The Power of Risk, Compliance & Security Management in SAP S/4HANA

Similar documents
Minimize Access Risk and Prevent Fraud With SAP Access Control

Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com

Making Every Project Business a Best-Run Business

Outperform Financial Objectives and Enable Regulatory Compliance

ACL WHITEPAPER. Automating Fraud Detection: The Essential Guide. John Verver, CA, CISA, CMC, Vice President, Product Strategy & Alliances

Unlocking the power of SAP s governance, risk and compliance technology

building a business case for governance, risk and compliance

Manage and Control Access Risk and Assess Its Financial Impact

Leverage the Internet of Things to Transform Maintenance and Service Operations

How To Use The Sap Process Control Application

Optimizing government and insurance claims management with IBM Case Manager

An Introduction to Continuous Controls Monitoring

ENTERPRISE MANAGEMENT AND SUPPORT IN THE TELECOMMUNICATIONS INDUSTRY

Transform Audit Practices and Move Beyond Assurance

Vulnerability Management

SAP Audit Management A Preview

Preserving and Growing Value Through Enterprise Risk Management

UNCOVER WHAT S HIDDEN IN YOUR SAP ERP DATA TO HELP CUT COSTS AND RAISE COMPLIANCE

Accelerating the path to SAP BW powered by SAP HANA

RSA ARCHER OPERATIONAL RISK MANAGEMENT

The Informatica Solution for Improper Payments

PwC The Path Forward for Data Analysis and Continuous Auditing May 2011

IBM Analytical Decision Management

How To Use Ibm Tivoli Monitoring Software

Masterminding Data Governance

See What's Coming in Oracle Project Portfolio Management Cloud

IBM Software Enabling business agility through real-time process visibility

Patient Relationship Management

Reduce Audit Time Using Automation, By Example. Jay Gohil Senior Manager

Proving Control of the Infrastructure

CA Clarity PPM for Professional Services Automation

Simply Sophisticated. Information Security and Compliance

Connecting your global manufacturing company NEXT»

SAP Performance Management. A Trend Study by Compuware and PAC

The business owner s guide for replacing accounting software

The CMDB: The Brain Behind IT Business Value

Copyright 11/1/2010 BMC Software, Inc 1

An Enterprise Resource Planning Solution (ERP) for Mining Companies Driving Operational Excellence and Sustainable Growth

BRIDGE. the gaps between IT, cloud service providers, and the business. IT service management for the cloud. Business white paper

Portfolio Company Performance Analysis and Reporting Automation

Streamlined Planning and Consolidation for Finance Teams in Any Organization

Informatica Master Data Management

Customer Master Data: Common Challenges and Solutions

2016 SAP SE or an SAP affiliate company. All rights reserved. 1

Continuous Monitoring: Match Your Business Needs with the Right Technique

Planning and Budgeting Cloud Service

Strategically Detecting And Mitigating Employee Fraud

U-LINC : Workflow and Notifications Anytime and Anywhere for Microsoft Dynamics GP

Increase Efficiency and Cut Costs with Automated Payroll Processes

Business Management Made Simpler

Reining in the Effects of Uncontrolled Change

IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP

ORACLE PROCUREMENT AND SPEND ANALYTICS

The top ten reasons your organization needs Snow Optimizer for SAP Software. Snow optimizer for SAP software

How To Use Axway Sentinel

Patient Flow and Movement

Zend and IBM: Bringing the power of PHP applications to the enterprise

Building a Data Quality Scorecard for Operational Data Governance

Analance Data Integration Technical Whitepaper

Transform Invoice Management with a Hybrid of Cloud and On-Premise Software

Flexible Business Process Management enabled by SOA Full support of BPM life cycle Closing the gap between Business & IT

Study Shows Businesses Experience Significant Operational and Business Benefits from VMware vrealize Operations

Boosting enterprise security with integrated log management

S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma

TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS

Cisco Network Optimization Service

The Evolution of Manufacturing Software Platforms: Past, Present, and Future

Issue in Focus: Business Intelligence Extending PLM Value. PLM Maturity Enables New Value from Analytics

How To Improve Your Business

Drive Performance and Growth with Scalable Solutions for Midsize Companies

Analance Data Integration Technical Whitepaper

SAP Solution Brief SAP ERP SAP Invoice Management by OpenText. Take Control with Invoice Management Software

Making Automated Accounts Payable a Reality

Planning, Building, and Commissioning Assets

Qlik connector for SAP NetWeaver

SAP ERP FINANCIALS ENABLING FINANCIAL EXCELLENCE. SAP Solution Overview SAP Business Suite

Software Industry KPIs that Matter

XBRL & GRC Future opportunities?

