drive enterprise value - wirc enterprise value enabled by sap governance risk & compliance solns...

Drive Enterprise Value Enabled by SAP Governance Risk & Compliance solns

Murali Narayanamurthy

© 2011 SAP AG. All rights reserved. 2

Manage Enterprise Risk and Compliance

Manage access

risk and

prevent fraud

SAP GRC

Access Control

SAP GRC

Access

Approver -

mobile

application

Access Risk

Management

Controls &

Compliance

Monitoring

Ensure

effective

controls and

ongoing

compliance

SAP GRC Process

Control

SAP GRC Policy

Survey - mobile

application

Enterprise Risk

Management

Preserve and

grow value

SAP GRC Risk

Management

Planning and

performing

Audits

Drive a unified

audit

management

function

SAP GRC Audit

Management

Fraud

detection and

investigation

Prevent, detect,

investigate,

and monitor

fraud patterns

and predictions

SAP GRC Fraud

Management


SAP’s Approach: Unified Governance Risk & Compliance

Unified GRC

Framework

Organizational

Objectives

Monitor Key Risk

Indicators

Policy

Management

Legal Compliance

Internal Controls

Effectiveness

Prevent Frauds

Risk Based Audit

Segregation of

Duties


Standardizes on SAP Business workflow technology,

supports more flexible and tailored access request and

approver views, simplifying the provisioning process Key Benefits

Business workflow

reduces manual tasks

and streamlines access

request processing

Leverage existing

resources for workflow

administration and

configuration

Faster and easier for

users to request the roles

they need.

Streamlined User Access Management

SAP

Business Suite

Other SAP

Applications

Heterogeneous

Environment

HR Systems

SAP HR

PeopleSoft HR

Other

IDM Systems

SAP IDM

Novell IDM

Other

Other

AC Direct Entry

Help Desk

More…

Request generated

Risk Analysis

Manager Approval

Automated provisioning

SOURCE CONFIGURABLE WORKFLOW RESULT

Mitigation

Exception

workflow

SAP

Mobility

Option

3


Business Control Monitoring: Supplier Relationship Management Process

Are suppliers for critical materials delivering on time?

Identify & Qualify

Vendors

Evaluate Bids

Award & Negotiate Contract

Implement

Strategic

Agreements

Create Purchase

Order

Dispatch Electronic

PO to Supplier

Receive Goods or Services; Inspect

Apply Agreement

Terms & Conditions

Apply Sourcing

Rules

Execute

Procurement

Receive Electronic

Invoice

Pay Supplier

(EFT)

Pay

Suppliers

Analyze Performance

Adjust Contracts

Drive

Continuous

Improvement

Were sourcing policies followed in awarding contracts?

Are any critical materials single sourced?

Were any supplier payment terms changed?


Combining the power of different approaches SAP Fraud Management covers the full spectrum of fraud detection

Know fraud

behaviors

Unusual

behaviors

Similar, but

different from

known behaviors

Unknown fraud

behaviors

Know Patterns Unknown/complex

Patterns

Rules

Predictive

Algorithms

Hybrid combination of

Rules and Predictive Algorithms to detect fraud


Investigation

Detection

Prevention

Monitoring

Alert

Notification

Fraud Management A Closed-loop, Cross-Functional Process

Fraud

Pattern

Analysis

Claim Handling

& Settlement

Inquire &

Analyze Investigation

Inte

gra

tio

n

Con

fig

ura

tio

n

Pla

tfo

rm

Evaluation &

Decision

Fraud Monitoring & Performance Optimization

From Claim Notification to Claim Closure

Define Rules

& Predictive

Models

Setup

Fraud Detection

Strategy

Calibration &

Simulation

Online

Detection

Mass

Detection

Fraud

Investigator

Business

Analyst CIO

Head of Claim

Management

Head of Fraud

Investigation

SA

P F

rau

d M

an

ag

em

en

t fo

r In

su

ran

ce


USER FRIENDLY INTERFACE TO HELP

MATURE ALGORITHMS


Monitor thresholds, effectiveness

of risk responses, and corrective

actions

Respond to risk after

balancing costs and

benefits

Analyze risk via scenarios, modeling,

& other factors to understand

exposure

Link risks, risk drivers,

risk indicators,

impacts and

responses

Plan risk management

within the context of value

to the organization

SAP Risk Management Preserve and grow value


Intuitive Risk Heat maps for prioritization and

action


Define the context within which business risks are to be managed

Risk Planning (Bow-tie Builder)


Identify and assess the impact of risk events on the business

Risk Assessment Business context based assessments


Evaluate and select the risks to be addressed and create risk responses

Risk Response Implement responses – Superior mitigation with automation


Monitor the effectiveness and completeness of the response actions

Risk Monitoring Proactive risk management and prevention


Enterprise Wide Integrated Governance Risk &

Compliance Example using SAP GRC Solutions

Develop and

Package External

Content

Enterprise Risks

Responses

Reduce Control Avoid Accept Transfer

Regulations

Process

Procure to Pay

Vendor Mgmt

AP Invoicing

Process Risks

Fraudulent

invoices paid

Valid

invoices not

entered

Access Risks

User can

enter vendor

& PO User can

enter invoices

& payments

Controls

Review of new

vendors and

related invoice

support

AP SOD

rules in AC

Review of

uninvoiced

goods

receipts

Monitor

Access

Status

Mitigate

Access

Violations

Policies

Update and roll

out strengthened

security policy

Fraud


Unified GRC

is the key step en route

to building the linkage

from strategy to

execution, because you

can prove that linkage

works.

Increased visibility into

the impact of risk

against performance.

Improve predictability

and performance.

Allocate resources

and capital where it is

most needed

Achieving Benefits with Enterprise Risk and Control

Management

Confident Decisions

Predictable Performance

Strategic Alignment

Thank You!

Murali Narayanamurthy

Director Office of the CFO & GRC

Solutions

SAP India Private Limited

(+91) 9820972906

[email protected]

drive enterprise value - wirc enterprise value enabled by sap governance risk & compliance solns...

Documents