Insights on GRC_GRC Technology_AU1488

7/30/2019 Insights on GRC_GRC Technology_AU1488

1/16

Unlocking the powerof SAPs governance,risk and compliancetechnology

Insights ongovernance, riskand compliance

March 2013


2/16

iii Insights on governance, risk and compliance | March 2013

Introduction ........................................ 1

Governance, risk andcompliance defined ............................. 2

Value of GRC technology ..................... 6

SAP GRC technology solutions ............ 8SAP GRC Risk Management .......................... 9

SAP GRC Process Control .......................... 10

SAP GRC Access Control ........................... 11

Conclusion ........................................ 12

Contents


3/16

1Insights on governance, risk and compliance | March 2013

IntroductionRisk management is no longer an ad hoc activity; it is an integral part of the day-to-dayoperations of organizations. External and internal risk management requirements arebecoming increasingly complex and intrusive, while the demand for more comprehensiveand actionable governance, risk and compliance (GRC) information continues to increase.The historic approach of managing risk in silos across different functions, processes,methods and infrastructure cannot keep up with these requirements; and, in manycases, risk management has become a growing operational and financial burden,limiting the organizations ability to keep pace with essential business growth andtransformational initiatives.

In order to manage these challenges, leading organizations are driving technology-enabledGRC transformation programs that can:

Create improved visibility of enterprise risks and how these are mitigated

Lower the cost of risk management through the reduction of manual processesand controls

Increase ef ciencies through standardization, simpli cation, automation andend-to-end process centralization

In this paper we will consider the scope of GRC; elaborate on what value GRC technologycan bring to the table; and demonstrate how SAP GRC software supports risk management,process control and access control.

A robust GRC technology solution can helpembed cost-effective risk managementpractices into daily business activities.


4/16

2 Insights on governance, risk and compliance | March 2013

What is GRC?GRC is the umbrella term covering an organizations integrated approach to governance,risk and compliance. While interpreted differently in various organizations, GRC typicallyencompasses activities such as governance, enterprise risk management (ERM), internalcontrols, regulatory compliance and internal audit. GRC activities are increasingly beingintegrated and embedded into organizational structures, processes, systems and datastructures in order to avoid redundancies, as well as identifying and closing gaps. In otherwords, acting as assurance as a whole for the entire organization.

Governance improves the alignment of risk activities to the strategic objectives of thebusiness. The following governance activities enable clearer accountability and reporting,increase visibility of the risks that matter most to the organization, and enhance decision-making processes:

Strategy related:

Setting the business strategy and objectives

Establishing the organizations culture and values

Risk related:

De ning the roles and responsibilities of risk governance bodies

Determining risk appetite

Setting standards and policies

Risk management embeds risk activities into business functions and processes and helps toensure optimization across the enterprise. The following activities allow the performance

of predictive analytics to correlate driver-based performance management and identifytrends and anomalies for rapid response:

Identifying and assessing risk that affect the organizations ability to achieve businessobjectives

Determining risk response strategies

De ning control activities

Compliance facilitates controls and processes to meet regulatory and business requirements.The following activities integrate automated controls measures and continuous monitoringinto the transactional processing cycle, resulting in transparency of risk and controls andthe elimination of transactions at risk:

Testing adherence to control activities, policies, standards and commitments

Addressing issue management, tracking and remediation

Governance, risk

and compliancedefined


5/16


The model below sets out Ernst & Youngs leading practice Risk Agenda. Its four components focus on increasing risk performancemanagement and integrated GRC, providing an end-to-end GRC approach for an enterprise-wide scope.

Improve controls and processes

Better aligned risk coverage,including the identi cation ofstronger, more pervasive controls

Reduced level of effort associatedwith performing and testing controlsIncreased control and process ef ciencies enabledthrou gh automation and continuous monitoringImproved control mix th at addresses key businessrisks while driving process ef ciencies

Embed risk management

Comprehensive and continuousrisk management and monitoring

Central management of nancial,operational and compliance risksand cont rols across organization

Enhance risk strategy

Improved alignment to the objectives andstrategy of the businessImproved visibility of risks that mattermost to the organizationProactive identi cation of risksEnhanced decision making