The Role of Oversight and Monitoring and the Use of Analytics to Increase Effectiveness of your Compliance Program

Greater Continuity, Consistency, and Timeliness with Business Process Automation

Incident Reporting & Management

can you simplify your infrastructure?

Streamlined Planning and Consolidation for Finance Teams Running SAP Software

Compliance Management, made easy

Oracle Fusion Financials Cloud Service

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

SOLUTION WHITE PAPER. Align Change and Incident Management with Business Priorities

Case Study: ICICI BANK INTERNAL AUDIT DEPARTMENT PENTANA AUDIT WORK SYSTEM IMPLEMENTATION

Accenture: Digitizing Internal Audit

IBM Tivoli Netcool network management solutions for enterprise

Dan French Founder & CEO, Consider Solutions

VISION BPM. Business Process Management.

Automated IT Asset Management Maximize organizational value using BMC Track-It! WHITE PAPER

Transcription:

The Power of Risk, Compliance & Security Management in SAP S/4HANA

OUR AGENDA Key Learnings Observations on Risk & Compliance Management Current State Current Challenges The SAP GRC and Security Solution Domains Best Practices: Three Lines of Defense SAP S/4HANA Platform Context Continuous Control Monitoring & Fraud Detection Comprehensive Risk Insight Unfettered Audit Management Closing Thoughts

3 KEY LEARNING POINTS A complete, current and accurate view of all risks across all data can be achieved in SAP S/4HANA SAP S/4HANA allows on-demand risk, compliance and security status queries requiring any number and type of complex calculations or analytical functions Improved response quality and timeliness aided by live alerts and confident evidence drives down the cost and effort of risk and security management

OBSERVATIONS ON THE CURRENT STATE Governance, risk and compliance (GRC) is increasing in complexity. Alongside pressures from the business to improve effectiveness, this is a significant challenge for GRC professionals. Control failure is the second biggest risk to organizations over the next two years, after competition. The biggest consequences of not getting it right are loss of revenue, reputational damage, and business disruption. GRC tools, technologies and processes are seen as insufficient. Most organizations are taking a reactive and fragmented approach and haven t recently overhauled their GRC approach or technologies. GRC professionals are frustrated by poor visibility and lack of integration of risk and control frameworks, time spent reconciling documents, difficulties accessing and using data, and inability to use data for predictive purposes. Organizations see the ability to manage risk effectively has an impact on profitability. They are focused on improving consistency, identifying risks earlier, driving down costs, and increasing strategic value. They see the value of continuous controls monitoring and recognize that GRC approaches must evolve to add value to the business. SAP Managing Risk in an Age of Complexity July 2015

OBSERVATIONS ON CURRENT CHALLENGES One third of organizations can fully quantify & qualify real cost of control and compliance, current and future risks, lost opportunities and impact of effectively managing risk on profitability Despite difficulties in measuring, 74% see the ability to manage risk effectively has an impact on profitability Risk management is seen by 62% as a growing operational & financial burden to the business Consequences of current inconsistent approaches and of not leveraging newer technologies for GRC include increased exposure to risk (43%) a lack of confidence that all risks are captured (38%), and operational complexity (38%) 63% maintain that it is difficult to achieve single version of the truth to drive better decision making 46% of GRC related data that an organization has access to is being used for strategic planning SAP Managing Risk in an Age of Complexity July 2015

SAP SOLUTIONS FOR GRC AND SECURITY Three Lines of Defense Cyber Security Access Governance (since 2006) (since 2007) (since 2010) International Trade Compliance (since 2000) Fraud Detection & Prevention (since 2013)

Board of directors, audit committee, other executives BEST PRACTICES: THREE LINES OF DEFENSE SAP Process Control Ensure effective controls and ongoing compliance SAP Risk Management 1 First line Control business operations & control risks in business activities 2 3 Second line Assess entity-level risk & manage compliance activities Third line Provide independent assurance Preserve and grow value SAP Audit Management Automation & continuous monitoring of risks & controls Management of frameworks for risk, control and compliance Continuous monitoring of risk, control and compliance requirements Automation & continuous riskbased auditing for assurance Transform auditing and move beyond assurance

