower your organization to address regulatory compliance integrate the management of operational risks related to environment health and safety and address corporate sustainability initiatives
bull Sustainability performance management ndash Help your organization track and communicate sustainability performance set goals and objectives manage risks and monitor activities
IBM SAP GRC Process Control Team
7
Overview SAP Business Objects Portfolio
Enterprise Performance Management
Strategy Management
Business Planning
Profitability andCost
Management
FinancialConsolidati
onSpend
Analytics
Data Integratio
n
Data Quality
Management
Master Data
Management
Metadata Management
Information Management
Governance Riskand Compliance
RiskManagement
Access Control
Process Control
Global Trade
ServicesEnvironment Health and Safety
Information Discovery and
DeliveryReporting Query
Reporting and Analysis
Dashboards and
Visualization
Search and Navigation
Advanced Analytics
IBM SAP GRC Process Control Team
8
Introduction to SAP GRC Process Control
The SAP BusinessObjects Risk Management and SAP BusinessObjects Process Control applications offer comprehensive functionality that supports the following
bull Automatic monitoring of key risk indicators and compliance effectivenessbull Automatic risk and compliance management delivered through predefined best practice
workflows assessments surveys and signoffbull Risk response and remediation tracking for easy assessment of effectiveness of
responsesbull Automated business process and system monitoring across heterogeneous landscapesbull Scalable support for multiple compliance and risk programsbull Risk-based scenario analysis provides insights into the potential impact of
increased risk levels and compliance violationsbull Predefined risk and regulatory content formulated for specific industries and lines
of businessbull Unified management and control of strategic financial operational and compliance
risksbull Unified framework that help you align business process compliance and risk
methodologiesbull Consolidated views that can help simplify risk and performance analysis across
multiple lines of businessbull Automated risk and compliance alerts notifications reports and workflows
SAP GRC Process Control deals with the SAP application for process control SAP GRC Process Control provides a risk-based procedure for creating a control framework and for indicating the most effective and powerful controls for business processes and cross-enterprise IT systems
IBM SAP GRC Process Control Team
9
SAP Process Control ndash Big Picture
Perform Assessment
s
TestAutomated Controls
Test Manual
Controls
Certify and Sign Off
Remediate Issues
Organization Process Sub-process Risk
Control
IT Infrastructure
Business Processes
hellip YesN
o
S U R V E
Y
Eval
uate
Monito
r Perform CAPA
Scop
e
Monitor Exceptions
Sign
Off
SOXEnterprise Integration
Risk Management
Access Control
Third-party applications
Data Privacy Event Systems
Enterprise Productivity
Reporting Crystal Reports Xcelsius Dashboard BI Reports Datasheets
Oracle PeopleSoft
Docu
ment
IBM SAP GRC Process Control Team
10
SAP Process Control ndash Application Life Cycle
IBM SAP GRC Process Control Team
11
Case Study PC consultant
A business case explained on how SAP GRC Process Control affects the life span of an enterprise and a consultant who works towards getting the enterprise Compliant
IBM SAP GRC Process Control Team
12
QampA
IBM SAP GRC Process Control Team
4
Summary of the Sarbanes-Oxley Act of 2002
1048708 Enacted by the US Congress on July 30 20021048708 Defined a new paradigm for corporate accountability1048708 Applies to all companies registered with the Securities and Exchange Commission (SEC)1048708 Clearly defines corporate responsibilities
1048708 Audit Committee1048708 Chief Executive Officer (CEO)1048708 Chief Financial Officer (CFO)
1048708 Created a new standard for the design implementation and operation of an internal control structure
Sound internal controls are no longer just a best practice they are required by law
SOX and Public Company Accounting Oversight Board (PCAOB)In 2002 Congress passed the Sarbanes-Oxley Act (the Act) which among other things
established new provisions related to internal control over financial reportingSections 302 and 404 of the Act require company management to assess and report on the effectiveness of the companys internal control process
