SlideShare a Scribd company logo
SAP White Paper
SAP Solutions for Governance, Risk, and Compliance




GOVERNANCE, RISK, AND
COMPLIANCE MANAGEMENT:
REALIZING THE VALUE
OF CROSS-ENTERPRISE
SOLUTIONS1
© Copyright 2007 SAP AG. All rights reserved.                           HTML, XML, XHTML and W3C are trademarks or registered
                                                                        trademarks of W3C®, World Wide Web Consortium,
No part of this publication may be reproduced or transmitted in         Massachusetts Institute of Technology.
any form or for any purpose without the express permission of
SAP AG. The information contained herein may be changed                 Java is a registered trademark of Sun Microsystems, Inc.
without prior notice.
                                                                        JavaScript is a registered trademark of Sun Microsystems, Inc.,
Some software products marketed by SAP AG and its distributors          used under license for technology invented and implemented
contain proprietary software components of other software               by Netscape.
vendors.
                                                                        MaxDB is a trademark of MySQL AB, Sweden.
Microsoft, Windows, Excel, Outlook, and PowerPoint are
registered trademarks of Microsoft Corporation.                         SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver,
                                                                        and other SAP products and services mentioned herein as well as
IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex,               their respective logos are trademarks or registered trademarks of
MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries,          SAP AG in Germany and in several other countries all over the
xSeries, zSeries, System i, System i5, System p, System p5, System x,   world. All other product and service names mentioned are the
System z, System z9, z/OS, AFP, Intelligent Miner, WebSphere,           trademarks of their respective companies. Data contained in this
Netfinity, Tivoli, Informix, i5/OS, POWER, POWER5, POWER5+,             document serves informational purposes only. National product
OpenPower and PowerPC are trademarks or registered                      specifications may vary.
trademarks of IBM Corporation.
                                                                        These materials are subject to change without notice. These
Adobe, the Adobe logo, Acrobat, PostScript, and Reader are              materials are provided by SAP AG and its affiliated companies
either trademarks or registered trademarks of Adobe Systems             (“SAP Group”) for informational purposes only, without
Incorporated in the United States and/or other countries.               representation or warranty of any kind, and SAP Group shall
                                                                        not be liable for errors or omissions with respect to the materials.
Oracle is a registered trademark of Oracle Corporation.                 The only warranties for SAP Group products and services are
                                                                        those that are set forth in the express warranty statements
UNIX, X/Open, OSF/1, and Motif are registered trademarks                accompanying such products and services, if any. Nothing herein
of the Open Group.                                                      should be construed as constituting an additional warranty.

Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame,
VideoFrame, and MultiWin are trademarks or registered
trademarks of Citrix Systems, Inc.




2
CONTENTS
Executive Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

The Business Need for Cross-Enterprise GRC Solutions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

The Goal: A Holistic Approach to GRC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Cross-Enterprise GRC Solutions: A Closer Look . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Support for Business Processes and Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
– Reconcile to Report and Financial Close . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
– Procure to Pay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
– Order to Cash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
– Hire to Retire . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
– Payroll . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
– Production to Delivery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
– Support Across the Complete IT Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Support for Enterprise Application Software Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
– Multiapplication GRC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
– Cross-Application GRC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Additional Attributes of an Enterprise-Class GRC Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
– Integrated GRC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
– Automated GRC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

SAP Solutions for Governance, Risk, and Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
SAP Solutions for GRC, Cisco SONA–Ready . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
– The Foundation for Cross-Enterprise GRC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Evolving SAP Software into Cross-Enterprise Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
SAP GRC Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
SAP GRC Process Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Powered by SAP NetWeaver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15




                                                                                                                                                                          3
EXECUTIVE SUMMARY
Governance, risk, and compliance (GRC) issues are hot topics          This paper explains SAP’s vision for a cross-enterprise GRC
today, thanks to a myriad of high-profile stories about companies     solution and the benefits it can provide, defines key terms,
that failed to meet regulatory requirements governing finance,        and discusses what to look for when evaluating GRC software
environmental compliance, and other areas. In each case,              options. It also discusses how SAP is evolving the SAP® solutions
executives have been held accountable, stock prices have              for governance, risk, and compliance (SAP solutions for GRC)
dropped, and brand image has suffered. GRC issues are also a top      to deliver the industry’s first comprehensive, fully integrated
priority because business leaders increasingly understand that        cross-enterprise GRC solution.
seemingly small operational control weaknesses can significantly
impair corporate performance. These obstacles might range
from a supplier inventory shortage that impacts revenue, to a
faulty or counterfeit product that erodes brand and increases
costs, to a leakage of confidential data that damages reputation
and creates a compliance liability.

Many companies have responded to regulatory mandates by im-
plementing disconnected, tactical processes and point solutions
that address a single regulation or corporate initiative. But these
fragmented efforts can make compliance far more costly and
complicated than it needs to be. You would need to purchase
and deploy multiple GRC applications for each enterprise appli-
cation and then define risks, set policies, and monitor compli-
ance for each application. At the same time, you need to find a
way to manage countless GRC policies, decisions, and GRC data
– data that is likely based on different metrics, standards, soft-
ware, and methodologies. The resulting complexity can make
it impossible to aggregate this data to gain a complete view of
enterprise risk.

SAP offers a new approach for monitoring, identifying, and
managing risk across the enterprise. A true cross-enterprise
GRC solution dramatically simplifies management and
execution of these activities – making it easy to compile data
for a comprehensive perspective on overall exposure, monitor
compliance and risk effectively, and adjust business processes to
meet changing business and regulatory mandates.




4
THE BUSINESS NEED FOR CROSS-ENTERPRISE
GRC SOLUTIONS
Issues related to management of GRC have become top board-                  Of even greater significance is the fact that fragmented GRC
room priorities, thanks to highly publicized corporate scandals             efforts make it impossible to implement a cohesive GRC strategy
and the release of a myriad of regulatory mandates designed to              for monitoring, identifying, and managing risk across the enter-
prevent everything from fraud to environmental damage. Most                 prise. This fragmentation – when replicated many times across
likely, you are keenly aware of the potential costs of noncompli-           different business applications and business functions – creates a
ance today. In addition to facing possible fines, your business             GRC management nightmare. For each business process or
could face the cost of litigation and remediation, as well as               application, you may have one or more different applications to
confronting negative impacts on brand, reputation, and market               manage it. And for each process and each application, business
valuation. Equally important, executives at the top can be held             and IT departments need to define risks, set policies, monitor
personally responsible for compliance failures.                             compliance, manage attestations, address escalations and
                                                                            mitigations, generate reports, and more. Complicating matters
                                                                            further is the fact that departments responsible for different GRC
       A Definition of GRC                                                  initiatives may use different metrics, standards, software, and
       • Governance manages the strategic directives                        methodologies for analyzing risk and compliance information.
                                                                            This makes it difficult to aggregate data, gain a complete view
          a company wants to follow.
                                                                            of enterprise risk, effectively monitor compliance and risk, and
       • Risk management assesses the areas                                 adjust business processes to meet changing requirements, market
          of exposure and potential impacts.                                trends, and regulatory mandates.
       • Compliance is the tactical action to mitigate
                                                                            Clearly, fragmented approaches to GRC represent a massive –
          risk.
                                                                            and costly – duplication of effort that impairs transparency and
          Source: John Hagerty, AMR Research, April 3, 2006                 increases opportunities for issues or weakness to fall through the
                                                                            cracks until identified by regulatory body.


                                                                                   Forrester anticipates that “firms will establish
Many companies have responded to regulatory mandates with                          risk and compliance architectures, develop risk
a series of disconnected, tactical, one-off projects to respond
                                                                                   intelligence, and implement GRC platforms,
to a single regulation or corporate initiative. Your business may
                                                                                   as well as centralized communication and
deploy multiple point solutions to address process control risks
within a core financial application, for example. However, while                   training on corporate policies and procedures.”
fragmented GRC activities may be the status quo, they are likely                   Forrester also anticipates the continued
costing your business more than you think and more than is                         evolution of the enterprise role that is respon-
necessary. AMR Research reports that compliance spending will
                                                                                   sible for managing GRC.
reach US$27.3 billion in 2006.1
                                                                                   Source: “Trends 2006: Enterprise Risk and Compliance,”
                                                                                   Forrester Research Inc., Michael Rasmussen,
                                                                                   December 13, 2005
1. Source: John Hagerty, AMR Research, “Spending in an Age of Compliance,
   2006,” February 21, 2006




                                                                                                                                             5
THE GOAL: A HOLISTIC APPROACH TO GRC
A fragmented approach to GRC prevents transparency into your             Integration must extend throughout the entire technology
business operations and severely limits your ability to use GRC as       stack, from the highest-level enterprise applications down to the
a strategic asset for your company. To promote transparency,             data-exchange infrastructure. In addition, all applications that
GRC solutions must span multiple business processes. As illus-           are part of the solution must 1) address GRC issues across all
trated in Figure 1, the answer is to implement a single, holistic        applications and business functions and 2) feed to and from
solution that works with all of the enterprise applications used         a single, centralized GRC data repository. These two charac-
to support those business processes.                                     teristics of cross-enterprise GRC enable you to address a multi-
                                                                         tude of GRC challenges and result in the following benefits:
A true cross-enterprise GRC solution delivers key functionality          • Enterprise-wide risk monitoring –You can monitor risk
across two dimensions:                                                     across all enterprise applications and business functions,
• Breadth in terms of business processes or functions covered,             deploying one solution, rather than multiple applications that
  such as human resources, finance, customer relationship                  manage only a subset of GRC activities. You can significantly
  management, sales, and so on                                             lower the effort and cost of GRC for your company, freeing
• Depth in terms of integration with multiple business applica-            resources for innovation and top-line growth.
  tions, which may include software from a major vendor, as
  well as legacy and custom applications


                                                                  Cross-Enterprise GRC




    Hire to Retire


    Reconcile to
    Report
                                                                                                                                     Cross-Functional




    Procure to Pay



    Order to Cash



    Production to
    Delivery


                                           Legacy                         SAP                            Oracle



                                                                Cross-Application




Figure 1: The Breadth and Depth of Cross-Enterprise Solutions

6
CROSS-ENTERPRISE GRC
                                                                       SOLUTIONS: A CLOSER LOOK
• Greater transparency – Executives gain greater transparency          When evaluating GRC technologies, it’s important to under-
  into business operations across the enterprise, essential to in-     stand the baseline functionality required in a cross-enterprise
  creasing overall GRC effectiveness. Transparency enables you         GRC solution. The solution should provide the following:
  to overcome the effects of fragmentation, such as increased          • Support for all core business processes and functions
  risks, reduced effectiveness of controls, strategic misalignment,    • Support for all major enterprise application software solutions
  and missed opportunities.                                            • Support across the complete IT stack
• Increased automation – You can automate manual process-              • Integrated GRC processes
  es, which results in highly repeatable, consistent, and auditable    • Automated GRC processes
  GRC processes. At the same time, automation enables fast,
  cost-effective reporting that saves time and money and               Support for Business Processes and Functions
  helps ensure that the data you submit to regulatory agencies is      To qualify as a true cross-enterprise GRC application, the solu-
  reliable and supportable.                                            tion must provide business process controls that address all core
• Simplified compliance – You can adjust to regulatory chang-          business processes in your organization, ranging from the supply
  es easily and speed compliance efforts, which can play a critical    chain to finance to operations. Examples include the following.
  role – for example, bringing new products to market faster
  than the competition.                                                Reconcile to Report and Financial Close
                                                                       The leading source of material weakness disclosures relates to
All of these benefits are made possible by the fact that a true        controls for the reconcile-to-report process – a process that
cross-enterprise GRC solution dramatically simplifies manage-          places a tremendous strain on the accounting staff. In addition,
ment and execution of GRC activities. Whereas before you               mistakes or delays can cause significant harm to a company’s
needed a different application to manage each business process         financial statements and ultimately, its share price.
or application, with cross-enterprise GRC, you need only one.
Having a single GRC solution means that you need to define             Errors in financial results are often the result of manual process-
risks and set policies once for the entire enterprise. It also means   es and calculations performed in a compressed time frame across
that metrics, standards, software, and methodologies for analyz-       multiple locations and groups and a wide variety of enterprise
ing risk and compliance information are consistent across the          applications. All of these variables create an environment in
enterprise, making it easy to aggregate data, gain a complete view     which it is easy to make simple calculation and data-entry
of enterprise risk, effectively monitor compliance and risk, and       mistakes. These mistakes can easily add up to material problems
adjust business processes to meet changing requirements, market        that require rework or in the worst case, a financial restatement.
trends, and regulatory mandates.
                                                                       A true cross-enterprise GRC solution automates manual
                                                                       processes with controls in the reconcile-to-report area as much
                                                                       as possible. These controls eliminate the source of most material
                                                                       weaknesses – and by default, significantly reduce the need for
                                                                       financial restatements. In addition, they free accounting staff to
                                                                       focus on more strategic activities.




