Processes do not have to kill you


Published on

CloudOps Summit 2013, Frankfurt, 25.09.2013
Lightning Talk by
Ute Riemann,
Business Enterprise Principal Consultant, SAP AG

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Processes do not have to kill you

  1. 1. Processes do not have to kill you GUIDED END-TO-END PROCESSES IN THE LIGHT OF THE USE OF CLOUD SERVICES Ute Riemann SAP Deutschland AG & Co. KG
  2. 2. © 2013 SAP AG. All rights reserved. 2Customer Why security is so difficult - and why value is lost • The value of Cloud Services is generated „between“ the business and technology • But: outtasking services also means: loosing control over the data (= missing security) • Today‘s approach: identify technology risks and – as a consequence – do not use Cloud services if too risky  Too inflexible, too much value is lost  Our approach: look at the value chain first! Security People BusinessTechnology Value of Cloud Services
  3. 3. © 2013 SAP AG. All rights reserved. 3Customer The 5 steps from identification of cloud value add and the business process inherent compliance risks of a company Identify the company- specific value chain Identify the key processes within the value chain Select the appropriate fraud indicators Perform IT identification Link the processes with the cloud specifics within the E2E process model 1 2 3 4 5
  4. 4. © 2013 SAP AG. All rights reserved. 4Customer A comprehensive analysis of the compliance requirements within the process environment To answer this question it is required to understand the various dimensions that needs to be considered Dimension 1: Business perspective Dimension 2: Service perspective Dimension 3: Compliance perspective Service perspective Business perspective Compliance perspective
  5. 5. © 2013 SAP AG. All rights reserved. 5Customer The following indicator categories need to be considered within the cloud environment What is the importance of the process within the value chain What is the value towards the corporate result Estimate what frauds can occur due to the use of the process (independent of the environment) Result relevance Cost relevance Security relevance Check how cost intensive the current process is and what implications are possible due to the cloudification
  6. 6. © 2013 SAP AG. All rights reserved. 6Customer Example: Order-to-Cash Process End-to-End Processes Sub Processes Main Processes Order to Cash Customer Order Delivery Debt Order Mgmnt Execution Delivery Planning & Mgmnt Transpor- Tation Planning & execution Outbound Logistics Returns & Refusals Mgmnt Credit Mgmnt Stock Mgmnt Accounts Receivable Factoring
  7. 7. © 2013 SAP AG. All rights reserved. 7Customer Processed information within the O2C process Analyzed process modules, interfaces and process status Process Modules, Transactions and Information Critical Module Relevant Transactions (SAP) Critical Information OTC01 Sales Order Creation Create Sales Order VA01 Change Sales Order VA02 Display Sales Order VA03 List of Sales Orders VA05 sales order data, sales conditions OTC02 Availability Check Create Sales Order VA01 Change Sales Order VA02 materials master data, sales order data OTC03 Order Confirmation Change Sales Order VA02 Display Sales Order VA03 sales order data OTC04 Delivery Creation Inbound/ Outbund Create Outb. Dlv. w/ Order Ref. VL01n Change Outbound Delivery VL02n Display Outbound Delivery VL03n Edit User-specific Delivery List VL10 Change Sales Order VA02 customer master data sales order data OTC14 Invoice Creation Create Billing Document VF01 Change Billing Document VF02 Display Billing Document VF03 Maintain Billing Due List VF04 Cancel Billing Document VF11 Change Sales Order VA02 customer master data, sales order data, invoice data
  8. 8. © 2013 SAP AG. All rights reserved. 8Customer Cloud Threats towards information Process Module Potential Threat OTC01 Sales Order Creation Wrong prices to the customer lead to a wrong legal binding order; Order handling due to incomplete/wrong order data (by interfaces) OTC02 Availability Check OTC03 Order Confirmation Process customer order via cloud services (transparency of customer data to 3rd party) OTC04 Delivery Creation Inbound/ Outbound Delivery data transparent in the cloud OTC14 Invoice Creation Invoicing with the use of cloud services with bank data by the customer in the cloud; Dunning accounts handled via cloud services with customer internal data; Payment / Financial information by customer transparent in the cloud
  9. 9. © 2013 SAP AG. All rights reserved. 9Customer Future work • To monitor which kind of information is requested for processing with an interface, a GRC monitoring receipt is suggested to further analyze the GRC status achieved. • Having process modules, interfaces and the used technology (cloud / non-cloud) and GRC monitoring attributes addressed, the problem remains, how those criteria can be effectively monitored throughout a EtE as the OtC, while providing dedicated attention to risks and compliance issues involved by processing information by both people and technology. • This is subject to future work.
  10. 10. © 2013 SAP AG. All rights reserved. 10Customer © 2013 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Please see for additional trademark information and notices.
  11. 11. © 2013 SAP AG. All rights reserved. 11Customer © 2013 SAP AG. Alle Rechte vorbehalten. Weitergabe und Vervielfältigung dieser Publikation oder von Teilen daraus sind, zu welchem Zweck und in welcher Form auch immer, ohne die ausdrückliche schriftliche Genehmigung durch SAP AG nicht gestattet. In dieser Publikation enthaltene Informationen können ohne vorherige Ankündigung geändert werden. Einige der von der SAP AG und ihren Distributoren vermarkteten Softwareprodukte enthalten proprietäre Softwarekomponenten anderer Softwareanbieter. Produkte können länderspezifische Unterschiede aufweisen. Die vorliegenden Unterlagen werden von der SAP AG und ihren Konzernunternehmen („SAP-Konzern“) bereitgestellt und dienen ausschließlich zu Informationszwecken. Der SAP-Konzern übernimmt keinerlei Haftung oder Gewährleistung für Fehler oder Unvollständigkeiten in dieser Publikation. Der SAP-Konzern steht lediglich für Produkte und Dienstleistungen nach der Maßgabe ein, die in der Vereinbarung über die jeweiligen Produkte und Dienstleistungen ausdrücklich geregelt ist. Keine der hierin enthaltenen Informationen ist als zusätzliche Garantie zu interpretieren. SAP und andere in diesem Dokument erwähnte Produkte und Dienstleistungen von SAP sowie die dazugehörigen Logos sind Marken oder eingetragene Marken der SAP AG in Deutschland und verschiedenen anderen Ländern weltweit. Weitere Hinweise und Informationen zum Markenrecht finden Sie unter