Michael Collet 28th January 2005, Frankfurt, GI -Fachgruppe SECMGT



Similar documents
Working in a ubiquitous computing environment

SAP Enterprise Portal 6.0 KM Platform Delta Features

Multiple Components in One Database -

Management and Monitoring of a J2EE Server and Applications Using JMX. Reinhold Kautzleben, Gregor Frey Speaker Title, SAP AG

Closed-Loop Engineering Integrated Product Development at a Vehicle Manufacturer

Leveraging Utilibill. Tim Vanderheide Bluewater Power V.P. Client Services

" # Portal Integration SAP AG 2004, 3

Sabine Reich SAP. Test Workbench - Introduction

How To Develop In Java (J2Ee) And J2Ee (Sap) Together (Sapp)

Application Map Release 2005

SAP NetWeaver Gateway Throughput & Scalability. David Freidlin

mysap Supply Chain Management Solution Map Release 2005

High Availability for Databases. Uwe Schulz SAP AG

Building a multi-source universe

SAP BusinessObjects Dashboards Influence Session. Scott Leaver Solution Management François Imberton Product Management

Applied IT Project Management

Growing pressures that are here to stay

Unstructured information management

Global Transport Label - General Motors -

mysap Customer Relationship Management - Enterprise Solution Map Edition 2004

Sales Rush Sales Order Processing S01- Lean Baseline Package. SAP Lean Baseline Package Version: V1.500 Country: UK Language: EN Date: February 2006

Capital Project and Portfolio Management

SAP's Journey of Implementing SAP Disclosure Management and Notes Management Session 2002

Setup Guide for Business Process Operations Dashboards SAP Solution Manager 7.1. SAP AG August, 2011

ITSCM at SAP Best practices

mysap ERP Technology Facts

Job Scheduling Management Integration with SAP CPS by Redwood SAP Solution Manager 7.1. SAP AG August, 2011

SAP Master Data Governance for Financials: What's New with SAP ERP 6.0 Enhancement Package 4 and 5

Simplifying Workflow with SAP NetWeaver. Alan Rickayzen Product Manager, SAP AG

Settlement in TM 9.0 New functionalities with TM 9.0. Ananth Bhat SAP Development, Transportation & Logistics December 2012

SAP xapp Resource and Portfolio Management (SAP xrpm)

Setting an Enterprise Content Management Strategy. John Fiske, SAP ECM Solution Management

SAP NetWeaver Landscape. Jeff Anders/Solution Management January 2012

mysap PLM Lifecycle Collaboration: Transparente Produktentwicklung mit der cproject Suite Andreas Vetter Product Manager, SAP AG

R&D Logistics: Clinical Trial Supply Management for the Life Sciences Industry. SAP Online Conference October 7, 2003

Service Level Reporting for Business Process Monitoring

DATA ARCHIVING IN SAP R/3 ENTERPRISE. Georg Fischer PM Data Archiving SAP AG

SEM and Budget Preparation. David Reifschneider Sr. Consultant, SAP SI America

3 rd party Service Desk interface

BC407 Reporting: QuickViewer, InfoSet Query and SAP Query

Implementing Outlook Integration for SAP Business One

Learning Management Systems. SAP Learning Solution overview. Integration. Demonstration. 5 Wrap-up. SAP AG 2002, Title of Presentation, Speaker Name 2

SAP Service and Asset Management Solution Map. Release 2005

Empowering Partners to Run Better. Ecosystem and Channels Authorized Reseller Program

Ronald Bueck SBO Product Definition

FSC130 SAP Bank Communication Management

E-Recruiting Job Board Integration using XI

Download and Install Crystal Reports for Eclipse via the Eclipse Software Update Manager

mysap ERP Application Map

Budget Control by Cost Center

Configuring Distribution List in Compliant User Provisioning

HR400 SAP ERP HCM Payroll Configuration

Project Cost Reporting for PPM

CREATING A PURCHASE ORDER STORE RECORD WEB SERVICE

Grants Management - Grantee Workshop. Keith Harmon Product Manager, SAP Labs LLC

Backup & Restore with SAP BPC (MS SQL 2005)

Enhanced Reporting in SAP All-In-One

BRFplus Field Configuration for Portfolio Management

SAPFIN. Overview of SAP ERP Financials COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)

SAP Master Data Governance- Hiding fields in the change request User Interface

Integrated Offshore Consulting Services Help Companies To Focus On Their Business

Business One in Action - How can we post bank fees and charges while posting Incoming or Outgoing Payment transactions?

