reducing the total cost of sap compliance with 2nd generation grc solutions
DESCRIPTION
2nd generation GRC Solutions runs inside SAP with no incremental infrastructure investment and reduced time to ROI. It provides "Embedded Compliance" - audit reporting data and decreased annual software maintenance. Graham Packaging is one of the companies that has seen the benefits of implimenting the 2nd generation GRC first hand.TRANSCRIPT
![Page 1: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/1.jpg)
Reducing the Total Cost of Compliance with 2nd Generation GRC Solutions
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
![Page 2: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/2.jpg)
Introducing…
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Dan WilhelmsPresident – SymSoft
![Page 3: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/3.jpg)
• Makers of Governance, Risk and Compliance (GRC) solutions for
SAP environments
• Spin-off of Milwaukee-based Symmetry Corporation• 14 years of technical implementation solutions for the SAP and Enterprise Security
marketplace
• One of the largest dedicated SAP Basis consulting organizations in the U.S. - 200
SAP implementations and over 90 SAP Basis and security managed services
customers
• 10 years of software development and marketing experience
• Previous reseller of Virsa, and SAP GRC integrator
• SAP Certified Hosting Partner
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
About SymSoft
![Page 4: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/4.jpg)
• Developers of value added software solutions for SAP
technical operations
• Q-TMS – Automation and tracking of SAP Change Request
(transport) processing
• RBE – SAP Reverse Business Engineering analytics
• Password Manager – Re-sync SAP passwords across all
SAP landscapes
• Numerous proprietary utilities for SAP security
administration
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
About SymSoft
![Page 5: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/5.jpg)
• The Current State of GRC
• Components Affecting the Total Cost of Compliance
• Beyond Compliance – Considering the “G” and the “R”
• Graham Packaging Case Study
• About ControlPanelGRC
• ROI calculator
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Agenda
![Page 6: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/6.jpg)
• In the wake of SOX, many enterprises• Purchased expensive “1st generation GRC solutions
• “Toughed it out” with manual compliance operations
• Mixed satisfaction with 1st generation solutions• High price, high implementation costs, high TCO
• High maintenance fees, upgrades required
• Often “Shelfware”
• Lack of day to day, “meat & potatoes” utility
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
The Current State of GRC
![Page 7: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/7.jpg)
• Many enterprises simply can’t afford an upper 6 figure solution
• Increasing audit requirements at odds with tight economy
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
The Current State of GRC• Auditors trending towards broader IT audits
• Taking a broader view of Controls – Beyond SODs
• Getting more application savvy
![Page 8: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/8.jpg)
• The Current State of GRC
• Components Affecting the Total Cost of Compliance
• Beyond Compliance – Considering the “G” and the “R”
• Graham Packaging Case Study
• About ControlPanelGRC
• ROI calculator
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Agenda
![Page 9: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/9.jpg)
• Purchased software license fees
• Annual software maintenance
• Infrastructure investments
• Implementation costs
• On-going infrastructure administration
• Annual audit preparation and reporting
• Opportunity cost – what you can’t do
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Components Affecting the Total Cost of Compliance
![Page 10: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/10.jpg)
• 1st generation GRC solutions priced in upper 6 figures
• Exploit the gold rush into compliance
• 1st generation GRC solutions often “wrapped and rolled” into
larger ERP purchases
• Resulting in GRC “Shelfware”
• “Give away the razor and make it up on the blades”
• Often access to full functionality requires expensive upgrades
• 2nd generation GRC solutions are priced 50-75% less than 1st
generation solutions
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Purchased Software License Fees
![Page 11: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/11.jpg)
• The “blades” for the razor
• 1st generation solutions often $60-80K per year
• Whether “Shelfware or not”
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Annual Software Maintenance
• 2nd generation GRC solutions
can often be justified on
avoiding 1st generation annual
software maintenance fees
alone!