OPTIONS FOR SAP THREE LINES OF DEFENSE Applications SAP S/4HANA Applications (BYOL / Subscription) SAP S/4HANA (BYOL / Subscription) ONE Price ONE Contract Standardized packages No modifications Infrastructure Application Management Service Application Licenses SAP S/4HANA Cloud Enterprise Support Infrastructure and Services Application Management Service On premise Custom HEC deployment Standardized Cloud packages

SAP S/4HANA PLATFORM CAPABILITIES Enhance and automate risk control testing and monitoring Velocity Volume Query large data volumes... originating from a variety of sources at extreme speed Variety Customer POC finds duplicate invoices 11,290,058 records 235 duplicates found in 35 seconds

CONTINUOUSLY MONITOR CONTROLS Use case Control & compliance practitioners spend significant time performing & evaluating controls using mostly manual processes. The focus is historic and results are often obsolete by the time anomalies are detected. Research by SAP indicates control failure is the second biggest risk to organizations over the next two years. Continuous control monitoring in SAP Process Control helps perform & test controls, identify issues and resolve issues sooner while minimizing effort and costs. Unique value of SAP S/4HANA Monitors process & control data from centralized repository using high-performance automated business rules Drives single common view of control effectiveness Expands scope of control automation for increased auditability & instant insight for timely, relevant decisions Top features Continuous high-speed testing & monitoring across large data volumes Increased power and usability of automated testing & monitoring rules Business innovations Proactive monitoring to identify & resolve issues sooner Streamlined business processes with reduced effort & cost Increased auditability & reliability of processes & controls Solutions SAP Process Control SAP Risk Management SAP Audit Management Quantifiable value Reduced effort to perform & evaluate controls Increased auditability for reduced audit costs Faster identification & resolution of issues

CONTINUOUS CONTROL MONITORING with SAP S/4HANA Traditional Approach With SAP S/4HANA Source Data Supported Not Supported Source Data Supported Purchasing System 1 Exceptions Purchasing System 1 Exceptions Purchasing System 2 Purchasing Across Systems 1 and 2 Exceptions Requires separate consolidation and re-query if it can be done Purchasing System 2 Purchasing Across Systems 1 and 2 Exceptions Exceptions All supported data residing in SAP S/4HANA Purchasing to Finance Across Systems 1 and 2 Requires separate consolidation and re-query if it can be done Purchasing to Finance Across Systems 1 & 2 Exceptions With traditional approaches Limited continuous control monitoring (CCM) that views one source of data at a time No view of single process across multiple instances or systems No single view of end-to-end processes across multiple systems Unacceptable performance with large transaction volumes Delayed issue identification, resolution & reporting Limited options for business rule logic leading to reduced scope and value from continuous control monitoring Ad hoc User interaction Traditional Ad hoc User interaction With SAP S/4HANA Process excellence With SAP S/4HANA Data resident in SAP HANA (regardless of original source) available for views & CCM rules to support monitoring of complete processes High performance to support very large transaction volumes Scheduled or ad hoc monitoring in real time for early issue identification, resolution & reporting Robust views for CCM rules created with graphical interface or SQL, eliminating need for ABAP programming code for complex queries Support for expanding scope & value from CCM, especially in large global enterprises

LIVE FRAUD DETECTION IN SAP S/4 HANA Scan high volumes of data for potential fraud Traditional Approach With SAP S/4HANA Review data & down load to Microsoft Excel Run vendor reports Run customer reports Microsoft Excel access Run employee reports Manual With traditional approaches Manual consolidation of data, risking errors Disparate sources of data made it difficult to detect patterns No automated evaluation, requiring reliance on individual knowledge Lack of consolidated reporting and evaluation of the financial implications of fraud Traditional With SAP S/4HANA Process excellence With SAP S/4HANA Top-down and bottom-up evaluation of data Configuration of rules to document expert knowledge Use of predictive models to detect patterns Predictive, interactive, real-time performance analysis Enablement of automated mitigation responses to fraud

MANAGE RISK COMPREHENSIVELY Continuous insight into business and security risks Use case Research conducted by SAP indicates that GRC is increasing in complexity. Alongside pressures from the business to prove effectiveness, this is creating significant challenges for GRC and IT professionals. Continuous monitoring of key risk indicators can enable decision making that prevents or minimizes material loss or incidents by prompting timely action on these early warning signals. Unique value of SAP S/4HANA Identify and analyze on an ongoing basis precursors of risk events anywhere in the business Flag patterns, trends, variances & correlations that signal the occurrence of a risk event Anticipate issues involving unacceptable risk levels & take preventive action Top features Cross-system monitoring of risk indicators Provision of early warning indicators before risks occur Analysis and notification of risk trends Business innovations Real-time alerts of unacceptable risk thresholds Decision making that prevents unacceptable risk events Continuous assessment of response effectiveness Solutions SAP Process Control SAP Risk Management SAP Audit Management Quantifiable value Reduced losses with current status views Reduced unplanned variances in performance Reduced time in responding to risk events

