Professional Documents
Culture Documents
PUBLIC
Agenda
✓ Rapid onset and diversity of risk events and ✓ Digital transformation enabling real-time processes
potential for significant losses that allow for embedded risk and control monitoring
✓ Stakeholder pressure for more reliable ✓ Advances in predictive and machine learning
view of risk tied to company objectives capabilities
✓ Relentless cyber threats and need for protecting ✓ Interconnected landscapes, networks and
sensitive information and building trust resources requiring controlled data sharing
and access
1
pwc.com/us/digitaltrustinsights
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 6
2018 and 2019 are pivotal years for digital trust
From PwC’s “The journey to digital trust”
1
The Economist, Toward defining privacy expectations in an age of oversharing, Aug. 16, 2018
2
pwc.com/us/digitaltrustinsights
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 7
Where are we headed?
Greater automation for the Intelligent Enterprise
Vision: Achieve 50% automation within the digital core in the next 3 years
• Better decisions
with instant, real-time insight
and prediction
• More comprehensive information security and monitoring across AI/ML | IoT | Analytics
hybrid environments
Data Cloud
Management Platform
Insights
Predictive
Insights Predictive Insights
Analytics
and Forward
Insights looking
Machine
Learning Real-time
Detective, Insights
“rear view In process for
Operations mirror” real-time
focused decision
Automation making
Operations Operations
High-Value Tasks
Repetitive Tasks
Automation /
Augmented AI
Machine learning to
reduce mundane
tasks and increase Predictive analytics
business agility to focus more on
outcomes than the past
Digital Core
Relevant and accurate data on which to run
monitoring and compliance checks
https://hbr.org/2018/04/if-your-data-is-bad-your-machine-learning-tools-are-useless
Digital Core
Relevant and accurate data on which to run
monitoring and compliance checks
Organizations
and risks
Machine learning Implement business roles for
Users optimization for assignment updates with risk
business roles and impact analysis
Technical roles,
permissions,
entitlements
Create business roles Reduce complexity for Provide a greater degree of Reduce the number
more closely aligned the role design process accuracy for users and role of roles necessary to
to business process assignments manage access
Historical data
Detect anomalies Identify gaps or Improve the accuracy of Better predict and
earlier to reduce inefficiencies in detection at less cost prevent future
financial loss business processes occurrence
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 19
SAP Enterprise Threat Detection
Refine algorithms to better detect threats
Analyze and
correlate logs Evaluate attack Perform forensic
detection patterns investigations and
High-volume
discover new patterns
processing of
security events
Keep systems secure in a Leverage powerful and flexible Receive actionable alerts in Help prevent damage to your
continuously changing monitoring, detection, and time to neutralize threats to business and reputation
cybersecurity threat environment response capabilities your business-critical asset
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 20
Agenda
Provide a
Provide secure access to Use predictive driven
consolidated view
applications and data across detection of fraud and
through the SAP
cloud and on premise errors in transactions
Leverage dynamic data Automate in-line Digital Boardroom
protection including screening of
masking and logging business partners
Secure access
User and application level security across hybrid landscapes
Imagine
• One single framework, methodology and repository of risk data for the
organization to share
• One report showing risk levels, key risk indicators, incidents and risk responses
• Complete alignment among risk, audit, and compliance teams on critical risks,
responses, gaps and issues
What’s Possible
• Identify unfavorable key risk indicators and take action before the risk exceeds
target levels
• All controls and policies are mapped to risks and regulations to minimize gaps
and redundancies
• On demand reporting of risks by objective, activity, organization and location
Use Cases
• 15% reduction in risk and loss events
• 90% improvement in visibility to risks
• 40% more-efficient risk and control management processes
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 25
Automated monitoring and screening
Imagine
• Real-time screening of third-parties and business partners
• Alerts indicating potential compliance and regulatory violations (anti-corruption, anti-
money laundering, indirect tax compliance)
• Monitoring of specific business processes for potential fraud and errors (T&E, P2P,
O2C)
What’s Possible
• Block risky transactions and business relationships before the fact
• Real-time alerts for immediate investigation and correction
• Create automated controls leveraging monitoring technologies
• Use predictive algorithms to identify new fraud patterns and promote early detection
Use Cases
• 100% of T&E claims now automatically reviewed with exception-based alerts whereas
before only 10% of employee claims were reviewed through manual processes
• Immediate simulation and calibration of new detections methods in 10 seconds
• Comprehensive analysis of and exception reporting on 1 billion data records
searching for duplicate payments
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 26
Embedded controls
Imagine
• Real-time checks and controls embedded in business processes to help ensure
compliance
• Automated, manage-by-exception monitoring to improve business process
performance
• Always-on controls improving reliability and consistency across global operations
What’s Possible
• Hundreds of business rules deployed for exception-based continuous control
monitoring
• Rapid resolution of exceptions and clear visibility of remediation activities
• Shared repository of process risks and controls across all areas
Use Cases
• 75% reduction in manual effort on selected control activities through automation by
using continuous controls monitoring (CCM)
• 1,400 hours saved by automating just 20 controls across organizational units in the
first year
• 800K USD savings in less than 12 months
Imagine
• Uncovering potential access risks (including segregation of duties) in core applications
before they happen reducing the risk of fraud and errors
• Consolidating identity and access management across all users and application
landscapes including single sign-on
• Leveraging fine-grain authorization methods where required
What’s Possible
• Automated and machine learning driven processes for managing segregation of
duties, critical access, business roles, and superuser access
• Self-service and HR triggered workflow-driven access request and approval for
multiple systems
• Fine-grain access rights applied dynamically
• Transaction usage monitoring and near real-time risk alerting and mitigation
Use Cases
• 99% reduction in segregation-of-duties violations
• 50% reduction in cycle time of access management
• 39% reduction in number of composite and single roles
• 80% reduction in IT personnel time required to manage access and SoD controls
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 28
Data protection and privacy
Imagine
• Detect internal and external attacks against your business software landscape
• Protect your company reputation and intellectual property
• Meet regulatory requirements such as GDPR
• Manage personal and sensitive data across landscapes and geographies
What’s Possible
• Real-time monitoring of application-level threats and vulnerabilities
• Identify cyberattacks at the application layer with real-time pattern detection
• Secure files and data using transportable policies and encryption
• Enable sensitive data masking and logging
Use Cases
• Monitor, collect, and correlate all security events to detect security incidents and threats
• Analyze 5.3 billion events per day, 160K events / sec (peak), 160 billion events (total)
with 7.4 TB in-memory data
• Forensic analysis and modeling of new attack detection patterns and dashboards
• Ability to manage complexities of data sharing and data restriction across joint projects
Imagine
• Ability to react immediately to shifting trade regulations and tariffs
• Real-time screening of transactions to avoid doing business with restricted parties
• Driving significant savings through duty reduction and trade agreements
What’s Possible
• Comprehensive trade compliance and automation for all major global trade
requirements including import, export, preference, duties, tariffs, special customs
procedures, and restricted-party screening
• Scale with a true global platform while meeting regional and local requirements
• Streamline communication with brokers or direct e-filing to major Customs systems
Use Cases
• $90 million annual ROI generated from duty savings and suspension, broker savings,
self-filings, and more
• Managing trade across more than 150 plants and warehouses worldwide
• 7.6 million business partners screened with greater uniformity by using a common
approach
• Fewer supply chain disruptions due to automation of trade activities
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 30
Agenda
91% 53%
of enterprise-wide digital include proactive management
transformation include
security and/or privacy
but only… of cyber and privacy risks by
design in the project plan and
personnel as stakeholders budget “fully from the start"
Integrate risk, compliance, and audit to Increasing risk visibility and improving Improve expense management
drive business efficiency and resilience enterprise risk and controls efficiency processes with automated monitoring
Exxaro wanted to boost enterprise-wide Honeywell desired one view of risk and Vodafone wanted to automate and
collaboration across all operations and one source of truth for decision makers become best in class for T&E claims audit
functions for a risk-based approach to
monitor key risks ▪ Utilize automated controls against key ▪ 100% of claims now automatically
processes reviewed with exception-based alerts
▪ 90% improvement in visibility to risks whereas before only 10% of employee
▪ Manage multiple regulatory and
▪ 20% savings in costs through effective compliance initiatives claims were reviewed through manual
risk management and better resource processes
allocation ▪ Improve transparency and insight
▪ Now able to investigate different types
▪ 800K US savings in less than 12 months of errors while still saving costs
▪ 10% reduction in auditing costs
Digital
Platform
Data Cloud
Management Platform
SAP solutions for GRC & Security Practical Tools and Approach SAP Cloud Trust Center
www.sap.com/contactsap
www.sap.com/germany/contactsap
Real-time audits
If you are interested in receiving a copy of this Forrester Wave report, please
contact your SAP Sales Executive.
