The document provides an overview of SAP Governance, Risk, and Compliance (GRC) solutions, including company background and the capabilities offered by Wise Men. It covers GRC implementation, customer case studies, and the migration process, emphasizing the importance of compliance and risk management in today's regulatory landscape. Additionally, it highlights the potential cost savings and performance enhancements achievable through effective GRC practices.

1. SAP Solutions for
Governance, Risk and Compliance
Wise Men Confidential
www.wisemen.com | info@wisemen.com | +1 281-953-4500
Rajendra Ponangi (Raj)
SAP BASIS & GRC PRACTICE HEAD
March 12, 2015
Kevin McCollom
Global Vice President & General Manager
SAP Governance, Risk & Compliance
SAP Labs

2. Wise Men Confidential
Agenda
 Introduction- Speakers
 SAP GRC Overview
 Company Background
 Wise Men SAP GRC Capabilities
 SAP GRC Implementation / Upgrade & Support Services.
 Customer Case Studies
 GRC Migration Process Flow
 Q & A
2

3. Wise Men Confidential
Speaker’s Bio
3
Kevin McCollom
Global Vice President & General Manager
SAP Governance, Risk & Compliance
SAP Labs
Kevin McCollom is Global Solution Owner for SAP GRC. He and his team are responsible for market
requirements roll-in and solution go-to-market. In close collaboration with SAP GRC Product
Development, he and his team are also globally responsible for general management of all SAP GRC
solution aspects including solution strategy and roadmap. Kevin has held this role since 2011 and has
been part of the SAP GRC management team since 2008.
Rajendra Ponangi is an industry leader with over 10 years of experience in SAP BASIS & GRC Support,
Implementations, Upgrades. He currently heads the SAP BASIS & GRC Practice. He has the best of
vertical knowledge in Manufacturing, Energy & Utilities, Pharma, FMCG, and Automotive sectors.
Rajendra Ponangi (Raj)
Head SAP BASIS & GRC Practice
Wise Men

4. Wise Men Confidential 4
Brakes
Seatbelts
Car seats
Airbags
License plate and annual registration
Maintenance records
Temperature
gauge
Fuel gauge
Crash avoidance
What is GRC?

5. Wise Men Confidential 5
Multilateral
Instrument
52-111
Toxic Substances
Management
(ITAR) International
Traffic in Arms
Regulations
22 CFR 120-130
FCPA (Foreign
Corruption Practices
Act)
FDA compliance
GxP
21 CFR
International
Emergency
Economic Powers
Act (S. 1612)
Sarbanes-Oxley
Data Privacy Laws
CA-SB 1386, HIPAA
Gramm-Leach-Bliley
Act, COPPA
Switzerland:
- Corp. Governance SWX
- Code of Obligations
EU: Foreign Trade
Administration Act
EU Company Law
Directives 4, 7, and 8
EU: REACH
Registration, Evaluation,
and Authorization of
Chemicals
UK Anti-Bribery Act
European Data
Protection Directive
Foreign Exchange
Order
JSOX
Hong Kong:
Code on Corporate
Governance Practices
PNEMEN
National Policy of
Exports of Military
Goods
King II Report
Clause 49
of the Listing
Agreement
Regulation 13E of the
Customs (Prohibited
Exports) Regulations
Corporate Law
Economic Reform
Program (CLERP) 9
Hazardous Waste Act
Air Toxics NEPM
EU Company Law
Directives 4, 7, and 8
What our customers and the marketplace are saying
Increasing regulations and risks challenge growth

6. Wise Men Confidential 6
Bribery and
corruption,
spills,
explosions
Trading conflicts,
currency
manipulation,
laundering,
restricted trading
parties
Off-label
marketing,
product
recalls, price
fixing
Conduct,
transmission,
ownership,
manipulation
, disruptions
The cost is real
Lack of control and poorly managed risk events are costly

7. Wise Men Confidential
Costs resulting from non-compliance can’t be ignored
$3.5 Million
$9.4 Million
Source: Ponemon Institute LLC
The True Cost of Compliance 2011
Enforcement is 2.7 times higher than investing in compliant processes

8. Wise Men Confidential
But what’s the real cost?
Control failures / Risk
event
Lowers customer
satisfaction
Reduces investor confidence
Raises business costs
Increases scrutiny
Performance
Impact
Unachieved objectives
Disrupts operations

9. Wise Men Confidential
Conversely, there is potential for a positive impact
Brand enhanced
Controls enhance
performance
Opportunities
identified
Risks anticipated and
managed
Customer demands
met
Major disruptions
avoided
Shareholder value attained
Optimized
Performance

10. Wise Men Confidential
SAP solutions for Governance, Risk, and Compliance
SIMPLIFY GAIN
INSIGHT STRENGTHEN
Automation
Integration
SAP
Monitor
Visualize
Predict
Anticipate
Prepare
Respond
Simplify governance, risk and compliance by integrating GRC activities into your underlying business processes
Gain insight to help make better decisions visualizing and predicting how risk may impact performance
Strengthen the business by employing the right combination of GRC solutions
Proactively balance risk and opportunity

