Advisory

Excerpt from:

Strictly Private and Confidential

Transform your SAP organization and deliver business value through IDM-GRC integration and role redesign initiatives

March 18, 2014

Peter Hobson PricewaterhouseCoopers

Agenda Page 1 2 3 4 5 6 7 Session Overview Key Terms Implementing the solution Transforming the organization Key Considerations Value Delivered Key Takeaways 1 4 10 17 20 27 30

Section 1 Session Overview

Transform your SAP organization and deliver business value - through IDM-GRC integration and role redesign initiatives PwC

March 18, 2014 1

Section 1 Session Overview

Session Overview
In this session, we will discuss how to transform you SAP operations and drive business value through SAP role redesign and IDM-GRC integration. The discussions will include:
1. How to design a single set of SAP security roles to manage multiple business units, locations and SAP systems 2. How to deploy an integrated Identity Access Management SAP GRC Access Control 10 (IdM-GRC) solution to standardize and automate the SAP access request, approval and provisioning processes across multiple business units, locations and SAP systems 3. How IdM-GRC and role redesign projects can lead SAP organization transformation efforts 4. A review of the business, compliance and IT benefits that can be realized from these efforts, such as reductions in user downtime and fraud risk.

Transform your SAP organization and deliver business value - through IDM-GRC integration and role redesign initiatives PwC

March 18, 2014 2

Section 1 Session Overview

Key Takeaways
At the end of this session, you will understand how:
1. Effective role design and automated provisioning tools deliver value far beyond IT; the business and compliance also benefit 2. Global templates, tools and processes are possible and value-add for even the largest, most complex organizations 3. Role design and IdM-GRC can be the catalyst to achieve strategic, organizational goals

Transform your SAP organization and deliver business value - through IDM-GRC integration and role redesign initiatives PwC

March 18, 2014 3

Section 2 Key Terms

Transform your SAP organization and deliver business value - through IDM-GRC integration and role redesign initiatives PwC

March 18, 2014 4

Section 2 Key Terms

Key Terms
The following slides will provide definitions for key terms used throughout this presentation, including:
1. Four tiers of SAP access 2. Task-based with enabler role design 3. SAP GRC Access Control 10.x (GRC 10) 4. Identity Management Tool (IdM)

Transform your SAP organization and deliver business value - through IDM-GRC integration and role redesign initiatives PwC

March 18, 2014 5

Section 2 Key Terms

What are the four tiers of SAP Access?

User General AR Common Display FI Common Display GL Document Parking GL Document Posting AR Invoice Parking

Tier 1: General Access Access that is common to all users. Examples include SAP inbox and printing.

Task roles What you can do

Tier 2: Display Access Display access is comprised of transactions specifically scripted to view and report on data within SAP.

End User Access

Tier 4: Enabler Access Control points provide access to intentionally controlled data within the system. Examples include Plant and Company Code specific data.

Tier 3: Functional Access Functional access is broken down into role groupings based on static system tasks. Task based roles are SOD free.
New York

Where you can do it Enabler roles

Chicago Consumer Products Services

Transform your SAP organization and deliver business value - through IDM-GRC integration and role redesign initiatives PwC

March 18, 2014 6

Section 2 Key Terms

What is the task-based with enabler role approach?

User 2 User 4 User 3 User 5 User 1

Virtual Job Roles GL Supervisor What (Task Based Roles)

User General FI Common Display FI Document Processing FI Document Reversals

Where (Enabler)
Business Unit Location

SBWP

SU53

FB00

FBV3

FB08

FB03

FB02

FB05

FB01

F.80

Tier 1

Tier 2

Tier 3

Tier 3

F.81

Co Code

Plant

Tier 4
March 18, 2014 8

Transform your SAP organization and deliver business value - through IDM-GRC integration and role redesign initiatives PwC

Section 2 Key Terms

What is SAP GRC Access Control 10.x (GRC 10)?

Monitor emergency access and transaction usage

X
SAP_ALL

Find and remediate SoD and critical access violations

Certify access assignments are still warranted

Automate access assignments across SAP and non-SAP systems

Legacy

Define and maintain roles in business terms

Transform your SAP organization and deliver business value - through IDM-GRC integration and role redesign initiatives PwC March 18, 2014 8

Section 2 Key Terms

What is IdM?
Identity Management (IdM) tools are enterprise-wide, cross-application solutions that automate and increase the transparency around user access and entitlement administration. IdM tools offer a wide range of functionality, including: Automated provisioning to new and existing users Automated password resets Single-sign on Ability to customize forms and functionality to enhance the user experience Example IdM solutions: SAP IdM CA Identity and Access Management (IAM) Oracle Identity Management IBM Tivoli Identity Manager Microsoft Forefront Identity Manager (FIM)

Transform your SAP organization and deliver business value - through IDM-GRC integration and role redesign initiatives PwC

March 18, 2014 9

Section 6 Value Delivered

Example Project Impact

Overall 7 releases 13,007 Users 90% Role Reductions 44% SOD Reduction 2,088 IDM-GRC Requests

Release 7: Europe 1,103 Users 80% Role Reduction 14% SOD Reduction

Release 2: Eastern Europe 2,355 Users 88% Role Reduction 24% SOD Reduction 960 IDM-GRC Requests