*The Forrester Wave™: Governance, Risk and Compliance Platforms, Q1 2016 by Renee Murphy, January 22, 2016. The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester
Research, Inc. The Forrester Wave™ is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or
service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change."
“ “
“SAP Global Trade Services lays the foundation for
“SAP is the market share leader of the 2018 effective trade compliance by acting as the single system
worldwide Global Trade Compliance market.” of record for all compliance master data and content.”
Report Published January 2019
”
“When SAP GTS is integrated with SAP Transportation
Management and SAP Event Management, customers
can achieve global visibility and management capabilities
to enable greater end-to-end, compliant supply chains.”
Manage risks, controls, and Manage identities, authorized Protect data, control access, Manage import and export
regulatory requirements in business information access, data use, and detect threats compliance as well as free trade
operations and sharing conditions agreements in global supply chains
Help ensure compliance with
Screen third parties and detect Mitigate access risk violations information security standards Optimize trade utilizing special
anomalies and fraud and monitor financial impact customs procedures such as bonded
Identify vulnerabilities in code warehouses, processing trade in
Provide independent assurance of and remote function call China, and free trade zones in NA
risk and compliance standards (RFC) connections
Manage Intrastat and export
compliance in S/4HANA
✓ SAP Process Control ✓ SAP Access Control ✓ SAP Enterprise Threat Detection ✓ SAP Global Trade Services
✓ SAP Risk Management ✓ SAP Cloud Identity Access ✓ SAP Data Privacy Governance ✓ SAP S/4HANA for international
Governance trade
✓ SAP Audit Management ✓ SAP Data Custodian
✓ SAP Identity Management ✓ SAP Watch List Screening
✓ SAP Business Integrity Screening ✓ SAP Enterprise Digital Rights
✓ SAP Cloud Platform Identity Management by NextLabs
✓ SAP Regulation Management by Provisioning Service
Greenlight ✓ UI masking for SAP
✓ SAP Single Sign-On
✓ UI logging for SAP
✓ SAP Cloud Platform Identity
Authentication Service ✓ SAP NetWeaver AS, add-on for code
vulnerability analysis
✓ SAP Dynamic Authorization
Management by NextLabs ✓ SAP Fortify by Micro Focus
• Driven by the business and focused Business drivers Risks Three lines of defense
on performance Operational L1 L2 L3
Financial Corporate
management
management
Risk appetite
Environmental compliance
increase oversight and avoid
objectives
Human capital
redundancy Manage Aggregate Provide
Reputation operational and independent
• Single source of data shared across Technology
risks and coordinate assurance on
compliance entity-level first and
the enterprise Compliance
in business risk and second lines
operations compliance of defense
• Continuous monitoring and automated Strategic activities
Identify
Link risks, risk drivers, risk
Respond Enterprise indicators, impacts and
Respond to risk after
risk and responses
compliance
balancing costs and benefits
Analyze
Analyze risk via scenarios,
modeling, and other factors
to understand exposure
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 50
SAP Risk Management
Risks defined within the context of value to the organization
Plan
Identify
Analyze
Respond
▪ Document responses
▪ Assign accountability
▪ Launch a workflow-driven response with remediation tracking
▪ Integrate with SAP Process Control and SAP Audit Management
for shared control response
▪ Align risk ▪ Utilize surveys and ▪ Modeling scenarios ▪ Document responses ▪ Analytics and reports
management with charting capabilities such as “Monte including heat maps
▪ Assign accountability
strategies and Carlo”
▪ Aggregate by ▪ Notifications to risk
opportunities ▪ Launch a workflow-
organization category ▪ Determination of owners via
driven response with
▪ Model and align risks inherent, residual, automated alerts and
▪ Identify drivers and remediation tracking
to org structure and planned residual key risk indicators
impacts using the risk
risk levels ▪ Integrate with SAP (KRIs)
▪ Create/leverage risk bow-tie builder
Process Control and
and activity catalogs ▪ “What-if” scenarios ▪ Monitoring of
▪ Prioritize via an SAP Audit
response
▪ Document risk individualized heat ▪ Qualitative and Management for
effectiveness
appetite map quantitative factors shared control
including velocity response ▪ Assessment of
impact on business
objectives
Revenue
functionality and reporting and extended functionality through policy management
• Improved user experience by integrating the renewed user interface with the SAP Fiori® UX
• Engaged Riscomp as a reliable partner for the initial implementation and subsequent support, functional
20%
SFr 255,7 million enhancements, and upgrades Increase in risk and control
management efficiency
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC Studio SAP | 54368enUS (17/10) ǀ This content is approved by the customer and may not be altered under any circumstances. 57
Exxaro: Greater Operational Efficiency with
SAP® Governance, Risk, and Compliance solutions
Company Objectives
Exxaro Resources Limited • Integrate risk, compliance, and audit to drive business efficiency and resilience
• Integrate enterprise and operational risk from one technology platform
90%
Headquarters • Utilize risk platform for compliance, audit, and stakeholder management Improvement in visibility of risks
Pretoria, South Africa
Why SAP
Industry
Mining
• Full end-to-end enablement of governance, risk, and compliance (GRC) processes, which supports the company’s
integrated GRC strategy
20%
Savings in costs through effective risk
• Ability to integrate with existing SAP® software
management and better resource
Products and Services • One integrated dashboard for risk, incident, and issue management
allocation
Coal and heavy minerals mining • Opportunity to automate and monitor controls to increase efficiency
Employees
10,000
Resolution
• Implemented the SAP Risk Management application for a risk-based approach to monitor key risks
• Used the framework in SAP Risk Management to boost enterprise-wide collaboration across all operations and
R10 million
Revenue
R13 billion (US$1.1 billion)
functions
• Worked with CQS Technology to implement the SAP Process Control application and automate controls in key (US$800,000)
business processes Savings in less than 12 months through
Web Site the implementation of
www.exxaro.com Benefits SAP Process Control
• Standardized risk management practices across all functions and disciplines
Partner • Enabled consistent, complete, and proactive coverage of risk planning, identification, analysis, treatment, and
CQS Technology Holdings
www.cqs.co.za
reporting
• Created improved, unified control environment using SAP Process Control 10%
• Moved from manual random sampling of controls to 100% testing coverage Reduction in auditing costs
“SAP governance, risk, and compliance solutions have enabled us to create transparency and accountability at
all layers of Exxaro and gain executive support, which has led to business efficiencies.”
Saret Van Loggerenberg, Manager of Risk and Compliance, Exxaro Resources Limited
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC Studio SAP | 39762 (16/02) This content is approved by the customer and may not be altered under any circumstances. 58
SAP: Speeding GRC control Testing by 90%
with SAP® GRC Solutions
Company Top Objectives
SAP SE • Standardize, automate, and accelerate all governance, risk and compliance (GRC) processes
• Create single, highly transporant source of GRC information
90%
Faster control testing on average
Headquarters • Display thought leadership in enterprise GRC management
Walldorf, Germany
Industry
Resolution
High tech • Implemented the SAP® Process Control; and SAP Risk Management applications company-wide
• Ability to integrate with existing SAP® software
3 FTEs
Products and Services • Integrated them with the SAP Business Integrity Screening application and the SAP Access Control and Redeployed to higher-value activities
Enterprise software and services SAP Customer Relationship Management applications
• Took a phased approach
Employees
87,800 Key Benefits 30%
• Better informed business decisions and mobile risk reporting Gain in report generation efficiency
Revenue
22 billion Euro
• Holistic regulation, process, risk, and control overviews based on a single data source
• Automatic control monitoring of system configuration and data
Web Site
www.sap.com
“SAP solutions for GRC serve as a single source of the truth, enabling decision makers at SAP to efficiently and
holistically manage risk – delivering real value to the business”
Miriam Kraus, Senior VP pf Governance, Risk, and Compliance, SAP SE
Company
ProRail
Objectives
Implement an operational model for effective and efficient use of risk management
Fast
resources 30% less time to run quarterly
Headquarters reports
Simplify the long and complex reporting processes associated with a highly regulated
Utrecht, Netherlands
industry
Ensure compliance with legal requirements and regulations
Industry
Travel and transportation Why SAP Effective
Proven risk management tool set of the SAP® Risk Management application Quality reporting keeps
Products and Services management more informed
Opportunities to cut costs while reducing business risk
Track maintenance and increases accountability
Configuration that allows administration and management by department
Employees Benefits
4,300 ▪ Greater reliability in reporting
Web Site
▪ Better understanding of current risk conditions Transparent
▪ One system with one risk language, reducing reporting needs and time spent in Increased risk and response
www.prorail.nl meetings transparency gives a better
view of risk across the
organization
“SAP Risk Management has helped us transition from being controllers managing risk
to true department leaders. Not only does this make us accountable to one another, it
also makes us more accountable to our stakeholders who rely on this data to make
critical business decisions.”
