Risk Assurance SAP controls study

Size: px
Start display at page:

Download "Risk Assurance SAP controls study"

Transcription

1 Risk Assurance SAP controls study

2 Foreword The last few years have brought an increased focus on risk management and controls. Recent headlines and legislation have put compliance under the spotlight. Regulators and stakeholders (i.e.. customers, vendors, lenders, rating agencies, etc..) have increased their focus on the control environment and ability to manage risk. Corporate boards are strategically pursuing risk management progress while integrating risk and internal control with more traditional performance measurements and rewards. This emphasis has put even more pressure on organizations to effectively manage change while leveraging technology to deliver control. The implementation or significant upgrade of an SAP system is accompanied by significant organizational, process, and technological changes, each of which introduces a number of risks and challenges to be managed or mitigated. An SAP implementation or upgrade is often a large, complex project, with high visibility and high stakes for the organization. While management of these organizations generally recognizes the importance of internal control to the success of their organization, there is a broad array of approaches taken to incorporate this focus on risk and internal control into the implementation or upgrade effort. To better understand organizations awareness and how they are managing these issues, PwC conducted an SAP controls study via and the internet. The study, conducted during 2012, generated 88 responses, of which 83 were from SAP users. Among other data, the survey focused on how risk and controls aspects are integrated into the project effort, identified impacts of the project, usage of GRC technology, and lessons learned. We noted several themes and trends in the way companies are dealing with risk and control relative to their SAP projects and environments as outlined in the following highlights: 2

3 Foreword (continued) Controls integration workstream Importantly, two-thirds (66 percent) of SAP software users reported having a controls integration workstream as part of their most recent SAP software implementation or technical upgrade. Typical controls integration cost was -3% of total project costs (36 percent), or in the 4%-7% range (18 percent). Controls integration was involved in all project phases, from Blueprint (60 percent), Design (87 percent), Test (95 percent), Go Live (87 percent), to Past Go Live (78 percent). A higher proportion of these companies controls were automated after the SAP project implementation or technical upgrade rising from a median 14.8 percent prior to a median of 26.4 after the SAP project. Impact of the SAP project Two-thirds (67 percent) of SAP software users surveyed believe that their investment in SAP resulted in an improvement in their overall control environment. Only 16 percent disagreed, while another 17 percent were not certain. A median savings of 13.0 percent was reported by the 39 percent of SAP users who have seen a savings. Significantly, more than half (58 percent) of these SAP software users reported that their company had not seen a savings in its controls and compliance efforts due to the SAP project. Primary responsibility Two functions, internal audit (65 percent) and security and controls teams (67 percent), are primarily responsible for identifying and monitoring of SAP related controls. What would you do differently? Respondents clearly had a desire for more automated controls. Many also expressed the importance of considering controls in the initial phase of their SAP projects to reduce the need to add them in after the fact. Leveraging GRC Technologies The majority (54 percent) of these SAP software users report currently leveraging GRC technologies (47 percent) and/or other compliance tools (18 percent). Most typically used is the GRC AC (34 percent). Background: SAP usage The version of SAP software these companies are using is primarily ECC 6.0 (76 percent). The majority of these SAP users (58 percent) have more than 2,000 SAP software users in their companies. A high proportion (81 percent) had their last SAP software implementation or technical upgrade recently, over the past 0-2 years. Most recent SAP project Two-thirds (66 percent) of the most recent SAP software projects were an implementation, and one-third (33 percent) involved a technical upgrade. One-in-five of these technical upgrades (6 percent of total) involved redesigning or enhancing significant business processes. Note: Total number of respondents = 88 Total number of respondents using SAP = 83 Only SAP users were asked use, implementation and controls questions 3

4 Company and respondent background Question 1. Please specify your functional title. Question 2. Please specify your company s industry/sector. Internal audit director, manager, or staff 28% Retail / Consumer 3 Chief audit executive 19% Industrial products 15% Information technology director, manager, or staff 9% Pharmaceutical / Life sciences 9% Finance director, manager, or staff 8% Technology 9% Compliance director, manager, or staff Chief information officer (CIO) 8% Entertainment / Media / Communications Transportation / Logistics 5% Chief financial officer (CFO) Aerospace & Defense Division CIO/CTO Automotive Tax director, manager, or staff Accounting director, manager, or staff Chief accounting officer, Corporate controller Diversity director, manager, staff Division controller Division vice president, manager Legal department director, manager, or staff Quality director, manager, or staff Energy / Mining Utilities Engineering / Construction Healthcare Insurance Professional / Business services Other 3 10% Risk management director, manager, or staff Other 7% 4

5 Company and respondent background Question 3. Is your company multinational? Multinational 90% No 10% Question 4. Please specify your company s type? Public 8 Privately held 18% Question 5. What is your company s global annual revenue? Less than $1 billion $1-$5 billion 10% 3 33% $5-$10 billion 19% $10-$25 billion $25-$50 billion More than $50 billion 15% 13% 8% 5

6 SAP Use Question 6. Which version of SAP does your company currently use? ECC The SAP software these companies are using is primarily ECC 6.0 used by 76 percent of those currently using any SAP software. ECC 5.0 is used by 9 percent and R/3 by 8 percent. ECC 5.0 R/3 9% 8% Other 5% Question 7. Please specify total number of SAP software users in your company. Less than 250 5% Among SAP users, the majority (58 percent) have more than 2,000 SAP software users in their companies. Only 5 percent have less than 250 SAP users, and 8 percent did not know total users ,000-2,000 More than 2,000 18% 1 58% Not certain 8% 3 Question 8. How long has it been since your last SAP software implementation or technical upgrade? 0-2 Years 8 A very high proportion of these users, 81 percent had their last SAP implementation or technical upgrade recently, over the past 0-2 years. Another 10 percent, over the past 3-5 years, and 5 percent more than 5 years. 3-5 Years More than 5 years Not certain 5% 4% 10% 6