11. Wise Men Confidential
SAP Solutions for Governance, Risk, and Compliance
11
And endorsed partner solutions...
Optimize global trade and
screen restricted parties
Manage access risk and
prevent fraud
SAP Access
Control
SAP Process
Control
SAP Risk
Management
SAP Global
Trade Services
Preserve and
grow value
Ensure effective controls and
ongoing compliance
SAP Nota Fiscal
Eletrónica
Meet electronic invoicing
requirements for Brazil
SAP Audit
Management
Drive increased audit efficiency
and effectiveness
SAP Fraud
Management
Better detect and
prevent fraud
SAP Identity
Analytics
Gain insights into user roles
and optimize decision making
SAP Security Suite
Enhance security and simplify user
experience
SAP Access Violation
Management by Greenlight
Technologies
SAP Regulation
Management by
Greenlight Technologies
Identify and quantify the impact
of actual access risk violations
Manage regulatory
requirements and align with
internal control activities
Simplify, Gain Insight, Strengthen

12. Wise Men Confidential 12
Simplifying SOD Management with SAP® Access Control
and SAP Access Violation Management
Company
Sharp Electronics
Corporation
United States Headquarters
Mahwah, New Jersey
Industry
High tech
Products and Services
Home electronics,
appliances, mobile devices,
and business solutions
Web Site
www.sharpUSA.com
Top objectives
 Leverage technology to streamline access governance processes
across enterprise applications
 Contextualize the segregation of duty (SOD) risk in terms of
financial exposure to the business
Resolution
 Deployed the SAP® Access Control application as the company’s
centralized access governance solution
 Deployed the SAP Access Violation Management application by
Greenlight to automate SOD controls and to provide insight into
financial exposure due to SOD violations
 Established this centralized solution as the basis for security as a
shared service and as a platform for further expansion
Key benefits
 Automation that reduced manual efforts for managing access
governance and SOD procedures across the enterprise
 Reduction in external audit costs
 Reduction in the IT security team – from five employees to one
“The synergy between system solutions and procedure and technology and humanity empowers and frees companies to focus on core
business functions. Leveraging innovative solutions like SAP Access Control and SAP Access Violation Management allows Sharp to do
more and maximize resources.”
Wyatt MacManus, Associate Director, Information Security, Sharp Electronics Corporation
80%
Reduction in IT personnel time
required to manage access
governance and SOD controls
300hours
Reduction in time spent per month on
SOD control monitoring
33%
Increase in the number of systems
managed by SAP Access Control
Case Study

13. Wise Men Confidential 13
Consolidating a Governance Model to Lower Information Security Risk with
SAP® Access Control
Company
Natura
Headquarters
Sao Paulo, Brazil
Industry
Consumer Products
Products and Services
Cosmetics, Fragrances
and Products for
personal care
Employees
7000 with 1.4 million
Sales Consultants
Revenue
US $2.7 Billion
Web Site
www.natura.net
Top objectives
 Strengthen Natura’s governance model for data and access control
 Optimize strategies for managing access and segregation of duties
 Reduce level of risk
 Strengthen awareness process for security risk management
The Resolution
 Upgrade to latest version of the SAP® Access Control application
 Create a leaner risk matrix
 Involve all business areas
 Train 400 key users
Key benefits
 Lower security risk to the business
 Employee awareness created via dissemination of the risk control
culture
 Greater alignment between the management of information
security and all business area
 Reduced maintenance cost due to reduction in volume of support
calls made to customer service
 Faster preparation of audit reports
“Natura established a solid strategy for managing access, with strong employee
involvement, and thus significantly reduced the company’s security risk.”
Newton Rossetto, Information Security Manager, Natura
87%
Total reduction in information
security risk level
60%
Faster preparation of auditing
reports
30%
Fewer transactions per profile
Case Study

14. Company Background
Wise Men Confidential

15. Wise Men Confidential
About Us
15
Wise Men: US-based WMBE
 Established in 1997
 Technology and Supply Chain solutions
 GHQ: Houston, Texas, US
 Canada & Dubai
 CoE India: Hyderabad and Pune
 ISO 9001:2008
2010, 2011 E&Y: Finalist of the year
2009 & 2008: Top 10 - Fast 100 List
2009 & 2008: Top 10 - 50 Fastest growing
Women-owned companies
2010 BP: Vendor of the Year
2010 and 2009 INC Magazine
2011 MWBE Vendor of the Year

16. SAP Governance, Risk and Compliance
Wise Men Confidential

17. Wise Men Confidential
SAP Solutions for GRC
Manage, Protect, Perform

18. Wise Men Confidential
GRC technology is on ABAP programming language.
 GRC latest version has extended features with Common look and
feel; streamlined navigation.
 SAP has extended GRC with more Configurable user interface &
Content lifecycle management
Enhanced Solution on GRC 10.x

19. Wise Men Confidential
Reporting Within GRC 10.x
Unified User Interface

20. Wise Men Confidential
Reporting Within GRC 10.x

21. Wise Men Confidential
Solution Enhancements
 Additional reports and dashboards that enable high-
speed collection and review of key issues related to
access control, policy control, and risk management
 Device-agnostic report presentation
 Use of reporting tools in SAP software to construct
comprehensive and flexible GRC reports
Key Benefits
 High-volume processing of GRC data
 Accelerated reporting for faster review and action
 Review analytics information on any device – desktop
or mobile.
GRC - SAP HANA

22. Wise Men Confidential
SAP GRC – SAP PAM
GRC 5.3
 End of Mainstream Maintenance
• 12/31/2015
GRC 10.0
 End of Mainstream Maintenance
 12/31/2020
GRC 10.1
 Ready for SAP HANA
 End of Mainstream Maintenance
• 12/31/2020

23. Wise Men SAP GRC Capabilities
Wise Men Confidential

24. Wise Men Confidential 24
SAP Architecture Management.
 Implementation / Support SAP Architecture to meet changes in business like Cluster
Configuration, Virtualizations
VMWare, MSCS, HP, IBM AIX.
SAP ABAP & JAVA Application Support.
 Experts in implementation of stack level technical environment
 Stack level migration requests.
 JAVA STACK TO ABAP STACK MIGRATION
SAP Security GRC & SOD.
 Business requirement analysis, SoD configuration, FF configuration (Centralized /
Decentralized user Management), Mitigation/Risk management configurations,
Notification alert management
 Experts in GRC 5.3 JAVA stack migration to ABAP Stack.
 SAP Standard Workflow, BRF+ configuration, custom workflow configurations.
Wise Men SAP GRC Capabilities

25. Wise Men Confidential 25
SAP Product and Service Support.
 End to End SAP Installations, SAP Version Upgrades, SAP Add-on implementations,
Support services.
 GRC, ECC, Solution Manager, BI, BODS, SMP, EWM, TM, CRM, SCM, HANA…
SAP Implementation & Support Operations.
 Managing hardware & OS software installation & configuration related to SAP.
 Administering / Supporting OS file systems & OS security in relation to SAP.
Engineering and Technical Support Services.
 Identify and correct potential performance, reliability, capacity, security and fail-over
issues before they go into production, Execute any projects to upgrade the SAP software
products.
 Collaborate with the Key Technology Providers.
Wise Men SAP GRC Capabilities

26. Customer Case Study
Wise Men Confidential

27. Wise Men Confidential
Customer Case Study
27
Company
• Cost reduction with offshore support model
• Quick implementation of any change request due to reduction of turnaround time and
continuous daily monitoring of critical system process and agents
• Additional onsite overhead reduction
SAP Standard GRC Migration tool along with GRC Expert configurations and consulting process
SAP GRC 5.3 JAVA, GRC 10.1 ABAP, ECC 6.0
10 weeks
Leader in the design, manufacture and supply of memory and storage solutions
Project
Objective
Benefits to
Customer
Process
Technologies
Project
Timeline
GRC Migration Project [GRC 5.3 JAVA stack to GRC 10.1 ABAP Stack]
Asses existing configurations of SAP GRC 5.3 system and Migrate to SAP GRC 10.1 ABAP Stack
Highlights
• Migration / Upgrade of GRC DEV and PRD systems from ‘5.3 SP11 Java Stack’ to ‘10.1 ABAP Stack’.
• Data export of Super User Privilege Management (SPM) data from AC 5.3 (ABAP).
• Data export of Compliant User Provisioning (CUP), Risk Analysis & Remediation (RAR), and
Enterprise Role Management (ERM) data from AC 5.3 (Java).
• Data import into Access Control 10.1.
• Customer activated Rule Set to be analyzed.
• The existing configured workflows in 5.3 will be analyzed and migrated / recreated to 10.1

28. GRC Migration Process Flow
Wise Men Confidential

29. Wise Men Confidential 29
Migration Pre-requisites - SAP Access Control from 5.3 to 10.1
 AC 5.3 to AC 10.1 Pre-requisites.
 Downloading and Installing the Migration Tool.
 Target System Pre-requisites.
 Maintaining Configuration Settings.
 Creating the Users.
 Creating the Organization Unit.
GRC Migration Process Flow

30. Wise Men Confidential 30
Export Process Steps in GRC Access Control 5.3
 Exporting Configuration and Master Data in AC 5.3
 Exporting AC 5.3 (CUP) Data
 Exporting AC 5.3 (RAR) Data
 Exporting AC 5.3 (ERM) Data
 Exporting AC 5.3 (SPM) Data
GRC Migration Process Flow

31. Wise Men Confidential 31
Import Process Steps in GRC Access Control 10.1
 Importing Data into AC 10.1
 Importing CUP Repository Data
 Importing RAR Data
 Importing Workflow Data
 Importing ERM Repository Data
 Importing SPM Data
 Workflow
 MSMP
 BRF+
 User Access Request
 Reporting
GRC Migration Process Flow

32. Wise Men Confidential 32
Q&A