PCAOB published Auditing Standard 2 (AS2) in 2004 Auditing Standard 5 (AS5) was published in
July 2007 to replace Audit Standard 2 PCAOB inspects registered external auditors to ensure they
are following PCAOBrsquos auditing standards
The goal of the consultant is not to interpret Sarbanes-Oxley or Audit Standard 5 but to highlight the
information published by the PCAOB as it relates to the Process Control product
IBM SAP GRC Process Control Team
5
Internal Controls Environmentsupported by SAP GRC Products
IBM SAP GRC Process Control Team
6
SAP GRC ndash The ProductSAP BusinessObjects governance risk and compliance solutions (SAP BusinessObjects GRC solutions) offer your organization a preventive real-time approach to governance risk and compliance Automated risk and compliance monitoring activities can help you proactively prevent risk events and compliance violations helping you protect the value of your organization
Whats more SAP BusinessObjects GRC solutions can empower you to incorporate risk management and compliance into your strategy planning and operational execution ndash helping you leverage GRC as a competitive differentiator and optimize performance
bull Enterprise GRC ndash Automate risk management compliance and monitoring activities and minimize the associated cost and effort required
bull Access risk management ndash Confidently manage and reduce access risk across the enterprise with a single solution to manage a centralized strategy for governance risk and compliance
bull Global trade services ndash Minimize global trade violations with a single integrated platform to meet complex and ever-changing global trade compliance requirements
bull Environment health and safety management ndash Empower your organization to address regulatory compliance integrate the management of operational risks related to environment health and safety and address corporate sustainability initiatives
bull Sustainability performance management ndash Help your organization track and communicate sustainability performance set goals and objectives manage risks and monitor activities
IBM SAP GRC Process Control Team
7
Overview SAP Business Objects Portfolio
Enterprise Performance Management
Strategy Management
Business Planning
Profitability andCost
Management
FinancialConsolidati
onSpend
Analytics
Data Integratio
n
Data Quality
Management
Master Data
Management
Metadata Management
Information Management
Governance Riskand Compliance
RiskManagement
Access Control
Process Control
Global Trade
ServicesEnvironment Health and Safety
Information Discovery and
DeliveryReporting Query
Reporting and Analysis
Dashboards and
Visualization
Search and Navigation
Advanced Analytics
IBM SAP GRC Process Control Team
8
Introduction to SAP GRC Process Control
The SAP BusinessObjects Risk Management and SAP BusinessObjects Process Control applications offer comprehensive functionality that supports the following
bull Automatic monitoring of key risk indicators and compliance effectivenessbull Automatic risk and compliance management delivered through predefined best practice
workflows assessments surveys and signoffbull Risk response and remediation tracking for easy assessment of effectiveness of
responsesbull Automated business process and system monitoring across heterogeneous landscapesbull Scalable support for multiple compliance and risk programsbull Risk-based scenario analysis provides insights into the potential impact of
increased risk levels and compliance violationsbull Predefined risk and regulatory content formulated for specific industries and lines
of businessbull Unified management and control of strategic financial operational and compliance
risksbull Unified framework that help you align business process compliance and risk
methodologiesbull Consolidated views that can help simplify risk and performance analysis across
multiple lines of businessbull Automated risk and compliance alerts notifications reports and workflows
SAP GRC Process Control deals with the SAP application for process control SAP GRC Process Control provides a risk-based procedure for creating a control framework and for indicating the most effective and powerful controls for business processes and cross-enterprise IT systems
IBM SAP GRC Process Control Team
9