7 SAP Implementation and Technical Upgrade Question 9. Was your most recent SAP software project an implementation or a technical upgrade? Implementation 6 Two-thirds (66 percent) of the most recent SAP software projects were implementations, and one-third (33 percent) were technical upgrades. Technical upgrade Not certain 33% Question 10. Did the SAP technical upgrade involve redesigning or enhancing significant business processes? One-in-five (19 percent) of SAP technical upgrades involved redesigning or enhancing significant business processes. Four-fifths (81 percent) did not. Redesign or enhance No 19% 8 Base: 27 respondents with a technical upgrade Question 11. What was the overall SAP software project cost? Less than $100 million 3 A total of 71 percent of SAP software users shared with us the overall SAP software project cost. High cost of over $500 million was reported by 13 percent, while lower cost, under $100 million, was reported by 36 percent reflecting a wide range of project costs. $100-$200 million $200-$300 million $300-$400 million 1 3% 7% 3 $400-$500 million More than $500 million 13% 29% 7

8 SAP Controls Integration Question 12. Did you have a controls integration workstream as part of your SAP software implementation or technical upgrade? Importantly, two-thirds (66 percent) of SAP software users reported having a controls integration workstream as part of their SAP software implementation or technical upgrade. Thirty-one percent did not, and 3 percent did not answer. Had controls integration workstream No 3% 3 6 Question 13. What percent of the overall SAP software project cost was spent on the controls integration? None 7% Seventy-one percent of those who reported having a controls integration workstream as part of their SAP software implementation or technical upgrade reported costs spent on controls integration. Typical costs reported for controls integration were in the - 3% range (36 percent), or 4%-7% range (18 percent). Only 6 percent spent in the 8-10% range, and 4 percent spent more than 10% for controls integration. 1-3% 4-7% 8-10% More than 10% 3 18% 4% 29% Base: 55 respondents with controls integration Question 14. What phases did the controls integration involve? Blueprint 3 60% Controls integration was involved in all phases, with virtually all users including it in the Test (95 percent), Design (87 percent), and Go Live phases (87 percent). Seventy-eight percent included it in Past Go Live while somewhat less (60 percent) included it in the initial Blueprint phase. Design Test Go Live 87% 95% 87% Post Go live 78% Base: 55 respondents with controls integration Note: Multiple responses permitted 8

9 SAP Controls Question 15. What percent of your controls were automated prior to the recent SAP software implementation or technical upgrade? Most controls were not automated prior to the SAP software implementation or technical upgrade. Over one third, 36 percent, had less than 10% automated prior, another 35 percent had between 1 and 30% automated prior, and only 16 percent had over 30% automated prior. Thirteen percent did not answer. The median of those answering was just 14.8 percent with prior automation. None 1-10% 11-20% 21-30% 31-40% 41-50% 19% 1 3% 7% 30% 51-60% 0% More than 60% 13% Question 16. What percent of your company s controls were automated after the SAP project? None A notably higher proportion of these companies controls were automated after their SAP project, rising from a median of 14.8 percent before to a median of 26.4 percent after. Only 18 percent had less than 10% automated after, another 33 percent had between 1 and 30% automated after, and 37 percent had over 30% after, compared to just 16 percent over 30% prior. Twelve percent did not answer. 1-10% 11-20% 21-30% 31-40% 41-50% 9% 1 17% % 1 More than 60% 1 1 9

10 SAP Controls Question 17. Has your company seen a savings in its controls and compliance efforts due to the SAP project? No savings 58% Significantly, the majority, 58 percent, of these SAP software users reported that their companies had not seen a savings in their controls and compliance efforts as a result of their SAP project. A still solid 39 percent did, and 3 percent did not answer. Company savings 3% 39% Question 18. What is the percentage reduction in your company s controls and compliance related efforts? None 0% Two-thirds (65 percent) of those reporting a savings in their controls and compliance efforts gave an estimate of the reduction in effort. The median reduction among those reporting was 13.0 percent. Many reported a reduction of under 10% (31 percent), or 1-20% (16 percent), but 9 percent reported a reduction of more than 50%. Thirty- five percent of this small base did not answer. 1-10% 11-20% 21-30% 31-40% 41-50% 1 3% 0% % More than 60% 3% 35% Base: 32 respondents 3 with savings in controls and compliance efforts Question 19. Has your company s investment in SAP resulted in an improvement in your overall control environment? It is noteworthy that two-thirds (67 percent) of SAP software users surveyed believe that their investment in SAP resulted in an improvement in their overall control environment. Only 16 percent disagreed, and 17 percent did not know. Improvement No improvement Not certain 1 17% 67% 10

11 SAP Controls Question 20. Who in your company is primarily responsible for the identification and monitoring of SAP related controls? Two functions, security and controls (67 percent) and internal audit (65 percent), are primarily responsible for the identification and monitoring of SAP related controls. End users (34 percent) and other functions (21 percent) were also mentioned. Security and controls Internal audit End users Other 2 34% 67% 65% Note: Multiple responses permitted Question 21. Is your company currently leveraging any of the following GRC technologies to assist in the management of SAP related compliance? The majority (54 percent) of these SAP software users report currently leveraging SAP s GRC Access Control (AC) and/or Process Control (PC) (47 percent) technologies, and/or other compliance tools (18 percent), to assist in the management of SAP related compliance. Most typically used is GRC AC (34 percent). Another 18 percent either did not know or did not answer, while 28 percent reported not using any of the listed or other technologies. GRC AC GRC PC GRC AC and PC Other compliance tools None of the above Not certain 34% 1 18% 28% 1 3 Note: Multiple responses permitted 11