Dorien Rookmaaker, Risk and Compliance Officer, ProRail
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 29592 (15/02) This content is approved by the customer and may not be altered under any circumstances.
60
SAP Process Control
Help ensure effective controls and on-going compliance
Report Document
Insightful reporting for Single source of truth shared
analysis and accountability across the enterprise
Plan
Planning of focused actions
Evaluate Enterprise
risk and to help ensure timeliness
End-to-end test and issue
compliance
resolution
Report Document
▪ Reports and dashboards ▪ Standardized internal control
▪ Audit trails and change analyses documentation
▪ Sign-off surveys and certification ▪ Sharing of compliance and control
structures across regulations and
Evaluate organizations
▪ User-definable surveys for self- ▪ Collaborative policy maintenance
assessments, control design, and and approval
disclosures
▪ Manual and automated tests of Plan
effectiveness ▪ Selection of scope and test
▪ Workflow-driven evaluations, issue Enterprise strategies
remediation, notifications, and status risk and ▪ Triggering of workflow-driven
reporting compliance performance, assessments, and
tests of effectiveness
Perform and monitor ▪ Defining and scheduling of
▪ Continuous control monitoring of configurations, continuous control monitoring rules
master data, transactions, and related changes ▪ Distribution of policies and related
▪ Automatic routing of exceptions through the surveys
workflow to appropriate users
▪ Manual control performance with collected
evidence available to testers
Document
Plan
Evaluate
Report
▪ Standardized internal ▪ Top-down, risk-based ▪ Continuous control ▪ User-definable surveys ▪ Comprehensive tracking
control environment scoping monitoring with for self-assessments, of evaluations and
documentation ▪ Focused test exceptions routed to control design, and related issues and
▪ Data upload from strategies appropriate user(s) disclosures action plans
provided spreadsheet ▪ Triggering of workflow ▪ Support for monitoring ▪ Manual tests of ▪ Reports and
tool tasks for performing configurations, master effectiveness based on dashboards that can be
▪ Definition and sharing of manual controls data, transactions, and test plans personalized by users
data across multiple change logs ▪ Automated tests of ▪ Audit trails and change
▪ Creation and
regulations scheduling of ▪ Multiple data source effectiveness based analyses
▪ User roles assigned at continuous control types including reports, upon business rules ▪ Reporting tools from
the data object level monitoring rules queries, and ▪ Management of ad hoc SAP BusinessObjects
configurable tables and evaluation-based BI suite for use with
▪ Manual control ▪ Distribution of policies
performance steps and and related surveys ▪ User-definable issues and remediation GRC solutions
due dates business rule ▪ Comprehensive ▪ Sign-off surveys and
parameters and workflow, notifications, certification
▪ Master data approval deficiency levels
workflow and status reporting
>200
Company Objectives
Eli Lilly and Company • Create a central global repository across business units while helping the finance group reduce the number of
controls Business rules deployed for exception-
Headquarters • Eliminate disparate and regionalized manual work by control owners based continuous control monitoring
Indianapolis, Indiana • Maximize scalability, consistency, and reliability of control performance and compliance reporting (CCM)
• Implement an automated, manage-by-exception, self-documenting monitoring process to reduce internal control
Industry efforts and improve business process performance
Life sciences
Why SAP
75%
Reduction in manual effort on selected
Products and Services • Ability to integrate across 14 systems in the global SAP® solution landscape control activities by managing by
Development, manufacture, • Positive experiences with legacy SAP solutions across the company exception using CCM
and sale of medicines • Easy entry and lower total cost of ownership
Employees
41,000
Resolution
• Implemented the SAP Process Control application across 72 countries, including four regional shared-service 80%
centers and three outsourcing hubs Estimated reduction in time required for
Revenue • Integrated with the SAP Access Control application to automate controls over segregation of duties CCM business rule creation and
US$20 billion • Adopted new business rule parameter functionality to maximize reuse of business rules maintenance
Better
"With SAP Process Control, we have saved time and money through automation. Most important, we Consistency and completeness of
have freed up resources to focus on higher-value activities for Lilly.” control performance, helping streamline
Emily Swaim Damson, Security and Controls Lead, Eli Lilly and Company processes and support audits
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC Studio SAP | 45007 (16/11) This content is approved by the customer and may not be altered under any circumstances. 69
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
Exxaro: Greater Operational Efficiency with
SAP® Governance, Risk, and Compliance Solutions
Company Objectives
Exxaro Resources Limited • Integrate risk, compliance, and audit to drive business efficiency and resilience
• Integrate enterprise and operational risk from one technology platform
90%
Improvement in visibility of risks
Headquarters • Utilize risk platform for compliance, audit, and stakeholder management
Pretoria, South Africa
Industry
Why SAP
• Full end-to-end enablement of governance, risk, and compliance (GRC) processes, which supports the 20%
Mining company’s integrated GRC strategy Savings in costs through effective
• Ability to integrate with existing SAP® software risk management and better
Products and Services • One integrated dashboard for risk, incident, and issue management resource allocation
Coal and heavy minerals mining • Opportunity to automate and monitor controls to increase efficiency
Revenue
• Used the framework in SAP Risk Management to boost enterprise-wide collaboration across all operations and
functions
(US$800,000)
R13 billion (US$1.1 billion) • Worked with CQS Technology to implement the SAP Process Control application and automate controls in key Savings in less than 12 months
business processes through the implementation of
Web Site SAP Process Control
www.exxaro.com Benefits
Partner
• Standardized risk management practices across all functions and disciplines
• Enabled consistent, complete, and proactive coverage of risk planning, identification, analysis, treatment, and 10%
CQS Technology Holdings reporting Reduction in auditing costs
www.cqs.co.za • Created improved, unified control environment using SAP Process Control
• Moved from manual random sampling of controls to 100% testing coverage
“SAP governance, risk, and compliance solutions have enabled us to create transparency and accountability at all
layers of Exxaro and gain executive support, which has led to business efficiencies.”
Saret Van Loggerenberg, Manager of Risk and Compliance, Exxaro Resources Limited
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC Studio SAP | 39762 (16/02) This content is approved by the customer and may not be altered under any circumstances. 70
GSK Vaccines: Easing Compliance with SAP® Process Control
Company Objectives
GlaxoSmithKline Vaccines Implement a single and integrated solution to support a strong control framework, Over 1 million
aligning on the company’s risk mitigation needs and business objectives SAP software transactions generated daily
Headquarters Implement robust IT-controls and compliance processes for Life Science, data within scope
Rixensart, Belgium privacy, and financial regulations (including SOx)
Shift to a more pro-active than reactive control management
Industry
Life sciences – pharmaceuticals
Why SAP
Smooth
Integration of the SAP® Process Control application with SAP software already used
Products and Services
Vaccines
to run company’s major business processes implementation
Single, integrated GRC solutions and landscape simplification Finishing within budget in
Web Site Multi-compliance functionality and ability to support master data quality control six months
www.gsk.com
Benefits
Increased internal control monitoring efficiency
Quicker action and resolution of issues Automation and
Transparency and trust in internal controls and compliance for GSK-Vaccines
stakeholders and external auditors
Streamlined process to manage master-data quality
monitoring of
controls wherever
“We wanted a single and integrated solution for ensuring the effectiveness of our internal
control process, and that’s exactly what we found in SAP Process Control.”
possible
Christophe Louis, IT Project Manager, GlaxoSmithKline Vaccines
Delivering growing efficiencies
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC CMP20704 (13/12) 71
Achieving Effective Controls and Continuous
Compliance with SAP® Process Control
Company Top objectives
Hindustan Zinc Limited Ensure best-practice business process controls to minimize risk, enhance efficiency, and meet
regulatory and statutory requirements
30%
Lower auditing costs
Headquarters Maintain effective and transparent control of security and processes
Udaipur, India Achieve audit efficiency and reduce total cost of ownership
Industry
Resolution
50%
Mining, mill products – primary Faster completion of the
Implemented the SAP® Process Control application and integrated with the existing SAP ERP audit cycle
metals
application
Streamlined the compliance structure across all divisions, plans, and the corporate office
Products and Services
Producer of zinc, lead, silver,
Configured associated workflows with process control roles, responsibilities, and activities 50%
and cadmium Fewer manual reports
Key benefits
Employees Continuous monitoring to better manage control configurations
6,000 Automated and standardized process compliance, simplifying processes, reducing errors and
omissions, and cutting costs
40%
More-efficient risk and
Revenue Paperless compliance with the Sarbanes-Oxley Act control management
Rs 136.35 billion (US$2.23 billion) Better visibility and transparency into compliance management processes
Web Site
www.hzlindia.com
“SAP Process Control provides a single source of truth, helping top management
Partner make effective, risk-based decisions at any time, which adds considerable value to
KPMG Advisory Services Pvt. Ltd. our company. We have also been able to strengthen our compliance process through
www.kpmg.com
automated and continuous management of internal controls.”