                                                                                                                                            7
Procure to Pay                                                       Payroll
For most large organizations, procurement activities generate        Payroll is one of the largest expenditures in many organizations,
thousands of transactions across multiple enterprise applications    making it a prime target for fraud. The volume and frequency of
each day. This complexity can make it nearly impossible to           payroll transactions create additional risks, such as the likelihood
ensure the validity of procure-to-pay transactions. Lack of auto-    of errors due to complexities in tax regulations, time accounting,
mated controls for procure-to-pay processes impairs cash flow        and other areas. With a cross-enterprise GRC solution in place,
and can cause inaccurate account balances related to delivery of     you receive best-practice controls that protect the entire payroll
low-quality goods, duplicate vendor payments, lost discounts,        process from accidental or malicious activities.
and improperly valued inventory. An even more serious threat is
significant losses due to fraud.                                     Production to Delivery
                                                                     The production-to-delivery process often requires a wide range
A true cross-enterprise GRC solution addresses these challenges      of cross-industry controls to address issues such as product
by providing controls throughout the procure-to-pay process          quality and workplace safety. In addition, there are many
that detect or even prevent accidental or malicious activities.      industry-specific variations and additions to these horizontal
                                                                     controls, such as enhancements specific to the U.S. Food and
Order to Cash                                                        Drug Administration in the life sciences industry. A true cross-
Optimizing the order-to-cash process is a strategic priority for     enterprise GRC solution also delivers controls for this process to
most companies. Since this process concludes with revenue            ensure that there are no material deviations from regulatory
recognition, it can present a high degree of risk to company         mandates or company policy.
management. The risks are magnified when companies have
high order volumes from a global customer base, and customers        Support Across the Complete IT Stack
use complex discounting structures and multiple payment              Businesses increasingly need controls that extend down to oper-
terms. Clearly, financial professionals need to implement auto-      ating system and network layers. For example, to address net-
mated process controls to identify revenue leakage, improper         work and IT security risks related to compliance, you are proba-
shipping cutoffs, and potentially fraudulent activities.             bly performing manual audits of all devices and IT systems or
                                                                     using point solutions focused on IT or network compliance. In
A true cross-enterprise GRC solution addresses these challenges      either case, this approach requires addressing regulatory require-
by providing best-practice controls that safeguard the order-to-     ments manually and makes it difficult to leverage data between
cash processes.                                                      the point solutions. This can be a serious problem given that
                                                                     the reporting requirements for compliance with the Control
Hire to Retire                                                       Objectives for Information and Related Technologies (COBIT)
Ensuring employee information security – while maintaining           framework alone can diminish IT productivity.
adequate information transparency for key stakeholders of an
organization – requires a robust hire-to-retire process with the     To address these types of risks, you need a holistic cross-
appropriate controls needed to achieve both objectives. With a       enterprise GRC solution that takes into account not only
cross-enterprise GRC solution in place, you get best-practice        controls for core business processes but also IT controls that
controls that enforce policies and detect or even prevent failures   extend through all levels of the IT infrastructure – from the
in the hire-to-retire process.                                       operating system and network all the way up to the highest-level
                                                                     business applications. The software that typically monitors and
                                                                     reports on network activity should correlate events to


8
higher-level GRC information so that, for example, sensitive           A multiapplication solution automatically applies the rules to
customer information (such as customer credit card numbers)            each business application involved in creating and paying ven-
does not pass outside company firewalls.                               dors. Multiapplication functionality alone, however, does not ad-
                                                                       dress the fact that business processes often span multiple applica-
Support for Enterprise Application Software                            tions. To return to our prior example, multiapplication
Solutions                                                              functionality allows you to detect instances when a user has per-
A cross-enterprise GRC solution also needs to provide full             mission to both create and pay a vendor within a single applica-
support for heterogeneous business applications by providing           tion. But it cannot detect when a user tries to bypass the policy
both multiapplication functionality and cross-application              by creating a vendor in one application and paying the vendor in
functionality. The following sections explore these terms.             another.

Multiapplication GRC                                                   Cross-Application GRC
Multiapplication GRC solutions enable you to define all risks,         Only GRC software that offers cross-application functionality
policies, functions, and controls just once using nontechnical,        can detect cross-application risks. Multiapplication software is
common business language and to store this data in a central           gradually evolving into cross-application software that enables
repository for reuse by multiple GRC applications. The solutions       you to apply policies and controls across business applications
automatically map these risks, policies, and functions to all of       and uncover risks spread across them – the holy grail of GRC.
the underlying business applications, regardless of where they
are in the enterprise.                                                 For example, you may have a business policy stating that
                                                                       purchase orders over a certain amount require management
Automated, multiapplication functionality helps you avoid frag-        approval. This process control can potentially be sidestepped by
mentation of risk analysis, policies, and controls; ensures consis-    employees who submit two purchase orders for lesser amounts
tency across the enterprise; and eliminates duplication of effort      across two different applications. To prevent this type of process
across applications. For example, you may have three applica-          control failure, you can deploy a cross-application GRC product
tions that support “create vendor” and “pay vendor” processes.         that includes functionality for monitoring all purchase order
To prevent fraud, you define a rule that no one user can have          activity across all relevant enterprise applications. Centralized
permission to both create and pay a vendor. Without multi-             business rules can detect a suspicious sequence of purchase
application functions in place, you need to deploy a different         orders for an individual and generate an alert to a manager
GRC application to monitor each business application – and             responsible for compliance in the procurement area with the
define the rule three different times. Given the law of large          Sarbanes-Oxley Act, who can take immediate action. (In con-
numbers, having this kind of data scattered across multiple            trast, multiapplication software would only enable you to detect
applications eventually results in inconsistencies, errors, and        when employees submit two purchase orders within the same
oversights. Also, if you find a violation of a rule, you need to put   application.)
a mitigating control in place across three different applications –
another potential source of oversight, as companies can lose           As this example illustrates, end-to-end business processes can
track of which users have what controls, when they expire, and         touch multiple enterprise applications and departments – and as
so on. And if management needs visibility across the enterprise        a result, GRC solutions must be able to identify and manage
with regard to this issue, individual reports from the various         risk within and across them. You want one GRC solution that
GRC applications need to be manually reconciled – a costly and         enables you to do the following:
error-prone process.


                                                                                                                                            9
• Document and store all rules and policies in a central GRC                 ments, market trends, and regulatory mandates. It also simplifies
  repository                                                                 GRC, which reduces costs and the potential for error. And
• Apply these centralized rules and policies across all of your              because data is truly integrated, you can more easily link GRC to
  major enterprise applications to identify and analyze risk                 corporate performance management, strategy setting, and com-
• Mitigate and remediate risks from a central GRC solution                   pany policies to create reports that are useful to senior manage-
                                                                             ment. If this information is fragmented, creating reports that
Additional Attributes of an Enterprise-Class GRC                             synthesize this data would require repeated linkages dozens of
Solution                                                                     times across different enterprise systems – a costly endeavor.
In addition to supporting GRC activities across all business pro-
cesses and applications, a true cross-enterprise GRC solution also           Automated GRC
delivers the following functionality.                                        True cross-enterprise GRC solutions also automate the bulk of
                                                                             activities that are typically processed manually by most compa-
Integrated GRC                                                               nies today – for example, managing segregation-of-duties infor-
A cross-enterprise GRC solution does not treat GRC activities as             mation using spreadsheets. Automating the tracking and man-
separate activities but rather addresses them as one integrated so-          agement of this type of data across the enterprise reduces GRC
lution. Integrated GRC enables you to aggregate data, gain a                 costs and eliminates countless errors that can lead to major
complete view of enterprise risk, effectively monitor compliance             liabilities.
and risk, and adjust business processes to meet changing require-

     Defining Single-, Multi-, and Cross-Application Software
     The GRC software industry is relatively new and, in many ways, has been playing catch-up with the needs of businesses seeking
     to comply with regulatory mandates in an effective, cost-efficient manner. As illustrated in Figure 2, software products are
     continuing to evolve from “siloed” GRC applications that focus on only one enterprise application to those that enable cross-
     application management.


                 Single Application                           Multiapplication                                 Cross-Application

      For a single application                   For multiple applications                          Across multiple applications

                          Rules                   Rules       Rules          Rules     Rules                           Rules




                  GRC Application                            GRC Application                                   GRC Application




                          SAP                      SAP       ORACLE      PeopleSoft     ...          SAP       ORACLE      PeopleSoft   ...




Figure 2: The Evolution of GRC Applications


10
SAP SOLUTIONS FOR GOVERNANCE, RISK,
AND COMPLIANCE
SAP has recognized the need for cross-enterprise GRC applica-                  leverage information within your existing business applications
tions and has deepened its own GRC domain expertise by invest-                 to evaluate risk and apply controls directly within business
ing in SAP® solutions for governance, risk, and compliance (SAP                processes. This results in greater transparency and predictabili-
solutions for GRC) and a robust, industry-leading GRC partner                  ty, enabling you to improve GRC activities – and overall enter-
ecosystem. These solutions will enable you to achieve the goal                 prise performance.
of managing GRC across your enterprise and even across your
extended business landscape – and do so with confidence.                       SAP solutions for GRC are based on the concept that business
                                                                               processes are not contained within a single application or silo
SAP solutions for GRC make up an integrated portfolio of appli-                function of a business. Instead, they cut across an entire corpo-
cations that embed and optimize all GRC activities to overcome                 ration or distributed value chain. This means that SAP solutions
the problems caused by business fragmentation and disjointed                   for GRC have to function reliably outside a single application
approaches to GRC management. These solutions are powered                      and across a complex business network. The complexity of the
by the SAP NetWeaver® platform, which provides a common                        network requires that SAP solutions for GRC must be increas-
technical foundation that integrates with the mySAP™ Business                  ingly adaptable and flexible to work in any heterogeneous
Suite applications and with third-party applications. They can                 environment. Key applications are described in the table that
                                                                               follows.



SAP® PRODUCT                     DESCRIPTION

SAP GRC Access                   This application for monitoring, testing, and enforcing access and authentication controls across the enterprise addresses
Control application              compliant-resource provisioning and ensures proper segregation of duties at all times. It is designed to help organizations
                                 with duty segregation and application-access management, a fundamental requirement of many regulations (including
                                 Sarbanes-Oxley in the United States, Combined Code in the United Kingdom, and KonTraG in Germany). The application
                                 enables businesses to rapidly identify and remove access and authorization risk from IT systems and embed preventive
                                 controls into business processes that stop future violations from occurring.
SAP GRC Process Control          This cross-enterprise control management application for compliance with Sarbanes-Oxley supports frameworks such as
application                      Committee of Sponsoring Organizations of the Treadway Commission (COSO) and Control Objectives for Information
                                 and Related Technologies (COBIT). The software deploys configurable, prebuilt, and custom-automated control tests
                                 across multiple target systems. It delivers workflows and templates for manual control tests, self-assessment surveys,
                                 and certification.
SAP GRC Risk Management          This application automates collaborative process management for enterprise risk planning, identification, analysis,
application                      response, and monitoring. The software graphically depicts risk profiles and proactively alerts management regarding
                                 high-impact and high-probability issues.
SAP GRC Repository application   This central application of a record of GRC content includes corporate policies, compliance and control frameworks, and
                                 risk and control libraries. SAP GRC Repository currently comes as part of all SAP solutions for GRC at no additional fee.
SAP Global Trade Services        This application enables secure, expedited, cross-border trade transactions that comply with trade export and import
application                      regulations, restricted-party-list screening, and regional customs-reporting mandates. It works across all enterprise ap-
                                 plications that support cross-border transactions.
SAP Environment, Health &        This application tracks compliance with multiple environment, health, and safety (EH&S) regulations relating to waste man-
Safety application               agement, dangerous goods, product safety, hazardous substances, industrial hygiene and safety, and occupational health.
SAP xApp™ Emissions Manage-      This composite application tracks compliance with global and regional emissions regulations, such as the Kyoto Protocol
ment composite application       and the U.S. Clean Air Act for the chemicals, oil and gas, and mining industries.
SAP solution for environmental   This automated environmental-product-compliance software is a joint offering from SAP and TechniData that addresses
product compliance               products regulated by mandates such as the restriction of the use of certain hazardous substances (RoHS) and waste
                                 electrical and electronic equipment (WEEE) directives.