Optimize riskmanagement functions

C o m p l i a n c e

G o v e r n a n c e

R i s k

-

Eliminat ion of duplicate and fragmentedrisk management activitiesIncreased integration and coordinationamong business, IT and compliance

Sustainability of risk management processEffective top-down and bottom up reportingReduced cost of control

Turningrisk intoresults

Enhance

risk strategy

Embedrisk

management

Optimize riskmanagement

functions

Improvecontrols and

processes

Risk Agenda P o l

i c y m a n a g e m e n t

R i s k m an a g e m e n t C o

m p l i a n

c e a nd a u d it m a n a g e m e n t

P r o

c e s s /

c o n t r o

l s o p t i m iz a t io n

a n d c o n t i n u o u s m o n i t o r i n g

D a t a a n a l y t i c s , s e c u r i t y a n d p e r f o r m a n

c e r e

p o r t

i n g

Global Fortune 100 food and beverage companyImplemented a common risk and controls framework and centralized its process controls libraryacross the organization to gain better visibility over its redundant control activities. Rationalized andautomated the testing process for over 90 SAP automated business process controls.


6/16


Governance, risk and compliance de ned

Why is GRC important now?The world is constantly evolving, creating external pressures onorganizations to drive performance and manage risk. A singlenegative risk event can destroy a companys reputation.

External and internal risk management requirements are

becoming increasingly complex and intrusive, while the demandfor more comprehensive, consolidated and actionable GRCinformation is also increasing. The historic approach of managingrisk in silos across different functions, processes, methods andinfrastructure cannot keep up with these evolving requirements.Risk management has become a growing operational andfinancial burden limiting its ability to keep pace with businessgrowth and transformational initiatives.

Future GRC focus

Decentralizedprocesses

Risk managedin silos

Fragmentedactivities

End-to-endprocesses

Enterprise-wide

Integratedactivities

Historic GRC focus

Inconsistent approach to capture andassess risks across the organization

Segregation of duties violations

Lack of condence in accuracy andprecision of risks identication

Fragmented, manual andad-hoc reporting

Inability to produce aconsolidated heat map

Focus on compliance over riskperformance management

Lack of process and controlstandardization

Multiple and manual risk activities

Signicant cost impact on business

Risk activities are consistently covered across allbusiness units

Centralized risk and risk assessment management

Top-down and bottom-up risk integration

Ability to manage risks at multiple organizational levels

Consistent and real-time reporting

Centralized and consolidated heat map

Drill-down capabilities

Signicant work-ow automation

Compliant role design and user provisioning activities

Centralized and consolidated views of end-to-endprocesses

Automated risk activities and processes

Signicant work-ow automation

Reasonable cost impact on business

Audit, risk and control functions have grown organically and inisolation, leading to challenges in alignment and communicationat all levels of the enterprise and the disintegration of risk planningand performance management. Companies are now being forcedto align in order to close gaps and eliminate overlaps, while focusing

on the risks that matter and create value. Also, cost pressuresin the current economic environment call for enhanced GRCmanagement in the identification of hidden costs, inefficienciesin control and compliance structures, and in reducing duplicativeactivities at corporate and business unit levels.


7/16


Technology-enabled GRC transformationCompanies increasingly recognize the business value that GRCtechnology-enabled transformation offers. Business functionsthat previously focused on their goals in isolation are movingtoward the integration of business, risk, finance and capitalplanning management. This enables risk management to focus

on forward-looking developments and on building competitiveadvantage. A risk-aware culture should be promoted as a keyvalue-added activity through all levels of organizations, allowinga shifting focus from downside to upside risk management.

The following diagram shows the development from historicalfocus on risk and compliance functions in isolation through toa successful GRC transformation. The leading practice in GRCtransformation enables organizations to achieve an integratedend-to-end and enterprise-wide GRC state of maturity. It focuses

on high-performance levels of risk management that no longeronly protects but creates business value.