Mrs. Vijaya Gupta, Deputy Chief Financial Officer, Hindustan Zinc Limited
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 32733 (14/09) This content is approved by the customer and may not be altered under any circumstances. 72
SAP: Greater Digital Compliance with SAP® Process Control and
SAP S/4HANA
More
Company Objectives
SAP SE • Create exception-based business-process compliance monitoring using automated controls
• Analyze 1 billion data records from multiple data sources, which cannot usually be done in one step Analytical breadth to
Headquarters • Make use of Big Data analytic capabilities address high-risk areas
W alldorf, Germany
Faster
Why SAP
Industry • Ability to more easily design queries, conditional filters, and complex calculations using SAP HANA® platform
High tech calculation views
Analysis of and exception
• No limitations on the number of joins, conversions, and conditional filters reporting on 1 billion data
Products and Services • Ability to analyze 1 billion data records in just 11.2 seconds records
Enterprise software
and services Resolution
Employees
• Implemented the SAP® Process Control application integrated with the SAP S/4HANA suite
• Created additional query and filter logic required to support exception-based monitoring Better
77,000 Calculations and filtering to
Benefits focus on exceptions with high
Revenue • High-performance analysis without any negative source-system impact business impact
€6.34 billion • High-volume data analysis of complex control structures
• Control management by exception
Web Site
www.sap.com
”Data is our digital currency. Smart control design, combined with high-performance analytic capabilities
utilizing SAP S/4HANA as our digital core, is the key to successfully supporting our business to achieve
digital compliance.”
Miriam Kraus, Senior VP – Global Governance, Risk, and Compliance, SAP SE
Members
Future plans
• Better-informed business decisions and mobile risk reporting 30%
68,800 • Holistic regulation, process, risk, and control overviews based on a single data source Gain in report generation
• Automatic control monitoring of system configuration and data efficiency
Web Site
www.sap.com
“SAP solutions for GRC serve as a single source of truth, enabling decision makers at SAP to
efficiently and holistically manage risk – delivering real value to the business.”
Revenue
functionality and reporting and extended functionality through policy management
• Improved user experience by integrating the renewed user interface with the SAP Fiori® UX
• Engaged Riscomp as a reliable partner for the initial implementation and subsequent support, functional
20%
SFr 255,7 million enhancements, and upgrades Increase in risk and control
management efficiency
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC Studio SAP | 54368enUS (17/10) ǀ This content is approved by the customer and may not be altered under any circumstances. 75
SAP Regulation Management by Greenlight
SAP Process Control
Report Intake
Demonstrate comprehensive Maintain authoritative sources
auditability of regulatory compliance for multiple regulatory alerts
and mandates
Evaluate
Monitor Identify and address
Align compliance requirements compliance gaps to meet new
with operational activities and Enterprise or changed regulatory
automate testing of controls risk and requirements
compliance
Collaborate
Establish accountability and
unify requirements and controls
across operations and
compliance stakeholders
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 76
SAP Regulation Management
Maintain authoritative sources for multiple regulatory alerts and mandates
Intake
Evaluate
Collaborate
Monitor
Report
▪ Single authoritative ▪ Data ownership and ▪ Regulatory impact risk ▪ Alignment of compliance ▪ Demonstration of the
source for intake of accountability by assessments requirements with comprehensive
regulatory alerts and providers, themes, and ▪ Workflow initiation and operational activities and regulatory process and
mandates organizational delegation of actual, automation of controls accountability
▪ Integration of multiple structures articulated, and testing ▪ Flexible dashboards,
internal and external ▪ Evaluation of internally created ▪ Action planning and graphs, and charts
data sources implementation impact requirements tracking ▪ Compliance memo
▪ Single catalog of by assets, against ▪ Action plans, ▪ Workflow user reporting templates
comprehensive policies and operational assessments, and management and
risks ▪ Extractable data sets
regulatory data: press surveys regulatory data tracking into XLS and CSV files
releases, regulatory ▪ Review of new and ▪ Regulatory risk register
mandates through to existing regulations, integrations down to
enforcement implementation process, control, and
announcements projects, and action policy
plans
▪ Implementation project
Gantt plan tracking
Set-up
Define detection strategy
Investigate Enterprise through simulation and
Manage alert workload with risk and calibration
efficient evaluation, qualification compliance
and remediation of issues
Detect
Execute mass and real-time
detection and stop anomalies
or irregular transactions
Design
Set-up
Detect
Investigate
Analyze Performance
▪ High-performance ▪ Define detection ▪ Mass screening and ▪ Comprehensive alert ▪ Real-time performance
application strategies based on detection in real- management with analytics and
architecture fine granular criteria time leveraging SAP advanced inquiry and management reporting
HANA technology analysis features for better informed
▪ Predictive insight ▪ Define screening
decisions and timely
and more intuitive strategies for ▪ Fully integrated bi- ▪ Collaborative and faster
action
design business partners directional investigation and intuitive
processing capture of findings ▪ Monitor and optimize the
▪ Real-time
quality of investigation
simulations and ▪ One-click resolution for
calibration of simpler screening alerts
strategies (business partners)
▪ Effective remediation of
irregularities – leverage
the integration with SAP
Process Control (optional)
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 89
BSH: Identifying High-Risk Transactions with
SAP® Fraud Management powered by SAP HANA® (original solution name)
Company Objectives
BSH Home Appliances Group • Comply with internal guidelines and German and international regulations for incoming and
outgoing payments Real-time
Headquarters • Increase automation and speed of transaction screening Payment run screening
Munich, Germany • Identify high-risk transactions in relevant risk areas
• Manage alerts effectively
Industry • Minimize disruption of business
Consumer products
Why SAP
Faster
Processing time
Products and Services • SAP® Fraud Management application powered by SAP HANA®, part of SAP solutions for of high-risk transactions
Brands include Bosch, Siemens, governance, risk, and compliance
with automated workflow
Gaggenau, Neff, Thermador, • SAP HANA platform, which has high-volume and real-time processing capabilities
Constructa, Viva, Ufesa, Junker, • SAP HANA Enterprise Cloud service, which allows for minimal impact on IT and faster
Zelmer, Balay, Pitsos, Coldex implementation
Headquarters or Location
detection and investigation
Protect the company from financial loss due to fraud and address
On time
All project deliverables were
Walldorf related audit findings accomplished in time and within
Dispose of powerful analysis and detection optimization capabilities in budget
Industry the context of multiple systems and growing volumes of data.
High Tech
“ SAP Business Integrity Screening has already reduced our audit preparation time significantly and
provided tangible business and audit results in seconds instead of days. ”
Thomas Bamberger, Chief Audit Executive, SAP Group
Engagement planning
Communicating results
Monitoring Progress
Company Objectives
Tata Steel Europe Support the audit process of the multilingual audit department operating in multiple locations end to end Reduced
Improve audit efficiency, effectiveness, and timeliness Administrative effort in the
Headquarters Reduce the overall cost of the audit audit process
IJmuiden, The Netherlands
Why SAP
Industry
Mill products – steel production
Analytics solutions based on the SAP HANA® platform and cloud enabled through the SAP HANA Lower
Enterprise Cloud service Up-front investment to set
Risk-based, mobile functionality that alleviates paper-based workloads and audit planning and increases up the audit process
Products and Services productivity
Steel SAP HANA Enterprise Cloud as an innovation accelerator with a focus on enterprise-wide issues and
Employees
tomorrow’s opportunities Increased
Productive audit time
30,000 Resolution
Integrated the SAP® Audit Management application into the SAP software landscape
Web Site
www.tatasteel.com
Established a basis for easy, fast access to the latest technology and related up-to-date knowledge More
Consistency between
Benefits documentation, auditing,
Improved transparency reporting, and QA
Reduced total staff time and manual effort per engagement processes
Increased audit coverage by using embedded analytics
Gained new opportunities through better understanding of the business based on Big Data analytics
“SAP Audit Management allows us to focus more on auditing and less on administration. Big Data analytics
opens up a number of new opportunities for us to look at information in different ways, thereby helping
transform our business and unlock value.”
Willem Ypma, IT Audit Manager, Tata Steel Europe
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 41807 (15/12) This content is approved by the customer and may not be altered under any circumstances. 99
SAP Runs SAP: Transforming Audits and Moving Beyond Assurance
Company Objectives
SAP SE Implement an audit management solution covering entire audit lifecycle Reduced
Administrative effort covering
Headquarters Improve audit efficiency and reduce overall cost of ownership the entire audit lifecycle
Walldorf, Germany Elevate audit impact with technology-based insight into business risks
Industry
High tech
Why SAP Increased
Support for a shift from periodic to continuous assurance through integration of audit Productivity by using intuitive
processes with the SAP® Risk Management application and the SAP Business Integrity user interfaces and
Products and Services Screening application technology
Business software applications
and services Analytics solutions from SAP and the SAP HANA® platform to focus on enterprise-level
Employees
issues and opportunities today and tomorrow
Software, risk-based tools, and mobile functionality to improve working paper
Simplified
Use by developing a
74,400 management, audit planning, and productivity solution for auditors by
auditors
Web Site Benefits
www.sap.com Gained transparency of audit engagements
Reduced total staff time and manual effort per engagement
Increased audit efficiency and expanded audit coverage by leveraging Big Data
Shifted from assurance to advisory engagements by using analytics
Achieved stronger stakeholder relationship
“SAP Audit Management is an integrated application with a new user interface that helps corporate audit
to manage the entire audit lifecycle efficiently while supporting our mission to be a trusted advisor to
executive management.”