![Page 12: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/12.jpg)
• 1st generation GRC solutions require purchasing and implementing dedicated servers and infrastructure
• Often $200K or more• Additional line items on asset and depreciation tables• Another headache for IT infrastructure staff• 2nd generation solutions run inside SAP with no incremental
infrastructure investment• Existing infrastructure investments supporting 1st generation
GRC solutions can be retired or redeployed• Investing in new infrastructure can be avoided
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Infrastructure Investments
![Page 13: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/13.jpg)
• 1st generation solutions usually require multi-month
implementations
• Major project, major distraction
• Usually “Integrator led” implementations
• 2nd generation GRC implementations measured in days
• Projects can be led by internal IT staff with on-call remote
vender support
• Projects can be “trickle in” implementations vs. “big bang”
• Time to ROI significantly reduced
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Implementation Costs
![Page 14: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/14.jpg)
• 1st generation GRC solutions running on dedicated servers
require on-going IT administration
• Server administration - monitoring and maintenance
• Data backup and tape operations
• 3rd party break/fix contracts
• 2nd generation GRC solutions are “zero foot print”. With no
dedicated server infrastructure, there is no on-going
incremental infrastructure administration costs
• Net reduction in complexity of IT support operations
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
On-going Infrastructure Administration
![Page 15: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/15.jpg)
• With manual or semi-automated processes, annual
audits can become annual “root canals”• IT staff irritated by having to manually extract and prepare
data
• Internal audit viewed as interruptions, not value add
• Time and money diverted from innovation
• External audit costs increased
• Audit preparation can be lengthy, distracting, and
expensive – can take months
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Annual Audit Preparation and Reporting
![Page 16: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/16.jpg)
• Manual or semi-automated controls
tend to attract more scrutiny
• Day-to-day repetitive, tedious tasks
often take longer due to GRC
requirements
• User and Role provisioning
• Transport management
• Batch management
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Annual Audit Preparation and Reporting
![Page 17: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/17.jpg)
• 2nd generation GRC solutions provide “Embedded Compliance” -audit reporting data is captured automatically as part of automated business processes
• Audit data is available real-time, ad hoc• More audit data becomes “self-service” to auditors, and more
importantly business process owners and executives
• Broader breath of scope of 2nd generation GRC solutions address increasingly broader audit scrutiny
• Cost of audit preparation reduced by 75%• Less time operating the business – More time improving the
business
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Annual Audit Preparation and Reporting
![Page 18: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/18.jpg)
• Any hour spent proving what you did is an hour not spent
improving what you are going to do• Budget spent on compliance is budget not spent on innovation
• Performing manual IT operations tasks while performing
manual or semi-automated audit compliance tasks
represent a double whammy
• 2nd generation GRC solutions automate repetitive manual
tasks with embedded compliance to capture data to
automate audit compliance tasks
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Opportunity Cost
![Page 19: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/19.jpg)
• The Current State of GRC
• Components Affecting the Total Cost of Compliance
• Beyond Compliance – Considering the “G” and the “R”
• Graham Packaging Case Study
• About ControlPanelGRC
• ROI calculator
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Agenda
![Page 20: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/20.jpg)
• In the wake of SOX, the focus was on demonstrating compliance
• Focus shifting to reducing the on-going Total Cost of Compliance
• Leveraging the GRC investment for competitive advantage
• Truly reducing risks
• Not just theft and fraud, but mistakes and inconsistencies
• More manageable business processes
• Appropriate, visible controls – key to management dashboards
• Automating manual tasks
• Using GRC as the engine to drive change
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Beyond Compliance
![Page 21: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/21.jpg)
• Shifting from the “C” to the “G” and the “R” in GRC
• Any enterprise, regardless of size, can benefit from
implementing a 2nd generation GRC solution
• Less time operating, more time innovating
• More manageable operations
• Lowering costs
• Driving change
• Optimizing business processes
• Increasing business agility
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Beyond Compliance
![Page 22: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/22.jpg)
• The Current State of GRC
• Components Affecting the Total Cost of Compliance
• Beyond Compliance – Considering the “G” and the “R”
• Graham Packaging Case Study
• About ControlPanelGRC
• ROI calculator
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Agenda
![Page 23: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/23.jpg)
• Employs 7,500 people at 80 plants spread across 16 countries
• Privately held, but registered with the Securities and Exchange
Commission (SEC)
• Global leader in the design, sale
and manufacture of value-added,
custom molded plastic containers
• Based in York, Pennsylvania
