Professional Documents
Culture Documents
Compliance / Risk Office Disconnected risk analysis IT Operations Data leakage & security Procurement Supplier black lists
Human Resources Employee safety compliance Sales, Service High credit risk customers
Supply Chain
SAP AG 2006, ESA /
National Headlines
Agency Delayed Reporting Theft of Veterans Data
May 24, 2006, New York Times
Supply Chain
Holistic Approach
# of GRC projects
Business Process
Business Applications
Business Applications
GRC Repository
Rationalizes controls against multiple frameworks Stores evidence to support executive decisions and board directives
Best Practices
Internal Policies
Balances opportunities with financial, legal, and operational risks Increases accuracy and predictability of risks at all levels of the enterprise Minimizes impact of market penalties from high-impact events
Respond
Plan
Compliance for Products - based on SAP Environment, Health and Safety Industry Specific
Waste Management Emissions Management Product Compliance
SAP xEM
Emissions Management
CfP
Compliance for Products
SAP EH&S Comprehensive and complete business solution for environment, health and safety management
Implemented Design for Environment & Compliance to reduce operational costs (by 505 in some areas) while staying compliant Simplified environmental reporting and transparency
SAP AG 2006, ESA /
Cross-Industry GRC
Secure and expedite cross-border transactions 35 documents for cross-border shipments 600 trade laws 500 trade agreements
Export Management
Import Management
Restitution Management
Up 27% Up 25.7%
Reported I-C weakness in both 04 and 05 No I-C weaknesses in 04 or 05 I-C weakness in 04, but none in 05
Down 5.7%
Continued Internal Control weakness reported No Internal Control weaknesses Remediated Internal Control weaknesses from previous year
Down 10%
SIMPLICITY
SAPs Commitment
Business Process
Technology Partners
Content Partners
Most Comprehensive Framework Part of Every Process Risk Intelligence GRC Partner Ecosystem
Cross-Industry GRC
GRC Repository: Documentation and Monitoring Risk Management
Access Controls Global Trade Environment Process Controls
Business Applications