www.pwc.

com/sap

SAP GRC
Risk Management
Solutions

PwC Risk Assurance

SAP Risk Management
SAP GRC Risk Management Security, Control and
Business Drivers Risk Management Model
• Common definition of risk across the lines of business
• Ability to embed risk management into performance
measurement and reward
• Faster & timely response to risk anomalies/violations
Strategy
• Increase level of automation across the ‘risk
Business
management’ value chain Objectives
• Increase visibility of risk to shareholders and board Risk Profile,
Appetite, Tolerance
Value Proposition
Risk Organization
• Alignment of risks to strategic priorities and & Governance
business objectives. Risk Monitoring, Reporting,
including Key Risk Indicators
• Proactive risk monitoring through defined key risk
indicators and standardised early warning system. Risk
Assessment
• View of Consolidated risk exposure resulting from risk Alignment of Processes Alignment of
analysis and correlation. Risks with Risks With
Policies & Risk Incident
Procedures Response Management

Sign-Off & Certify

Compliance results

Report Testing/Monitoring results & Monitor

Remediation actions (Complete visibility over
Compliance and Monitoring cycles)
Schedule and Perform
Plan and Execute
continuous control
Test/Assessment
SAP GRC Process Control
monitoring activities
<Add Description>
Define Overall Control Framework & Centralized Test/Assessment Library
(Align accountability structures for managing risks and controls & Define
Operating Model)

Risk Analysis & Remediation

Support the management of
Segregation of Duties (SoD)
controls and monitor critical
transactions across SAP systems
Enterprise Role Management Compliant User Provisioning
Centralize and standardize Automate the user request and
enterprise role management, approval process while
Superuser Privilege Management
eliminating manual errors and incorporating a real-time
Centralize and standardize
enforcing best practices assessment of risk
Superuser access management
across SAP systems

In the environment of a volatile global economy, increased • Inconsistent processes and unclear roles and
regulation, and tightened budgets, it is more critical than responsibilities, leading to gaps in risk activities.
ever for organisations to identify and understand business
risks. Until recently, however, businesses have typically • Risk management that is not anchored in sound
taken a narrow, compliance-focused approach to risk enterprise-wide technology systems, leading to
management that is reactive rather than proactive. Without inefficiency and increased costs.
a broader risk management philosophy — one that aligns • Risk management programs that fall short by stopping
with the overall business vision and mission — your at risk assessments, standalone programs, or
organisation can face challenges such as: conceptual frameworks.
• Risk management viewed as a compliance exercise. • Risk management disconnected from business
• Siloed risk management processes, leading to duplicate objectives and, consequently,
efforts among business units. performance management.
Business drivers for SAP
GRC Risk Management
• Transform Risk Management process from a
silo approach to a more coordinated and
oriented approach.
• Consolidate risks at higher levels of the
organisation and evaluate global risk exposure.
• Respond intelligently by focusing on key risks,
creating cross-organisational resolution
strategies, and tracking response costs.
• Improve visibility and optimise decision
making by aligning risks to strategic priorities
and business objectives (enhance risk
communications to the board).
• Monitor key risks in a proactive way through a
standardised and centralised Key Risk
Indicator framework.
Solutions from an
experienced leader
You don't have to be riled by risk. PwC has the
experience and know-how to understand the
unique problems your business faces and help you
roll out the SAP GRC Risk Management solution
across the organisation. We'll tailor a solution to
tame your risk management processes and
streamline cross-enterprise risk identification,
analysis and monitoring.
We take a systematic approach, using incremental
steps to help you develop and adopt a robust and
sustainable risk management program — aligned
with leading practices — across your organisation.
We’ve designed our Accelerated SAP GRC Risk
Management implementation program
(AccelerateRM) to give functional leads quick
insight into SAP GRC Risk Management key
functionalities and to empower core team members
throughout the project by incorporating specific
learning into a full-scale roll-out plan.
And by leveraging knowledge and lessons learned
across other SAP GRC projects, our unique Centre
of Excellence team can assist you throughout the
implementation life cycle by providing a wide range
of accelerators to facilitate project success.
A sustainable,
forward-looking Risk
Management programme
PwC can help your organisation shape its existing
and ongoing risk management processes into the
SAP GRC Risk Management solution and derive
value in four key areas:
Streamline risk management
• Develop end-to-end risk processes across the
value chain.
• Plan and agree on top risks and appetite across
the organisation.
• Understand true exposure resulting from risk
analysis and correlation.
• Create resolution strategies for critical risks.
• Build proactive monitoring into
existing processes.
Reduce costs
• Lower administrative cost for risk management
through automation.
• Preventive risk responses through
Key Risk Indicators.
• Track response cost and efficiently assess Net
Impact of Response.
Increase visibility
• Improve visibility of risk exposure across
the organisation.
• Gain clear insight into risk and compliance
activities across the enterprise.
• Drive accountability and actions through
transparent and timely reporting.
• Enhance decision making with informed, risk-
based information.
Manage change
• Drive business change through
risk-adjusted management.
• Align and use risk and assurance objectives
during times of change.
• Provide management with insights as the
business executes its strategy.
• Highlight trends and changes in risk level.
Gaining better insight for timely decision making
With our solution in place, your business will benefit from standardised processes and controls; greater transparency and
visibility of how controls are operating within the organisation; lower-cost centralised compliance and control
management; and stronger alignment across the assurance community and lines of business, with management and
internal and external audit getting assurance from the same source.

About PwC
PwC provides industry-focused assurance, tax and advisory services to build public trust and enhance value for our clients
and their stakeholders. More than 161,000 people in 154 countries across our network share their thinking, experience and
solutions to develop fresh perspectives and practical advice.

Key contacts

G Devan Nair
Executive Director
Direct Line: +60 (3) 2173 1184
Mobile: +60 (12) 297 0780
Email:
g.devan.nair@my.pwc.com

Razman Adam Zainudin

Associate Director
Direct Line: +60 (3) 2173 0225
Mobile: +60 (12) 391 9016
Email:
razman.adam.zainudin@
my.pwc.com

Mohamed A’azam Shair

Mohamed
Associate Director
Direct Line: +60 (3) 2173 1172
Mobile: +60 (12) 631 5141
Email:
aazam.shair@my.pwc.com

This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon
the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given
as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its
members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or
refraining to act, in reliance on the information contained in this publication or for any decision based on it.
© 2011 PricewaterhouseCoopers Advisory Services Sdn Bhd. All rights reserved. "PricewaterhouseCoopers" and/or "PwC" refers to the individual
members of the PricewaterhouseCoopers organisation in Malaysia, each of which is a separate and independent legal entity. Cs04064