Professional Documents
Culture Documents
Governance, Risk & Compliance: SAP Live and Local Webcast Tour 08 5 June, 2008
Governance, Risk & Compliance: SAP Live and Local Webcast Tour 08 5 June, 2008
5 June, 2008
johonna.murphy@sap.com
Fragmentation
Managing with confidence is difficult in an increasingly complex world
Board of
Australia Directors
Compliance
Governance Finance
U.S.A Risk Mgmt. Governance
Legal
Risk
Japan Mgmt. Sales
Compliance
Risk Mgmt.
Contracts
U.K.
Compliance
Compliance
HR
Compliance
France Risk Mgmt. Controller
Risk Mgmt.
Governance IT
China
Compliance
Policy Mgmt.
Germany Governance Risk Mgmt.
Audit &
Compliance
India
Treasury
Proj. Doc.
Security Mgmt. Mgmt. Contracts Planning Customers ERP Production Billing
Board of
Australia Directors
Compliance
Governance Finance
U.S. A. Risk Mgmt. Governance
Legal
Risk
Japan Mgmt. Sales
Compliance
Risk Mgmt.
Contracts
U.K.
Compliance
Compliance
HR
Compliance
France Risk Mgmt. Controller
Risk Mgmt.
Governance IT
China
Compliance
Policy Mgmt.
Germany Governance Risk Mgmt.
Audit &
Compliance
India
Treasury
Proj. Doc.
Security Mgmt. Mgmt. Contracts Planning Customers ERP Production Billing
Industry-Specific GRC
Life Sciences Chemicals Oil & Gas
Transparency to balanced
Banking
global risk profile
High Tech
Business
Applications
Effective
Minimal Continuous
Management Oversight
Time To Compliance Access Management
and Audit
(Get Clean) (Stay Clean) (Stay in Control)
Risk Identification Enterprise Role Compliant User Superuser Privilege Periodic Access
and Remediation Management Provisioning Management Review and Audit
Rapid, cost-effective Enforce SoD Prevent SoD Close #1 audit issue Focus on remaining
and comprehensive compliance at violations at with temporary challenges during
initial clean-up design time run time emergency access recurring audits
Remediation Management
Mitigation Management
Alerts Framework
Reporting
Reporting
Prevention
Real-time Simulation
Mandatory Prevention “SAP GRC Access Control, with its
comprehensive preconfigured rule
set, reflected deep expertise within
Access Risks Library SAP that would have taken us a
very long time to replicate.”
Cross-Enterprise Rules Database Synopsys Inc.
Rules
Risk Elimination
End-to-End
Automation
Reporting
“The clean-up process has
brought a tremendous degree of
discipline to the way we think
Prevention about and manage user access
and authorizations.”
Synopsys Inc.
ID Administration Superuser
Date Restrictions
Privileged
Security
Single User per ID New Session New Session New Session New Session
Alert Framework
Log Log Log Log
Reporting
Manager
email Approval
Role
Owner
spreadsheets,
paper forms
spreadsheets,
paper forms IT Security
Manual
Provisioning
Automated
Provisioning 100% Automated “We reduced provisioning from 2
weeks to 2 days”
– Web Seminar Rockwell Collins, 3/2005
… … …