12 SAP Controls Question 22. What would you do differently with respect to SAP controls? A common theme in the responses was a desire for more automated controls. In addition, a number of respondents noted that it was important to consider controls in the initial design phase, reducing the need to add them in after Go Live. Assess the controls in build and design phase of the project. Leverage more of SAP for automated controls. Define the end state organization to maintain control environment. Spend more time updating company processes to use more inherent SAP controls Map and rely on more automated controls. Improve tone at the top push down to consider controls within IT project implementation Ensure that the application controls are in place prior to go-live and that the staff are properly trained to understand the system and controls. Created them in conjunction to the implementation instead of after the fact. Embed security and controls components within each process workstream rather than having them represent a standalone activity. Make sure the project team took more ownership in driving the design of controls. Hold up \go-lives\" to enforce security related controls (system access/ segregation of duties) are in place AND operational AND effective. Current methodology seems to be a get it in and clean it up later approach." More automation More Automation and better integration of controls in the project plan We are considering adding GRC process controls when we upgrade to GRC10 Spend more time before first implementation on designing roles and controls and understanding object control availability Embed identification of business process controls up front in the project. Implement GRC as part of Wave 1 Automate more Hard to say -- implementation is not scheduled to be complete until Try to leverage the system more to perform the controls (automation) Implement GRC soon... Better alignment to SOX controls as a part of the SAP standard delivery methodology Try to have more automated controls; put more thought into provisioning and role design up front and then stick with the chosen model We rely on processing controls, approval tables and reference to mitigating controls as defined for key employees. Better engagement between implementation and business teams. Better \future state\" planning (roles and responsibilities We are currently investigating SAP tooling within Solution Mgr. Implement more real-time controls monitoring and potential exception reporting I would like the use of and reliance upon system controls - initially through workflow in the system. Additionally, I would like to implement GRC. 3 Involve business more in identification and 'ownership' of automated controls. We have 9 separate instances of SAP around the world and tend to do things differently. We are planning to further commonize processes and tools. Acquire and leverage GRC tools Create more automation in the environment More use of automated controls monitoring More time spent on assessing potential process improvements in the design phase of the project. The users just build what they already know. 12

13 Contact: Robert Clark Principal; Risk Assurance (267) Sean Donahue Partner, Risk Assurance (414) James Draper Principal, Risk Assurance (415) Dave Erickson Partner, Risk Assurance (312) Sachin Mandal Principal; Risk Assurance (973) Greg Pillay Principal, Risk Assurance (813) Tammy Wojtasiak Partner, Risk Assurance (612) Eric Bloesch Managing Director; Risk Assurance (267) About PwC s SAP practice: PwC is the largest professional services firm in the world with over 168,000 people in 158 countries. Our SAP practice has been involved with SAP transformation initiatives from the early 1990 s, with more than 1,400 SAP-dedicated professionals. Focused on driving performance improvement through integrating risk, process, and technology solutions, we leverage our experience and product knowledge to address the financial, operational, technical and compliance challenges that you face when undertaking significant upgrades or implementations of SAP. About the research: PwC s ERP SAP controls study was conducted via and the internet during April and May, A list of likely SAP users was developed by PwC. The independent research firm BSI Global Research Inc. ed potential respondents with an invitation to participate in the survey on behalf of PwC. The invitation directed respondents to a web survey application. The survey was completed by 88 respondents, of which 83 were SAP users. Individual responses were confidential and no company specific data was shared with PwC. PricewaterhouseCoopers has exercised reasonable professional care and diligence in the collection, processing, and reporting of this information. However, the data used is from third-party sources and PricewaterhouseCoopers has not independently verified, validated, or audited the data. PricewaterhouseCoopers makes no representations or warranties with respect to the accuracy of the information, nor whether it is suitable for the purposes to which it is put by users. PricewaterhouseCoopers shall not be liable to any user of this report or to any other person or entity for any inaccuracy of this information or any errors or omissions in its content, regardless of the cause of such inaccuracy, error or omission. Furthermore, in no event shall PricewaterhouseCoopers be liable for consequential, incidental or punitive damages to any person or entity for any matter relating to this information PricewaterhouseCoopers LLP. All rights reserved. "PricewaterhouseCoopers" and PwC refer to PricewaterhouseCoopers LLP or, as the context requires, the PricewaterhouseCoopers global network or other member firms of the network, each of which is a separate and independent legal entity. This document is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.

SAP GRC Technology Embed security and controls through technology

SAP GRC Technology Embed security and controls through technology www.pwc.com SAP GRC Technology Embed security and controls through technology Maximize the benefit from GRC technology Background Managing governance, risk and compliance continues to be a challenge for

More information

www.pwc.com SAP Training Are your people adequately trained to maximize your

www.pwc.com SAP Training Are your people adequately trained to maximize your www.pwc.com SAP Training Are your people adequately trained to maximize your return from SAP? Understand the challenges your organization has with SAP Background Organizations are investing significant

More information

What sets breakthrough innovators apart PwC s Global Innovation Survey 2013: US Summary

What sets breakthrough innovators apart PwC s Global Innovation Survey 2013: US Summary What sets breakthrough innovators apart PwC s Global Innovation Survey 2013: US Summary www.pwc.com/innovationsurvey 60% $250b The top innovators in our study plan to grow by more than 60 percent over

More information

www.pwc.com Advisory Services Oracle Alliance Case Study

www.pwc.com Advisory Services Oracle Alliance Case Study www.pwc.com Advisory Services Oracle Alliance Case Study A global software company turns a Sarbanes-Oxley challenge into an opportunity for cost reduction and performance improvement Client s challenge

More information

Automating the Audit July 2010

Automating the Audit July 2010 Jamie Williams PwC, Systems & Process Assurance PwC Agenda 1. Technology and PwC State of Internal Audit Survey 2. Technology/Data Analytics 3. Continuous Monitoring 4. Common Software 5. ACL Scripts 6.

More information

Exposing the hidden cost of Payroll and HR Administration A total cost of ownership study

Exposing the hidden cost of Payroll and HR Administration A total cost of ownership study www.pwc.com/ca Exposing the hidden cost of Payroll and HR Administration A total cost of ownership study A PwC/ADP study March 2012 Executive overview Do you know how much your organization is really

More information

The hidden reality of payroll & HR administration costs

The hidden reality of payroll & HR administration costs The hidden reality of payroll & HR administration costs Exploring hidden cost drivers and characteristics of cost-effective organizations January 2011 Contents Executive overview 1 Methodology 3 Key findings

More information

Employee Financial Wellness Survey 2015 results

Employee Financial Wellness Survey 2015 results Employee Financial Wellness Survey 2015 results April 2015 Retirement Employer benefits Financial stress Investing Cash and debt management Risk management About this survey PwC s Employee Financial Wellness

More information

Sustainable talent management in Oil & Gas

Sustainable talent management in Oil & Gas Sustainable talent management in Oil & Gas www.pwc.co.uk Maximising the value of your people In conjunction with the falling oil price, people and capabilities is a major issue in the Oil & Gas industry.

