Governance, Risk and Compliance Management

SAP Solutions for GRC

Holly Roland GRC Solutions Marketing SAP

Fragmentation increases risk

Managing risks is everyones job
Board, Audit Committee Executive compensation practices
SALARIES

Executives & Managers

Incomplete global risk profile

Compliance / Risk Office Disconnected risk analysis IT Operations Data leakage & security Procurement Supplier black lists

Finance Complex, international compliance requirements

Human Resources Employee safety compliance Sales, Service High credit risk customers

Supply Chain
SAP AG 2006, ESA /

Customers & Channel

Unidentified risks impact performance

National Headlines
Agency Delayed Reporting Theft of Veterans Data
May 24, 2006, New York Times

Data Theft at Nuclear Agency Went Unreported for 9 Months

June 10, 2006, New York Times

Bomb Scare shuts Ports Terminal 18

Aug 18, 2006, The Seattle Times

High Tech Manufacturer Violates E.U. Pollution Law

Jul 06, 2006, CIO Tech Informer

SAP AG 2006, ESA /

Overcome fragmentation, gain transparency with GRC

Board, Audit Committee Evidence for decisions & directives Compliance / Risk Office Integrated risk analysis IT Operations Secure IT infrastructure Procurement Anti-terrorist trade practices
SALARIES

Executives & Managers Increased confidence in business results

Finance Global financial reporting compliance Human Resources Environmental health & safety compliance Sales, Service Balanced credit profile

Supply Chain

Customers & Channel

SAP AG 2006, ESA /

Implement management by exception

Turn GRC into a strategic advantage
Cost of GRC Tactical Approach Available for Investment

Holistic Approach

# of GRC projects

SAP AG 2006, ESA /

SAP Solutions for GRC

The framework for a holistic approach to GRC

Business Process

SAP Solutions for GRC

Industry-Specific GRC Cross-Industry GRC
GRC Repository: Documentation & Monitoring Risk Management
Access Controls Global Trade Environmen Process Controls t

Business Process Platform

Business Applications

SAP AG 2006, ESA /

SAP GRC Ecosystem2

Build the community, deliver best practices, extend the value

SAP GRC Ecosystem2

Business Process

SAP Solutions for GRC

Industry-Specific GRC Cross-Industry GRC
GRC Repository: Documentation & Monitoring Risk Management
Access Controls Global Trade Environmen Process Controls t

Business Process Platform

Business Applications

SAP AG 2006, ESA /

SAP GRC Repository

Central system of record drives governance, increases transparency

Centralizes knowledge base of content contributed from GRC Ecosystem2

Governmental Agencies Regulations Performance Measures & Benchmarks BOD & Committee Minutes Control Frameworks (COBIT, JSOX, ) & Industry Mandates Risk & Control Libraries Corporate Policies & Procedures Influence Councils

GRC Repository

Rationalizes controls against multiple frameworks Stores evidence to support executive decisions and board directives

Best Practices

Advisory Services (Auditors, Attorneys)

Internal Policies

SAP AG 2006, ESA /

SAP GRC Risk Management

Monitor

Award-winning application balances opportunity and risk

Actionable, role-based dashboards & alerts

Balances opportunities with financial, legal, and operational risks Increases accuracy and predictability of risks at all levels of the enterprise Minimizes impact of market penalties from high-impact events

Respond

Balance cost of risk avoidance and opportunity

Identify & Analyze

Collaborate and aggregate across the enterprise

Plan

Establish risk appetite and thresholds

SAP AG 2006, ESA /

Environmental Product Compliance

Cross-Industry
Occupational Health Industrial Hygiene and Safety Hazardous Substance Management Product Safety Dangerous Goods Management

Compliance for Products - based on SAP Environment, Health and Safety Industry Specific
Waste Management Emissions Management Product Compliance

SAP xEM
Emissions Management

CfP
Compliance for Products

SAP EH&S Comprehensive and complete business solution for environment, health and safety management

Implemented Design for Environment & Compliance to reduce operational costs (by 505 in some areas) while staying compliant Simplified environmental reporting and transparency
SAP AG 2006, ESA /

Cross-Industry GRC

Secure and expedite cross-border transactions 35 documents for cross-border shipments 600 trade laws 500 trade agreements

Avoid delays at borders to ensure fast delivery to customers

Expedite customs clearance to reduce costly buffer stock

Make the most of international trade agreements

Take advantage of export refunds

SAP Global Trade Services

Ensure full regulatory compliance, expedite customs clearance, mitigate financial risk of global transactions, take full advantage of international trade agreements Trade Preference Management

Export Management

Import Management

Restitution Management

SAP AG 2006, ESA /

Effective GRC pays off

Share-price performance of companies complying with internal-control rules called for under SOX

Up 27% Up 25.7%

Reported I-C weakness in both 04 and 05 No I-C weaknesses in 04 or 05 I-C weakness in 04, but none in 05

Down 5.7%

Source: Wall Street Journal, Lord & Benoit, LLC

SAP AG 2006, ESA /

Automated GRC management will increase the gap in shareholder value

Up 30% Up 20%

Continued Internal Control weakness reported No Internal Control weaknesses Remediated Internal Control weaknesses from previous year
Down 10%

SAP AG 2006, ESA /

SIMPLICITY

A holistic solution for governance, risk and compliance management

SAPs Commitment
Business Process

Technology Partners

Industry-Specific GRC Service Partners

Content Partners

SAP Solutions for GRC

Most Comprehensive Framework Part of Every Process Risk Intelligence GRC Partner Ecosystem

Cross-Industry GRC
GRC Repository: Documentation and Monitoring Risk Management
Access Controls Global Trade Environment Process Controls

Business Process Platform

Business Applications

SAP AG 2006, ESA /

Governance, Risk and Compliance Management

SAP Solutions for GRC