Release 4: Ireland 1,125 Users 76% Role Reduction 64% SOD Reduction 431 IDM-GRC Requests Release 6: Middle East 1,636 Users 85% Role Reduction 45% SOD Reduction 109 IDM-GRC Requests

Pilot: Jordan 254 Users 75% Role Reduction 58% SOD Reduction 109 IDM-GRC Requests

Release 5: LAR 5,063 Users 88% Role Reduction 1% SOD Reducation

Release 3: Asia-Pacific 1,725 Users 96% Role Reduction 47% SOD Reduction 588 IDM-GRC Requests Transform your SAP organization and deliver business value - through IDM-GRC integration and role redesign initiatives

PwC

March 18, 2014 29

Section 7 Key Takeaways

Key Takeaways
At this point, you should have an understanding of how:
1. Effective role design and automated provisioning tools deliver value far beyond IT; the business and compliance also benefit. 2. Global templates, tools and processes are possible and value-add for even the largest, most complex organizations. 3. Role design and IdM-GRC can be the catalyst to achieve strategic, organizational goals

Transform your SAP organization and deliver business value - through IDM-GRC integration and role redesign initiatives PwC

March 18, 2014 31

Section 7 Key Takeaways

Questions

Peter M Hobson PwC | Director 646 471 0203 peter.m.hobson@us.pwc.com peter.m.hobson@us.pwc.com

Transform your SAP organization and deliver business value - through IDM-GRC integration and role redesign initiatives PwC

March 18, 2014 32

Tuesday, March 18 10:15 - 11:30 am | Brian Perrotto, PwC Mitigate financial risks and automate the testing of financial controls using SAP Process Control 12:00 pm - 1:15 pm | Jonathan Levitt, PwC Glean greater value from your SAP audits: Its not just about compliance 12:00 pm - 1:15 pm | Sundeep Gupta, PwC Leading practices to manage transfer pricing in SAP with and without the SAP Material Ledger 12:00 pm - 1:15 pm | Peter Hobson, PwC Transform your SAP organization and deliver business value through IDM-GRC integration and role redesign initiatives 4:15 pm - 5:30 pm | Roberta Wang, PwC Effective methods for maintaining compliance with Foreign Corrupt Practice Act (FCPA) 4:15 pm - 5:30 pm | Sundeep Gupta, PwC How to solve overhead cost allocation challenges without the need for enhancements or custom coding Wednesday, March 19 8:30 am - 9:45 am | Prasad Boddupalli, PwC Solve critical asset management challenges utilizing standard SAP integration techniques 11:45 am - 1:00 pm | Raymond Mastre, PwC SAP Security Part 1: A beginners guide to SAP Access Control and fundamental security concepts within SAP ECC

2:30 pm - 3:45 pm | Raymond Mastre, PwC SAP Security Part 2: Advanced concepts for SAP Access Control and SAP ECC security and design Thursday, March 20 8:30 am - 9:45 am | Gordon Roland, PwC Creating controls to monitor purchasing and accounts payable processes in SAP 12:45 pm - 2:00 pm | Ram Gopalakrishnan, PwC Creating a single version of truth: Leading practices for integrating SAP Business Planning and Consolidation with multiple back-end sources

2:34 pm - 4:00 pm | Taylor Hassan, PwC How to successfully use the business rule engine (BRF+) in SAP Process Control to assess system usage and improve system performance
4:15 pm - 5:30 pm | Kyle Lindquist, PwC Designing a chart of accounts that supports fast closes and smoother reporting

4:15 pm - 5:30 pm | Mayur Iyyanki, PwC How to enhance the credit approval process using documented credit decision functionality
Friday, March 21 8:30 am - 9:45 am | Manish Dharnidharka, PwC A step-by-step guide to leveraging Inter-and Intra-company processing in SAP General Ledger

Thank you

Not for further distribution without the permission of PwC The information contained in this document is shared as a matter of courtesy and for information or interest only. PwC has exercised reasonable professional care and diligence in the collection, processing, and reporting of this information. However, data used may be from third-party sources and PwC has not independently verified, validated, or audited such data. PwC does not warrant or assume any legal liability or responsibility for the accuracy, adequacy, completeness, availability and/or usefulness of any data, information, product, or process disclosed in this document; and is not responsible for any errors or omissions or for the results obtained from the use of such information. PwC gives no express or implied warranties, including, but not limited to, warranties or merchantability or fitness for a particular purpose or use. In no event shall PwC be liable for any indirect, special, or consequential damages in connection with use of this document or its content. Information presented herein by a third party is not authored, edited or reviewed by PwC and PwC is not endorsing third parties or their views. Reproduction of this document or recording of its presentation, in whole or in part, in any form, is prohibited except with the prior written permission of PwC. Before making any decision or taking any action, you should consult a competent professional adviser. This document contains information that is confidential and/or proprietary to PricewaterhouseCoopers LLP and may not be copied, reproduced, referenced, disclosed or otherwise utilized without obtaining express prior written consent from PricewaterhouseCoopers in each instance. 2014 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. PwC refers to the United States member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. This document is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.

To learn more, visit www.pwc.com/us/sap

PwC

Disclaimer
SAP, R/3, mySAP, mySAP.com, SAP NetWeaver, Duet, PartnerEdge, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Wellesley Information Services is neither owned nor controlled by SAP.

March 18, 2014 PwC