Reducing the Total Cost of Compliance with 2nd Generation GRC Solutions
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Introducing…
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Dan WilhelmsPresident – SymSoft
• Makers of Governance, Risk and Compliance (GRC) solutions for
SAP environments
• Spin-off of Milwaukee-based Symmetry Corporation• 14 years of technical implementation solutions for the SAP and Enterprise Security
marketplace
• One of the largest dedicated SAP Basis consulting organizations in the U.S. - 200
SAP implementations and over 90 SAP Basis and security managed services
customers
• 10 years of software development and marketing experience
• Previous reseller of Virsa, and SAP GRC integrator
• SAP Certified Hosting Partner
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
About SymSoft
• Developers of value added software solutions for SAP
technical operations
• Q-TMS – Automation and tracking of SAP Change Request
(transport) processing
• RBE – SAP Reverse Business Engineering analytics
• Password Manager – Re-sync SAP passwords across all
SAP landscapes
• Numerous proprietary utilities for SAP security
administration
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
About SymSoft
• The Current State of GRC
• Components Affecting the Total Cost of Compliance
• Beyond Compliance – Considering the “G” and the “R”
• Graham Packaging Case Study
• About ControlPanelGRC
• ROI calculator
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Agenda
• In the wake of SOX, many enterprises• Purchased expensive “1st generation GRC solutions
• “Toughed it out” with manual compliance operations
• Mixed satisfaction with 1st generation solutions• High price, high implementation costs, high TCO
• High maintenance fees, upgrades required
• Often “Shelfware”
• Lack of day to day, “meat & potatoes” utility
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
The Current State of GRC
• Many enterprises simply can’t afford an upper 6 figure solution
• Increasing audit requirements at odds with tight economy
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
The Current State of GRC• Auditors trending towards broader IT audits
• Taking a broader view of Controls – Beyond SODs
• Getting more application savvy
• The Current State of GRC
• Components Affecting the Total Cost of Compliance
• Beyond Compliance – Considering the “G” and the “R”
• Graham Packaging Case Study
• About ControlPanelGRC
• ROI calculator
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Agenda
• Purchased software license fees
• Annual software maintenance
• Infrastructure investments
• Implementation costs
• On-going infrastructure administration
• Annual audit preparation and reporting
• Opportunity cost – what you can’t do
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Components Affecting the Total Cost of Compliance
• 1st generation GRC solutions priced in upper 6 figures
• Exploit the gold rush into compliance
• 1st generation GRC solutions often “wrapped and rolled” into
larger ERP purchases
• Resulting in GRC “Shelfware”
• “Give away the razor and make it up on the blades”
• Often access to full functionality requires expensive upgrades
• 2nd generation GRC solutions are priced 50-75% less than 1st
generation solutions
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Purchased Software License Fees
• The “blades” for the razor
• 1st generation solutions often $60-80K per year
• Whether “Shelfware or not”
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Annual Software Maintenance
• 2nd generation GRC solutions
can often be justified on
avoiding 1st generation annual
software maintenance fees
alone!
• 1st generation GRC solutions require purchasing and implementing dedicated servers and infrastructure
• Often $200K or more• Additional line items on asset and depreciation tables• Another headache for IT infrastructure staff• 2nd generation solutions run inside SAP with no incremental
infrastructure investment• Existing infrastructure investments supporting 1st generation
GRC solutions can be retired or redeployed• Investing in new infrastructure can be avoided
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Infrastructure Investments
• 1st generation solutions usually require multi-month
implementations
• Major project, major distraction
• Usually “Integrator led” implementations
• 2nd generation GRC implementations measured in days
• Projects can be led by internal IT staff with on-call remote
vender support
• Projects can be “trickle in” implementations vs. “big bang”
• Time to ROI significantly reduced
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Implementation Costs
• 1st generation GRC solutions running on dedicated servers
require on-going IT administration
• Server administration - monitoring and maintenance
• Data backup and tape operations
• 3rd party break/fix contracts
• 2nd generation GRC solutions are “zero foot print”. With no
dedicated server infrastructure, there is no on-going
incremental infrastructure administration costs
• Net reduction in complexity of IT support operations
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
On-going Infrastructure Administration
• With manual or semi-automated processes, annual
audits can become annual “root canals”• IT staff irritated by having to manually extract and prepare
data
• Internal audit viewed as interruptions, not value add
• Time and money diverted from innovation
• External audit costs increased
• Audit preparation can be lengthy, distracting, and
expensive – can take months
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Annual Audit Preparation and Reporting
• Manual or semi-automated controls
tend to attract more scrutiny
• Day-to-day repetitive, tedious tasks
often take longer due to GRC
requirements
• User and Role provisioning
• Transport management
• Batch management
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Annual Audit Preparation and Reporting
• 2nd generation GRC solutions provide “Embedded Compliance” -audit reporting data is captured automatically as part of automated business processes
• Audit data is available real-time, ad hoc• More audit data becomes “self-service” to auditors, and more
importantly business process owners and executives
• Broader breath of scope of 2nd generation GRC solutions address increasingly broader audit scrutiny
• Cost of audit preparation reduced by 75%• Less time operating the business – More time improving the
business
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Annual Audit Preparation and Reporting
• Any hour spent proving what you did is an hour not spent
improving what you are going to do• Budget spent on compliance is budget not spent on innovation
• Performing manual IT operations tasks while performing
manual or semi-automated audit compliance tasks