More information

www.pwc.com Understanding ERP Architectures, Security and Risk Brandon Sprankle PwC Partner March 2015

www.pwc.com Understanding ERP Architectures, Security and Risk Brandon Sprankle PwC Partner March 2015 www.pwc.com Understanding ERP Architectures, Security and Risk Brandon Sprankle Partner Agenda 1. Introduction 2. Overview of ERP security architecture 3. Key ERP security models 4. Building and executing

More information

19/10/2012. How do you monitor. (...And why should you?) CAS Annual Meeting - Henry Jupe

19/10/2012. How do you monitor. (...And why should you?) CAS Annual Meeting - Henry Jupe www.pwc.com How do you monitor data quality? (...And why should you?) CAS Annual Meeting - November 2012 Henry Jupe Antitrust notice The Casualty Actuarial Society is committed to adhering strictly to

More information

Financial Services Internal Audit Increased expectations of value

Financial Services Internal Audit Increased expectations of value Financial Services Internal Audit Increased expectations of value The critical issues financial institutions face today are affecting their entire business. The industry continues to face regulatory reform

More information

Unlocking value from your ERP service organization*

Unlocking value from your ERP service organization* Consulting Application Managed Services Technology Unlocking value from your ERP service organization* Application Support Effectiveness Assessment can help you identify and dismantle the roadblocks that

More information

September 2013. Tax technology: Creating a strategic asset

September 2013. Tax technology: Creating a strategic asset September 2013 Tax technology: Creating a strategic asset Introduction When it comes to strategies for using technology in the tax function, how are leading companies positioned? Where do major organizations

More information

Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP

Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP Today's unpredictable business climate and challenging regulatory

More information

Lessons learned and key success factors for integrating non-retail business unit into SAP IS Retail environment

Lessons learned and key success factors for integrating non-retail business unit into SAP IS Retail environment Lessons learned and key success factors for integrating non-retail business unit into SAP IS Retail environment Ted Jackson, CIO and VP of IT, Sport Chalet Prashant Kulkarni, Director SAP, PwC About us

More information

Webinar and Marketing Technology Purchase Decision Analysis Prepared for ON24

Webinar and Marketing Technology Purchase Decision Analysis Prepared for ON24 Webinar and Marketing Technology Purchase Decision Analysis Prepared for ON24 December 2015 www.hanoverresearch.com Table of Contents Introduction and Methodology.. P 3 Executive Summary and Key Findings..

More information

GR5 Access Request. Process Diagram

GR5 Access Request. Process Diagram GR5 Access Request Process Diagram Purpose, Benefits, and Key Process Steps Purpose This scenario uses business roles to show a new user access provisioning and also demo using simplified access request

More information

California Department of Corrections and Rehabilitation Enterprise Information Services. Business Information System Project

California Department of Corrections and Rehabilitation Enterprise Information Services. Business Information System Project California Department of Corrections and Rehabilitation Enterprise Information Services Business Information System Project Initiation: January 2001 Completion: December 2012 2013 NASCIO Recognition Award

More information

Compliance & Internal Audit Collaboration

Compliance & Internal Audit Collaboration www.pwc.com Compliance & Internal Collaboration Developing a compliance third line of October 2015 The Society of Corporate Compliance & Ethics 14 th Annual Compliance & Ethics Institute Conference Introductions

More information

Infosys: Treating Governance and Compliance Strategically with SAP Access Control

Infosys: Treating Governance and Compliance Strategically with SAP Access Control Infosys: Treating Governance and Compliance Strategically with SAP Access Control Stringent management of user access controls and the segregation of duties are becoming a strategic concern for businesses

More information

Solutions. Master Data Governance Model and the Mechanism

Solutions. Master Data Governance Model and the Mechanism Solutions Master Data Governance Model and the Mechanism Executive summary Organizations worldwide are rapidly adopting various Master Data Management (MDM) solutions to address and overcome business issues

More information

www.pwc.com PwC The Path Forward for Data Analysis and Continuous Auditing May 2011

www.pwc.com PwC The Path Forward for Data Analysis and Continuous Auditing May 2011 www.pwc.com The Path Forward for Data Analysis and Continuous Auditing May 2011 Agenda What are we hearing in the market? The CA Maturity Path Where to start? What is the difference between CA & CCM? Best

More information

Managing risks in a Salesforce environment

Managing risks in a Salesforce environment Managing risks in a Salesforce environment Managing risks in a Salesforce environment In today s rapidly changing world of business, only companies that understand and anticipate customer needs and consistently

More information

Leveraging the power of SAP POD for High-Tech/Software companies. Arun Trivedi, PwC

Leveraging the power of SAP POD for High-Tech/Software companies. Arun Trivedi, PwC Leveraging the power of SAP POD for High-Tech/Software companies Arun Trivedi, PwC LEARNING POINTS Reduce audit/compliance risk by using out of the box SAP POD (Proof of Delivery) functionality Increase

More information

Business-Driven, Compliant Identity Management

Business-Driven, Compliant Identity Management SAP Solution in Detail SAP NetWeaver SAP Identity Management Business-Driven, Compliant Identity Management Table of Contents 3 Quick Facts 4 Business Challenges: Managing Costs, Process Change, and Compliance

More information

Escalating concern over cyber threats has CEOs warming to government collaboration

Escalating concern over cyber threats has CEOs warming to government collaboration Escalating concern over cyber threats has CEOs warming to government collaboration 2015 US CEO Survey Leading in extraordinary times With cyber attacks the new normal in business, CEOs from the biggest