SAP Process Control ndash Big Picture
Perform Assessment
s
TestAutomated Controls
Test Manual
Controls
Certify and Sign Off
Remediate Issues
Organization Process Sub-process Risk
Control
IT Infrastructure
Business Processes
hellip YesN
o
S U R V E
Y
Eval
uate
Monito
r Perform CAPA
Scop
e
Monitor Exceptions
Sign
Off
SOXEnterprise Integration
Risk Management
Access Control
Third-party applications
Data Privacy Event Systems
Enterprise Productivity
Reporting Crystal Reports Xcelsius Dashboard BI Reports Datasheets
Oracle PeopleSoft
Docu
ment
IBM SAP GRC Process Control Team
10
SAP Process Control ndash Application Life Cycle
IBM SAP GRC Process Control Team
11
Case Study PC consultant
A business case explained on how SAP GRC Process Control affects the life span of an enterprise and a consultant who works towards getting the enterprise Compliant
IBM SAP GRC Process Control Team
12
QampA
IBM SAP GRC Process Control Team
5
Internal Controls Environmentsupported by SAP GRC Products
IBM SAP GRC Process Control Team
6
SAP GRC ndash The ProductSAP BusinessObjects governance risk and compliance solutions (SAP BusinessObjects GRC solutions) offer your organization a preventive real-time approach to governance risk and compliance Automated risk and compliance monitoring activities can help you proactively prevent risk events and compliance violations helping you protect the value of your organization
Whats more SAP BusinessObjects GRC solutions can empower you to incorporate risk management and compliance into your strategy planning and operational execution ndash helping you leverage GRC as a competitive differentiator and optimize performance
bull Enterprise GRC ndash Automate risk management compliance and monitoring activities and minimize the associated cost and effort required
bull Access risk management ndash Confidently manage and reduce access risk across the enterprise with a single solution to manage a centralized strategy for governance risk and compliance
bull Global trade services ndash Minimize global trade violations with a single integrated platform to meet complex and ever-changing global trade compliance requirements
bull Environment health and safety management ndash Empower your organization to address regulatory compliance integrate the management of operational risks related to environment health and safety and address corporate sustainability initiatives
bull Sustainability performance management ndash Help your organization track and communicate sustainability performance set goals and objectives manage risks and monitor activities
IBM SAP GRC Process Control Team
7
Overview SAP Business Objects Portfolio
Enterprise Performance Management
Strategy Management
Business Planning
Profitability andCost
Management
FinancialConsolidati
onSpend
Analytics
Data Integratio
n
Data Quality
Management
Master Data
Management
Metadata Management
Information Management
Governance Riskand Compliance
RiskManagement
Access Control
Process Control
Global Trade
ServicesEnvironment Health and Safety
Information Discovery and
DeliveryReporting Query
Reporting and Analysis
Dashboards and
Visualization
Search and Navigation
Advanced Analytics
IBM SAP GRC Process Control Team
8
Introduction to SAP GRC Process Control
The SAP BusinessObjects Risk Management and SAP BusinessObjects Process Control applications offer comprehensive functionality that supports the following
bull Automatic monitoring of key risk indicators and compliance effectivenessbull Automatic risk and compliance management delivered through predefined best practice
workflows assessments surveys and signoffbull Risk response and remediation tracking for easy assessment of effectiveness of
responsesbull Automated business process and system monitoring across heterogeneous landscapesbull Scalable support for multiple compliance and risk programsbull Risk-based scenario analysis provides insights into the potential impact of
increased risk levels and compliance violationsbull Predefined risk and regulatory content formulated for specific industries and lines
of businessbull Unified management and control of strategic financial operational and compliance
risksbull Unified framework that help you align business process compliance and risk
methodologiesbull Consolidated views that can help simplify risk and performance analysis across
