WIXLIB

SAP Road Map for Governance, Risk, andCompliance Solutions

Legal disclaimerThe information in this presentation is confidential and proprietary to SAP and may not be disclosed withoutthe permission of SAP. This presentation is not subject to your license agreement or any other service orsubscription agreement with SAP. SAP has no obligation to pursue any course of business outlined in thisdocument or any related presentation, or to develop or release any functionality mentioned therein. Thisdocument, or any related presentation and SAP's strategy and possible future developments, products andor platforms directions and functionality are all subject to change and may be changed by SAP at any timefor any reason without notice. The information in this document is not a commitment, promise or legalobligation to deliver any material, code or functionality. This document is provided without a warranty of anykind, either express or implied, including but not limited to, the implied warranties of merchantability, fitnessfor a particular purpose, or non-infringement. This document is for informational purposes and may not beincorporated into a contract. SAP assumes no responsibility for errors or omissions in this document, exceptif such damages were caused by SAP s willful misconduct or gross negligence.All forward-looking statements are subject to various risks and uncertainties that could cause actual resultsto differ materially from expectations. Readers are cautioned not to place undue reliance on these forwardlooking statements, which speak only as of their dates, and they should not be relied upon in makingpurchasing decisions. 2012 SAP AG. All rights reserved.This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement3

Global trends impacting governance, risk, and compliance(GRC) practicesIncreasing andchanging regulatoryrequirementsAdded pressure fortransparency andaccountabilityVirtualized IT andbusiness processenvironmentsFact: In fiscal year 2010, 43major new regulations wereimposed – U.S. GeneralAccounting Office dataFact: Investors want auditorsto dig deeper into assertionsthat fall outside of auditedfinancial statementsFact: Cloud computing ishere to stay, but the legaland compliance risks thatcome with it are daunting 2012 SAP AG. All rights reserved.This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement4

Pervasive challenges facing companies todayOperational riskFinancial riskStrategic riskDiminished customer loyaltyIncreased cost of capitalLoss of revenue streamsDecreased shareholder valueGRC programs require manualefforts and are too costly 2012 SAP AG. All rights reserved.Impact of risk events andnoncompliance is highThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement5

Proactively balance risk and opportunitySAP solutions for governance, risk, and compliance (GRC)MANAGE BETTERPROTECT BETTERPERFORM BETTERAutomate manual tasksAutomate monitoringAlign with strategy and planningEmploy best practicesReal-time analysisEmbed analyticsReduce effort and costIndustry-specific solutionsScenario modeling 2012 SAP AG. All rights reserved.This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement6

Key competencies for successSAP solutions for GRCGRC for LoBsIT CPGOil & GasMfgUtilitiesBankingGRC for IndustriesSupply ChainSales andMarketing FinanceSAP solutions for GRCAnalyzeDashboards rise ApplicationsLegacy AppsIT Infrastructure*Lines of business 2012 SAP AG. All rights reserved.This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement7

SAP solutions for GRCManage, protect, and obaltrade servicesConfidently manageand reduce accessrisk enterprise-wideEnsure effectivecontrols andongoing complianceAlign enterprise riskswith business valueOptimize globalsupply chain andensure compliance 2012 SAP AG. All rights reserved.This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement8

Overview of SAP road map for GRCRiskmanagementContinuousinnovationAdvanced reportingand analyticsComprehensive GRCinitiative managementAccesscontrolProcesscontrolIntegrated monitoringIndustry and LoB risk andcompliance contentSolution today 2012 SAP AG. All rights reserved.Active GRCPlanned innovationsPredictive GRCFuture directionThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement9

Overview of SAP road map for GRCRiskmanagementContinuousinnovationAdvanced reportingand analyticsComprehensive GRCinitiative managementAccesscontrolProcesscontrolIntegrated monitoringIndustry and LoB risk andcompliance contentSolution today 2012 SAP AG. All rights reserved.Active GRCPlanned innovationsPredictive GRCFuture directionThis presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement10

Recent innovations for SAP solutions for GRCOverviewKey needsKey innovationsReleaseUnified andintegratedGRC platform Integrated GRCsolutions Common look and feel; streamlinednavigation Shared compliance master data SAP Access Control 10.0,SAP Process Control 10.0,and SAP Risk Management 10.0GRC reportingand analytics Insights into the statusand value of risk andcompliance programs Interactive dashboards Embedded reporting and dashboards SAP Access Control 10.0,SAP Process Control 10.0,and SAP Risk Management 10.0ComprehensiveGRCmanagement Increased reliance;reduced effort and costfor risk and complianceactivities Expanded functions Closed-loop super-user privilegemanagement Comprehensive policy management Visual risk bowtie builder Integrated audit management SAP Access Control 10.0,SAP Process Control 10.0,and SAP Risk Management 10.0Operational riskmanagementfor banking Quantitative analysis Loss event management Manual and score-based key riskindicators Comprehensive analytical dashboardson losses and loss matrix analysis SAP Risk Management 10.0GRC mobileapps Extended reach for GRCworkflows to mobileworkers Mobile approval of access requests Mobile review of policies SAP GRC Access Approverand SAP GRC Policy Surveymobile appsIntegrated GRCmonitoring Monitor business and IToutcomes Enhancements to comprehensive andautomated GRC monitoring SAP Access Control 10.0,SAP Process Control 10.0,and SAP Risk Management 10.0Solution today 2012 SAP AG. All rights reserved.This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement11

Unified and integrated GRC platformSAP Access Control 10.0, SAP Process Control 10.0, SAP Risk Management 10.0Solution enhancementsKey benefits Unified technology platform based on the ABAPprogramming language Reduced overall cost of ownership Common look and feel; streamlined navigation Reduced configuration cost Shared compliance master data Easier adaptation to specific requirements Configurable user interface Reduced time to value Reduced cost of training; ability to share staff Content lifecycle managementCommon technologyplatform enablesa unifieduser experienceSolution today 2012 SAP AG. All rights reserved.This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement12

GRC reporting and analyticsSAP Access Control 10.0, SAP Process Control 10.0, SAP Risk Management 10.0Solution enhancementsKey benefits Enhanced report formats Empowered business users Interactive dashboards Expanded visibility for program owners Embedded reporting and dashboards Reduced cost of ownership and managementDashboards providevisibility needed by GRCprogram ownersSolution today 2012 SAP AG. All rights reserved.This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement13

Comprehensive GRC managementAccess controlSAP Access Control 10.0Solution enhancementsKey benefits Streamlined user access management Improved usability and simplified provisioning Collaborative business role governance Centrally managed compliant roles across systems Centralized super-user privilege management Reduced administration cost and improve visibility Closed-loop super-user privilege management Ability to review, resolve, and track activity online Improved identity management Integration Minimized access risk in enterprise provisioningAutomated review forsuper-user privilegemanagementSolution today 2012 SAP AG. All rights reserved.This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document isprovided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement14