Вы находитесь на странице: 1из 33

Drive Enterprise Value

Enabled by SAP Governance Risk & Compliance solns

Murali Narayanamurthy

Drive Enterprise Value Enabled by SAP Governance Risk & Compliance solns Murali Narayanamurthy

Manage Enterprise Risk and Compliance

Access Risk

Management

Enterprise Risk and Compliance Access Risk Management Manage access risk and prevent fraud  SAP GRC

Manage access risk and prevent fraud

SAP GRC

Access Control

SAP GRC

Access

Approver -

mobile

application

Controls &

Compliance

Monitoring

application Controls & Compliance Monitoring Ensure effective controls and ongoing compliance

Ensure

effective

controls and

ongoing

compliance

SAP GRC Process Control

SAP GRC Policy Survey - mobile application

Enterprise Risk Management

Planning and

performing

Audits

Risk Management Planning and performing Audits Preserve and grow value SAP GRC Risk Management Drive a

Preserve and

grow value

SAP GRC Risk Management

Drive a unified audit management function

SAP GRC Audit Management

Fraud detection and investigation

SAP GRC Audit Management Fraud detection and investigation Prevent, detect, investigate, and monitor fraud patterns

Prevent, detect,

investigate,

and monitor fraud patterns and predictions

SAP GRC Fraud Management

SAP’s Approach: Unified Governance Risk & Compliance

Prevent Frauds

Risk Based Audit

Segregation of

Duties

Organizational Objectives
Organizational
Objectives
Unified GRC Framework
Unified GRC
Framework

Monitor Key Risk Indicators

Policy

Management

Legal Compliance

Internal Controls Effectiveness
Internal Controls
Effectiveness

Streamlined User Access Management

3
3

Standardizes on SAP Business workflow technology, supports more flexible and tailored access request and approver views, simplifying the provisioning process

SOURCE

CONFIGURABLE WORKFLOW

RESULT

IDM Systems

SAP IDMprocess SOURCE CONFIGURABLE WORKFLOW RESULT IDM Systems Novell IDM Other HR Systems Other Other SAP Business

Novell IDM

OtherWORKFLOW RESULT IDM Systems SAP IDM Novell IDM HR Systems Other Other SAP Business Suite Other

HR Systems

RESULT IDM Systems SAP IDM Novell IDM Other HR Systems Other Other SAP Business Suite Other

OtherRESULT IDM Systems SAP IDM Novell IDM Other HR Systems Other SAP Business Suite Other SAP

Other

IDM Systems SAP IDM Novell IDM Other HR Systems Other Other SAP Business Suite Other SAP
IDM Systems SAP IDM Novell IDM Other HR Systems Other Other SAP Business Suite Other SAP

SAP

Business Suite

Novell IDM Other HR Systems Other Other SAP Business Suite Other SAP Applications Heterogeneous Environment SAP

Other SAP

Applications

Other Other SAP Business Suite Other SAP Applications Heterogeneous Environment SAP Mobility Option Request

Heterogeneous

Environment

SAP Mobility Option Request Risk Manager Automated generated Analysis Approval Mitigation Exception workflow
SAP
Mobility
Option
Request
Risk
Manager
Automated
generated
Analysis
Approval
Mitigation
Exception
workflow

SAP HR

PeopleSoft HR

provisioning
provisioning
Exception workflow SAP HR PeopleSoft HR provisioning AC Direct Entry Help Desk More… Key Benefits Business

AC Direct Entry

Help Desk

More…

Key Benefits

Business workflow reduces manual tasks and streamlines access request processing

Leverage existing resources for workflow administration and configuration

Faster and easier for users to request the roles they need.

Business Control Monitoring:

Supplier Relationship Management Process Implement Identify & Award & Evaluate Strategic Qualify Negotiate
Supplier Relationship Management Process
Implement
Identify &
Award &
Evaluate
Strategic
Qualify
Negotiate
Bids
Vendors
Contract
Agreements
Were sourcing
policies followed in
awarding contracts?
Apply
Dispatch
Receive
Execute
Apply
Create
Agreement
Electronic
Goods or
Sourcing
Purchase
Procurement
Terms &
PO to
Services;
Rules
Order
Conditions
Supplier
Inspect
Are any critical
materials single
sourced?
Pay
Receive
Pay
Electronic
Supplier
Suppliers
Invoice
(EFT)
Were any supplier
payment terms
changed?
Drive
Analyze
Adjust
Continuous
Performance
Contracts
Improvement
Are suppliers for
critical materials
delivering on time?

Combining the power of different approaches

SAP Fraud Management covers the full spectrum of fraud detection

Fraud Management covers the full spectrum of fraud detection K n o w P a t

Know Patterns

Know fraud

behaviors

K n o w P a t t e r n s Know fraud behaviors Unusual
K n o w P a t t e r n s Know fraud behaviors Unusual

Unusual

behaviors

Similar, but different from known behaviors

behaviors Similar, but different from known behaviors Unknown/complex Patterns Unknown fraud behaviors Rules

Unknown/complex

Patterns

Unknown fraud behaviors

Rules Predictive Algorithms
Rules
Predictive
Algorithms

Hybrid combination of Rules and Predictive Algorithms to detect fraud

Fraud Management

A Closed-loop, Cross-Functional Process

Monitoring Fraud Monitoring & Performance Optimization Fraud Define Rules Setup Calibration & Prevention
Monitoring
Fraud Monitoring & Performance Optimization
Fraud
Define Rules
Setup
Calibration &
Prevention
Pattern
& Predictive
Fraud Detection
Simulation
Analysis
Models
Strategy
Online
Mass
Detection
Detection
Detection
Alert
Inquire &
Evaluation &
Investigation
Investigation
Notification
Analyze
Decision
Claim Handling
From Claim Notification to Claim Closure
& Settlement
Head of Fraud
Investigation
Fraud
Business
CIO
Investigator
Analyst
Head of Claim
Management
SAP Fraud Management for Insurance
Integration
Configuration
Platform

USER FRIENDLY INTERFACE TO HELP MATURE ALGORITHMS

SAP Risk Management

Preserve and grow value

SAP Risk Management Preserve and grow value Monitor thresholds, effectiveness of risk responses, and corrective actions

Monitor thresholds, effectiveness of risk responses, and corrective actions

effectiveness of risk responses, and corrective actions Respond to risk after balancing costs and benefits Analyze

Respond to risk after

balancing costs and

benefits

Analyze risk via scenarios, modeling, & other factors to understand exposure

Plan risk management within the context of value to the organization

Link risks, risk drivers,

risk indicators,

impacts and

responses

Intuitive Risk Heat maps for prioritization and action

Risk Planning

(Bow-tie Builder)

Define the context within which business risks are to be managed
Define the context within which business risks are to be managed
Builder) Define the context within which business risks are to be managed © 2011 SAP AG.

Risk Assessment

Business context based assessments

Identify and assess the impact of risk events on the business
Identify and assess the impact of risk events on the business
assessments Identify and assess the impact of risk events on the business © 2011 SAP AG.

Risk Response

Implement responses Superior mitigation with automation

Evaluate and select the risks to be addressed and create risk responses
Evaluate and select the risks to be addressed and create risk responses
Evaluate and select the risks to be addressed and create risk responses © 2011 SAP AG.

Risk Monitoring

Proactive risk management and prevention

Monitor the effectiveness and completeness of the response actions
Monitor the effectiveness and completeness of the response actions

Enterprise Wide Integrated Governance Risk &

Compliance Example using SAP GRC Solutions

Enterprise Risks Fraud Develop and Package External Content Responses Accept Avoid Transfer Control Reduce
Enterprise Risks
Fraud
Develop and
Package External
Content
Responses
Accept
Avoid
Transfer
Control
Reduce
Content Responses Accept Avoid Transfer Control Reduce Regulations Process Procure to Pay Process Risks
Content Responses Accept Avoid Transfer Control Reduce Regulations Process Procure to Pay Process Risks

Regulations

Process

Procure to Pay

Process Risks

Fraudulent

Controls

Review of

Review of new vendors and related invoice

support

Vendor Mgmt

invoices paid

uninvoiced

AP SOD

 

Valid

goods

rules in AC

invoices not

entered

receipts

AP Invoicing
AP Invoicing
goods rules in AC invoices not entered receipts AP Invoicing Policies Update and roll out strengthened

Policies

Update and roll out strengthened security policy

Access Risks Mitigate Access User can enter vendor Violations & PO User can Monitor enter
Access Risks
Mitigate
Access
User can
enter vendor
Violations
& PO
User can
Monitor
enter invoices
Access
& payments
Status
& PO User can Monitor enter invoices Access & payments Status © 2011 SAP AG. All

Achieving Benefits with Enterprise Risk and Control

Management

Strategic Alignment Predictable Performance Confident Decisions  Unified GRC is the key step en route
Strategic Alignment
Predictable Performance
Confident Decisions
 Unified GRC
is the key step en route
to building the linkage
from strategy to
Increased visibility into
the impact of risk
against performance.
Allocate resources
and capital where it is
most needed
execution, because you
can prove that linkage
works.
Improve predictability
and performance.

© 2011 SAP AG. All rights reserved.

34

Thank You! Murali Narayanamurthy Director Office of the CFO & GRC Solutions SAP India Private

Thank You!

Murali Narayanamurthy

Director Office of the CFO & GRC Solutions SAP India Private Limited

(+91) 9820972906

murali.narayana.murthy@sap.com