Thomas Bamberger, Chief Audit Executive, SAP SE
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 100
Access governance Attribute based access Access
Digital identity enabled enterprise governance
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 101
SAP Access Control
Manage access risk
Provision users
Automate access
Certify authorizations Access
administration for enterprise
Certify that access governance applications
assignments are still
warranted
Maintain roles
Define and maintain roles in
business terms
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 102
SAP Access Control
Find and remediate segregation of duty (SoD) and critical access violations
Analyze risk
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 103
SAP Access Control
Automate access administration for enterprise applications
Manage access
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 104
SAP Access Control
Define and maintain roles in business terms
Maintain roles
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 105
SAP Access Control
Certify access assignments are still warranted
Certify authorizations
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 106
SAP Access Control
Monitor emergency privileges and transaction usage
Monitor privileges
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 107
SAP Access Control
Key features for end-to-end access management
Analyze risk Manage access Maintain roles Certify authorizations Monitor privileges
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 108
Fiat India: Strengthening control and governance and
minimizing access risk with SAP® Access Control
Company Objectives
Become better informed about best practices for remediation and mitigation of access risk
Fiat India Automobiles Private
Limited (FIAPL) Adapt segregation-of-duties (SoD) rules to meet company’s needs 90%
Proactively identify risks prior to user provisioning Fewer SoD violations
Headquarters
Pune, Maharashtra, India Why SAP
Industry
Central repository for mitigation controls
Flexible and scalable role management framework
50%
Less cycle time for access
Automotive Comprehensive documentation of role management activities for audit purposes management
Web Site
Future plans
Grow with and adapt to changes, thanks to future-proof, scalable technology
Lower
Cost of compliance
www.fiat-india.com Encourage and empower employees with enhanced self-services
Improve monitoring and analysis or risks and controls with one-click access to dashboards and reports
Partner
Robert Bosch Engineering and
Business Solutions Private Ltd.
(RBEI)
www.bosch-india-software.com “With SAP Access Control, we now have real-time visibility into our current risk position, so
we can proactively manage and reduce risk. We can document authorizations and controls in
place, harmonize access administration, and enforce our scalable user-access governance
framework across the entire organization.”
Vishwajay Chakravarty, Vice President, Information Systems and Technology, Fiat India Automobiles Private Limited
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 39848 (15/08) This content is approved by the customer and may not be altered under any circumstances. 109
Wheels India: Improving Access Risk Management and Role
Management with SAP® Access Control
Company
Wheels India Limited
Objectives
• Analyze access risks 60%
• Build customized segregation-of-duties (SOD) rule sets Reduction in SOD
Headquarters
• Access risk remediation and mitigation consulting violations for each role
Chennai, Tamil Nadu, India
• Analyze, design, and optimize business roles
Industry
Why SAP
• SAP® Access Control application for proactive identification of access risks at the user and role levels
50%
Automotive Decrease in access
prior to provisioning management cycle time
Products and Services
• Ability to maintain a centralized repository of mitigation controls
Steel wheels and other
• Documentation of access risks and controls for audit purposes
auto components
• Visibility and auditability of superuser access
• Harmonized user access administration process 30%
Employees
• Streamlined role management process with a flexible framework Fewer composite and
• Self-service with all the controls in place for gaining access single roles
3,800
• Elimination of paper access forms, promoting environmentally conscious IT
Revenue
Resolution
Rs 2,000 crore
(US$301 million)
• Worked with Robert Bosch in India to deploy SAP Access Control
• Customized the SOD rule set tailored to the Wheels India business
Web Site
Benefits
www.wheelsindia.com
• 90% fewer access risks, through role redesign and SOD consulting
Partner
• More efficient mitigation controls through a centralized repository
Robert Bosch Engineering
• Flexible and scalable role management framework with standard naming conventions
and Business Solutions
• Overview of key access risks and controls, through one-click reports and dashboards
www.bosch-india -software.com “We have a more transparent environment thanks to SAP governance, risk, and compliance solutions,
and we are better informed about SOD violations. It is easier to identify, categorize, mitigate, monitor,
control, and report risks in our business processes.”
V.R. Indarsarath, Vice President – IT, Wheels India Limited
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC Studio SAP | 44159 (16/05) This content is approved by the customer and may not be altered under any circumstances. 110
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
Hinduja Global Solutions: Creating a More Transparent
Environment with SAP® Access Control
Objectives
Company
HGS Ltd.
• Analyze and mitigate access risks
• Build a custom rule set for segregation of duties
• Analyze, design, and optimize business roles
99%
Headquarters Reduction in segregation-of-
Bangalore, India duties violations
Why SAP
Industry
• World-class functionality in the SAP® Access Control application
• Trusted industry leader
Professional services
• Ability to customize the software for the company's needs 50%
Products and Services Reduction in cycle time of
Business process
Resolution access management
Implemented SAP Access Control
outsourcing and
call center services
Benefits
• Created a custom rule set for segregation of duties tailored to HGS’s needs
39%
Employees Reduction in number of
28,000
• Established a central repository for mitigation controls
composite and single roles
• Built a flexible and scalable role-management framework with standard naming conventions
Revenue
• Gained access to one-click reports and dashboards to get an overview of key access risks and controls
US$458 million
Web Site
www.teamhgs.com
“With SAP Access Control, it is easy to be informed about segregation-of-duties violations and
Partner mitigated risks, which helped us to create a more transparent environment. The application
Robert Bosch Engineering and provided an easy way to identify, categorize, mitigate, monitor, control, and report on risks in
Business Solutions Private Ltd. our business processes.”
www.bosch-india-software.com Subramanya C, Chief Technology Officer, HGS Ltd.