More information

4th Annual ISACA Kettle Moraine Spring Symposium

4th Annual ISACA Kettle Moraine Spring Symposium www.pwc.com 4th Annual ISACA Kettle Moraine Spring Symposium Session 2 Big Data May 14th, 2014 Session Objective Learn about governance, risks, and compliance considerations that become particularly important

More information

Continuous Monitoring: Match Your Business Needs with the Right Technique

Continuous Monitoring: Match Your Business Needs with the Right Technique Continuous Monitoring: Match Your Business Needs with the Right Technique Jamie Levitt, Ron Risinger, September 11, 2012 Agenda 1. Introduction 2. Challenge 3. Continuous Monitoring 4. SAP s Continuous

More information

Texas Instruments: Making the Journey from Home-Grown SoD Compliance to SAP GRC AC 10.0 Chris Fowler Solution Architect, Texas Instruments Vicki

Texas Instruments: Making the Journey from Home-Grown SoD Compliance to SAP GRC AC 10.0 Chris Fowler Solution Architect, Texas Instruments Vicki Texas Instruments: Making the Journey from Home-Grown SoD Compliance to SAP GRC AC 10.0 Chris Fowler Solution Architect, Texas Instruments Vicki Purcell Senior Associate, PricewaterhouseCoopers About Texas

More information

PwC s 5th Annual Digital IQ Survey

PwC s 5th Annual Digital IQ Survey www.pwc.com/digitaliq PwC s 5th Annual Digital IQ Survey Digital Conversations and the C-suite Digital IQ PwC s 5th Annual Survey Findings: Leadership teams integrate digital conversations across all aspects

More information

The Cost of Malware Containment

The Cost of Malware Containment The Cost of Malware Containment Sponsored by Damballa Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report The Cost of Malware Containment Ponemon

More information

An overview of COSO s 2013 Internal Control-Integrated Framework

An overview of COSO s 2013 Internal Control-Integrated Framework An overview of COSO s 2013 Internal Control-Integrated Framework Prepared by: Sara Lord, Partner, National Professional Standards Group, McGladrey LLP sara.lord@mcgladrey.com May 2013 Introduction In 1992,

More information

Babcock & Brown Capital General Meeting. 27 April 2009

Babcock & Brown Capital General Meeting. 27 April 2009 Babcock & Brown Capital General Meeting 27 April 2009 CONTENTS 1. Welcome 2. Management Internalisation Proposal 3. Strategic Update 4. TaemasBridge Proposal 5. EGM Formal Business 6. Close 1 INTRODUCTION

More information

Metrics by design A practical approach to measuring internal audit performance

Metrics by design A practical approach to measuring internal audit performance Metrics by design A practical approach to measuring internal audit performance September 2014 At a glance Expectations of Internal Audit are rising. Regulatory pressure is increasing. Budgets are tightening.

More information

Kennametal: Gaining Transparency in IT and Business with SAP Enterprise Support

Kennametal: Gaining Transparency in IT and Business with SAP Enterprise Support 2014 SAP AG or an SAP affiliate company. All rights reserved. Picture Credit Kennametal, Latrobe, PA/USA. Used with permission. Kennametal: Gaining Transparency in IT and Business with SAP Enterprise Support

More information

U.S. Postal Service s DRIVE 25 Improve Customer Experience

U.S. Postal Service s DRIVE 25 Improve Customer Experience U.S. Postal Service s DRIVE 25 Improve Customer Experience Audit Report Report Number MI-AR-16-001 November 16, 2015 DRIVE Initiative 25 is suppose to increase customer satisfaction with how complaints

More information

PwC/IoD Channel Island Non-executive Director Remuneration Survey 2015

PwC/IoD Channel Island Non-executive Director Remuneration Survey 2015 www.pwc.com PwC/IoD Channel Island Non-executive Director Remuneration Survey 2015 Highlights Respondents 89 NEDs 441 Significant Entities* 1,646 directorships Respondents from Guernsey and Jersey - close

More information

The evolution of model risk management January 2016

The evolution of model risk management January 2016 www.pwc.com/us/insurance The evolution of model risk management January 2016 2 top issues The evolution of model risk management One of the fastest growing concerns on insurers enterprise risk agenda is

More information

Ethics and Compliance Training

Ethics and Compliance Training www.pwc.com Ethics and Compliance Training Keep Up Your Dukes - Benchmarking and Maintaining Your System April 1, 2014 Ethics and Compliance Keep Up Your Dukes - Benchmarking and Maintaining Your System

More information

Healthcare in the Midst of Change: Linking Engagement and HR Transformation

Healthcare in the Midst of Change: Linking Engagement and HR Transformation Healthcare in the Midst of Change: Linking Engagement and HR Transformation Presented by Warren Cinnick Vice President, Talent Management Trinity Health Sayed Sadjady Talent Management/Org Design Leader,

More information

Application Test Management and Quality Assurance

Application Test Management and Quality Assurance SAP Brief Extensions SAP Quality Center by HP Objectives Application Test Management and Quality Assurance Deliver new software with confidence Deliver new software with confidence Testing is critical

More information

E-discovery and Legal Outsourcing New Trends and Services Offered in Litigation Support

E-discovery and Legal Outsourcing New Trends and Services Offered in Litigation Support E-discovery and Legal Outsourcing New Trends and Services Offered in Litigation Support www.connect-goal.com 28 Jan 2013 Speakers Michael Lew Director & Head - Digital Forensics Chio Lim Stone Forest Singapore

More information

Preparing for a Software Vendor Compliance Review: Improving Response and Realizing Cost Savings Through SAM

Preparing for a Software Vendor Compliance Review: Improving Response and Realizing Cost Savings Through SAM SoftSummit 2009 Preparing for a Software Vendor Compliance Review: Improving Response and Realizing Cost Savings Through SAM Presented by: Bruce Vanderbush Partner Christopher Ruhl Director October 21,

