Harmonization GRC

Solution and Harmonization Overview

SAP BusinessObjects Governance, Risk andCompliance (GRC) 10.0Harmonization

GRC 10.0 Harmonization: Unit Overview

Unit: GRC 10.0 Harmonization

Lesson 1: Solution and Harmonization Overview

Lesson 2: Information Architecture

Lesson 3: User Interface Tour

Lesson 4: Streamlined Configuration

Solution Overview: Lesson Objectives

After completing this lesson, you will be able to:Identify key governance, risk and compliance processes supportedin GRC 10.0Explain the business benefits of an integrated solutionDiscuss what‘s new in SAP BusinessObjects Governance, Risk andCompliance solutions

GRC Solutions Encompass People, Processesand Products

Process ControlRisk Management Access Control

Global TradeServices

Nota FiscalEletronicaG

Risk Compliance Audit Policy

Risk Managers

Compliance Managers Other Stakeholders

IT and Security Specialists

Auditors

Access

Risk Managers

Auditors

Access

Risk Managers

Auditors

Access

Risk Managers

Auditors

Access

Risk Managers

Auditors

Access

Risk Managers

Auditors

Access

Moving Towards GRC Convergence

Source: KPMG Survey

64%of respondents say GRC

convergence is a priorityfor their organization

Compliance PoliciesFCPAREACH21CFR 210, 211IFRS10+2 customs

Corporate sourcing/vendorpolicyAccess policy betweensourcing and productionRegional distribution policiesPromotional spend policy

Supply chain disruptionIntense competition from local players

Distribution(Global)

Manufacturing(China)

GRC Today Is Part of Running a Business

Suppliers(Global)

Customers(Global)

Corporate(U.S.) Strategic

objective: Increasepenetration inselect regions

Plan to increaseproduction basedon analysis

Manufacturingnarrows down2 suppliers whocan meet thedemand

Production anddistributionunderway

Distribution process beginsaccording to local standardsand policies

Sales outreachwith increasedpromotion andmarketing6

Distribution(Global)

Manufacturing(China)

Suppliers(Global)

Customers(Global)

Corporate(U.S.)

Plan to increaseproduction based onanalysis

Strategic objective:Increase penetration inselect regions

Manufacturingnarrows down 2suppliers who canmeet the demand

Production anddistributionunderway

Distribution process begins accordingto local standards and policies

Sales outreach withincreased promotion andmarketing

The Core IssueDisconnect Between Risks, Policies & Compliance

Compliance PoliciesFCPAREACH21CFR 210, 211IFRS

Corporate sourcing/vendor policyAccess policy between sourcing and

production

10+2, customsRegional distribution policiesPromotional spend policy

Supply chain disruptionIntense competition from local players

How to close performance loop with risksdistributed across business processes,organizations, regulations and regions

SAP BusinessObjects GRCComprehensive Approach to GRC

SAP BusinessObjectsPerformance Management

Strategic Management

Planning, Forecasting

Financial and Statutory Consolidations

Profitability and Cost Management

Supply Chain Performance

Spend Performance

GRC for LoBsGRC for Industries

Banking Utilities Mfg

Oil & Gas CPG …

SAP BusinessObjects GRC

Dashboards &Visualization

InteractiveAnalysis Exploration Reports

Risk Compliance Audit Policy Access

KRIs Controls Transactions Privileges

Manage

Monitor

Analyze

Enterprise Applications

Legacy Apps

IT Infrastructure

What Does It Do? What Is the Value?Focus Area

What’s Coming in GRC 10.0

Unifies Risk Management, Access Control,and Process Control data model on a commontechnology (ABAP) platform

Provides common look and feel withconfigurable role-based user access for GRCfunctions from the SAP Portal or NetWeaverBusiness Client

Allows customization without programming todisplay component and compliance regulationdata fields through configuration

Enhanced reporting options for all GRCsolutions with reports and reporting extensionsthrough industry leading SAP BusinessObjectssolutions.

Provides end-to-end management of corporatepolicies aligned with risk and compliancemanagement including creation, localization,distribution and acknowledgement

Improves flexibility of user-defined businessrules including ability to monitor more backendsystems, and to fully reconstruct configurationand master data for reliable monitoring

Enables the content ecosystem by supportingversion control, packaging, import and exportof content; supports parallel evolution ofcontent and subsequent partner updates to it

Common Technical PlatformReduces TCO with lower implementation,administrative and maintenance costs

Enhances solution usability with a unifieduser experience

Reduces the cost and effort required tomanage and customize master data UI

Empowers business users with the abilityto present information in the desired formatand reduces the time spent on reportingneeds

Improves corporate governance withmanagement guidance for theorganization’s behavior, actions, anddecision-making processes

More controls can be automatically testedand monitored, leading to more timely andreliable compliance checks.