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC Studio SAP | 40010 (16/03) This content is approved by the customer and may not be altered under any circumstances. 111
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
Treating governance and compliance strategically with
SAP® Access Control
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 112
Automating authorization management with SAP® Access Control
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 113
SAP Cloud Identity Access Governance
Simple, seamless, and adaptive
Role design
Access Optimize role definition and
Access certification* streamline governance
Review access, role, risk, and governance
mitigation control
Access request
Optimize access, workflow,
Planned*
policy-based assignment, and
processes
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 114
SAP Cloud Identity Access Governance, access analysis service
Analyze access, refine user assignments, manage controls
Access analysis
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 115
SAP Cloud Identity Access Governance, role design service
Optimize role definition and streamline governance
Role design
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 116
SAP Cloud Identity Access Governance, access request service
Optimize access, workflow, policy-based assignment, and processes
Access request
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 117
SAP Cloud Identity Access Governance, access certification service
Review access, role, risk, and mitigation control
Access certification*
*Planned
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 118
SAP Cloud Identity Access Governance, privileged access management service
Account-based access, log consolidation, and review with automated log assessment for fraud
*Planned
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 119
SAP Cloud Identity Access Governance
Feature overview
▪ Delivers insight into ▪ SAP Fiori-based, ▪ Self-service access ▪ Automate periodic ▪ Administration of
segregation of duties bottoms-up business request forms with access reviews privileged user
(SoD) and critical access role design and role built-in guides and ▪ Enable reviews specific accounts
for on-premise and cloud refactoring data-driven filters to organizational needs ▪ Temporary use of
solutions
▪ Ability to assure ▪ Auditable access ▪ Support large-scale elevated permissions
▪ Provides configurable and business role request workflow reviews ▪ Integrated session
predefined access policies compliance with ▪ Integrated, compliant ▪ Manage the review tracking
and rules organizational policies user provisioning process ▪ Workflow-based
process ▪ Access data-driven activity review
▪ Enables refinement of ▪ Integrated
▪ Native integration views for the review
assignments to optimize reconciliation process
with cloud apps process
user access for security to help ensure
and compliance consistency of
business roles
▪ Allows management of
controls including ▪ Ability to smoothly link
integrated control access analysis and
monitoring and testing role design
▪ Enables preconfigured
audit reporting *Planned
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 120
SAP Dynamic Authorization Management application by NextLabs
Enhancing security for data and business applications
Access
Prevent violations governance Secure access
Minimize fraud; prevent Use consistent and on-the-
compliance and security fly access enforcement with
violations dynamic authorization
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 121
SAP Dynamic Authorization Management
Automated enforcement of data and application security controls
Automate controls
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 122
SAP Dynamic Authorization Management
Enforce policy decisions consistently and on-the-fly
Secure access
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 123
SAP Dynamic Authorization Management
Prevent fraud, compliance, and security violations
Prevent violations
▪ Automatically incorporates business rules and policies and applies them from a
central system
▪ Real-time contextual information prevents users from accessing unauthorized
information
▪ Integrates with SAP Access Control segregation of duties (SoD) rule set to
prevent violations
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 124
SAP Dynamic Authorization Management
Monitor data and application activity and streamline business processes
Gain insight
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 125
SAP Dynamic Authorization Management
Key features for attribute-based access control
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 126
SAP Access Violation Management application by Greenlight
Access control solution extension
Report Extend
Summarize financial Extend the capabilities of
exposure due to SoD SAP Access Control across
violations enterprise systems
Access
governance
Monitor Notify
Correlate business Notify business owners
transactions to users to when SoD violations are
identify materialized SoD executed
violations
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 127
SAP Access Violation Management
Access control solution extension
Extend
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 128
SAP Access Violation Management
Access control solution extension
Notify
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 129
SAP Access Violation Management
Access control solution extension
Monitor
▪ Act on, document, and close risks in a centralized, consistent, and effective
approach across business units, processes, and geographies
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 130
SAP Access Violation Management
Access control solution extension
Report
▪ Articulate the financial exposure that access risk has on business areas
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 131
SAP Access Violation Management
Key features for end-to-end access violation management
▪ Extend the capabilities of ▪ Eliminate manual reviews ▪ Identify materialized risks ▪ Summarize and report
SAP Access Control across and facilitate business through 100% transaction financial dollar value of SoD
enterprise systems involvement through monitoring in the business violations
notifications only when applications
▪ Report who could perform ▪ Articulate the financial
SoDs materialize
critical or SoD activities ▪ Act on, document, and close exposure that access risk has
▪ Use notifications to allow risks in a centralized, on business areas
▪ Prevent risks through
business reviewers to consistent, and effective
simulation of changes prior ▪ Uncover violator trends and
directly access the approach across business
to provisioning access at-risk applications or
transactional risk details units, processes and
business processes
▪ Ensure clean roles through geographies
▪ Issue reminders and
critical access and SoD
escalation notifications ▪ Provide an online,
monitoring
streamlined SoD mitigation
▪ Conduct comprehensive and process
automated periodic SoD and
user access reviews
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 132
Simplifying SoD management with SAP Access Control
and SAP Access Violation Management
Web Site
www.sharpUSA.com
Key benefits
Automation that reduced manual efforts for managing access governance and SoD
procedures across the enterprise
33%
Increase in the number of systems
Reduction in external audit costs managed by SAP Access Control
Reduction in the IT security team – from five employees to one
“The synergy between system solutions and procedure and technology and humanity
empowers and frees companies to focus on core business functions. Leveraging innovative
solutions like SAP Access Control and SAP Access Violation Management allows Sharp to do
more and maximize resources.”
Wyatt MacManus, Associate Director, Information Security, Sharp Electronics Corporation
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 33633 (14/10) This content is approved by the customer and may not be altered under any circumstances. 133
Citrix: Proactively Addressing Enterprise Wide Access
Compliance with SAP Access Violation Management
Company Objectives
Citrix Systems Inc.
Headquarters
Maintain security principals to standardize, automate, and provide the ability to scale as the company enables and adopts
new cloud technologies including SAP solutions, SAP Ariba solutions, and Concur solutions
Provision and analyze transaction and user activities across SAP and non-SAP business applications to proactively detect
8–10 week
Implementation, which could be
Ft. Lauderdale, Florida and minimize risks completed in parallel with other
Automate the workflow related to role provisioning and monitoring with controls to protect the company activities and allowed Citrix to
Industry Eliminate manual touch points related to provisioning and monitoring, automating where possible standardize, automate, and scale
High tech Centralize information and governance, and proactively mitigate segregation-of-duties (SoD) violations
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 46417 (16/09) This content is approved by the customer and may not be altered under any circumstances. 134
Jabil Circuit: Monitoring Users with 95% Less Data Review
with SAP Access Violation Management by Greenlight
Company Objectives
Jabil Circuit Inc.
Headquarters
Monitor segregation-of-duty (SoD) compliance continuously without manual intervention
Introduce 100% transactional monitoring for configured controls.
Identify the number of users with access authorization bearing high SoD risk
50%
Reduction in SoD risk
St. Petersburg, Florida
Why SAP
Industry
Professional services –
manufacturing
The SAP Access Violation Management application by Greenlight for support to identify and remediate SoD
violations in real time
Certified integration with other SAP software for support of all future enhancements
6-month
Implementation
Support for SAP Access Violation Management that is consistent with support provided for other SAP solutions
Products and Services
Electronics manufacturing
services
Resolution
Implemented risk analysis, user access management, and access control process management
Prioritized controls based on impact to the business
More
Frequent reporting
Employees Implemented rapidly, helping Jabil manage SoD assignments proactively
161,000 Not all controls can be implemented into SAP Access Violation Management
Revenue Benefits
Moved from quarterly to continuous monitoring of user access risks
Improved
US$18 billion (2016) Efficiency
Reduced dramatically the volume of data reviewed by looking at exceptions instead of the entire population of more
than 15,000 users
Web Site
Included a newly acquired company in the automated control process
www.jabil.com
Provided the external auditor with user access audit reports from SAP Access Violation Management
“By focusing on actual SoD events rather than possible SoD events, we reduced the amount of data
we have to review by 95%. With more than 15,000 users in our monitoring scope, SAP Access
Violation Management has significantly increased our efficiency.”
Roberto Bayon, Senior Director of Finance, Jabil Circuit Inc.
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 47611 (16/11) This content is approved by the customer and may not be altered under any circumstances. 135
SAP Single Sign-On
Secure authentication, single sign-on and more
Landscape Security
Productivity
Enable secure
Enable end users to focus
communication with
on business tasks instead of
certificate lifecycle
manual authentication
management and encryption
Access
Simplicity governance Secure Authentication
Quickly implement a Reduce exposure to cyber
foundation for secure access attacks by mitigating the
and extend it over time risks of insecure passwords
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 136
SAP Single Sign-On
Secure authentication, single sign-on and more
Productivity
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 137
SAP Single Sign-On
Secure authentication, single sign-on and more
Secure Authentication
Simplicity
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 139
SAP Single Sign-On
Secure authentication, single sign-on and more
Landscape Security
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 140
SAP Single Sign-On
Secure authentication, single sign-on and more
Simplify
Provide optimal user
experience and easy to
consume self services
Integrate
Seamlessly integrate with
existing infrastructure Access
and applications Governance Protect
Reduce exposure to cyber
attacks with flexible
configuration for strength of
authentication
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 142
SAP Cloud Platform Identity Authentication Service
Single sign-on for cloud- and hybrid-scenarios
Integrate
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 143
SAP Cloud Platform Identity Authentication Service
Single sign-on for cloud- and hybrid-scenarios
Simplify
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 144
SAP Cloud Platform Identity Authentication Service
Single sign-on for cloud- and hybrid-scenarios
Protect
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 145
SAP Cloud Platform Identity Authentication Service
Single sign-on for cloud- and hybrid-scenarios
▪ Seamlessly integrate into existing ▪ One login to access numerous ▪ Various authentication options
user stores Cloud applications from username/password,
Kerberos/SPNEGO to delegated
▪ Interoperate with applications ▪ Single sign-on across SAP- and
login via social or corporate IdP
supporting the SAML- or OpenID non-SAP applications
Connect- standard ▪ Configurable password policies
▪ Convenient user self services
▪ Identity federation with corporate reduce TCO for administrative ▪ Two-factor authentication
identity providers tasks
▪ Risk-based authentication for
▪ Conditional authentication flow to ▪ User profile to edit user details, flexible adjustment of strength of
allow different authenticating change password, activation of authentication
authorities based on email mobile devices (for 2FA) and to
▪ User group assignment as an
domain, user type or group ensure right of information for
option for access control
membership user’s personal data
▪ Users authenticated with Microsoft ▪ Responsive UIs and multi-
Active Directory enjoy single sign- language support
on to cloud applications without
re-authentication
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 146
SAP Cloud Platform Identity Provisioning Service
Identity Lifecycle Management for SAP’s cloud applications
Protect
Integrate
Prevent risks due to
Quickly adopt new
excessive access rights and
business processes across
segregation-of-duties
multiple applications
violations
Access
governance
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 147
SAP Cloud Platform Identity Provisioning Service
Identity Lifecycle Management for SAP’s cloud applications
Integrate
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 148
SAP Cloud Platform Identity Provisioning Service
Identity Lifecycle Management for SAP’s cloud applications
Protect
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 149
SAP Cloud Platform Identity Provisioning Service
Identity Lifecycle Management for SAP’s cloud applications
Integrate Protect
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 150
SAP Identity Management
Covering the entire identity lifecycle, business-driven and compliant
Access
governance
Promotion / New Position Substitution
Are permissions automatically Who has adequate permissions
adjusted if someone is to fill in for a co-worker?
promoted to a new position?