More information

A BearingPoint Accelerator

A BearingPoint Accelerator > GRC A BearingPoint Accelerator Working closely with the client, we deliver a rigorous and effective integrated GRC (Governance, Risk and Compliance) solution one that is not only right for the client,

More information

Asset Management Strategies for Oil & Gas Businesses

Asset Management Strategies for Oil & Gas Businesses Asset Management Strategies for Oil & Gas Businesses Summary Results December 2014 Program Overview Between October and December 2014, Gatepoint Research invited selected oil and gas executives to participate

More information

Building the business case for tax transformation

Building the business case for tax transformation Building the business case for tax transformation Measuring and communicating the value of your tax transformation initiatives Many tax departments today face increasing pressure from their CFOs to elevate

More information

A GLOBAL SECURITY & ASSET PROTECTION ORGANIZATION S APPROACH TO ACCESS MANAGEMENT How They Achieved Efficient SoD & Access Management

A GLOBAL SECURITY & ASSET PROTECTION ORGANIZATION S APPROACH TO ACCESS MANAGEMENT How They Achieved Efficient SoD & Access Management October 2014 A GLOBAL SECURITY & ASSET PROTECTION ORGANIZATION S APPROACH TO ACCESS MANAGEMENT How They Achieved Efficient SoD & Access Management CASE STUDY Governance, Risk Management & Compliance Insight

More information

COUNCIL POLICY INTERNAL AUDIT

COUNCIL POLICY INTERNAL AUDIT COUNCIL POLICY INTERNAL AUDIT Policy Number: GOV-29 Responsible Department(s): Corporate Services Relevant Delegations: None Other Relevant Policies: Risk Management Policy Fraud & Corruption Prevention

More information

At a glance. A provision to require a written assertion from company management is the most notable difference between the two standards.

At a glance. A provision to require a written assertion from company management is the most notable difference between the two standards. At a glance While there are some differences, SAS 70 and SSAE 16 are substantially the same. SAS 70 is an audit standard while SSAE 16 is an attest standard. Out with the old SAS 70 and in with the new

More information

Driving Excellence in Implementation and Beyond The Underlying Quality Principles

Driving Excellence in Implementation and Beyond The Underlying Quality Principles SAP Thought Leadership Paper SAP Active Quality Management Driving Excellence in Implementation and Beyond The Underlying Quality Principles 2014 SAP AG or an SAP affiliate company. All rights reserved.

More information

SAP Overview Brochure. Confidence Powers Success. SAP Solutions for Governance, Risk, and Compliance.

SAP Overview Brochure. Confidence Powers Success. SAP Solutions for Governance, Risk, and Compliance. SAP Overview Brochure Confidence Powers Success. SAP Solutions for Governance, Risk, and Compliance. Table of Contents 3) Build trust to achieve business results Introduction 4-5) Gain clarity from greater

More information

Corporate Treasury s New Role: Strategic Business Advisor

Corporate Treasury s New Role: Strategic Business Advisor E-Book NO. 18 Corporate Treasury s New Role: Strategic Business Advisor SAP Center for Business Insight Brief Q&A Case Study Inquiry E-Book Companies Want Their Treasury Groups to Become Strategic Advisors

More information

Simplifying the audit through innovation

Simplifying the audit through innovation Simplifying the audit through innovation Simplifying the audit through innovation New performance Smoother workflows and stronger collaboration New clarity Consistent execution and greater visibility New

More information

Build an Advanced Incentive- Compensation Program That Meets Today s Sales Goals

Build an Advanced Incentive- Compensation Program That Meets Today s Sales Goals SAP Brief SAP Extensions SAP Incentive Administration by Vistex Objectives Build an Advanced Incentive- Compensation Program That Meets Today s Sales Goals Take advantage of new approaches for today s

More information

CITY OF MINNEAPOLIS INTERNAL AUDIT FUNCTION: QUALITY ASSESSMENT. And RECOMMENDATIONS

CITY OF MINNEAPOLIS INTERNAL AUDIT FUNCTION: QUALITY ASSESSMENT. And RECOMMENDATIONS CITY OF MINNEAPOLIS INTERNAL AUDIT FUNCTION: QUALITY ASSESSMENT And RECOMMENDATIONS Submitted By, Internal Audit Review Committee Katie Shea, Metropolitan Council Al Willie, University of Minnesota Cliff

More information

China Grand Auto: Partnering with SAP on a State-of-the-Art Platform for a Multibrand Dealer Group

China Grand Auto: Partnering with SAP on a State-of-the-Art Platform for a Multibrand Dealer Group 2015 SAP SE or an SAP affiliate company. All rights reserved. China Grand Auto: Partnering with SAP on a State-of-the-Art Platform for a Multibrand Dealer Group Company China Grand Automotive Services

More information

Empower loss prevention with strategic data analytics

Empower loss prevention with strategic data analytics www.pwc.com/us/lossprevention January 2015 Empower loss prevention with strategic data analytics Empower loss prevention with strategic data analytics Amid heightened levels of business competition and

More information

Extraction of SAP Data for Audit & Compliance

Extraction of SAP Data for Audit & Compliance Extraction of SAP Data for Audit & Compliance LiveCompare Case Study David Barkhausen 20 November 2012 Contents Key Learning Points British American Tobacco Overview Audit Challenges Addressing The Challenges

More information

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT

More information

Is It Time to Centralize Your Accounting Office?

Is It Time to Centralize Your Accounting Office? December 2014 Is It Time to Centralize Your Accounting Office? Back-Office Consolidation Can Help Auto Dealers Manage Multiple Locations Jodi Kippe, CPA, and Kara Perkins, CPA Many dealers face the issue

More information

IAB internet advertising revenue report 2014 full year results

IAB internet advertising revenue report 2014 full year results www.pwc.com www.iab.net IAB internet advertising revenue report 2014 full year results Agenda Survey methodology 2014 full year results Full year and quarterly trends Advertising formats Social media Pricing

More information

Driving software development through measurement Results from PwC s Software Measurement Study

Driving software development through measurement Results from PwC s Software Measurement Study Driving software development through measurement Results from PwC s Software Measurement Study Technology Institute November 2014 At a glance Software has evolved to be central to most high tech products.