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Graham Packaging Case Study
![Page 24: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/24.jpg)
• Challenges• Using expensive 1st generation GRC product
• Limited to SOX compliance and SOD
• Leveraging just one-quarter of functionality
• Big implementation project facing company from
time/expense perspectives
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Graham Packaging Case Study
![Page 25: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/25.jpg)
• Solution• ControlPanelGRC significantly less in cost
• Easy to implement and easy to use
• Quicker time to value or time to benefit of entire toolset
• Payback significant
• Automation of master data transport
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Graham Packaging Case Study
![Page 26: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/26.jpg)
• Results• Saving significant amount of money
• Saving one week’s time in audit preparation
• Automated reporting satisfies external auditors
• Reduces repetitive tasks 50% now
• More IT people using solution, becoming more resourceful
• Less dependence on security personnel
• ROI in less than 12 months
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Graham Packaging Case Study
![Page 27: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/27.jpg)
• The Current State of GRC
• Components Affecting the Total Cost of Compliance
• Beyond Compliance – Considering the “G” and the “R”
• Graham Packaging Case Study
• About ControlPanelGRC
• ROI calculator
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Agenda
![Page 28: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/28.jpg)
• ABAP based software solution “Built by GRC professionals for GRC professionals”
• Integration of existing SymSoft technology and new functionality
• 7 modules sold separately or full suite• Broad functionality – Beyond SODs
• Change management, Batch management, application and security administration, numerous business process accelerators
• Powerful workflow engine automates routine administrative tasks
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
About ControlPanelGRC
![Page 29: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/29.jpg)
• “Embedded compliance”• Audit/compliance data is captured automatically
• Reporting becomes a by-product
• Whole new price point• 1/3 the cost of 1st generation solutions
• Opens the market to smaller publically traded and
privately held regulated enterprises (Pharmas, FDA)
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
About ControlPanelGRC
![Page 30: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/30.jpg)
• ControlPanelGRC Modules Maps to Business Processes:• Risk Analyzer - Analysis of Segregation of Duty and
Sensitive Authorization risks
• Emergency Access Manager (formerly SymSoft Fire Call) –
Temporary authorization and tracking to troubleshoot production
issues
• User and Role Manager – Automated workflows to accelerate day-to-
day SAP security administration. Numerous practical accelerators
• AutoAuditor - Automated execution and delivery of
compliance reports – documented review
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
About ControlPanelGRC
![Page 31: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/31.jpg)
• ControlPanelGRC Modules Maps to Business
Processes:• Transport Manager (formerly SymSoft Q-TMS) -
Automates the Change Request process via a
workflow that maintains an audit trail
• Batch Manager – Compliant management,
approval, documentation and monitoring cross-
system Batch Jobs
• Usage Analyzer (formerly SymSoft RBE) –
Tracking and reporting or actual system usage.
License Optimization
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
About ControlPanelGRC
![Page 32: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/32.jpg)
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
About ControlPanelGRC
![Page 33: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/33.jpg)
• The Current State of GRC
• Components Affecting the Total Cost of Compliance
• Beyond Compliance – Considering the “G” and the “R”
• Graham Packaging Case Study
• About ControlPanelGRC
• ROI calculator
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Agenda
![Page 34: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/34.jpg)
Cost Area1st Gen. Solution -Previously Purchased
1st Gen. Solution -New Purchase
2nd Gen Solution
Initial Software License $0.00 $500,000 $125,000 Upgrade fees $100,000 $0 $0 3 years annual maintenance $240,000 $330,000 $60,000 Dedicated servers and infrastructure $200,000 $200,000 $0
New implementation costs $0.00 $75,000 $25,000 Incremental costs to fully implement $75,000 $100,000 $25,000
3 years annual IT admin and support $30,000 $30,000 $0
3 years annual cost of audit preparation and reporting
$120,000 $120,000 $30,000
Opportunity Cost - IntangibleTCO - Next 3 years $765,000 $1,355,000 $265,000
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
ROI Calculator
![Page 35: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/35.jpg)
• Auditors trending towards broader IT audits• Focus moving from compliance to managing the Total Cost of
Compliance• 2nd generation GRC solutions are priced 50%-75% less than 1st
generation software• Savings on maintenance fees alone offers compelling reasons to
consider 2nd generation solutions
• New solutions offer embedded compliance and automation of repetitive tasks
• ControlPanelGRC driving better business execution, not just demonstrating compliance
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Wrap Up
![Page 36: Reducing the Total Cost of SAP Compliance with 2nd Generation GRC Solutions](https://reader034.vdocuments.us/reader034/viewer/2022052523/555b7da2d8b42aae678b5906/html5/thumbnails/36.jpg)
www.ControlPanelGRC.com
Professional Solutions for Compliance Automation
Thank you!
For ControlPanelGRCcase studies, articles, and
archived webinars please visit www.controlpanelgrc.com