                                                                                                                                                             11
SAP Solutions for GRC, Cisco SONA–Ready                                SAP and Cisco are developing a growing portfolio of prebuilt
SAP and Cisco Systems Inc. have partnered to deliver a joint set       composite applications – to address customers’ critical business
of solutions based on enterprise service-oriented architecture         process issues. These predelivered composite applications for
(enterprise SOA) that allow you to address GRC needs across the        GRC leverage SOA to address the most common challenges
enterprise in a holistic, nonintrusive, flexible, and cost-effective   around GRC, such as network and IT security, data privacy and
way. This approach leverages SAP solutions for GRC and the in-         protection, and service-level compliance. They are also unique
telligent network delivered by Cisco Service-Oriented Network          because they are network-aware composite applications, result-
Architecture (SONA), Cisco’s leading network architecture.             ing in more powerful and farther-reaching functionality than is
SAP solutions for GRC provide the business context for GRC             possible with traditional composite applications.
needs across the enterprise – that is, the specific GRC-related
policies you have identified that are important to your business.
Cisco SONA expands the reach of SAP solutions for GRC into the
extended enterprise, beyond the borders of packaged enterprise
applications and into the landscape of physical and infrastruc-
ture risk.

SAP solutions for GRC give you the visibility needed to move
away from reacting to business risks and events and toward im-
proving business predictability and performance. These solutions
provide business content to correctly interpret and respond to
the events detected and tracked by Cisco SONA. Cisco SONA can
then aggregate, normalize, and act upon business and IT events
with the appropriate business context for your organization and
across existing geographies and organizations.

The Foundation for Cross-Enterprise GRC
Both SAP and Cisco have built their solutions using a standards-
based SOA, making it easy to integrate corporate GRC policies
and processes into your existing operations and heterogeneous
IT systems. In addition, this lays the ideal foundation for creating
and deploying composite applications to drive specialized GRC
processes. Composite applications span multiple solutions,
departments, and organizations to leverage existing systems and
ease future integration. They also allow quick reconfiguration to
accommodate new business structures, processes, and partner
requirements.




12
EVOLVING SAP SOFTWARE INTO CROSS-ENTERPRISE
PRODUCTS
Forward-looking customers are engaging with vendors such                SAP GRC Access Control
as SAP that have committed to a holistic GRC vision. SAP is             The following table describes the cross-application functional-
evolving its SAP solutions for GRC into cross-application and           ities of the SAP GRC Access Control application across various
cross-functional products that support cross-enterprise GRC             business processes and functions. It lists the out-of-the-box pro-
management and transparency. As illustrated in the tables that          cess coverage for access risk provided by SAP GRC Access
follow, SAP solutions for GRC support both breadth and depth.           Control.

 SAP® GRC ACCESS CONTROL – A CROSS-ENTERPRISE APPLICATION

 SAP                           Oracle                  PeopleSoft                    JD Edwards                  Hyperion
 HR                            HR                      HR                            HR/Payroll                  Custom Rules
 Procure to pay                Procure to pay          Procure to pay                Procure to pay
 Order to cash                 Order to cash           Order to cash                 Order to cash
 Finance                       Finance                 Finance                       Finance
 – General accounting          – General accounting    – General accounting          – General accounting
 – Project systems             – Project systems       – Fixed assets
 – Fixed assets                – Fixed assets
 Basis, security, and system   System administration   System administration         Consolidations
 administration
 Materials management
 SAP Advanced Planning &
 Optimization
 mySAP™ Supplier Relation-
 ship Management
 mySAP Customer Relation-
 ship Management
 Consolidations




                                                                                                                                             13
SAP GRC Process Control                                                     • Reconcile to report: Predelivered, automated controls for sub-
The SAP GRC Process Control application deploys configurable,                 ledgers, general ledgers, and consolidation systems eliminate
automated controls for key business processes – and even sup-                 manual controls, streamline the financial close process, and
ports custom controls unique to your company. Examples of                     help ensure the accuracy of financial results. Examples of these
processes supported by SAP GRC Process Control include the                    controls include the following:
following:
• Procure to pay: Predelivered controls ensure control effective-           EXAMPLES OF RECONCILE-TO-REPORT CONTROLS

  ness and efficiency for purchasing, inventory, accounts                   SAP® GRC Process Control            Control Objective
  payable, and legacy applications. Examples of these controls              Identify split purchase orders      Ensure proper authorization of
                                                                                                                purchase orders
  include the following:
                                                                            Match receipts to purchase orders   Ensure accuracy of transactions
                                                                                                                and prevent overpayments for
 EXAMPLES OF PROCURE-TO-PAY CONTROLS                                                                            underdelivery

 SAP® GRC Process Control            Control Objective                      Identify duplicate vendors          Prevent duplicate payments and
                                                                                                                fraud
 Identify split purchase orders      Ensure proper authorization of
                                     purchase orders
 Match receipts to purchase orders   Ensure accuracy of transactions
                                     and prevent overpayments for           In addition to providing process-level support across the enter-
                                     underdelivery                          prise, SAP GRC Process Control addresses risks across various
 Identify duplicate vendors          Prevent duplicate payments and         functions and applications. Examples of the software’s cross-
                                     fraud
                                                                            functional support are illustrated in the following table:

• Order to cash: Predelivered controls ensure control effective-             CROSS-ENTERPRISE SAP® GRC PROCESS CONTROL

  ness and efficiency for order management, inventory, accounts              SAP                                Oracle
  receivable, general ledger, and legacy applications. Examples of           Finance and controlling            General ledger
  these controls include the following:                                      Purchasing                         Global consolidation system
                                                                             Accounts receivable                Order management
 EXAMPLES OF ORDER-TO-CASH CONTROLS                                          Accounts payable                   Accounts payable
                                                                             Inventory                          Accounts receivable
 SAP® GRC Process Control            Control Objective
                                                                             Order management                   Inventory
 Monitor price changes               Ensure proper, authorized pricing on
                                                                             Basis, security, and system
                                     sales invoices
                                                                             administration
 Match billing and shipping          Identify variances between quantity
 documents                           and price to ensure valid and ac-
                                     curate revenue recognition
 Monitor excessive write-offs        Ensure validity of write-offs
                                     and prevent undue losses




14
FOR MORE INFORMATION                                            POWERED BY SAP NetWeaver
The SAP approach to GRC and the solution portfolio provides     SAP solutions for GRC are powered by the SAP NetWeaver
the framework and the software solutions to help you build      platform. SAP NetWeaver unifies technology components into a
your GRC architecture step-by-step, leveraging your existing    single platform, providing the best way to integrate all systems
IT investments in SAP software and other technologies. SAP’s    running SAP or non-SAP software. SAP NetWeaver also helps
business process expertise, industry knowledge, and global      organizations align IT with their business. As the foundation for
presence attract a continuously growing partner ecosystem.      enterprise service-oriented architecture (enterprise SOA),
In combination, SAP and its partners deliver a comprehensive    SAP NetWeaver allows organizations to compose and enhance
and integrated GRC solution portfolio unmatched by any single   business applications rapidly to drive business change.
vendor in the market.

To learn more about how SAP can help you with your GRC
strategy and reap the benefits of an integrated GRC approach,
please call your SAP representative today or visit us on the
Web at www.sap.com/grc.




                                                                                                                                15
www.sap.com/contactsap




50 082 958 (07/01)

More Related Content

What's hot

142 bb config_guide_en_co
142 bb config_guide_en_co142 bb config_guide_en_co
142 bb config_guide_en_co
Sachin Kamat
 
sap pp
sap ppsap pp
sap pp
achyuth10
 
How to part 2 build an agentry based app from scratch
How to part 2 build an agentry based app from scratchHow to part 2 build an agentry based app from scratch
How to part 2 build an agentry based app from scratch
Ganesh Kumar
 
ESM5.6_SCG_Sys_Admin.pdf
ESM5.6_SCG_Sys_Admin.pdfESM5.6_SCG_Sys_Admin.pdf
ESM5.6_SCG_Sys_Admin.pdf
Protect724v3
 
Smp agentry sap_framework
Smp agentry sap_frameworkSmp agentry sap_framework
Smp agentry sap_framework
Ganesh Kumar
 
ESM 101 for ArcSight Express v4.0
ESM 101 for ArcSight Express v4.0ESM 101 for ArcSight Express v4.0
ESM 101 for ArcSight Express v4.0
Protect724migration
 
Administrator's Guide for ArcSight Express v4.0
Administrator's Guide for ArcSight Express v4.0Administrator's Guide for ArcSight Express v4.0
Administrator's Guide for ArcSight Express v4.0
Protect724migration
 
Admin and System/Core Standard Content Guide for ArcSight Express v4.0
Admin and System/Core Standard Content Guide for ArcSight Express v4.0Admin and System/Core Standard Content Guide for ArcSight Express v4.0
Admin and System/Core Standard Content Guide for ArcSight Express v4.0
Protect724v2
 
ArcSight Core Security, ArcSight Administration, and ArcSight System Standard...
ArcSight Core Security, ArcSight Administration, and ArcSight System Standard...ArcSight Core Security, ArcSight Administration, and ArcSight System Standard...
ArcSight Core Security, ArcSight Administration, and ArcSight System Standard...
Protect724migration
 
Smp agentry app_development
Smp agentry app_developmentSmp agentry app_development
Smp agentry app_development
Ganesh Kumar
 
White papersap sollandscape
White papersap sollandscapeWhite papersap sollandscape
White papersap sollandscape
Giuseppe Caselli
 
Sap me how to-guide - barcode scanning
Sap me how to-guide - barcode scanningSap me how to-guide - barcode scanning
Sap me how to-guide - barcode scanning
Bob Grochowski
 
Mdm100 master data_management
Mdm100 master data_managementMdm100 master data_management
Mdm100 master data_management
Kousik Mukherjee
 
HPE Matrix Operating Environment 7.5 Recovery Management User Guide
HPE Matrix Operating Environment 7.5 Recovery Management User GuideHPE Matrix Operating Environment 7.5 Recovery Management User Guide
HPE Matrix Operating Environment 7.5 Recovery Management User Guide
Victor Rocha
 
SAP HANA in an EMC Private Cloud
SAP HANA in an EMC Private CloudSAP HANA in an EMC Private Cloud
SAP HANA in an EMC Private Cloud
EMC
 
120xlaig
120xlaig120xlaig
120xlaig
Ram Niket Kumar
 
“A Practitioner’s View” on the latest trends and information on BI/ DW techno...
“A Practitioner’s View” on the latest trends and information on BI/ DW techno...“A Practitioner’s View” on the latest trends and information on BI/ DW techno...
“A Practitioner’s View” on the latest trends and information on BI/ DW techno...
Hazelknight Media & Entertainment Pvt Ltd
 

What's hot (17)

142 bb config_guide_en_co
142 bb config_guide_en_co142 bb config_guide_en_co
142 bb config_guide_en_co
 
sap pp
sap ppsap pp
sap pp
 
How to part 2 build an agentry based app from scratch
How to part 2 build an agentry based app from scratchHow to part 2 build an agentry based app from scratch
How to part 2 build an agentry based app from scratch
 
ESM5.6_SCG_Sys_Admin.pdf
ESM5.6_SCG_Sys_Admin.pdfESM5.6_SCG_Sys_Admin.pdf
ESM5.6_SCG_Sys_Admin.pdf
 
Smp agentry sap_framework
Smp agentry sap_frameworkSmp agentry sap_framework
Smp agentry sap_framework
 
ESM 101 for ArcSight Express v4.0
ESM 101 for ArcSight Express v4.0ESM 101 for ArcSight Express v4.0
ESM 101 for ArcSight Express v4.0
 
Administrator's Guide for ArcSight Express v4.0
Administrator's Guide for ArcSight Express v4.0Administrator's Guide for ArcSight Express v4.0
Administrator's Guide for ArcSight Express v4.0
 
Admin and System/Core Standard Content Guide for ArcSight Express v4.0
Admin and System/Core Standard Content Guide for ArcSight Express v4.0Admin and System/Core Standard Content Guide for ArcSight Express v4.0
Admin and System/Core Standard Content Guide for ArcSight Express v4.0
 
ArcSight Core Security, ArcSight Administration, and ArcSight System Standard...
ArcSight Core Security, ArcSight Administration, and ArcSight System Standard...ArcSight Core Security, ArcSight Administration, and ArcSight System Standard...
ArcSight Core Security, ArcSight Administration, and ArcSight System Standard...
 