How To Configure MDM to Work with Oracle ASM-Based Products

BC481 SAP Interactive Forms by Adobe

Understanding HR Schema and PCR with an Example

Enterprise Software - Applications, Technologies and Programming

How to Set Up an Authorization for a Business Partner in Customer Relationship Management (CRM) Internet Sales: Sample Case

User Experience in Custom Apps

USDL XG WP3 SAP use case. Kay Kadner

SAP Web SAP Logging & Tracing API. Jeff Gebo SAP Labs, LLC.

Virtual Causeway Inbound Lead Engine SME (6 Month) Premium Package

Security Audit Log (BC-SEC)

mysap Business Solutions on Linux

Application Lifecycle Management

Virtual Causeway Try Before You Buy, Inbound/Outbound Canada Premium Package

TM111. ERP Integration for Order Management (Shipper Specific) COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)

Analyzing Sales Data for Choosing Forecast Strategies

BC450 ABAP Performance: Analysis and Optimization

Integrate Third Party Collaboration Tools in the SAP NetWeaver Portal. SAP NetWeaver Product Management

R/3 and J2EE Setup for Digital Signature on Form 16 in HR Systems

Maintaining Different Addresses and Ids for a Business Partner via CRM Web UI

Upgrading SAP Public Budget Formulation (PBF) PBF Development Team October 2012

NWBC10 NetWeaver Business Client

BW370 BI Integrated Planning

Alert Notification in SAP Supply Network Collaboration. SNC Extension Guide

Balance Sheet and Profit & Loss Statement in SAP BW

ILM Meets HANA Flexible, Holistic and Fast Reporting. Georg Fischer, Ken Campbell Solution Management - Information Lifecycle Management May 2012

Table of Contents. How to Find Database Index usage per ABAP Report and Creating an Index

Methodology to Implement SAP Process Integration

How to Create Web Dynpro-Based iviews. Based on SAP NetWeaver 04 Stack 09. Jochen Guertler

SAP GRC Access Control: Background jobs for risk analysis and remediation (formerly Virsa Compliance Calibrator)

AC200. Basics of Customizing for Financial Accounting: General Ledger, Accounts Receivable, Accounts Payable COURSE OUTLINE

Integrating Easy Document Management System in SAP DMS

Transcription:

Management@SAP Michael Collet 28th January 2005, Frankfurt, GI -Fachgruppe SECMGT

If business has no risk, don t do it! ( frei nach Tom DeMarco & Timothy Lister)

Scope of Corporate Management Roll-out of effective Internal Controls documentation and assessment processes mandated by Sarbanes-Oxley Act as a core process risk response strategy Documentation & Assessment of Internal Controls Management Framework Establish Best-Practice orientated uniform Management methodologies, processes and tools for all of SAP s LoB s; Responsibility for SAP s ongoing external and internal risk reporting Insurance Strategy Ongoing Shaping of corporate wide risk aligned insurance programs as a core risk response strategy

Corporate Management Model: Breakdown on Line of Business Level The implementation of SAP s Corporate Management Model (scope, covered activities, LoB-specific adaptations, responsibilities) has been agreed with SAP s Lines of Business Corporate Management Policy Corporate Management Policy Corporate Management Model Corporate Management Model Planning Identification Sales/ Sales/ Marketing Marketing Management Management Processes Processes Consulting Consulting Management Management Processes Processes Support Support Management Management Processes Processes Analysis Response Monitoring Development Development Management Management Processes Processes IT/Hosting IT/Hosting Management Management Processes Processes Shared Shared Services Services RM RM Processes Processes (Finance, (Finance, Facilities, Facilities, HR, HR, Communications) Communications)