CONTINUOUS INSIGHT INTO RISK Highlight trends and changes by monitoring evolutions in the risk context (Security, Operations, Finance, Vendor, etc.) Provide a measure of the status of a risk and the effectiveness of its response Provide early warning signals through predictive risk indicators (KRIs) that identify potential risk issues before they occur Enable decision making that prevents or minimizes material loss or incidents by prompting timely action on early warning signals Guide recommended responses and predictable outcomes based on benchmark data

RISK MANAGEMENT WITH SAP S/4HANA KRIs provide continuous insight into multiple, simultaneous risks!! IT outsourcing Unqualified service provider Loss of intellectual property Systems Overall client dissatisfaction with metrics increase Risk owner Financial close and consolidation Decreased service quality Fraudulent closing of journal entries Noncompliance with accounting policies CRM HR ERP... Unapproved adjustments

RISK MITIGATION WITH SAP S/4HANA Monitor key risk indicators on demand in Near Real Time KRI template Define expected value type: number, currency, quantity, score KRI implementation Define the connector type, the associated connector and script, and the implementation details Shared KRI Instance Assign the KRI to a risk and define its thresholds and associated actions Business rule Define business rule on one or more KRIs associated to a risk Context of a risk KRI runtime Triggered action or notification

UNFETTERED AUDIT MANAGEMENT With SAP S/4HANA Use case Internal auditors accumulate huge amounts of working papers to document & analyze risks and controls, create & monitor issues and form & report audit opinions. The value of this data is typically locked in files inaccessible for future use. Failure to leverage accumulated audit knowledge leads to repeat findings due to unresolved issues, resulting in wasted effort. Unique value of SAP S/4HANA Real-time search of historical audit files Flagging of patterns, trends & variances for better audit planning Improved collaboration with stakeholders Top features Search based on SAP S/4HANA Increased audit productivity Issue identification and resolution Business innovations Improved audit planning Better resource allocation Improved issue resolution Solutions SAP Process Control SAP Risk Management SAP Audit Management Quantifiable value Increased auditor productivity Reduced time per audit Increased issue resolution speed & scope

SAP AUDIT MANAGEMENT Increased audit productivity SAP Audit Management allows audits from mobile devices with drag-and-drop functionality to capture & document text, video and audio files Powered by SAP S/4HANA, the application s search functionality unlocks the knowledge base of past audits, making it available for planning & analysis in current engagements Empower audit staff with mobile devices that enable flexibility, responsiveness and efficiency Track and monitor global audit findings on demand

TRANSFORM THE VALUE OF INTERNAL AUDIT SAP Audit Management places the power of SAP HANA in the hands of internal auditors Via integration with SAP s Fraud Management HANA application, auditors can use powerful analytics functions to uncover the type of deep, fresh insights into data the board of directors and senior executives increasingly expect Internal audit departments can now shift their time horizon from revealing the past to examining the future and from individual audit entities to the entire enterprise

ACHIEVING FAR MORE WITH LESS Reducing the cost and effort of Risk and Compliance programs with S/4HANA Reduce costs Avoid duplication Simplify audit Automate numerous manual tasks, such as risk surveys, risk monitoring, security and control testing, third-party screening, electronic filing & regulatory reporting Reduce duplication of surveys, control testing, risk responses & other compliance activities with unified technology and a unified approach Improve response times and the quality of evidence in IT and financial audits to drive down overall audit cost and effort SAP has helped us transition from being controllers managing risk to true department leaders. Not only does this make us accountable to one another, it also makes us more accountable to our stakeholders who rely on this data to make critical business decisions. Dorien Rookmaaker, Risk and Compliance Officer, ProRail

CLOSING THOUGHTS No Limits to Risk & Compliance Monitoring on S/4HANA Powerful, real-time control information using SAP risk, compliance and audit applications on SAP S/4HANA On-demand risk, security and compliance status queries requiring any number and type of calculations or analytical functions Achieve complete, current and accurate views of all risk & security related data in SAP S/4HANA - including data from SAP and non-sap source systems Manage ever-increasing data volumes and information complexity at extremely high speed

FOLLOW US Thank you for your time Follow us on at @ASUG365

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information