Smp agentry app_development
Smp agentry app_developmentSmp agentry app_development
Smp agentry app_development
 
White papersap sollandscape
White papersap sollandscapeWhite papersap sollandscape
White papersap sollandscape
 
Sap me how to-guide - barcode scanning
Sap me how to-guide - barcode scanningSap me how to-guide - barcode scanning
Sap me how to-guide - barcode scanning
 
Mdm100 master data_management
Mdm100 master data_managementMdm100 master data_management
Mdm100 master data_management
 
HPE Matrix Operating Environment 7.5 Recovery Management User Guide
HPE Matrix Operating Environment 7.5 Recovery Management User GuideHPE Matrix Operating Environment 7.5 Recovery Management User Guide
HPE Matrix Operating Environment 7.5 Recovery Management User Guide
 
SAP HANA in an EMC Private Cloud
SAP HANA in an EMC Private CloudSAP HANA in an EMC Private Cloud
SAP HANA in an EMC Private Cloud
 
120xlaig
120xlaig120xlaig
120xlaig
 
“A Practitioner’s View” on the latest trends and information on BI/ DW techno...
“A Practitioner’s View” on the latest trends and information on BI/ DW techno...“A Practitioner’s View” on the latest trends and information on BI/ DW techno...
“A Practitioner’s View” on the latest trends and information on BI/ DW techno...
 

Viewers also liked

Enterprise Performance Management for Finance
Enterprise Performance Management for FinanceEnterprise Performance Management for Finance
Enterprise Performance Management for Finance
FindWhitePapers
 
Six Mistakes Companies Are Making Today And How You Can Avoid Them
Six Mistakes Companies Are Making Today And How You Can Avoid ThemSix Mistakes Companies Are Making Today And How You Can Avoid Them
Six Mistakes Companies Are Making Today And How You Can Avoid Them
FindWhitePapers
 
How to Use Technology to Support the Lean Enterprise
How to Use Technology to Support the Lean EnterpriseHow to Use Technology to Support the Lean Enterprise
How to Use Technology to Support the Lean Enterprise
FindWhitePapers
 
All Information, All People, One Platform What's New in SAP BusinessObjects X...
All Information, All People, One Platform What's New in SAP BusinessObjects X...All Information, All People, One Platform What's New in SAP BusinessObjects X...
All Information, All People, One Platform What's New in SAP BusinessObjects X...
FindWhitePapers
 
The ROI of Application Delivery Controllers in Traditional and Virtualized En...
The ROI of Application Delivery Controllers in Traditional and Virtualized En...The ROI of Application Delivery Controllers in Traditional and Virtualized En...
The ROI of Application Delivery Controllers in Traditional and Virtualized En...
FindWhitePapers
 
Closing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protectionClosing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protection
FindWhitePapers
 

Viewers also liked (6)

Enterprise Performance Management for Finance
Enterprise Performance Management for FinanceEnterprise Performance Management for Finance
Enterprise Performance Management for Finance
 
Six Mistakes Companies Are Making Today And How You Can Avoid Them
Six Mistakes Companies Are Making Today And How You Can Avoid ThemSix Mistakes Companies Are Making Today And How You Can Avoid Them
Six Mistakes Companies Are Making Today And How You Can Avoid Them
 
How to Use Technology to Support the Lean Enterprise
How to Use Technology to Support the Lean EnterpriseHow to Use Technology to Support the Lean Enterprise
How to Use Technology to Support the Lean Enterprise
 
All Information, All People, One Platform What's New in SAP BusinessObjects X...
All Information, All People, One Platform What's New in SAP BusinessObjects X...All Information, All People, One Platform What's New in SAP BusinessObjects X...
All Information, All People, One Platform What's New in SAP BusinessObjects X...
 
The ROI of Application Delivery Controllers in Traditional and Virtualized En...
The ROI of Application Delivery Controllers in Traditional and Virtualized En...The ROI of Application Delivery Controllers in Traditional and Virtualized En...
The ROI of Application Delivery Controllers in Traditional and Virtualized En...
 
Closing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protectionClosing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protection
 

Similar to Governance, Risk, and Compliance Management: Realizing the Value of Cross-Enterprise Solutions

End User Performance: Building and Maintaining ROI
End User Performance: Building and Maintaining ROIEnd User Performance: Building and Maintaining ROI
End User Performance: Building and Maintaining ROI
FindWhitePapers
 
Supply Chain Collaboration: The Key to Success in a Global Economy
Supply Chain Collaboration: The Key to Success in a Global EconomySupply Chain Collaboration: The Key to Success in a Global Economy
Supply Chain Collaboration: The Key to Success in a Global Economy
FindWhitePapers
 
Delivering Operational Excellence with Innovation
Delivering Operational Excellence with InnovationDelivering Operational Excellence with Innovation
Delivering Operational Excellence with Innovation
FindWhitePapers
 
The Alignment-Focused Organization: Bridging the Gap Between Strategy and Exe...
The Alignment-Focused Organization: Bridging the Gap Between Strategy and Exe...The Alignment-Focused Organization: Bridging the Gap Between Strategy and Exe...
The Alignment-Focused Organization: Bridging the Gap Between Strategy and Exe...
FindWhitePapers
 
Creating Value with SAP BusinessObjects Planning and Consolidation, version f...
Creating Value with SAP BusinessObjects Planning and Consolidation, version f...Creating Value with SAP BusinessObjects Planning and Consolidation, version f...
Creating Value with SAP BusinessObjects Planning and Consolidation, version f...
dcd2z
 
Crystal Report
Crystal ReportCrystal Report
Crystal Report
Bapem Sanggau
 
Pacmp
PacmpPacmp
Crisp dm
Crisp dmCrisp dm
Crisp dm
Dardarian78
 
ENTERPRISE COMPENSATION MANAGEMENT WITH mySAP™ ERP
ENTERPRISE COMPENSATION MANAGEMENT WITH mySAP™ ERPENTERPRISE COMPENSATION MANAGEMENT WITH mySAP™ ERP
ENTERPRISE COMPENSATION MANAGEMENT WITH mySAP™ ERP
Kevin Nguyen-Tu
 
Sap tree and tree model (bc ci)
Sap tree and tree model (bc ci)Sap tree and tree model (bc ci)
Sap tree and tree model (bc ci)
Tutika Praveen Sai Kumar
 
Basic sap2
Basic sap2Basic sap2
Basic sap2
Ramesh Kumar
 
Cloud Integration for Hybrid IT: Balancing Business Self-Service and IT Control
Cloud Integration for Hybrid IT: Balancing Business Self-Service and IT ControlCloud Integration for Hybrid IT: Balancing Business Self-Service and IT Control
Cloud Integration for Hybrid IT: Balancing Business Self-Service and IT Control
Ashwin V.
 
SAP BODS Designer PDF
SAP BODS Designer PDFSAP BODS Designer PDF
SAP BODS Designer PDF
chalasani kamesh
 
Funds management configuration sap ag
Funds management configuration sap agFunds management configuration sap ag
Funds management configuration sap ag
Lluckyy
 
Sap crm integration scenarios a high level approach
Sap crm integration scenarios   a high level approachSap crm integration scenarios   a high level approach
Sap crm integration scenarios a high level approach
Abhiram Reddy Basani
 
Accessibility guideline web_dynpro_external_version
Accessibility guideline web_dynpro_external_versionAccessibility guideline web_dynpro_external_version
Accessibility guideline web_dynpro_external_version
adatta12
 
Service provider call_example
Service provider call_exampleService provider call_example
Service provider call_example
BettyPeltroche
 
Sd availabulity check
Sd availabulity checkSd availabulity check
Sd availabulity check
Muralikrishna Kommineni
 
Sap on windows_server_2012_and_sql_server_2012_white_paper_final
Sap on windows_server_2012_and_sql_server_2012_white_paper_finalSap on windows_server_2012_and_sql_server_2012_white_paper_final
Sap on windows_server_2012_and_sql_server_2012_white_paper_final
Manikanta Kota
 
CAARCSD
CAARCSDCAARCSD

Similar to Governance, Risk, and Compliance Management: Realizing the Value of Cross-Enterprise Solutions (20)

End User Performance: Building and Maintaining ROI
End User Performance: Building and Maintaining ROIEnd User Performance: Building and Maintaining ROI
End User Performance: Building and Maintaining ROI
 
Supply Chain Collaboration: The Key to Success in a Global Economy
Supply Chain Collaboration: The Key to Success in a Global EconomySupply Chain Collaboration: The Key to Success in a Global Economy
Supply Chain Collaboration: The Key to Success in a Global Economy
 
Delivering Operational Excellence with Innovation
Delivering Operational Excellence with InnovationDelivering Operational Excellence with Innovation
Delivering Operational Excellence with Innovation
 
The Alignment-Focused Organization: Bridging the Gap Between Strategy and Exe...
The Alignment-Focused Organization: Bridging the Gap Between Strategy and Exe...The Alignment-Focused Organization: Bridging the Gap Between Strategy and Exe...
The Alignment-Focused Organization: Bridging the Gap Between Strategy and Exe...
 
Creating Value with SAP BusinessObjects Planning and Consolidation, version f...
Creating Value with SAP BusinessObjects Planning and Consolidation, version f...Creating Value with SAP BusinessObjects Planning and Consolidation, version f...
Creating Value with SAP BusinessObjects Planning and Consolidation, version f...
 
Crystal Report
Crystal ReportCrystal Report
Crystal Report
 
Pacmp
PacmpPacmp
Pacmp
 
Crisp dm
Crisp dmCrisp dm
Crisp dm
 
ENTERPRISE COMPENSATION MANAGEMENT WITH mySAP™ ERP
ENTERPRISE COMPENSATION MANAGEMENT WITH mySAP™ ERPENTERPRISE COMPENSATION MANAGEMENT WITH mySAP™ ERP
ENTERPRISE COMPENSATION MANAGEMENT WITH mySAP™ ERP
 
Sap tree and tree model (bc ci)
Sap tree and tree model (bc ci)Sap tree and tree model (bc ci)
Sap tree and tree model (bc ci)
 
Basic sap2
Basic sap2Basic sap2
Basic sap2
 
Cloud Integration for Hybrid IT: Balancing Business Self-Service and IT Control
Cloud Integration for Hybrid IT: Balancing Business Self-Service and IT ControlCloud Integration for Hybrid IT: Balancing Business Self-Service and IT Control
Cloud Integration for Hybrid IT: Balancing Business Self-Service and IT Control
 
SAP BODS Designer PDF
SAP BODS Designer PDFSAP BODS Designer PDF
SAP BODS Designer PDF
 
Funds management configuration sap ag
Funds management configuration sap agFunds management configuration sap ag
Funds management configuration sap ag
 
Sap crm integration scenarios a high level approach
Sap crm integration scenarios   a high level approachSap crm integration scenarios   a high level approach
Sap crm integration scenarios a high level approach
 
Accessibility guideline web_dynpro_external_version
Accessibility guideline web_dynpro_external_versionAccessibility guideline web_dynpro_external_version
Accessibility guideline web_dynpro_external_version
 
Service provider call_example
Service provider call_exampleService provider call_example
Service provider call_example
 
Sd availabulity check
Sd availabulity checkSd availabulity check
Sd availabulity check
 
Sap on windows_server_2012_and_sql_server_2012_white_paper_final
Sap on windows_server_2012_and_sql_server_2012_white_paper_finalSap on windows_server_2012_and_sql_server_2012_white_paper_final
Sap on windows_server_2012_and_sql_server_2012_white_paper_final
 
CAARCSD
CAARCSDCAARCSD
CAARCSD
 

More from FindWhitePapers

The state of privacy and data security compliance
The state of privacy and data security complianceThe state of privacy and data security compliance
The state of privacy and data security compliance
FindWhitePapers
 