SAP s Operational Management (ORM) Application SAP Operational Management Structure Setup Execution Analysis Process Support Views and Worksets for Owners, Validators, Accountable Executives, Project Managers, Administrators Organization, Process, Project and Object Structures, Assessments, Responses, Business Intelligence, Info Cubes, Reports Process-to-Process Integration, Offline Transactions, Notifications and Workflow SAP Web Application Server HR (Organization) SOA-MIC (Processes) PS, CRM, cprojects (Projects) BW (Reporting) CO (aggregation financial comparison data) xls upload Interface (Projects)

The Model The 5 key process steps Planning Identification Analysis Response Monitoring

The Model The 5 key process steps Planning Identification Analysis Response Monitoring Process Integration Brainstorming Assessment (meeting) to ORM / Validation (approval) Reporting / Re-Assessments

Planning For on-going business operations: Usually occurs as part of annual planning Involves deciding how business risks are identified, assessed and monitored For projects: Involves deciding how risk management will fit into the project plan Planning Identification Analysis Response Monitoring Determining how to approach risk management in your business area or project

Identification Uncovering risks to your business or project before they turn into problems Planning Identification Analysis Response Monitoring Iterative process. For example: At the start of the annual budgeting process During the Evaluation phase of the Customer Engagement Lifecycle During the Planning phase of a standard or customer-specific development project At the end of the Business Blueprint phase of an implementation project No standard approach to identifying risk. However, some common approaches include questionnaires, interviews, workshops, surveys

Identification Statement Condition Causing Concern Potential Consequence There is no customer team to support productive system Go live will be delayed The customer is unable to replace the consultants for system support Customer will be unable to perform system management causing system degradation Too much time is needed for SAP to make clear decisions Confusion and delays

Identification Brainstorm Template

Identification Common Catalog: Corporate-wide catalog of generic risk categories Economic Communication and Information Communication and Information Market Market Financial Strategic Focus Strategic Focus Product Human Capital Human Capital Project Organization and Governance Organization and Governance Other Operational s Other Operational s

Identification

Identification Assessment Template

Analysis attributes Probability; Impact; Timeframe prioritization involves separating out which risks should be dealt with first when allocating resources Planning Identification Analysis Response Monitoring Evaluating the risk attributes, and prioritizing (ranking) the risks

Analysis Probability: Five-level scoring scale to be used by all lines of business: 81 99% 90% once a year 61 80% 67% once every 1½ years 41 60% 50% once every 2 years 21 40% 33% once every 3 years 25% once every 4 years 1 20% 17% once every 6 years Based on a one-year assessment horizon! 10% once every 10 years 5% once every 20 years 2% once every 50 years 1% once every 100 years

Analysis Impact (Local/Global): Five-level scoring scale to be used by all lines of business: Qualitative Impact Total Loss (Quantitative) 1 = Insignificant Up to 200,000 2 = Minor 200,000 to 1,000,000 3 = Moderate 1,000,000 to 5,000,000 4 = Major 5,000,000 to 25,000,000 5 = Catastrophic Greater than 25,000,000 Local Impact All costs to re-install normal operation after a risk occurred like.: HW costs, Customizing costs, organizations are free to use local Impact according their own definition Global Impact All costs that result out of the risk occurrence like: unavailable of services to customers & employees, loss of image, costs to re-install normal operation (local impact),

Analysis Level: Derived from the probability and impact attributes as follows: Example: Probability = 60%; Impact = 1,000,000 (Level 4) 81-99% Low Probability 61-80% 41-60% 21-40% X Medium High 1-20% 1 2 3 4 5 Impact

Analysis Prioritization: Involves separating out which risks should be dealt with first when allocating resources Approach: Map the risk level against the time frame for the risk (e.g. how soon action is required to prevent the risk from occurring) The following table shows how risk severity incorporates the time frame for action to arrive at a prioritized list of risks Priority Time Frame Level > Short (0 1 month) Medium (1 6 months) Long (> 6 months) Low Med High 5 2 1 7 4 3 9 8 6 Top priority risks

Analysis Financial Exposure ( Expected Loss ): Probability x Impact Example: Highly likely that integration testing will continue for 6 weeks. Expected loss = 70% x cost of 6 weeks of testing = 7,000 ( 10,000) Probability Impact

Analysis Assessment Template

Response Deciding what, if anything, should be done with a risk Planning Identification Analysis Response Monitoring Response answers two key questions: Who owns the risk (responsibility), and What can/should be done (scope and actions) Standard response actions: Delegate; Research; Transfer; Accept; Mitigate; Watch