multiple lines of businessbull Automated risk and compliance alerts notifications reports and workflows
SAP GRC Process Control deals with the SAP application for process control SAP GRC Process Control provides a risk-based procedure for creating a control framework and for indicating the most effective and powerful controls for business processes and cross-enterprise IT systems
IBM SAP GRC Process Control Team
9
SAP Process Control ndash Big Picture
Perform Assessment
s
TestAutomated Controls
Test Manual
Controls
Certify and Sign Off
Remediate Issues
Organization Process Sub-process Risk
Control
IT Infrastructure
Business Processes
hellip YesN
o
S U R V E
Y
Eval
uate
Monito
r Perform CAPA
Scop
e
Monitor Exceptions
Sign
Off
SOXEnterprise Integration
Risk Management
Access Control
Third-party applications
Data Privacy Event Systems
Enterprise Productivity
Reporting Crystal Reports Xcelsius Dashboard BI Reports Datasheets
Oracle PeopleSoft
Docu
ment
IBM SAP GRC Process Control Team
10
SAP Process Control ndash Application Life Cycle
IBM SAP GRC Process Control Team
11
Case Study PC consultant
A business case explained on how SAP GRC Process Control affects the life span of an enterprise and a consultant who works towards getting the enterprise Compliant
IBM SAP GRC Process Control Team
12
QampA
IBM SAP GRC Process Control Team
6
SAP GRC ndash The ProductSAP BusinessObjects governance risk and compliance solutions (SAP BusinessObjects GRC solutions) offer your organization a preventive real-time approach to governance risk and compliance Automated risk and compliance monitoring activities can help you proactively prevent risk events and compliance violations helping you protect the value of your organization
Whats more SAP BusinessObjects GRC solutions can empower you to incorporate risk management and compliance into your strategy planning and operational execution ndash helping you leverage GRC as a competitive differentiator and optimize performance
bull Enterprise GRC ndash Automate risk management compliance and monitoring activities and minimize the associated cost and effort required
bull Access risk management ndash Confidently manage and reduce access risk across the enterprise with a single solution to manage a centralized strategy for governance risk and compliance
bull Global trade services ndash Minimize global trade violations with a single integrated platform to meet complex and ever-changing global trade compliance requirements
bull Environment health and safety management ndash Empower your organization to address regulatory compliance integrate the management of operational risks related to environment health and safety and address corporate sustainability initiatives
bull Sustainability performance management ndash Help your organization track and communicate sustainability performance set goals and objectives manage risks and monitor activities
IBM SAP GRC Process Control Team
7
Overview SAP Business Objects Portfolio
Enterprise Performance Management
Strategy Management
Business Planning
Profitability andCost
Management
FinancialConsolidati
onSpend
Analytics
Data Integratio
n
Data Quality
Management
Master Data
Management
Metadata Management
Information Management
Governance Riskand Compliance
RiskManagement
Access Control
Process Control
Global Trade
ServicesEnvironment Health and Safety
Information Discovery and
DeliveryReporting Query
Reporting and Analysis
Dashboards and
Visualization
Search and Navigation
Advanced Analytics
IBM SAP GRC Process Control Team
8
Introduction to SAP GRC Process Control
The SAP BusinessObjects Risk Management and SAP BusinessObjects Process Control applications offer comprehensive functionality that supports the following
bull Automatic monitoring of key risk indicators and compliance effectivenessbull Automatic risk and compliance management delivered through predefined best practice
workflows assessments surveys and signoffbull Risk response and remediation tracking for easy assessment of effectiveness of
responsesbull Automated business process and system monitoring across heterogeneous landscapesbull Scalable support for multiple compliance and risk programsbull Risk-based scenario analysis provides insights into the potential impact of
increased risk levels and compliance violationsbull Predefined risk and regulatory content formulated for specific industries and lines