Is your data at risk? Why physical security is insufficient for laptop computers
Is your data at risk? Why physical security is insufficient for laptop computersIs your data at risk? Why physical security is insufficient for laptop computers
Is your data at risk? Why physical security is insufficient for laptop computers
FindWhitePapers
 
Buyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection PlatformsBuyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection Platforms
FindWhitePapers
 
VMware DRS: Why You Still Need Assured Application Delivery and Application D...
VMware DRS: Why You Still Need Assured Application Delivery and Application D...VMware DRS: Why You Still Need Assured Application Delivery and Application D...
VMware DRS: Why You Still Need Assured Application Delivery and Application D...
FindWhitePapers
 
The Economic Impact of File Virtualization
The Economic Impact of File VirtualizationThe Economic Impact of File Virtualization
The Economic Impact of File Virtualization
FindWhitePapers
 
Geolocation and Application Delivery
Geolocation and Application DeliveryGeolocation and Application Delivery
Geolocation and Application Delivery
FindWhitePapers
 
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS AttacksDNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
FindWhitePapers
 
Lean Business Intelligence - How and Why Organizations Are Moving to Self-Ser...
Lean Business Intelligence - How and Why Organizations Are Moving to Self-Ser...Lean Business Intelligence - How and Why Organizations Are Moving to Self-Ser...
Lean Business Intelligence - How and Why Organizations Are Moving to Self-Ser...
FindWhitePapers
 
Inventory Optimization: A Technique for Improving Operational-Inventory Targets
Inventory Optimization: A Technique for Improving Operational-Inventory TargetsInventory Optimization: A Technique for Improving Operational-Inventory Targets
Inventory Optimization: A Technique for Improving Operational-Inventory Targets
FindWhitePapers
 
Improving Organizational Performance Through Pervasive Business Intelligence
Improving Organizational Performance Through Pervasive Business IntelligenceImproving Organizational Performance Through Pervasive Business Intelligence
Improving Organizational Performance Through Pervasive Business Intelligence
FindWhitePapers
 
IDC Energy Insights - Enterprise Risk Management
IDC Energy Insights - Enterprise Risk ManagementIDC Energy Insights - Enterprise Risk Management
IDC Energy Insights - Enterprise Risk Management
FindWhitePapers
 
High Efficiency in Manufacturing Operations
High Efficiency in Manufacturing OperationsHigh Efficiency in Manufacturing Operations
High Efficiency in Manufacturing Operations
FindWhitePapers
 
Enterprise Knowledge Workers: Understanding Risks and Opportunities
Enterprise Knowledge Workers: Understanding Risks and OpportunitiesEnterprise Knowledge Workers: Understanding Risks and Opportunities
Enterprise Knowledge Workers: Understanding Risks and Opportunities
FindWhitePapers
 
Enterprise Information Management: In Support of Operational, Analytic, and G...
Enterprise Information Management: In Support of Operational, Analytic, and G...Enterprise Information Management: In Support of Operational, Analytic, and G...
Enterprise Information Management: In Support of Operational, Analytic, and G...
FindWhitePapers
 
Enabling Strategy and Innovation: Achieving Optimized Outcomes from Planning ...
Enabling Strategy and Innovation: Achieving Optimized Outcomes from Planning ...Enabling Strategy and Innovation: Achieving Optimized Outcomes from Planning ...
Enabling Strategy and Innovation: Achieving Optimized Outcomes from Planning ...
FindWhitePapers
 
Data Quality Strategy: A Step-by-Step Approach
Data Quality Strategy: A Step-by-Step ApproachData Quality Strategy: A Step-by-Step Approach
Data Quality Strategy: A Step-by-Step Approach
FindWhitePapers
 
Data Migration: A White Paper by Bloor Research
Data Migration: A White Paper by Bloor ResearchData Migration: A White Paper by Bloor Research
Data Migration: A White Paper by Bloor Research
FindWhitePapers
 
Automating Stimulus Fund Reporting: How New Technologies Simplify Federal Rep...
Automating Stimulus Fund Reporting: How New Technologies Simplify Federal Rep...Automating Stimulus Fund Reporting: How New Technologies Simplify Federal Rep...
Automating Stimulus Fund Reporting: How New Technologies Simplify Federal Rep...
FindWhitePapers
 
Asset Visibility: Seeing the Opportunity in Asset Management
Asset Visibility: Seeing the Opportunity in Asset ManagementAsset Visibility: Seeing the Opportunity in Asset Management
Asset Visibility: Seeing the Opportunity in Asset Management
FindWhitePapers
 
Advancing Return on Investment Analysis for Government IT: A Public Value Fra...
Advancing Return on Investment Analysis for Government IT: A Public Value Fra...Advancing Return on Investment Analysis for Government IT: A Public Value Fra...
Advancing Return on Investment Analysis for Government IT: A Public Value Fra...
FindWhitePapers
 

More from FindWhitePapers (20)

The state of privacy and data security compliance
The state of privacy and data security complianceThe state of privacy and data security compliance
The state of privacy and data security compliance
 
Is your data at risk? Why physical security is insufficient for laptop computers
Is your data at risk? Why physical security is insufficient for laptop computersIs your data at risk? Why physical security is insufficient for laptop computers
Is your data at risk? Why physical security is insufficient for laptop computers
 
Buyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection PlatformsBuyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection Platforms
 
VMware DRS: Why You Still Need Assured Application Delivery and Application D...
VMware DRS: Why You Still Need Assured Application Delivery and Application D...VMware DRS: Why You Still Need Assured Application Delivery and Application D...
VMware DRS: Why You Still Need Assured Application Delivery and Application D...
 
The Economic Impact of File Virtualization
The Economic Impact of File VirtualizationThe Economic Impact of File Virtualization
The Economic Impact of File Virtualization
 
Geolocation and Application Delivery
Geolocation and Application DeliveryGeolocation and Application Delivery
Geolocation and Application Delivery
 
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS AttacksDNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
 
Lean Business Intelligence - How and Why Organizations Are Moving to Self-Ser...
Lean Business Intelligence - How and Why Organizations Are Moving to Self-Ser...Lean Business Intelligence - How and Why Organizations Are Moving to Self-Ser...
Lean Business Intelligence - How and Why Organizations Are Moving to Self-Ser...
 
Inventory Optimization: A Technique for Improving Operational-Inventory Targets
Inventory Optimization: A Technique for Improving Operational-Inventory TargetsInventory Optimization: A Technique for Improving Operational-Inventory Targets
Inventory Optimization: A Technique for Improving Operational-Inventory Targets
 
Improving Organizational Performance Through Pervasive Business Intelligence
Improving Organizational Performance Through Pervasive Business IntelligenceImproving Organizational Performance Through Pervasive Business Intelligence
Improving Organizational Performance Through Pervasive Business Intelligence
 
IDC Energy Insights - Enterprise Risk Management
IDC Energy Insights - Enterprise Risk ManagementIDC Energy Insights - Enterprise Risk Management
IDC Energy Insights - Enterprise Risk Management
 
High Efficiency in Manufacturing Operations
High Efficiency in Manufacturing OperationsHigh Efficiency in Manufacturing Operations
High Efficiency in Manufacturing Operations
 
Enterprise Knowledge Workers: Understanding Risks and Opportunities
Enterprise Knowledge Workers: Understanding Risks and OpportunitiesEnterprise Knowledge Workers: Understanding Risks and Opportunities
Enterprise Knowledge Workers: Understanding Risks and Opportunities
 
Enterprise Information Management: In Support of Operational, Analytic, and G...
Enterprise Information Management: In Support of Operational, Analytic, and G...Enterprise Information Management: In Support of Operational, Analytic, and G...
Enterprise Information Management: In Support of Operational, Analytic, and G...
 
Enabling Strategy and Innovation: Achieving Optimized Outcomes from Planning ...
Enabling Strategy and Innovation: Achieving Optimized Outcomes from Planning ...Enabling Strategy and Innovation: Achieving Optimized Outcomes from Planning ...
Enabling Strategy and Innovation: Achieving Optimized Outcomes from Planning ...
 
Data Quality Strategy: A Step-by-Step Approach
Data Quality Strategy: A Step-by-Step ApproachData Quality Strategy: A Step-by-Step Approach
Data Quality Strategy: A Step-by-Step Approach
 
Data Migration: A White Paper by Bloor Research
Data Migration: A White Paper by Bloor ResearchData Migration: A White Paper by Bloor Research
Data Migration: A White Paper by Bloor Research
 
Automating Stimulus Fund Reporting: How New Technologies Simplify Federal Rep...
Automating Stimulus Fund Reporting: How New Technologies Simplify Federal Rep...Automating Stimulus Fund Reporting: How New Technologies Simplify Federal Rep...
Automating Stimulus Fund Reporting: How New Technologies Simplify Federal Rep...
 
Asset Visibility: Seeing the Opportunity in Asset Management
Asset Visibility: Seeing the Opportunity in Asset ManagementAsset Visibility: Seeing the Opportunity in Asset Management
Asset Visibility: Seeing the Opportunity in Asset Management
 
Advancing Return on Investment Analysis for Government IT: A Public Value Fra...
Advancing Return on Investment Analysis for Government IT: A Public Value Fra...Advancing Return on Investment Analysis for Government IT: A Public Value Fra...
Advancing Return on Investment Analysis for Government IT: A Public Value Fra...
 

Recently uploaded

Andrew Wilmot- Ecentric Payment Systems: Macro Trends Shaping Payments in Afr...
Andrew Wilmot- Ecentric Payment Systems: Macro Trends Shaping Payments in Afr...Andrew Wilmot- Ecentric Payment Systems: Macro Trends Shaping Payments in Afr...
Andrew Wilmot- Ecentric Payment Systems: Macro Trends Shaping Payments in Afr...
itnewsafrica
 
Case study on Indian Ecommerce logistics
Case study on Indian Ecommerce logisticsCase study on Indian Ecommerce logistics
Case study on Indian Ecommerce logistics
UnheardShayari
 
WAM Corporate Presentation July 2024.pdf
WAM Corporate Presentation July 2024.pdfWAM Corporate Presentation July 2024.pdf
WAM Corporate Presentation July 2024.pdf
Western Alaska Minerals Corp.
 
PETAVIT MICHAEL TAY.pdfAAAAAAAAAAAAAAAAAAAA
PETAVIT MICHAEL TAY.pdfAAAAAAAAAAAAAAAAAAAAPETAVIT MICHAEL TAY.pdfAAAAAAAAAAAAAAAAAAAA
PETAVIT MICHAEL TAY.pdfAAAAAAAAAAAAAAAAAAAA
lawrenceads01
 
Entrepreneurial mindset: An Introduction to Entrepreneurship
Entrepreneurial mindset: An Introduction to EntrepreneurshipEntrepreneurial mindset: An Introduction to Entrepreneurship
Entrepreneurial mindset: An Introduction to Entrepreneurship
Sanjay Joshi
 
United Kingdom's Real Estate Mogul: Newman George Leech's Impact on the Swiss...
United Kingdom's Real Estate Mogul: Newman George Leech's Impact on the Swiss...United Kingdom's Real Estate Mogul: Newman George Leech's Impact on the Swiss...
United Kingdom's Real Estate Mogul: Newman George Leech's Impact on the Swiss...
Newman George Leech
 
brojjeddah Home Services Company in Saudi Arabia
brojjeddah Home Services Company in Saudi Arabiabrojjeddah Home Services Company in Saudi Arabia
brojjeddah Home Services Company in Saudi Arabia
brojjeddah
 
MEA Union Budget 2024-25 Final Presentation
MEA Union Budget 2024-25 Final PresentationMEA Union Budget 2024-25 Final Presentation
MEA Union Budget 2024-25 Final Presentation
PhysicsUtu
 
A STUDY OF MUTUAL FUND OF BANK OF INDIA .pdf
A STUDY OF MUTUAL FUND  OF BANK OF INDIA .pdfA STUDY OF MUTUAL FUND  OF BANK OF INDIA .pdf
A STUDY OF MUTUAL FUND OF BANK OF INDIA .pdf
rsonics22
 
TALENT ACQUISITION AND MANAGEMENT LECTURE 5
TALENT ACQUISITION AND MANAGEMENT LECTURE 5TALENT ACQUISITION AND MANAGEMENT LECTURE 5
TALENT ACQUISITION AND MANAGEMENT LECTURE 5
projectseasy
 
Connected Small Boat Protection Solution | July 2024
Connected Small Boat Protection Solution | July  2024Connected Small Boat Protection Solution | July  2024
Connected Small Boat Protection Solution | July 2024
Hector Del Castillo, CPM, CPMM
 
