Transcription
Drive Enterprise ValueEnabled by SAP Governance Risk & Compliance solnsMurali Narayanamurthy
Manage Enterprise Risk and ComplianceAccess RiskManagementManage accessrisk andprevent fraud SAP GRCAccess Control SAP GRCAccessApprover mobileapplication 2011 SAP AG. All rights reserved.Controls &ComplianceMonitoringEnterprise RiskManagementEnsureeffectivecontrols andongoingcompliancePreserve andgrow valueSAP GRC ProcessControlSAP GRC RiskManagementSAP GRC PolicySurvey - mobileapplicationPlanning andperformingAuditsDrive a unifiedauditmanagementfunctionSAP GRC AuditManagementFrauddetection andinvestigationPrevent, detect,investigate,and monitorfraud patternsand predictionsSAP GRC FraudManagement2
SAP’s Approach: Unified Governance Risk & ComplianceOrganizationalObjectivesMonitor Key RiskIndicatorsPrevent FraudsRisk Based AuditUnified GRCFrameworkSegregation ofDutiesPolicyManagementLegal ComplianceInternal ControlsEffectiveness 2011 SAP AG. All rights reserved.3
3Streamlined User Access ManagementStandardizes on SAP Business workflow technology,supports more flexible and tailored access request andapprover views, simplifying the provisioning processSOURCECONFIGURABLE WORKFLOWRESULTIDM SystemsSAPBusiness SuiteSAP IDMNovell IDMOtherSAPMobilityOptionOtherAC Direct EntryHelp DeskMore 2011 SAP AG. All rights alAutomatedprovisioningBusiness workflowreduces manual tasksand streamlines accessrequest processingLeverage existingresources for workflowadministration andconfigurationHR SystemsSAP HRPeopleSoft HROtherKey BenefitsOther SAPApplicationsFaster and easier forusers to request the rolesthey onment4
Business Control Monitoring:Supplier Relationship Management entPaySuppliersDriveContinuousImprovement 2011 SAP AG. All rights reserved.Identify InvoiceEvaluateBidsAward &NegotiateContractApplyAgreementTerms &ConditionsCreatePurchaseOrderPaySupplier(EFT)Were sourcingpolicies followed inawarding contracts?DispatchElectronicPO toSupplierReceiveGoods orServices;InspectAre any criticalmaterials singlesourced?Were any supplierpayment termschanged?AnalyzePerformanceAdjustContractsAre suppliers forcritical materialsdelivering on time?5
Combining the power of different approachesSAP Fraud Management covers the full spectrum of fraud detectionUnknown/complexPatternsKnow PatternsKnow fraudbehaviorsUnusualbehaviorsSimilar, butdifferent fromknown behaviorsUnknown fraudbehaviorsRulesPredictiveAlgorithmsHybrid combination ofRules and Predictive Algorithms to detect fraud 2011 SAP AG. All rights reserved.6
Fraud onFraud Monitoring & Performance OptimizationFraudPatternAnalysisDefine Rules& PredictiveModelsOnlineDetectionHead of FraudInvestigationFraudInvestigator 2011 SAP AG. All rights reserved.Calibration &SimulationMassDetectionAlertNotificationClaim Handling& SettlementSetupFraud AP Fraud Management for InsuranceA Closed-loop, Cross-Functional ProcessInquire &AnalyzeInvestigationEvaluation &DecisionFrom Claim Notification to Claim ClosureBusinessAnalystHead of ClaimManagementCIO7
USER FRIENDLY INTERFACE TO HELPMATURE ALGORITHMS 2011 SAP AG. All rights reserved.15
SAP Risk ManagementPreserve and grow valueMonitor thresholds, effectivenessof risk responses, and correctiveactionsPlan risk managementwithin the context of valueto the organizationRespond to risk afterbalancing costs andbenefitsLink risks, risk drivers,risk indicators,impacts andresponsesAnalyze risk via scenarios, modeling,& other factors to understandexposure 2011 SAP AG. All rights reserved.25
Intuitive Risk Heat maps for prioritization andaction 2011 SAP AG. All rights reserved.27
Risk Planning(Bow-tie Builder)Define the context within which business risks are to be managed 2011 SAP AG. All rights reserved.28
Risk AssessmentBusiness context based assessmentsIdentify and assess the impact of risk events on the business 2011 SAP AG. All rights reserved.30
Risk ResponseImplement responses – Superior mitigation with automationEvaluate and select the risks to be addressed and create risk responses 2011 SAP AG. All rights reserved.31
Risk MonitoringProactive risk management and preventionMonitor the effectiveness and completeness of the response actions 2011 SAP AG. All rights reserved.32
Enterprise Wide Integrated Governance Risk &Compliance Example using SAP GRC SolutionsDevelop andPackage ExternalContentFraudEnterprise lationsProcessProcess RisksProcure to PayFraudulentinvoices paidVendor MgmtValidinvoices notenteredAP InvoicingAccess RisksUser canenter vendor& PO 2011 SAP AG. All rights reserved.User canenter invoices& paymentsControlsReview of newvendors andrelated invoicesupportReview ofuninvoicedgoodsreceiptsPoliciesAP SODrules in ACUpdate and rollout strengthenedsecurity 3
Achieving Benefits with Enterprise Risk and ControlManagementStrategic AlignmentPredictable PerformanceConfident Decisions Unified GRCis the key step en routeto building the linkagefrom strategy toexecution, because youcan prove that linkageworks. 2011 SAP AG. All rights reserved.Increased visibility intothe impact of riskagainst performance.Allocate resourcesand capital where it ismost neededImprove predictabilityand performance.34
Thank You!Murali NarayanamurthyDirector Office of the CFO & GRCSolutionsSAP India Private Limited( 91) 9820972906murali.narayana.murthy@sap.com
SAP GRC Process Control SAP GRC Policy Survey - mobile application Enterprise Risk Management Preserve and grow value SAP GRC Risk Management Planning and performing Audits Drive a unified audit management function SAP GRC Audit Management Fraud detection and investigation Prevent, detect, investigate,