Reduces implementation time, andenables the partner ecosystem to deliver,expand and update risk and compliancecontent for customers

Enhanced Visualization andStreamlined Navigation

Improved Reporting

Enhanced Policy Management

Configurable User Interface

Enhanced Business Rules forAutomated Testing/Monitoring

Content Lifecycle Management

Improved Reporting

Common Technical Platform

Unifies Risk Management, AccessControl, and Process Control data modelon a common NetWeaver ABAP platform Lowers TCO due to reduced

hardware, administrative andmaintenance costs

Reduces implementation andmaintenance burden, increasestransparency, and provides aprovides the basis for enterprisegovernance, risk andcompliance (eGRC)

Increases efficiency andeffectiveness of governance,risk and compliance efforts

Streamlines configuration ofmultiple GRC components

GRC solutions will share acommon technology platform(NetWeaver ABAP) andpresentation layer (WebDynpro)

Key master data can optionallybe shared such as:• Organizations and views• Internal controls• Risks• Business process hierarchies

Common functions include:• Policy management• Continuous control

monitoring• Ad-hoc issues

Shared configuration inImplementation Guide (IMG)

Solution Enhancements Key Benefits

AccessControl

ProcessControl

SAP Portal orNetWeaver Business Client

RiskManagement

Unified NetWeaverPlatform on ABAP

WebDynpro

Enhanced Visualization and StreamlinedNavigation

Provides common look and feel withconfigurable role-based user access forGRC functions from the SAP Portal orNetWeaver Business Client Shortens learning curve and

enhances user experience

Leverages existing customerinvestments and providesflexibility in deployment options

Simplifies use access based ondefinable roles while allowingaccess to multiple components

Makes it easier to work acrossmultiple applications andregulations

GRC solutions share a commonlook and feel

Use of either SAP Portal or SAPNetWeaver Business Client(NWBC)

Role-based access toapplications beneath eachworkcenter

Streamlined navigation fromsingle launch point withelimination of duplicate menuitems

Allows customization withoutprogramming to display component andcompliance regulation data fieldsthrough configuration Provides the ability to adapt the

user interface to the company’sneeds without requiring customprogramming

Enables more flexibility forcustomers who managecompliance with multipleregulations

Supports centralized,decentralized or hybridapproach to controlmanagement via configuration

User interface configurationframework allows setting fieldstatus by component

• Mandatory or optional• Displayed or hidden

For compliance managementpurposes, UI framework allowsconfiguration of which datafields can be specific to aregulation

Configuration provides theability to define the extent ofcontrol localization available

Improved Reporting

Enhanced reporting options for GRCsolutions with reports and reportingextensions through industry leading SAPBusinessObjects solutions Enables additional reporting

flexibility and improves usabilityof reports without increasingtotal cost of ownership

Provides analytics andinteractive reporting with cutting-edge reporting tools

More usable reports andreporting options for a moreuser-friendly view of reports

Embedded reporting andreporting extensions takeadvantage of other industryleading SAP BusinessObjectssolutions

Leverage the same function tomanage all types of policies toincrease consistency andminimize user learning curves

Provides cost-effective optionsbased upon how policies arecurrently managed

Flexible yet powerful methods todistribute and documentcompliance without requiringthat everyone subject to thepolicy be an SAP user

As a new common function,Policy Management can be usedwithin risk, compliance or accessmanagement processes

Multiple distribution methods(acknowledgement, quiz andsurvey) can be used todocument compliance withpolicies—even for those with noSAP access

Solution Enhancements Key BenefitsProvides end-to-end management ofcorporate policies aligned with risk andcompliance management includingcreation, localization, distribution andacknowledgement

Enhanced Business Rule Framework

Provides an easy, scalable andlow-cost approach in identifyingdata for analysis and allows re-usability of data sources formultiple analyses

Empowered users can easilyconfigure and create businessrules based on complexbusiness scenarios withoutcoding

More deficiency scenarios canbe addressed based on the useand combination of variousdeficiency-identification logicoptions

Reusable data sources andenhanced data source definitionusing business terminologies

Intuitive and flexible businessrule framework allowingbusiness users to create andconfigure business rules via aneasy-to-use guided activity

Enhanced business rule logicincludes grouping andaggregation, logical conditionclauses, and change logreconstruction features inidentifying exceptions.

Solution Enhancements Key BenefitsSupport for business-user creation ofmore complex rules including pattern-based analyses, grouping andaggregation

Enables quick adoption ofcontinuous monitoring by quicklyprovisioning GRC systems withrelevant content, especially withmaster data from legacy/reference systems

Safeguards investments incontent by ensuring changesare controlled

Enables enforcement ofstandardized rules across theenterprise

Allows unlimited customizationof partner-supplied content,while still being able to receivepartner-supplied updates

Enable mass import, export andedit of master data content

Provides check-in, deploymentand version control of content

Enables content comparisons,reuse of common configurationsacross GRC domains, bundling,packaging, export and import ofexpert content

Supports third-party developedcontent for easy access bycustomers

Solution Enhancements Key BenefitsEnables the content ecosystem bysupporting version control, packaging,import and export of content; supportsparallel evolution of content andsubsequent partner updates to it.

Solution and Harmonization Overview:Lesson Summary

You should now be able to:Identify key governance, risk and compliance processes supportedin GRC 10.0Explain the business benefits of an integrated solutionDiscuss what‘s new in SAP BusinessObjects Governance, Risk andCompliance solutions

Harmonization GRC

Documents

Transcript of Harmonization GRC