PAWFESSIONAL ELVA MAX.pdfAAAAAAAAAAAAAAAAAAA
PAWFESSIONAL ELVA MAX.pdfAAAAAAAAAAAAAAAAAAAPAWFESSIONAL ELVA MAX.pdfAAAAAAAAAAAAAAAAAAA
PAWFESSIONAL ELVA MAX.pdfAAAAAAAAAAAAAAAAAAA
lawrenceads01
 
foodgasm restaurant and Bar pune road.docx
foodgasm restaurant and Bar pune road.docxfoodgasm restaurant and Bar pune road.docx
foodgasm restaurant and Bar pune road.docx
PraghyaBhandari
 
Cracking the Customer Experience Code.pptx
Cracking the Customer Experience Code.pptxCracking the Customer Experience Code.pptx
Cracking the Customer Experience Code.pptx
Workforce Group
 
Girls Call Kharghar 9910780858 Provide Best And Top Girl Service And No1 in City
Girls Call Kharghar 9910780858 Provide Best And Top Girl Service And No1 in CityGirls Call Kharghar 9910780858 Provide Best And Top Girl Service And No1 in City
Girls Call Kharghar 9910780858 Provide Best And Top Girl Service And No1 in City
maigasapphire
 
The IIT Madras Product Management Casebook 23-24.pdf
The IIT Madras Product Management Casebook 23-24.pdfThe IIT Madras Product Management Casebook 23-24.pdf
The IIT Madras Product Management Casebook 23-24.pdf
Keerthiraja11
 
Patrick Dwyer Merrill Lynch - Founder of the Dwyer Family Foundation
Patrick Dwyer Merrill Lynch - Founder of the Dwyer Family FoundationPatrick Dwyer Merrill Lynch - Founder of the Dwyer Family Foundation
Patrick Dwyer Merrill Lynch - Founder of the Dwyer Family Foundation
Patrick Dwyer Merrill Lynch
 
Anton Grutzmache- Ominisient: The Data Revolution in Banking: From Scoring Cr...
Anton Grutzmache- Ominisient: The Data Revolution in Banking: From Scoring Cr...Anton Grutzmache- Ominisient: The Data Revolution in Banking: From Scoring Cr...
Anton Grutzmache- Ominisient: The Data Revolution in Banking: From Scoring Cr...
itnewsafrica
 
1234567891011121314151617181920212223242
12345678910111213141516171819202122232421234567891011121314151617181920212223242
1234567891011121314151617181920212223242
fauzanal343
 
Growth Buyouts - The Dawn of the GBO (Slow Ventures)
Growth Buyouts - The  Dawn of the GBO (Slow Ventures)Growth Buyouts - The  Dawn of the GBO (Slow Ventures)
Growth Buyouts - The Dawn of the GBO (Slow Ventures)
Razin Mustafiz
 

Recently uploaded (20)

Andrew Wilmot- Ecentric Payment Systems: Macro Trends Shaping Payments in Afr...
Andrew Wilmot- Ecentric Payment Systems: Macro Trends Shaping Payments in Afr...Andrew Wilmot- Ecentric Payment Systems: Macro Trends Shaping Payments in Afr...
Andrew Wilmot- Ecentric Payment Systems: Macro Trends Shaping Payments in Afr...
 
Case study on Indian Ecommerce logistics
Case study on Indian Ecommerce logisticsCase study on Indian Ecommerce logistics
Case study on Indian Ecommerce logistics
 
WAM Corporate Presentation July 2024.pdf
WAM Corporate Presentation July 2024.pdfWAM Corporate Presentation July 2024.pdf
WAM Corporate Presentation July 2024.pdf
 
PETAVIT MICHAEL TAY.pdfAAAAAAAAAAAAAAAAAAAA
PETAVIT MICHAEL TAY.pdfAAAAAAAAAAAAAAAAAAAAPETAVIT MICHAEL TAY.pdfAAAAAAAAAAAAAAAAAAAA
PETAVIT MICHAEL TAY.pdfAAAAAAAAAAAAAAAAAAAA
 
Entrepreneurial mindset: An Introduction to Entrepreneurship
Entrepreneurial mindset: An Introduction to EntrepreneurshipEntrepreneurial mindset: An Introduction to Entrepreneurship
Entrepreneurial mindset: An Introduction to Entrepreneurship
 
United Kingdom's Real Estate Mogul: Newman George Leech's Impact on the Swiss...
United Kingdom's Real Estate Mogul: Newman George Leech's Impact on the Swiss...United Kingdom's Real Estate Mogul: Newman George Leech's Impact on the Swiss...
United Kingdom's Real Estate Mogul: Newman George Leech's Impact on the Swiss...
 
brojjeddah Home Services Company in Saudi Arabia
brojjeddah Home Services Company in Saudi Arabiabrojjeddah Home Services Company in Saudi Arabia
brojjeddah Home Services Company in Saudi Arabia
 
MEA Union Budget 2024-25 Final Presentation
MEA Union Budget 2024-25 Final PresentationMEA Union Budget 2024-25 Final Presentation
MEA Union Budget 2024-25 Final Presentation
 
A STUDY OF MUTUAL FUND OF BANK OF INDIA .pdf
A STUDY OF MUTUAL FUND  OF BANK OF INDIA .pdfA STUDY OF MUTUAL FUND  OF BANK OF INDIA .pdf
A STUDY OF MUTUAL FUND OF BANK OF INDIA .pdf
 
TALENT ACQUISITION AND MANAGEMENT LECTURE 5
TALENT ACQUISITION AND MANAGEMENT LECTURE 5TALENT ACQUISITION AND MANAGEMENT LECTURE 5
TALENT ACQUISITION AND MANAGEMENT LECTURE 5
 
Connected Small Boat Protection Solution | July 2024
Connected Small Boat Protection Solution | July  2024Connected Small Boat Protection Solution | July  2024
Connected Small Boat Protection Solution | July 2024
 
PAWFESSIONAL ELVA MAX.pdfAAAAAAAAAAAAAAAAAAA
PAWFESSIONAL ELVA MAX.pdfAAAAAAAAAAAAAAAAAAAPAWFESSIONAL ELVA MAX.pdfAAAAAAAAAAAAAAAAAAA
PAWFESSIONAL ELVA MAX.pdfAAAAAAAAAAAAAAAAAAA
 
foodgasm restaurant and Bar pune road.docx
foodgasm restaurant and Bar pune road.docxfoodgasm restaurant and Bar pune road.docx
foodgasm restaurant and Bar pune road.docx
 
Cracking the Customer Experience Code.pptx
Cracking the Customer Experience Code.pptxCracking the Customer Experience Code.pptx
Cracking the Customer Experience Code.pptx
 
Girls Call Kharghar 9910780858 Provide Best And Top Girl Service And No1 in City
Girls Call Kharghar 9910780858 Provide Best And Top Girl Service And No1 in CityGirls Call Kharghar 9910780858 Provide Best And Top Girl Service And No1 in City
Girls Call Kharghar 9910780858 Provide Best And Top Girl Service And No1 in City
 
The IIT Madras Product Management Casebook 23-24.pdf
The IIT Madras Product Management Casebook 23-24.pdfThe IIT Madras Product Management Casebook 23-24.pdf
The IIT Madras Product Management Casebook 23-24.pdf
 
Patrick Dwyer Merrill Lynch - Founder of the Dwyer Family Foundation
Patrick Dwyer Merrill Lynch - Founder of the Dwyer Family FoundationPatrick Dwyer Merrill Lynch - Founder of the Dwyer Family Foundation
Patrick Dwyer Merrill Lynch - Founder of the Dwyer Family Foundation
 
Anton Grutzmache- Ominisient: The Data Revolution in Banking: From Scoring Cr...
Anton Grutzmache- Ominisient: The Data Revolution in Banking: From Scoring Cr...Anton Grutzmache- Ominisient: The Data Revolution in Banking: From Scoring Cr...
Anton Grutzmache- Ominisient: The Data Revolution in Banking: From Scoring Cr...
 
1234567891011121314151617181920212223242
12345678910111213141516171819202122232421234567891011121314151617181920212223242
1234567891011121314151617181920212223242
 
Growth Buyouts - The Dawn of the GBO (Slow Ventures)
Growth Buyouts - The  Dawn of the GBO (Slow Ventures)Growth Buyouts - The  Dawn of the GBO (Slow Ventures)
Growth Buyouts - The Dawn of the GBO (Slow Ventures)
 

Governance, Risk, and Compliance Management: Realizing the Value of Cross-Enterprise Solutions