of businessbull Unified management and control of strategic financial operational and compliance
risksbull Unified framework that help you align business process compliance and risk
methodologiesbull Consolidated views that can help simplify risk and performance analysis across
multiple lines of businessbull Automated risk and compliance alerts notifications reports and workflows
SAP GRC Process Control deals with the SAP application for process control SAP GRC Process Control provides a risk-based procedure for creating a control framework and for indicating the most effective and powerful controls for business processes and cross-enterprise IT systems
IBM SAP GRC Process Control Team
9
SAP Process Control ndash Big Picture
Perform Assessment
s
TestAutomated Controls
Test Manual
Controls
Certify and Sign Off
Remediate Issues
Organization Process Sub-process Risk
Control
IT Infrastructure
Business Processes
hellip YesN
o
S U R V E
Y
Eval
uate
Monito
r Perform CAPA
Scop
e
Monitor Exceptions
Sign
Off
SOXEnterprise Integration
Risk Management
Access Control
Third-party applications
Data Privacy Event Systems
Enterprise Productivity
Reporting Crystal Reports Xcelsius Dashboard BI Reports Datasheets
Oracle PeopleSoft
Docu
ment
IBM SAP GRC Process Control Team
10
SAP Process Control ndash Application Life Cycle
IBM SAP GRC Process Control Team
11
Case Study PC consultant
A business case explained on how SAP GRC Process Control affects the life span of an enterprise and a consultant who works towards getting the enterprise Compliant
IBM SAP GRC Process Control Team
12
QampA
IBM SAP GRC Process Control Team
7
Overview SAP Business Objects Portfolio
Enterprise Performance Management
Strategy Management
Business Planning
Profitability andCost
Management
FinancialConsolidati
onSpend
Analytics
Data Integratio
n
Data Quality
Management
Master Data
Management
Metadata Management
Information Management
Governance Riskand Compliance
RiskManagement
Access Control
Process Control
Global Trade
ServicesEnvironment Health and Safety
Information Discovery and
DeliveryReporting Query
Reporting and Analysis
Dashboards and
Visualization
Search and Navigation
Advanced Analytics
IBM SAP GRC Process Control Team
8
Introduction to SAP GRC Process Control
The SAP BusinessObjects Risk Management and SAP BusinessObjects Process Control applications offer comprehensive functionality that supports the following
bull Automatic monitoring of key risk indicators and compliance effectivenessbull Automatic risk and compliance management delivered through predefined best practice
workflows assessments surveys and signoffbull Risk response and remediation tracking for easy assessment of effectiveness of
responsesbull Automated business process and system monitoring across heterogeneous landscapesbull Scalable support for multiple compliance and risk programsbull Risk-based scenario analysis provides insights into the potential impact of
increased risk levels and compliance violationsbull Predefined risk and regulatory content formulated for specific industries and lines
of businessbull Unified management and control of strategic financial operational and compliance
risksbull Unified framework that help you align business process compliance and risk
methodologiesbull Consolidated views that can help simplify risk and performance analysis across
multiple lines of businessbull Automated risk and compliance alerts notifications reports and workflows
SAP GRC Process Control deals with the SAP application for process control SAP GRC Process Control provides a risk-based procedure for creating a control framework and for indicating the most effective and powerful controls for business processes and cross-enterprise IT systems
IBM SAP GRC Process Control Team
9
SAP Process Control ndash Big Picture
Perform Assessment
s
TestAutomated Controls
Test Manual
Controls
Certify and Sign Off
Remediate Issues
Organization Process Sub-process Risk
Control
IT Infrastructure
Business Processes
hellip YesN
o
S U R V E
Y
Eval
uate
Monito
r Perform CAPA
Scop
e
Monitor Exceptions
Sign
Off
SOXEnterprise Integration
Risk Management
Access Control
Third-party applications
Data Privacy Event Systems
Enterprise Productivity
Reporting Crystal Reports Xcelsius Dashboard BI Reports Datasheets
Oracle PeopleSoft
Docu
ment
IBM SAP GRC Process Control Team
10