More information

Access Governance. Delivering value. What you gain. Putting a project back on track for success

Access Governance. Delivering value. What you gain. Putting a project back on track for success What you gain Risk-managed access Having a second line of defence to identify what needs to be controlled and who owns it lowers your operational costs, while taking a risk-based approach ensures greater

More information

Assuring success in large business programs Internal audit s role in strategic risk management

Assuring success in large business programs Internal audit s role in strategic risk management The resilience, reputation and value of a company can be positively influenced by successful transformation projects. Assuring success in large business programs Internal audit s role in strategic risk

More information

2013 SAP SALARY SURVEY SUMMARY

2013 SAP SALARY SURVEY SUMMARY 2013 SAP SALARY SURVEY SUMMARY SURVEY RESULTS AND EXECUTIVE SUMMARY APRIL 2013 FOR QUESTIONS AND ADDITIONAL INFORMATION E-MAIL INFO@PANAYA.COM OR VISIT WWW.PANAYA.COM 0T0T0T0T0T0T0T0T0T0T0T0T0T 0T0T0T0T

More information

How are companies preparing for the new senior accounting officer requirements?

How are companies preparing for the new senior accounting officer requirements? How are companies preparing for the new senior accounting officer requirements? Budget 2009 introduced requirements for the senior accounting officer (SAO) of large companies and groups to report to HM

More information

SAP BusinessObjects GRC Access Control 10.0 New Feature Highlights and Initial Lessons Learned

SAP BusinessObjects GRC Access Control 10.0 New Feature Highlights and Initial Lessons Learned SAP BusinessObjects GRC Access Control 10.0 New Feature Highlights and Initial Lessons Learned Executive Summary Organizations evaluating technology solutions to enhance their governance, risk and compliance

More information

National Bank of Canada: Transforming the Mortgage Origination Process

National Bank of Canada: Transforming the Mortgage Origination Process 2013 SAP AG or an SAP affiliate company. All rights reserved. National Bank of Canada: Transforming the Mortgage Origination Process Company National Bank of Canada Headquarters Montreal, Quebec Industry,

More information

An Enterprise Resource Planning Solution for Mill Products Companies

An Enterprise Resource Planning Solution for Mill Products Companies SAP Thought Leadership Paper Mill Products An Enterprise Resource Planning Solution for Mill Products Companies Driving Operational Excellence and Profitable Growth Table of Contents 4 What It Takes to

More information

Process Control Optimisation with SAP

Process Control Optimisation with SAP Process Control Optimisation with SAP The procure-to-pay cycle, which includes all activities from the procurement of goods and services to receiving invoices and paying vendors, is a basic business process.

More information

THE NEXT GENERATION OF HR SHARED SERVICES SUBHEADLINE RUNS HERE AND HERE AND HERE AND HERE

THE NEXT GENERATION OF HR SHARED SERVICES SUBHEADLINE RUNS HERE AND HERE AND HERE AND HERE THE NEXT GENERATION OF HR SHARED SERVICES SUBHEADLINE RUNS HERE AND HERE AND HERE AND HERE SAP Executive Insight It s no secret that implementing HR shared services can help organizations generate significant

More information

www.pwc.com/us/renewables Corporate renewable energy procurement survey insights

www.pwc.com/us/renewables Corporate renewable energy procurement survey insights www.pwc.com/us/renewables Corporate renewable energy procurement survey insights June 2016 Executive summary One of the biggest developments in the renewable energy marketplace in the last 12 24 months

More information

Accounts Payable Fraud & Risk Reduction

Accounts Payable Fraud & Risk Reduction Accounts Payable Fraud & Risk Reduction Implementing a Proactive Position Accounts Payable Fraud & Risk Reduction Implementing a Proactive Position Accounts Payable Fraud & Risk Reduction Implementing

More information

Leveraging advanced controls with E-Business suite implementation and upgrade projects

Leveraging advanced controls with E-Business suite implementation and upgrade projects www.pwc.com PwC Oracle practice 2013 Leveraging advanced controls with E-Business suite implementation and upgrade projects Leveraging the advanced financial controls in the Oracle Governance, Risk, and

More information

Risk Management: IT Vendor Management and Outsourcing

Risk Management: IT Vendor Management and Outsourcing www.pwc.com Risk Management: IT Vendor Management and Outsourcing Definitions Third Party is any entity not under direct business control of a given organization. Many people equate third parties with

More information

SURVEY REPORT PON SPON. Results of a Survey Conducted for Electric Cloud. Published January 2011. An Osterman Research Survey Report.

SURVEY REPORT PON SPON. Results of a Survey Conducted for Electric Cloud. Published January 2011. An Osterman Research Survey Report. SURVEY REPORT PON sponsored by Results of a Survey Conducted for Electric Cloud An Osterman Research Survey Report Published January 2011 SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond,

More information

Ericsson Group Certificate Value Statement - 2013

Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...

More information

The Benefits of PLM-based CAPA Software

The Benefits of PLM-based CAPA Software For manufacturers in industries that produce some of the world s most complex products, effective quality management continues to be a competitive advantage. Whether in automotive, aerospace and defense,

More information

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14 www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the

More information

Transform Audit Practices and Move Beyond Assurance

Transform Audit Practices and Move Beyond Assurance SAP Brief SAP s for Governance, Risk, and Compliance SAP Audit Management Objectives Transform Audit Practices and Move Beyond Assurance Advance along the technology curve Advance along the technology

More information

Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape

Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape January 2013 Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape At a glance Threats to data security both

More information

Research Update: Danish Mortgage Bank DLR Kredit A/S Assigned 'BBB+/A-2' Ratings. Table Of Contents

Research Update: Danish Mortgage Bank DLR Kredit A/S Assigned 'BBB+/A-2' Ratings. Table Of Contents May 31, 2012 Research Update: Danish Mortgage Bank DLR Kredit A/S Assigned 'BBB+/A-2' Ratings Primary Credit Analyst: Per Tornqvist, Stockholm (46) 8-440-5904;per_tornqvist@standardandpoors.com Secondary