  • 1. SAP White Paper SAP Solutions for Governance, Risk, and Compliance GOVERNANCE, RISK, AND COMPLIANCE MANAGEMENT: REALIZING THE VALUE OF CROSS-ENTERPRISE SOLUTIONS1
  • 2. © Copyright 2007 SAP AG. All rights reserved. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, No part of this publication may be reproduced or transmitted in Massachusetts Institute of Technology. any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed Java is a registered trademark of Sun Microsystems, Inc. without prior notice. JavaScript is a registered trademark of Sun Microsystems, Inc., Some software products marketed by SAP AG and its distributors used under license for technology invented and implemented contain proprietary software components of other software by Netscape. vendors. MaxDB is a trademark of MySQL AB, Sweden. Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, their respective logos are trademarks or registered trademarks of MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries, SAP AG in Germany and in several other countries all over the xSeries, zSeries, System i, System i5, System p, System p5, System x, world. All other product and service names mentioned are the System z, System z9, z/OS, AFP, Intelligent Miner, WebSphere, trademarks of their respective companies. Data contained in this Netfinity, Tivoli, Informix, i5/OS, POWER, POWER5, POWER5+, document serves informational purposes only. National product OpenPower and PowerPC are trademarks or registered specifications may vary. trademarks of IBM Corporation. These materials are subject to change without notice. These Adobe, the Adobe logo, Acrobat, PostScript, and Reader are materials are provided by SAP AG and its affiliated companies either trademarks or registered trademarks of Adobe Systems (“SAP Group”) for informational purposes only, without Incorporated in the United States and/or other countries. representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. Oracle is a registered trademark of Oracle Corporation. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements UNIX, X/Open, OSF/1, and Motif are registered trademarks accompanying such products and services, if any. Nothing herein of the Open Group. should be construed as constituting an additional warranty. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. 2
  • 3. CONTENTS Executive Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 The Business Need for Cross-Enterprise GRC Solutions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 The Goal: A Holistic Approach to GRC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Cross-Enterprise GRC Solutions: A Closer Look . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Support for Business Processes and Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 – Reconcile to Report and Financial Close . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 – Procure to Pay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 – Order to Cash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 – Hire to Retire . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 – Payroll . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 – Production to Delivery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 – Support Across the Complete IT Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Support for Enterprise Application Software Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 – Multiapplication GRC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 – Cross-Application GRC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Additional Attributes of an Enterprise-Class GRC Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 – Integrated GRC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 – Automated GRC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 SAP Solutions for Governance, Risk, and Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 SAP Solutions for GRC, Cisco SONA–Ready . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 – The Foundation for Cross-Enterprise GRC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Evolving SAP Software into Cross-Enterprise Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 SAP GRC Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 SAP GRC Process Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Powered by SAP NetWeaver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3
  • 4. EXECUTIVE SUMMARY Governance, risk, and compliance (GRC) issues are hot topics This paper explains SAP’s vision for a cross-enterprise GRC today, thanks to a myriad of high-profile stories about companies solution and the benefits it can provide, defines key terms, that failed to meet regulatory requirements governing finance, and discusses what to look for when evaluating GRC software environmental compliance, and other areas. In each case, options. It also discusses how SAP is evolving the SAP® solutions executives have been held accountable, stock prices have for governance, risk, and compliance (SAP solutions for GRC) dropped, and brand image has suffered. GRC issues are also a top to deliver the industry’s first comprehensive, fully integrated priority because business leaders increasingly understand that cross-enterprise GRC solution. seemingly small operational control weaknesses can significantly impair corporate performance. These obstacles might range from a supplier inventory shortage that impacts revenue, to a faulty or counterfeit product that erodes brand and increases costs, to a leakage of confidential data that damages reputation and creates a compliance liability. Many companies have responded to regulatory mandates by im- plementing disconnected, tactical processes and point solutions that address a single regulation or corporate initiative. But these fragmented efforts can make compliance far more costly and complicated than it needs to be. You would need to purchase and deploy multiple GRC applications for each enterprise appli- cation and then define risks, set policies, and monitor compli- ance for each application. At the same time, you need to find a way to manage countless GRC policies, decisions, and GRC data – data that is likely based on different metrics, standards, soft- ware, and methodologies. The resulting complexity can make it impossible to aggregate this data to gain a complete view of enterprise risk. SAP offers a new approach for monitoring, identifying, and managing risk across the enterprise. A true cross-enterprise GRC solution dramatically simplifies management and execution of these activities – making it easy to compile data for a comprehensive perspective on overall exposure, monitor compliance and risk effectively, and adjust business processes to meet changing business and regulatory mandates. 4
  • 5. THE BUSINESS NEED FOR CROSS-ENTERPRISE GRC SOLUTIONS Issues related to management of GRC have become top board- Of even greater significance is the fact that fragmented GRC room priorities, thanks to highly publicized corporate scandals efforts make it impossible to implement a cohesive GRC strategy and the release of a myriad of regulatory mandates designed to for monitoring, identifying, and managing risk across the enter- prevent everything from fraud to environmental damage. Most prise. This fragmentation – when replicated many times across likely, you are keenly aware of the potential costs of noncompli- different business applications and business functions – creates a ance today. In addition to facing possible fines, your business GRC management nightmare. For each business process or could face the cost of litigation and remediation, as well as application, you may have one or more different applications to confronting negative impacts on brand, reputation, and market manage it. And for each process and each application, business valuation. Equally important, executives at the top can be held and IT departments need to define risks, set policies, monitor personally responsible for compliance failures. compliance, manage attestations, address escalations and mitigations, generate reports, and more. Complicating matters further is the fact that departments responsible for different GRC A Definition of GRC initiatives may use different metrics, standards, software, and • Governance manages the strategic directives methodologies for analyzing risk and compliance information. This makes it difficult to aggregate data, gain a complete view a company wants to follow. of enterprise risk, effectively monitor compliance and risk, and • Risk management assesses the areas adjust business processes to meet changing requirements, market of exposure and potential impacts. trends, and regulatory mandates. • Compliance is the tactical action to mitigate Clearly, fragmented approaches to GRC represent a massive – risk. and costly – duplication of effort that impairs transparency and Source: John Hagerty, AMR Research, April 3, 2006 increases opportunities for issues or weakness to fall through the cracks until identified by regulatory body. Forrester anticipates that “firms will establish Many companies have responded to regulatory mandates with risk and compliance architectures, develop risk a series of disconnected, tactical, one-off projects to respond intelligence, and implement GRC platforms, to a single regulation or corporate initiative. Your business may as well as centralized communication and deploy multiple point solutions to address process control risks within a core financial application, for example. However, while training on corporate policies and procedures.” fragmented GRC activities may be the status quo, they are likely Forrester also anticipates the continued costing your business more than you think and more than is evolution of the enterprise role that is respon- necessary. AMR Research reports that compliance spending will sible for managing GRC. reach US$27.3 billion in 2006.1 Source: “Trends 2006: Enterprise Risk and Compliance,” Forrester Research Inc., Michael Rasmussen, December 13, 2005 1. Source: John Hagerty, AMR Research, “Spending in an Age of Compliance, 2006,” February 21, 2006 5
  • 6. THE GOAL: A HOLISTIC APPROACH TO GRC A fragmented approach to GRC prevents transparency into your Integration must extend throughout the entire technology business operations and severely limits your ability to use GRC as stack, from the highest-level enterprise applications down to the a strategic asset for your company. To promote transparency, data-exchange infrastructure. In addition, all applications that GRC solutions must span multiple business processes. As illus- are part of the solution must 1) address GRC issues across all trated in Figure 1, the answer is to implement a single, holistic applications and business functions and 2) feed to and from solution that works with all of the enterprise applications used a single, centralized GRC data repository. These two charac- to support those business processes. teristics of cross-enterprise GRC enable you to address a multi- tude of GRC challenges and result in the following benefits: A true cross-enterprise GRC solution delivers key functionality • Enterprise-wide risk monitoring –You can monitor risk across two dimensions: across all enterprise applications and business functions, • Breadth in terms of business processes or functions covered, deploying one solution, rather than multiple applications that such as human resources, finance, customer relationship manage only a subset of GRC activities. You can significantly management, sales, and so on lower the effort and cost of GRC for your company, freeing • Depth in terms of integration with multiple business applica- resources for innovation and top-line growth. tions, which may include software from a major vendor, as well as legacy and custom applications Cross-Enterprise GRC Hire to Retire Reconcile to Report Cross-Functional Procure to Pay Order to Cash Production to Delivery Legacy SAP Oracle Cross-Application Figure 1: The Breadth and Depth of Cross-Enterprise Solutions 6
  • 7. CROSS-ENTERPRISE GRC SOLUTIONS: A CLOSER LOOK • Greater transparency – Executives gain greater transparency When evaluating GRC technologies, it’s important to under- into business operations across the enterprise, essential to in- stand the baseline functionality required in a cross-enterprise creasing overall GRC effectiveness. Transparency enables you GRC solution. The solution should provide the following: to overcome the effects of fragmentation, such as increased • Support for all core business processes and functions risks, reduced effectiveness of controls, strategic misalignment, • Support for all major enterprise application software solutions and missed opportunities. • Support across the complete IT stack • Increased automation – You can automate manual process- • Integrated GRC processes es, which results in highly repeatable, consistent, and auditable • Automated GRC processes GRC processes. At the same time, automation enables fast, cost-effective reporting that saves time and money and Support for Business Processes and Functions helps ensure that the data you submit to regulatory agencies is To qualify as a true cross-enterprise GRC application, the solu- reliable and supportable. tion must provide business process controls that address all core • Simplified compliance – You can adjust to regulatory chang- business processes in your organization, ranging from the supply es easily and speed compliance efforts, which can play a critical chain to finance to operations. Examples include the following. role – for example, bringing new products to market faster than the competition. Reconcile to Report and Financial Close The leading source of material weakness disclosures relates to All of these benefits are made possible by the fact that a true controls for the reconcile-to-report process – a process that cross-enterprise GRC solution dramatically simplifies manage- places a tremendous strain on the accounting staff. In addition, ment and execution of GRC activities. Whereas before you mistakes or delays can cause significant harm to a company’s needed a different application to manage each business process financial statements and ultimately, its share price. or application, with cross-enterprise GRC, you need only one. Having a single GRC solution means that you need to define Errors in financial results are often the result of manual process- risks and set policies once for the entire enterprise. It also means es and calculations performed in a compressed time frame across that metrics, standards, software, and methodologies for analyz- multiple locations and groups and a wide variety of enterprise ing risk and compliance information are consistent across the applications. All of these variables create an environment in enterprise, making it easy to aggregate data, gain a complete view which it is easy to make simple calculation and data-entry of enterprise risk, effectively monitor compliance and risk, and mistakes. These mistakes can easily add up to material problems adjust business processes to meet changing requirements, market that require rework or in the worst case, a financial restatement. trends, and regulatory mandates. A true cross-enterprise GRC solution automates manual processes with controls in the reconcile-to-report area as much as possible. These controls eliminate the source of most material weaknesses – and by default, significantly reduce the need for financial restatements. In addition, they free accounting staff to focus on more strategic activities. 7
  • 8. Procure to Pay Payroll For most large organizations, procurement activities generate Payroll is one of the largest expenditures in many organizations, thousands of transactions across multiple enterprise applications making it a prime target for fraud. The volume and frequency of each day. This complexity can make it nearly impossible to payroll transactions create additional risks, such as the likelihood ensure the validity of procure-to-pay transactions. Lack of auto- of errors due to complexities in tax regulations, time accounting, mated controls for procure-to-pay processes impairs cash flow and other areas. With a cross-enterprise GRC solution in place, and can cause inaccurate account balances related to delivery of you receive best-practice controls that protect the entire payroll low-quality goods, duplicate vendor payments, lost discounts, process from accidental or malicious activities. and improperly valued inventory. An even more serious threat is significant losses due to fraud. Production to Delivery The production-to-delivery process often requires a wide range A true cross-enterprise GRC solution addresses these challenges of cross-industry controls to address issues such as product by providing controls throughout the procure-to-pay process quality and workplace safety. In addition, there are many that detect or even prevent accidental or malicious activities. industry-specific variations and additions to these horizontal controls, such as enhancements specific to the U.S. Food and Order to Cash Drug Administration in the life sciences industry. A true cross- Optimizing the order-to-cash process is a strategic priority for enterprise GRC solution also delivers controls for this process to most companies. Since this process concludes with revenue ensure that there are no material deviations from regulatory recognition, it can present a high degree of risk to company mandates or company policy. management. The risks are magnified when companies have high order volumes from a global customer base, and customers Support Across the Complete IT Stack use complex discounting structures and multiple payment Businesses increasingly need controls that extend down to oper- terms. Clearly, financial professionals need to implement auto- ating system and network layers. For example, to address net- mated process controls to identify revenue leakage, improper work and IT security risks related to compliance, you are proba- shipping cutoffs, and potentially fraudulent activities. bly performing manual audits of all devices and IT systems or using point solutions focused on IT or network compliance. In A true cross-enterprise GRC solution addresses these challenges either case, this approach requires addressing regulatory require- by providing best-practice controls that safeguard the order-to- ments manually and makes it difficult to leverage data between cash processes. the point solutions. This can be a serious problem given that the reporting requirements for compliance with the Control Hire to Retire Objectives for Information and Related Technologies (COBIT) Ensuring employee information security – while maintaining framework alone can diminish IT productivity. adequate information transparency for key stakeholders of an organization – requires a robust hire-to-retire process with the To address these types of risks, you need a holistic cross- appropriate controls needed to achieve both objectives. With a enterprise GRC solution that takes into account not only cross-enterprise GRC solution in place, you get best-practice controls for core business processes but also IT controls that controls that enforce policies and detect or even prevent failures extend through all levels of the IT infrastructure – from the in the hire-to-retire process. operating system and network all the way up to the highest-level business applications. The software that typically monitors and reports on network activity should correlate events to 8