Response Assessment Template

Upload s to ORM

Validation Approval of s & Response Strategy Validation is the process of reviewing and approving the identified risks, the analysis, and the risk response plans Validation transactions take place in ORM Responsibility for validation cannot be delegated Validator can: Approve the assessment Reject individual risks (use activity comment field to provide reasons; note that rejected risks can t be re-activated) Set the sensitivity level of a risk (where sensitivity means attorney confidential)

Validation Approval of s & Response Strategy

Monitoring Assessing the effectiveness of the response actions Ongoing activity aimed at ensuring that response plans are working Activities include collecting information and reporting results Planning Identification Analysis Response Monitoring Keeping track of the risks and evaluating the effectiveness of the response actions

Monitoring Re-Assessments Manager / Assessment Owner: keep track of existing risks Set Assessment Cycle to a reasonable timeframe (e.g. 3 months) Require updates from / Response Owners via ORM workflow enter new upcoming risks to ORM

Monitoring - Reporting Objective: Provide clear, useful and actionable information about SAP s risk profile and risk management performance Target audience: Supervisory Board Executive Board Product Technology Board (PTB) Field Management Board (FMB)

Copyright 2005 SAP AG. All Rights Reserved No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, WINDOWS, NT, EXCEL, Word, PowerPoint and SQL Server are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iseries, pseries, xseries, zseries, z/os, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, Informix and Informix Dynamic ServerTM are trademarks of IBM Corporation in USA and/or other countries. ORACLE is a registered trademark of ORACLE Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, the Citrix logo, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, MultiWin and other Citrix product names referenced herein are trademarks of Citrix Systems, Inc. HTML, DHTML, XML, XHTML are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology. JAVA is a registered trademark of Sun Microsystems, Inc. JAVASCRIPT is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. MarketSet and Enterprise Buyer are jointly owned trademarks of SAP AG and Commerce One. SAP, SAP Logo, R/2, R/3, mysap, mysap.com and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are trademarks of their respective companies.

Copyright 2005 SAP AG. Alle Rechte vorbehalten Weitergabe und Vervielfältigung dieser Publikation oder von Teilen daraus sind, zu welchem Zweck und in welcher Form auch immer, ohne die ausdrückliche schriftliche Genehmigung durch SAP AG nicht gestattet. In dieser Publikation enthaltene Informationen können ohne vorherige Ankündigung geändert werden. Die von SAP AG oder deren Vertriebsfirmen angebotenen Softwareprodukte können Softwarekomponenten auch anderer Softwarehersteller enthalten. Microsoft, WINDOWS, NT, EXCEL, Word, PowerPoint und SQL Server sind eingetragene Marken der Microsoft Corporation. IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iseries, pseries, xseries, zseries, z/os, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, Informix und Informix Dynamic ServerTM sind Marken der IBM Corporation in den USA und/oder anderen Ländern. ORACLE ist eine eingetragene Marke der ORACLE Corporation. UNIX, X/Open, OSF/1 und Motif sind eingetragene Marken der Open Group. Citrix, das Citrix-Logo, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, MultiWin und andere hier erwähnte Namen von Citrix-Produkten sind Marken von Citrix Systems, Inc. HTML, DHTML, XML, XHTML sind Marken oder eingetragene Marken des W3C, World Wide Web Consortium, Massachusetts Institute of Technology. JAVA ist eine eingetragene Marke der Sun Microsystems, Inc. JAVASCRIPT ist eine eingetragene Marke der Sun Microsystems, Inc., verwendet unter der Lizenz der von Netscape entwickelten und implementierten Technologie. MarketSet und Enterprise Buyer sind gemeinsame Marken von SAP AG und Commerce One. SAP, SAP Logo, R/2, R/3, mysap, mysap.com und weitere im Text erwähnte SAP-Produkte und -Dienst-leistungen sowie die entsprechenden Logos sind Marken oder eingetragene Marken der SAP AG in Deutschland und anderen Ländern weltweit. Alle anderen Namen von Produkten und Dienstleistungen sind Marken der jeweiligen Firmen.