SAP Process Control ndash Application Life Cycle
IBM SAP GRC Process Control Team
11
Case Study PC consultant
A business case explained on how SAP GRC Process Control affects the life span of an enterprise and a consultant who works towards getting the enterprise Compliant
IBM SAP GRC Process Control Team
12
QampA
IBM SAP GRC Process Control Team
8
Introduction to SAP GRC Process Control
The SAP BusinessObjects Risk Management and SAP BusinessObjects Process Control applications offer comprehensive functionality that supports the following
bull Automatic monitoring of key risk indicators and compliance effectivenessbull Automatic risk and compliance management delivered through predefined best practice
workflows assessments surveys and signoffbull Risk response and remediation tracking for easy assessment of effectiveness of
responsesbull Automated business process and system monitoring across heterogeneous landscapesbull Scalable support for multiple compliance and risk programsbull Risk-based scenario analysis provides insights into the potential impact of
increased risk levels and compliance violationsbull Predefined risk and regulatory content formulated for specific industries and lines
of businessbull Unified management and control of strategic financial operational and compliance
risksbull Unified framework that help you align business process compliance and risk
methodologiesbull Consolidated views that can help simplify risk and performance analysis across
multiple lines of businessbull Automated risk and compliance alerts notifications reports and workflows
SAP GRC Process Control deals with the SAP application for process control SAP GRC Process Control provides a risk-based procedure for creating a control framework and for indicating the most effective and powerful controls for business processes and cross-enterprise IT systems
IBM SAP GRC Process Control Team
9
SAP Process Control ndash Big Picture
Perform Assessment
s
TestAutomated Controls
Test Manual
Controls
Certify and Sign Off
Remediate Issues
Organization Process Sub-process Risk
Control
IT Infrastructure
Business Processes
hellip YesN
o
S U R V E
Y
Eval
uate
Monito
r Perform CAPA
Scop
e
Monitor Exceptions
Sign
Off
SOXEnterprise Integration
Risk Management
Access Control
Third-party applications
Data Privacy Event Systems
Enterprise Productivity
Reporting Crystal Reports Xcelsius Dashboard BI Reports Datasheets
Oracle PeopleSoft
Docu
ment
IBM SAP GRC Process Control Team
10
SAP Process Control ndash Application Life Cycle
IBM SAP GRC Process Control Team
11
Case Study PC consultant
A business case explained on how SAP GRC Process Control affects the life span of an enterprise and a consultant who works towards getting the enterprise Compliant
IBM SAP GRC Process Control Team
12
QampA
IBM SAP GRC Process Control Team
9
SAP Process Control ndash Big Picture
Perform Assessment
s
TestAutomated Controls
Test Manual
Controls
Certify and Sign Off
Remediate Issues
Organization Process Sub-process Risk
Control
IT Infrastructure
Business Processes
hellip YesN
o
S U R V E
Y
Eval
uate
Monito
r Perform CAPA
Scop
e
Monitor Exceptions
Sign
Off
SOXEnterprise Integration
Risk Management
Access Control
Third-party applications
Data Privacy Event Systems
Enterprise Productivity
Reporting Crystal Reports Xcelsius Dashboard BI Reports Datasheets
Oracle PeopleSoft
Docu
ment
IBM SAP GRC Process Control Team
10
SAP Process Control ndash Application Life Cycle
IBM SAP GRC Process Control Team
11
Case Study PC consultant
A business case explained on how SAP GRC Process Control affects the life span of an enterprise and a consultant who works towards getting the enterprise Compliant
IBM SAP GRC Process Control Team
12
QampA
IBM SAP GRC Process Control Team
10
SAP Process Control ndash Application Life Cycle
IBM SAP GRC Process Control Team
11
Case Study PC consultant
A business case explained on how SAP GRC Process Control affects the life span of an enterprise and a consultant who works towards getting the enterprise Compliant
IBM SAP GRC Process Control Team
12
QampA
IBM SAP GRC Process Control Team
11
Case Study PC consultant
A business case explained on how SAP GRC Process Control affects the life span of an enterprise and a consultant who works towards getting the enterprise Compliant
IBM SAP GRC Process Control Team
12
QampA
IBM SAP GRC Process Control Team
12
QampA