  • 9. higher-level GRC information so that, for example, sensitive A multiapplication solution automatically applies the rules to customer information (such as customer credit card numbers) each business application involved in creating and paying ven- does not pass outside company firewalls. dors. Multiapplication functionality alone, however, does not ad- dress the fact that business processes often span multiple applica- Support for Enterprise Application Software tions. To return to our prior example, multiapplication Solutions functionality allows you to detect instances when a user has per- A cross-enterprise GRC solution also needs to provide full mission to both create and pay a vendor within a single applica- support for heterogeneous business applications by providing tion. But it cannot detect when a user tries to bypass the policy both multiapplication functionality and cross-application by creating a vendor in one application and paying the vendor in functionality. The following sections explore these terms. another. Multiapplication GRC Cross-Application GRC Multiapplication GRC solutions enable you to define all risks, Only GRC software that offers cross-application functionality policies, functions, and controls just once using nontechnical, can detect cross-application risks. Multiapplication software is common business language and to store this data in a central gradually evolving into cross-application software that enables repository for reuse by multiple GRC applications. The solutions you to apply policies and controls across business applications automatically map these risks, policies, and functions to all of and uncover risks spread across them – the holy grail of GRC. the underlying business applications, regardless of where they are in the enterprise. For example, you may have a business policy stating that purchase orders over a certain amount require management Automated, multiapplication functionality helps you avoid frag- approval. This process control can potentially be sidestepped by mentation of risk analysis, policies, and controls; ensures consis- employees who submit two purchase orders for lesser amounts tency across the enterprise; and eliminates duplication of effort across two different applications. To prevent this type of process across applications. For example, you may have three applica- control failure, you can deploy a cross-application GRC product tions that support “create vendor” and “pay vendor” processes. that includes functionality for monitoring all purchase order To prevent fraud, you define a rule that no one user can have activity across all relevant enterprise applications. Centralized permission to both create and pay a vendor. Without multi- business rules can detect a suspicious sequence of purchase application functions in place, you need to deploy a different orders for an individual and generate an alert to a manager GRC application to monitor each business application – and responsible for compliance in the procurement area with the define the rule three different times. Given the law of large Sarbanes-Oxley Act, who can take immediate action. (In con- numbers, having this kind of data scattered across multiple trast, multiapplication software would only enable you to detect applications eventually results in inconsistencies, errors, and when employees submit two purchase orders within the same oversights. Also, if you find a violation of a rule, you need to put application.) a mitigating control in place across three different applications – another potential source of oversight, as companies can lose As this example illustrates, end-to-end business processes can track of which users have what controls, when they expire, and touch multiple enterprise applications and departments – and as so on. And if management needs visibility across the enterprise a result, GRC solutions must be able to identify and manage with regard to this issue, individual reports from the various risk within and across them. You want one GRC solution that GRC applications need to be manually reconciled – a costly and enables you to do the following: error-prone process. 9
  • 10. • Document and store all rules and policies in a central GRC ments, market trends, and regulatory mandates. It also simplifies repository GRC, which reduces costs and the potential for error. And • Apply these centralized rules and policies across all of your because data is truly integrated, you can more easily link GRC to major enterprise applications to identify and analyze risk corporate performance management, strategy setting, and com- • Mitigate and remediate risks from a central GRC solution pany policies to create reports that are useful to senior manage- ment. If this information is fragmented, creating reports that Additional Attributes of an Enterprise-Class GRC synthesize this data would require repeated linkages dozens of Solution times across different enterprise systems – a costly endeavor. In addition to supporting GRC activities across all business pro- cesses and applications, a true cross-enterprise GRC solution also Automated GRC delivers the following functionality. True cross-enterprise GRC solutions also automate the bulk of activities that are typically processed manually by most compa- Integrated GRC nies today – for example, managing segregation-of-duties infor- A cross-enterprise GRC solution does not treat GRC activities as mation using spreadsheets. Automating the tracking and man- separate activities but rather addresses them as one integrated so- agement of this type of data across the enterprise reduces GRC lution. Integrated GRC enables you to aggregate data, gain a costs and eliminates countless errors that can lead to major complete view of enterprise risk, effectively monitor compliance liabilities. and risk, and adjust business processes to meet changing require- Defining Single-, Multi-, and Cross-Application Software The GRC software industry is relatively new and, in many ways, has been playing catch-up with the needs of businesses seeking to comply with regulatory mandates in an effective, cost-efficient manner. As illustrated in Figure 2, software products are continuing to evolve from “siloed” GRC applications that focus on only one enterprise application to those that enable cross- application management. Single Application Multiapplication Cross-Application For a single application For multiple applications Across multiple applications Rules Rules Rules Rules Rules Rules GRC Application GRC Application GRC Application SAP SAP ORACLE PeopleSoft ... SAP ORACLE PeopleSoft ... Figure 2: The Evolution of GRC Applications 10
  • 11. SAP SOLUTIONS FOR GOVERNANCE, RISK, AND COMPLIANCE SAP has recognized the need for cross-enterprise GRC applica- leverage information within your existing business applications tions and has deepened its own GRC domain expertise by invest- to evaluate risk and apply controls directly within business ing in SAP® solutions for governance, risk, and compliance (SAP processes. This results in greater transparency and predictabili- solutions for GRC) and a robust, industry-leading GRC partner ty, enabling you to improve GRC activities – and overall enter- ecosystem. These solutions will enable you to achieve the goal prise performance. of managing GRC across your enterprise and even across your extended business landscape – and do so with confidence. SAP solutions for GRC are based on the concept that business processes are not contained within a single application or silo SAP solutions for GRC make up an integrated portfolio of appli- function of a business. Instead, they cut across an entire corpo- cations that embed and optimize all GRC activities to overcome ration or distributed value chain. This means that SAP solutions the problems caused by business fragmentation and disjointed for GRC have to function reliably outside a single application approaches to GRC management. These solutions are powered and across a complex business network. The complexity of the by the SAP NetWeaver® platform, which provides a common network requires that SAP solutions for GRC must be increas- technical foundation that integrates with the mySAP™ Business ingly adaptable and flexible to work in any heterogeneous Suite applications and with third-party applications. They can environment. Key applications are described in the table that follows. SAP® PRODUCT DESCRIPTION SAP GRC Access This application for monitoring, testing, and enforcing access and authentication controls across the enterprise addresses Control application compliant-resource provisioning and ensures proper segregation of duties at all times. It is designed to help organizations with duty segregation and application-access management, a fundamental requirement of many regulations (including Sarbanes-Oxley in the United States, Combined Code in the United Kingdom, and KonTraG in Germany). The application enables businesses to rapidly identify and remove access and authorization risk from IT systems and embed preventive controls into business processes that stop future violations from occurring. SAP GRC Process Control This cross-enterprise control management application for compliance with Sarbanes-Oxley supports frameworks such as application Committee of Sponsoring Organizations of the Treadway Commission (COSO) and Control Objectives for Information and Related Technologies (COBIT). The software deploys configurable, prebuilt, and custom-automated control tests across multiple target systems. It delivers workflows and templates for manual control tests, self-assessment surveys, and certification. SAP GRC Risk Management This application automates collaborative process management for enterprise risk planning, identification, analysis, application response, and monitoring. The software graphically depicts risk profiles and proactively alerts management regarding high-impact and high-probability issues. SAP GRC Repository application This central application of a record of GRC content includes corporate policies, compliance and control frameworks, and risk and control libraries. SAP GRC Repository currently comes as part of all SAP solutions for GRC at no additional fee. SAP Global Trade Services This application enables secure, expedited, cross-border trade transactions that comply with trade export and import application regulations, restricted-party-list screening, and regional customs-reporting mandates. It works across all enterprise ap- plications that support cross-border transactions. SAP Environment, Health & This application tracks compliance with multiple environment, health, and safety (EH&S) regulations relating to waste man- Safety application agement, dangerous goods, product safety, hazardous substances, industrial hygiene and safety, and occupational health. SAP xApp™ Emissions Manage- This composite application tracks compliance with global and regional emissions regulations, such as the Kyoto Protocol ment composite application and the U.S. Clean Air Act for the chemicals, oil and gas, and mining industries. SAP solution for environmental This automated environmental-product-compliance software is a joint offering from SAP and TechniData that addresses product compliance products regulated by mandates such as the restriction of the use of certain hazardous substances (RoHS) and waste electrical and electronic equipment (WEEE) directives. 11
  • 12. SAP Solutions for GRC, Cisco SONA–Ready SAP and Cisco are developing a growing portfolio of prebuilt SAP and Cisco Systems Inc. have partnered to deliver a joint set composite applications – to address customers’ critical business of solutions based on enterprise service-oriented architecture process issues. These predelivered composite applications for (enterprise SOA) that allow you to address GRC needs across the GRC leverage SOA to address the most common challenges enterprise in a holistic, nonintrusive, flexible, and cost-effective around GRC, such as network and IT security, data privacy and way. This approach leverages SAP solutions for GRC and the in- protection, and service-level compliance. They are also unique telligent network delivered by Cisco Service-Oriented Network because they are network-aware composite applications, result- Architecture (SONA), Cisco’s leading network architecture. ing in more powerful and farther-reaching functionality than is SAP solutions for GRC provide the business context for GRC possible with traditional composite applications. needs across the enterprise – that is, the specific GRC-related policies you have identified that are important to your business. Cisco SONA expands the reach of SAP solutions for GRC into the extended enterprise, beyond the borders of packaged enterprise applications and into the landscape of physical and infrastruc- ture risk. SAP solutions for GRC give you the visibility needed to move away from reacting to business risks and events and toward im- proving business predictability and performance. These solutions provide business content to correctly interpret and respond to the events detected and tracked by Cisco SONA. Cisco SONA can then aggregate, normalize, and act upon business and IT events with the appropriate business context for your organization and across existing geographies and organizations. The Foundation for Cross-Enterprise GRC Both SAP and Cisco have built their solutions using a standards- based SOA, making it easy to integrate corporate GRC policies and processes into your existing operations and heterogeneous IT systems. In addition, this lays the ideal foundation for creating and deploying composite applications to drive specialized GRC processes. Composite applications span multiple solutions, departments, and organizations to leverage existing systems and ease future integration. They also allow quick reconfiguration to accommodate new business structures, processes, and partner requirements. 12
  • 13. EVOLVING SAP SOFTWARE INTO CROSS-ENTERPRISE PRODUCTS Forward-looking customers are engaging with vendors such SAP GRC Access Control as SAP that have committed to a holistic GRC vision. SAP is The following table describes the cross-application functional- evolving its SAP solutions for GRC into cross-application and ities of the SAP GRC Access Control application across various cross-functional products that support cross-enterprise GRC business processes and functions. It lists the out-of-the-box pro- management and transparency. As illustrated in the tables that cess coverage for access risk provided by SAP GRC Access follow, SAP solutions for GRC support both breadth and depth. Control. SAP® GRC ACCESS CONTROL – A CROSS-ENTERPRISE APPLICATION SAP Oracle PeopleSoft JD Edwards Hyperion HR HR HR HR/Payroll Custom Rules Procure to pay Procure to pay Procure to pay Procure to pay Order to cash Order to cash Order to cash Order to cash Finance Finance Finance Finance – General accounting – General accounting – General accounting – General accounting – Project systems – Project systems – Fixed assets – Fixed assets – Fixed assets Basis, security, and system System administration System administration Consolidations administration Materials management SAP Advanced Planning & Optimization mySAP™ Supplier Relation- ship Management mySAP Customer Relation- ship Management Consolidations 13
  • 14. SAP GRC Process Control • Reconcile to report: Predelivered, automated controls for sub- The SAP GRC Process Control application deploys configurable, ledgers, general ledgers, and consolidation systems eliminate automated controls for key business processes – and even sup- manual controls, streamline the financial close process, and ports custom controls unique to your company. Examples of help ensure the accuracy of financial results. Examples of these processes supported by SAP GRC Process Control include the controls include the following: following: • Procure to pay: Predelivered controls ensure control effective- EXAMPLES OF RECONCILE-TO-REPORT CONTROLS ness and efficiency for purchasing, inventory, accounts SAP® GRC Process Control Control Objective payable, and legacy applications. Examples of these controls Identify split purchase orders Ensure proper authorization of purchase orders include the following: Match receipts to purchase orders Ensure accuracy of transactions and prevent overpayments for EXAMPLES OF PROCURE-TO-PAY CONTROLS underdelivery SAP® GRC Process Control Control Objective Identify duplicate vendors Prevent duplicate payments and fraud Identify split purchase orders Ensure proper authorization of purchase orders Match receipts to purchase orders Ensure accuracy of transactions and prevent overpayments for In addition to providing process-level support across the enter- underdelivery prise, SAP GRC Process Control addresses risks across various Identify duplicate vendors Prevent duplicate payments and functions and applications. Examples of the software’s cross- fraud functional support are illustrated in the following table: • Order to cash: Predelivered controls ensure control effective- CROSS-ENTERPRISE SAP® GRC PROCESS CONTROL ness and efficiency for order management, inventory, accounts SAP Oracle receivable, general ledger, and legacy applications. Examples of Finance and controlling General ledger these controls include the following: Purchasing Global consolidation system Accounts receivable Order management EXAMPLES OF ORDER-TO-CASH CONTROLS Accounts payable Accounts payable Inventory Accounts receivable SAP® GRC Process Control Control Objective Order management Inventory Monitor price changes Ensure proper, authorized pricing on Basis, security, and system sales invoices administration Match billing and shipping Identify variances between quantity documents and price to ensure valid and ac- curate revenue recognition Monitor excessive write-offs Ensure validity of write-offs and prevent undue losses 14
  • 15. FOR MORE INFORMATION POWERED BY SAP NetWeaver The SAP approach to GRC and the solution portfolio provides SAP solutions for GRC are powered by the SAP NetWeaver the framework and the software solutions to help you build platform. SAP NetWeaver unifies technology components into a your GRC architecture step-by-step, leveraging your existing single platform, providing the best way to integrate all systems IT investments in SAP software and other technologies. SAP’s running SAP or non-SAP software. SAP NetWeaver also helps business process expertise, industry knowledge, and global organizations align IT with their business. As the foundation for presence attract a continuously growing partner ecosystem. enterprise service-oriented architecture (enterprise SOA), In combination, SAP and its partners deliver a comprehensive SAP NetWeaver allows organizations to compose and enhance and integrated GRC solution portfolio unmatched by any single business applications rapidly to drive business change. vendor in the market. To learn more about how SAP can help you with your GRC strategy and reap the benefits of an integrated GRC approach, please call your SAP representative today or visit us on the Web at www.sap.com/grc. 15