represent a double whammy
• 2nd generation GRC solutions automate repetitive manual
tasks with embedded compliance to capture data to
automate audit compliance tasks
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Opportunity Cost
• The Current State of GRC
• Components Affecting the Total Cost of Compliance
• Beyond Compliance – Considering the “G” and the “R”
• Graham Packaging Case Study
• About ControlPanelGRC
• ROI calculator
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Agenda
• In the wake of SOX, the focus was on demonstrating compliance
• Focus shifting to reducing the on-going Total Cost of Compliance
• Leveraging the GRC investment for competitive advantage
• Truly reducing risks
• Not just theft and fraud, but mistakes and inconsistencies
• More manageable business processes
• Appropriate, visible controls – key to management dashboards
• Automating manual tasks
• Using GRC as the engine to drive change
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Beyond Compliance
• Shifting from the “C” to the “G” and the “R” in GRC
• Any enterprise, regardless of size, can benefit from
implementing a 2nd generation GRC solution
• Less time operating, more time innovating
• More manageable operations
• Lowering costs
• Driving change
• Optimizing business processes
• Increasing business agility
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Beyond Compliance
• The Current State of GRC
• Components Affecting the Total Cost of Compliance
• Beyond Compliance – Considering the “G” and the “R”
• Graham Packaging Case Study
• About ControlPanelGRC
• ROI calculator
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Agenda
• Employs 7,500 people at 80 plants spread across 16 countries
• Privately held, but registered with the Securities and Exchange
Commission (SEC)
• Global leader in the design, sale
and manufacture of value-added,
custom molded plastic containers
• Based in York, Pennsylvania
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Graham Packaging Case Study
• Challenges• Using expensive 1st generation GRC product
• Limited to SOX compliance and SOD
• Leveraging just one-quarter of functionality
• Big implementation project facing company from
time/expense perspectives
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Graham Packaging Case Study
• Solution• ControlPanelGRC significantly less in cost
• Easy to implement and easy to use
• Quicker time to value or time to benefit of entire toolset
• Payback significant
• Automation of master data transport
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Graham Packaging Case Study
• Results• Saving significant amount of money
• Saving one week’s time in audit preparation
• Automated reporting satisfies external auditors
• Reduces repetitive tasks 50% now
• More IT people using solution, becoming more resourceful
• Less dependence on security personnel
• ROI in less than 12 months
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Graham Packaging Case Study
• The Current State of GRC
• Components Affecting the Total Cost of Compliance
• Beyond Compliance – Considering the “G” and the “R”
• Graham Packaging Case Study
• About ControlPanelGRC
• ROI calculator
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Agenda
• ABAP based software solution “Built by GRC professionals for GRC professionals”
• Integration of existing SymSoft technology and new functionality
• 7 modules sold separately or full suite• Broad functionality – Beyond SODs
• Change management, Batch management, application and security administration, numerous business process accelerators
• Powerful workflow engine automates routine administrative tasks
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
About ControlPanelGRC
• “Embedded compliance”• Audit/compliance data is captured automatically
• Reporting becomes a by-product
• Whole new price point• 1/3 the cost of 1st generation solutions
• Opens the market to smaller publically traded and
privately held regulated enterprises (Pharmas, FDA)
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
About ControlPanelGRC
• ControlPanelGRC Modules Maps to Business Processes:• Risk Analyzer - Analysis of Segregation of Duty and
Sensitive Authorization risks
• Emergency Access Manager (formerly SymSoft Fire Call) –
Temporary authorization and tracking to troubleshoot production
issues
• User and Role Manager – Automated workflows to accelerate day-to-
day SAP security administration. Numerous practical accelerators
• AutoAuditor - Automated execution and delivery of
compliance reports – documented review
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
About ControlPanelGRC
• ControlPanelGRC Modules Maps to Business
Processes:• Transport Manager (formerly SymSoft Q-TMS) -
Automates the Change Request process via a
workflow that maintains an audit trail
• Batch Manager – Compliant management,
approval, documentation and monitoring cross-
system Batch Jobs
• Usage Analyzer (formerly SymSoft RBE) –
Tracking and reporting or actual system usage.
License Optimization
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
About ControlPanelGRC
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
About ControlPanelGRC
• The Current State of GRC
• Components Affecting the Total Cost of Compliance
• Beyond Compliance – Considering the “G” and the “R”
• Graham Packaging Case Study
• About ControlPanelGRC
• ROI calculator
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Agenda
Cost Area1st Gen. Solution -Previously Purchased
1st Gen. Solution -New Purchase
2nd Gen Solution
Initial Software License $0.00 $500,000 $125,000 Upgrade fees $100,000 $0 $0 3 years annual maintenance $240,000 $330,000 $60,000 Dedicated servers and infrastructure $200,000 $200,000 $0
New implementation costs $0.00 $75,000 $25,000 Incremental costs to fully implement $75,000 $100,000 $25,000
3 years annual IT admin and support $30,000 $30,000 $0
3 years annual cost of audit preparation and reporting
$120,000 $120,000 $30,000
Opportunity Cost - IntangibleTCO - Next 3 years $765,000 $1,355,000 $265,000
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
ROI Calculator
• Auditors trending towards broader IT audits• Focus moving from compliance to managing the Total Cost of
Compliance• 2nd generation GRC solutions are priced 50%-75% less than 1st
generation software• Savings on maintenance fees alone offers compelling reasons to
consider 2nd generation solutions
• New solutions offer embedded compliance and automation of repetitive tasks
• ControlPanelGRC driving better business execution, not just demonstrating compliance
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Wrap Up
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Thank you!
For ControlPanelGRCcase studies, articles, and
archived webinars please visit www.controlpanelgrc.com