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 151
SAP Identity Management
Covering the entire identity lifecycle, business-driven and compliant
Hiring
▪ From the first day in a new company, an employee is able to log on to all
relevant systems, including access to employee self-services, SAP systems, as
well as personalized email account
▪ Several phases can happen in a custom-defined sequence:
▪ After the HR-agent ensures that all necessary employee data is available, such as position and
entry date, the personal data will be extracted to SAP Identity Management, event based and
triggered by the entry date
▪ SAP Identity Management automatically provisions the user data and assignments of business
roles to all relevant connected systems based on the employees position noted in HCM
▪ Manager approval is optional and workflow driven
▪ On the first day of work, the provisioning of role and authorization information to relevant target
systems has been done and the new employee can start to work
▪ Identities are stored centrally throughout the system landscape
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 152
SAP Identity Management
Covering the entire identity lifecycle, business-driven and compliant
Substitution
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 153
SAP Identity Management
Covering the entire identity lifecycle, business-driven and compliant
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 154
SAP Identity Management
Covering the entire identity lifecycle, business-driven and compliant
Resignation / Termination
▪ When employees leave the company it is important to make sure that all access
is removed for the particular employee immediately
▪ User IDs will be blocked, locked or deleted in all connected systems based on
the event trigger from HCM and with this the user account is disabled
▪ Flexible workflow definitions can ensure that the user name is also
removed from address directories
▪ Auditing is still possible because user IDs will not be removed from logs
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 155
SAP Identity Management
Covering the entire identity lifecycle, business-driven and compliant
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 156
Cybersecurity and data protection Cybersecurity and
data protection
Data
Security
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 157
SAP Enterprise Threat Detection
Effectively identify and analyze threats
Integrate Analyze
Integration of SAP and non- Efficiently enrich, analyze,
SAP log data and correlate logs
Cybersecurity
and data
Investigate
protection Evaluate
Forensic analysis and Automatically evaluate attack
modeling of existing and detection patterns with real-
new attack detection time alerting
patterns and dashboards
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 158
SAP Enterprise Threat Detection
Effectively identify and analyze threats
Analyze
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 159
SAP Enterprise Threat Detection
Effectively identify and analyze threats
Evaluate
▪ Evaluate paths and develop new patterns for analysis in the Forensic Lab
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 160
SAP Enterprise Threat Detection
Effectively identify and analyze threats
Investigate
▪ Dashboard in Forensic Lab with drill down capabilities through charts, graphs
▪ Apply filters to the normalized log data that exists in the SAP HANA database
▪ Visualize the filtered data in a path to look for standout values
▪ Generate new attack detection patterns from forensic investigations in paths
▪ Compliance
▪ Authorization Concept
▪ Audit Logging
▪ Saving Evidence for Attacks
▪ Log Management
▪ User Pseudonymization
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 161
SAP Enterprise Threat Detection
Effectively identify and analyze threats
Integrate
• Leverage the high performance and complex analysis capabilities of the SAP
HANA Platform and in memory database that allows fast correlation of all log
data
▪ Propagate alerts to SIEM and trigger events to any kind of receiver system
▪ Pushing via Email
▪ Pushing as JSON
▪ Pulling as JSON / LEEF
▪ Log Learning
▪ Analysis on semantic level
▪ Common procedures/tools to analyze and correlate all log data
▪ Non-SAP log recognition and conversion
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 162
SAP Enterprise Threat Detection
Effectively identify and analyze threats
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 163
SAP Data Privacy Governance
Data protection and privacy (DPP) governance for the extended enterprise
Manage policies
Monitor and report* Create, disseminate, and
Report status and details via acknowledge DPP policies
a unified cockpit
Manage policies
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC *Planned, see current roadmap 165
SAP Data Privacy Governance
Data protection and privacy governance for the extended enterprise
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC *Planned, see current roadmap 166
SAP Data Privacy Governance
Data protection and privacy governance for the extended enterprise
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC *Planned, see current roadmap 167
SAP Data Privacy Governance
Data protection and privacy governance for the extended enterprise
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC *Planned, see current roadmap 168
SAP Data Privacy Governance
Data protection and privacy governance for the extended enterprise
Monitoring
▪ Provide insights into status and information for regulatory reporting
▪ Create a cockpit for a single point of entry for DPP tasks such as
connectivity to SAP Information Lifecycle Management*
▪ Integrate with SAP Identity Management for DPP access risks, risk
assessments, and access optimization*
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC *Planned, see current roadmap 169
SAP Data Privacy Governance
Data protection and privacy governance for the extended enterprise
▪ Create and ▪ Create records of ▪ Assess criticality of ▪ Enable a risk framework ▪ Provide insights into
disseminate policies processing activities DPP-relevant to assess and monitor status and information
related to data surveys, optionally processes with data risks associated with for regulatory reporting
protection, privacy, leveraging existing privacy impact DPP-relevant
processes* ▪ Create a cockpit for a
and security templates assessments
single point of entry for
▪ Gather policy ▪ Publish surveys to gather ▪ Deploy survey-based ▪ Document manual and DPP tasks such as
acknowledgements by ROPA information IT security threat automated controls connectivity to SAP
those subject to them modeling and issue related to DPP Information Lifecycle
▪ Use survey results to requirements and risks*
mitigation for Management*
▪ Gather training populate a repository to
appropriate defense ▪
attendance status as report ROPA information Detect compliance ▪ Integrate with SAP
strategies* breaches via operational
further evidence that and determine whether a Identity Management
appropriate policies data protection impact DPP checks (automated for DPP access risks,
are understood* assessment is required controls)* risk assessments, and
▪ access optimization*
▪ Create ROPA entries Support DPP-related
based on data analysis of audit process*
SAP S4/HANA Cloud and
third-party systems*
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
*Planned, see current roadmap 170
SAP Data Custodian
Public-cloud data transparency and control
Public-cloud
data
protection
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 171
SAP Data Custodian
Data transparency – where, how, and who
Data transparency
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 172
SAP Data Custodian
Data control − governance, enforcement, prevention, and compliance
Data control
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 173
SAP Enterprise Digital Rights Management application by NextLabs
Data-centric security for the extended enterprise
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 174
SAP Enterprise Digital Rights Management
Automate discovery and data classification
Data classification
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 175
SAP Enterprise Digital Rights Management
Establish policy-based controls for information and data
Policy-based control
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 176
SAP Enterprise Digital Rights Management
Prevent IP theft, maintain compliance, and avoid security violations
Automated enforcement
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 177
SAP Enterprise Digital Rights Management
Monitor data and application activity and streamline business processes
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 178
SAP Enterprise Digital Rights Management
Key features for end-to-end digital rights management
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 179
UI Logging for SAP
Data access transparency and analysis
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 181
UI Logging for SAP: Leverage the log to learn on normal data usage
Gain Insight
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 182
UI Logging for SAP: Investigate specific user and their access to data
Investigate
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 183
UI Logging for SAP: Leverage the log for reporting and documentation purposes
Report
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 184
UI Logging for SAP: Leverage integrated solutions for additional capabilities
Integrate
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 185
UI Logging for SAP
Key features for data access transparency and analysis
• Create coherent data ▪ Analyze the log file to ▪ Receive alerts in • Draw on • Integrated with the UI
access protocol for understand the data case of access to comprehensive Masking for SAP offering
most relevant SAP access baseline predefined access data to • Data handover to and
UIs (which types of users sensitive data report internally specific patterns in SAP
• Protocols user input typically access and externally Enterprise Threat
▪ Apply filters to
and system output which data types) Detection for advanced
identify dubious
and outliers or
• Enriched with meta data access and automated analysis
unexpected access
information for better of access
▪ Track down
analysis and ▪ Analyze the log file to • Integrate the log file with
perpetrators and
investigation refine the SIEM systems
sort out innocent
authorization setup
users
(scope, users, which
data to keep)
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 186
UI Masking for SAP
Protect sensitive information in the user interface layer
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 187
UI Masking for SAP: Determine which values to protect, and how
Secure access
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 188
UI Masking for SAP: Refine the existing authorization setup
Automate authorizations
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 189
UI Masking for SAP: Analyze users’ authorizations
Gain insight
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 190
UI Masking for SAP: Leverage related solutions for additional capabilities