More information

www.pwchk.com Inspiration for what is possible Inspiring new possibilities for your business with PwC and Oracle

www.pwchk.com Inspiration for what is possible Inspiring new possibilities for your business with PwC and Oracle www.pwchk.com Inspiration for what is possible Inspiring new possibilities for your business with PwC and Oracle Oracle Business Applications Practice Overview December 2013 Inspiring new possibilities

More information

Moving Forward with IT Governance and COBIT

Moving Forward with IT Governance and COBIT Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around

More information

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director January IIA / ISACA Joint Meeting Pre-meeting Cybersecurity Update for Internal Auditors Matt Wilson, Risk Assurance Director Introduction and agenda Themes from The Global State of Information Security

More information

Bekaert: Reorganizing Sales and Distribution Units in SAP ERP and SAP BW

Bekaert: Reorganizing Sales and Distribution Units in SAP ERP and SAP BW Bekaert: Reorganizing Sales and Distribution Units in SAP ERP and SAP BW To simplify its business, Bekaert launched a project to reorganize its sales and distribution structures in its global SAP ERP application

More information

DESIGNED FOR YOUR INDUSTRY. SCALED TO YOUR BUSINESS. READY FOR YOUR FUTURE. SAP INDUSTRY BRIEFING FOR HEATING, VENTILATION, AIR CONDITIONING, AND

DESIGNED FOR YOUR INDUSTRY. SCALED TO YOUR BUSINESS. READY FOR YOUR FUTURE. SAP INDUSTRY BRIEFING FOR HEATING, VENTILATION, AIR CONDITIONING, AND DESIGNED FOR YOUR INDUSTRY. SCALED TO YOUR BUSINESS. READY FOR YOUR FUTURE. SAP INDUSTRY BRIEFING FOR HEATING, VENTILATION, AIR CONDITIONING, AND PLUMBING EQUIPMENT MANUFACTURERS BEST-RUN HVAC AND PLUMBING

More information

DEFINING OUR ROLE IN A CHANGING LANDSCAPE

DEFINING OUR ROLE IN A CHANGING LANDSCAPE DEFINING OUR ROLE IN A CHANGING LANDSCAPE North American report October 2013 Disclaimer Table of Contents Introduction...1 Outlook for Internal Audit Remains Strong...3 Strategic Business Risk: Opportunity

More information

Bharat Petroleum: Fueling Real Estate Revenues with SAP Real Estate Management

Bharat Petroleum: Fueling Real Estate Revenues with SAP Real Estate Management Bharat Petroleum: Fueling Real Estate Revenues with SAP Real Estate Management How does one of India s most recognized energy companies gain more clarity and control over a vast and geographically spread-out

More information

T-Systems: Operate Complex IT Landscapes Efficiently with SAP Landscape Virtualization Management

T-Systems: Operate Complex IT Landscapes Efficiently with SAP Landscape Virtualization Management 2015 SAP SE or an SAP affiliate company. All rights reserved. T-Systems: Operate Complex IT Landscapes Efficiently with SAP Landscape Virtualization Management T-Systems International GmbH Industry Professional

More information

Trends shaping governance and the board of the future Executive compensation and director communications

Trends shaping governance and the board of the future Executive compensation and director communications PwC s 204 Annual Corporate Directors Survey Trends shaping governance and the board of the future Executive compensation and director communications Table of contents Executive compensation remains a

More information

Information Security & the Business: Changing the Conversation

Information Security & the Business: Changing the Conversation Information Security & the Business: Changing the Conversation James J. Cusick, PMP Chief Security Officer & Director IT Operations Wolters Kluwer, CT Corporation, New York, NY j.cusick@computer.org Introduction

More information

Outperform Financial Objectives and Enable Regulatory Compliance

Outperform Financial Objectives and Enable Regulatory Compliance SAP Brief Analytics s from SAP SAP s for Enterprise Performance Management Objectives Outperform Financial Objectives and Enable Regulatory Compliance Drive better decisions and streamline the close-to-disclose

More information

SDLC- Key Areas to Audit in IT Projects ISACA Geek Week 2013 8/21/2013. PwC

SDLC- Key Areas to Audit in IT Projects ISACA Geek Week 2013 8/21/2013. PwC SDLC- Key Areas to Audit in IT Projects ISACA Geek Week 2013 8/21/2013 1 Introductions and Projects Overview Presenters Charlie Miller and Andrew Gerndt The Coca-Cola Company Principal IT Auditors Atlanta,

More information

Master Data Governance Find Out How SAP Business Suite powered by SAP HANA Delivers Business Value in Real Time

Master Data Governance Find Out How SAP Business Suite powered by SAP HANA Delivers Business Value in Real Time Master Data Governance Find Out How SAP Business Suite powered by SAP HANA Delivers Business Value in Real Time Disclaimer This document is not subject to your license agreement or any other service or

More information

Achieving Security in Workplace File Sharing. Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014

Achieving Security in Workplace File Sharing. Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Achieving Security in Workplace File Sharing Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Ponemon Institute Research Report Part 1. Introduction Achieving

More information

Formulate Winning Sales and Operations Strategies Through Integrated Planning

Formulate Winning Sales and Operations Strategies Through Integrated Planning SAP Brief SAP Supply Chain Management SAP Sales and Operations Planning Objectives Formulate Winning Sales and Operations Strategies Through Integrated Planning Keep pace with rapidly changing market conditions

More information

Lessons from McKesson s Approach to Maintaining a Mature, Cost-Effective Sarbanes-Oxley Program

Lessons from McKesson s Approach to Maintaining a Mature, Cost-Effective Sarbanes-Oxley Program Orange County Convention Center Orlando, Florida May 15-18, 2011 Lessons from McKesson s Approach to Maintaining a Mature, Cost-Effective Sarbanes-Oxley Program Vickie Pilotti Kelly Worley Ben Wienand

More information