Integrate
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 191
UI Masking for SAP
Key features for defining and protecting sensitive information, and controlling who has access
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 192
SAP NetWeaver AS, add-on for code vulnerability analysis
Identify and remedy security vulnerabilities in ABAP custom code
Integrate
Integrate with other
Analyze
elements of the SAP
Analyze security
landscape as well as non-
vulnerabilities
SAP solutions
Code
Vulnerability
Analyzer
Remedy
Remedy security Evaluate
vulnerabilities Evaluate security
vulnerabilities
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 193
SAP NetWeaver AS, add-on for code vulnerability analysis
Identify and remedy security vulnerabilities in ABAP custom code
Analyze
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 194
SAP NetWeaver AS, add-on for code vulnerability analysis
Identify and remedy security vulnerabilities in ABAP custom code
Evaluate
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 195
SAP NetWeaver AS, add-on for code vulnerability analysis
Identify and remedy security vulnerabilities in ABAP custom code
Remedy
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 196
SAP NetWeaver AS, add-on for code vulnerability analysis
Identify and remedy security vulnerabilities in ABAP custom code
Integrate
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 197
SAP NetWeaver AS, add-on for code vulnerability analysis
Identify and remedy security vulnerabilities in ABAP custom code
▪ Execute static, ▪ Review default ▪ Read documentation ▪ Use either SAP GUI or
automated checks priorities of findings explaining why Eclipse to execute CVA
on ABAP custom findings constitute runs
▪ Redefine priorities of
code vulnerabilities
individual findings ▪ Take advantage of
▪ Visualize security ▪ Correct source CVA’s integration with
▪ Hide older findings
findings in Solution coding based on ATC (ABAP Test
using baseline Cockpit) as SAP’s
Manager findings
▪ Create Word- and testing environment
▪ Visualize security ▪ Execute additional
Excel documents ▪ Extract findings to
findings in SAP CVA runs to ensure
listing findings analyze them in
Fortify by Micro finding are all fixed
Focus ▪ Analyze findings using Solution Manager
Solution Manager and ▪ Extract findings to
SAP Fortify by Micro analyze them in SAP
Focus Fortify by Micro Focus
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 198
International Trade Management International
Elevate global trade in the organization trade
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 199
SAP Global Trade Services
Run global trade
Export management
Manage export compliance,
Trade preference International classification, outbound trade
finance, and customs services
Leverage any free trade trade
with direct filing
agreement with preference management
determination and vendor or
customer declaration-handling Import management
Effectively manage import
compliance, classification,
inbound trade finance, and
customs services with direct filling
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 200
SAP Global Trade Services
Ensure proper screening of restricted or denied parties
Restricted-party screening
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 201
SAP Global Trade Services
Effectively manage export compliance
Export management
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 202
SAP Global Trade Services
Effectively manage import compliance
Import management
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 203
SAP Global Trade Services
Confidently leverage free trade agreements
Trade preference
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 204
SAP Global Trade Services
Simplify special customs procedures and regulations
▪ Processing under IPR, OPR, and processing under customs control (PUCC)
▪ Utilizing bonded warehouses
▪ Managing foreign-trade zones
▪ China localization general and processing trade
▪ Supporting region-specific processes including EMCS and restitution
▪ Meeting Intrastat requirements
▪ Integration across the supply chain
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 205
SAP Global Trade Services
Key features for end-to-end global trade management
▪ Screen against up-to- ▪ Manage export, ▪ Manage import ▪ Request and manage ▪ Processing under IPR,
date, restricted-party lists including license- processes, including vendor declarations OPR, and processing
▪ Screen vendors, creation and automatic licenses and automatic ▪ Calculate product origin under customs control
customers, business determination license determination and preference (PUCC)
partners, contractors, and ▪ Classify products for ▪ Classify products for eligibility ▪ Utilizing bonded
so on export import warehouses
▪ Generate declarations
▪ Screen parties and ▪ Create export ▪ Create import for customers ▪ Managing foreign-trade
release transactions in declarations and declarations and zones
real time ▪ Integrate sales,
documentation documents production, and ▪ China localization general
▪ Improve compliance ▪ Control export of ▪ Manage letters of credit procurement with and processing trade
confidence with checks physical and digital preference processes
throughout the ▪ Calculate customs value ▪ Supporting region-specific
goods and data as well as duties, taxes, processes including EMCS
processing of sales and
purchasing transactions ▪ Integrate export across and fees and restitution
the supply chain ▪ Integrate imports with ▪ Meeting Intrastat
the inbound supply requirements
chain ▪ Integration across the
supply chain
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 206
Tremco Streamlines Regulatory Trade Compliance
Business challenges
Company
Tremco Incorporated Tremco’s global activities growing, both on sourcing and selling sides $4M
Increased regulations (number and complexity of requirements) and regulatory attention Annual avoidance of duty
Headquarters Heavy dependence on manual processes and institutional knowledge to handle global trade compliance through NAFTA
Beachwood, Ohio Extraordinary effort and cost to ensure compliance with numerous trade regulations affecting 10,000 SKUs
Partner
Krypt, Inc.
www.kryptinc.com “By implementing SAP GTS, we are now in control of the risks that a company undertakes when trading
internationally. We have a newfound confidence level that our trading is being done in a compliant fashion.”
Kevin Riddell, International Logistics Manager, Tremco Inc.
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 42384 (16/05) This content is approved by the customer and may not be altered under any circumstances. 207
Johnsonville Sausage: Bringing Big Taste to Cooking
Enthusiasts Worldwide with SAP Global Trade Services
Company Objectives
Johnsonville Sausage LLC • Support international business growth without increasing full-time staff Reduced
• Replace inefficient, manual export processes Tactical, daily work for
Headquarters • Integrate with freight forwarders and customs-certified systems trade compliance
Sheboygan Falls, Wisconsin professionals
Why SAP
Industry Selected the SAP Global Trade Services (SAP GTS) application for functionality and reduced longer-term total
Consumer products cost of ownership after blueprinting with a competitive cloud-based provider Lower
Products and Services Resolution Total cost of ownership,
Fresh and smoked-cooked • Simplified landscape with the integration of SAP GTS to the SAP ERP application utilizing internal resources
sausage products • Utilized existing reporting tools from SAP supporting SAP GTS
• Automated forms coming from SAP GTS and SAP ERP including USDA certificates and Shipper’s Letter of
Members Instruction
1,600 • Used flexible and easy-to-maintain Adobe forms available with SAP GTS Fewer
• Minimized reconciliation and data validation activities with trusted data and automated information flows Supply chain disruptions
Web Site due to automation of
www.johnsonville.com Future plans trade activities
• Expand solution usage to include import functionality, sanctioned-party screening, and export self-filing with
U.S. Customs
• Deploy SAP GTS with the SAP S/4HANA suite
“When evaluating global trade solutions, consider all costs, as some costs are buried in integration
requirements and are affected greatly with an increase in volume and document counts, as well as
change fees. With SAP GTS, we did not have these additional costs.”
Jason Beyersdorf, IT Business Partner, Johnsonville Sausage LLC
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 40740 (16/01) This content is approved by the customer and may not be altered under any circumstances. 208
Lenovo Manages Cross-Border Trade
with SAP Global Trade Services
Company or Organization The company’s top objectives
Lenovo Group Limited
Industry
▪ Manage global trade business following international business expansion
▪ Reduce risk by meeting regulatory requirements
2,000%
High Tech Increase in transaction
▪ Replace costly legacy systems volume
Products and Services
Personal computers and
The resolution
mobile internet devices
Employees
▪ Implemented the SAP Global Trade Services application integrated with the SAP ERP
application and replaced an expensive legacy system
15
▪ Streamlined import and export processes by integrating with brokerage services Leased legacy systems
27,039 replaced.
▪ Completed initial implementation in 12 months and subsequent rollouts in 6 to 8
Revenue months
US$21 billion
Web Site
The key benefits
▪ Improvement of trade management business process efficiency with standardized
$ 12 million
www.lenovo.com Leasing costs saved
procedures in over 40 countries and 26 distribution centers annually
▪ Streamlined management of rapid increase in business volume
▪ Reduced leasing costs of legacy systems
“Following our global expansion, SAP Global Trade Services has helped Lenovo to manage
our cross-border trade effectively, mitigate compliance risks, and reduce operational costs.”
Xiaoyu Liu, GM of Global Application Development, CIO/BT Organization, VP Lenovo Group Limited
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 209
SAP S/4HANA for international trade
Run global trade in SAP S/4HANA
Embargo Intrastat
Support for European requirements
Block transactions related to
around order-to-cash and procure-
embargoed countries
to-pay processes
Classification
Classification of materials to
International
Legal Control support export control and Intrastat
trade
Create, manage, and assign
export licenses
management
SAP GTS and SAP Watch List
Integration
Enable broader global trade
management requirements in an SAP
S/4HANA software environment
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 210
SAP Watch List Screening
Avoid risk and improve screening compliance
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 211
SAP Watch List Screening
Avoid risk and improve screening compliance
Restricted-party screening
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 212
SAP Watch List Screening
Avoid risk and improve screening compliance
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 213