Valuecreation

Performance

R i s k m a n a g e m e n

t

Performancerisk management

Future focus Centralized and enterprise-wide risk assessment management Top-down and bottom-up risk integration Consistent and real-time reporting Centralized and consolidated heat map Consolidated end-to-end risk management processes Ability to manage risks at multiple organizational levels Automated and integrated risk activities across

business functions

Valueprotection

Risk insight andperformance

improvement

Risk identi cationand reporting

Historical focus Fragmented, manual and ad-h oc Inability to produce a consolidated heat map High instances of segregatio n of duties violations Inconsistent and fragmented approach to capture

and assess risks across the organization

Expanded focus

Historical focus

Integrate governance, riskand compliance to create anend-to-end, enterprise-wide

risk performance improvement

Enhancerisk

strategyEmbed riskmanagement

Improve controland p rocesses

Optimize riskmanagement

functions

The Risk Agenda: Client Agenda

Turningrisk intoresults

Compliance


8/16


Value of GRCtechnology

Traditional GRC technology solutions were aimed at providing organizations with a singleissue solution, but nowadays leading companies utilize GRC technologies for multiplepurposes. Whereas companies in the past focused on meeting a specific requirement,such as Sarbanes-Oxley compliance, leading organizations these days have other GRCactivities to be considered, such as audit management, regulatory compliance, ITgovernance, performance improvement and policy management. Therefore integration,central databases and reusability are more important than in the past.

Organizations use GRC technology to enable, integrate and optimize their risk managementfunctions and processes, while focusing on supporting strategic objectives and creatingvalue. GRC technology is emerging rapidly and is being adopted by leading organizations.It provides one risk management language, consistency, integration, cost efficiency,innovation and effective work flows. GRC technology offers solutions to fully integrategovernance, risk management, compliance and process improvement.

GRC technologies successfully transform risk performance levels by:

Automating and standardizing processes and controls

Embedding and maintaining one single version of risk and control data

Managing holistic views of risk and compliance exposures

Generating dynamic and real-time risk and control intelligence and reporting

Analyzing risk-driven indicators and exception-based decision making

Escalating via work ow through different levels of the organization

Global Fortune 500 medical technology companyRationalized 2,000 global process controls down to a total of 300, resulting in considerable savingsfrom automation and benchmarking of controls. This company also implemented SAP GRC AccessControl globally, which greatly improved audit results and resulted in considerable reduction in ongoingtesting efforts both internally and externally.


9/16


Selection processDue to the increased importance of risk in driving shareholdervalue, information technology vendors are now providing morecomprehensive and exible GRC solutions, enabling companiesto expand their risk management programs and reach a greaterlevel of risk process maturity, while delivering quick wins in theshort-term.

Functionalrequirements

Technicalrequirements

Vendorqualication


Vendorqualication


Vendorqualication



Company prole, market positionand experience

Long-term product strategy

Strength of competitive differentiators

Partners

Customers

Implementation approach

TrainingSoftware licensing model, releasestrategy and maintenance support services

Product functionality

Data repository management

Reporting capabilities

Work ow management

Review, approvals and issuetracking functionality

Risk management functionality

Audit management functionalityControls monitoring functionality

Analytics functionality

Vendor and product information

Technical architecture

Performance and scalability

Product integration

Mobile devices, remote access

Software support model

Information security

In order to select the right GRC technology that meets riskmanagement objectives in line with the business strategy,please be guided by this checklist:

Global Fortune 500 oil and gas companyStrengthened its controls environment by standardizing its access management processglobally and implementing SAP GRC Access Control across its 20 SAP strategic systems. This

standardization drove ef ciencies (20%30%) around access management processes and improvedthe risk posture by relying more on preventive segregation of duties and sensitive access checksthan on reactive, manual procedures.


10/16


In the current market, many information technology vendors offer GRC technologysolutions. In this paper we focus on the GRC technology solutions of SAP:

SAP GRC Risk Management offers a holistic risk visibility, key risk indicators andenterprise risk intelligence through dashboards and surveys.

SAP GRC Process Control provides a central controls repository, self-assessments,automated process and work ow management, as well as con gurable controlstesting and real-time exception based reporting.

SAP GRC Access Control enables sensitive access management and segregation ofduties, critical and emergency access management, and compliant access provisioning.

SAP GRC Global Trade Services demonstrate export/import compliance, customse- ling and sanctioned party list screening in a global trade environment.

In the remaining part of this paper, we will focus on the rst three components:SAP GRC Risk Management, SAP GRC Process Control and SAP GRC Access Control.

SAP GRC

technologysolutions

GRC Risk ManagementHolistic risk visibility, key risk indicators, risk

intelligence through dashboards, surveys

GRC Access Control

Governance, risk and compliance

SAP GRC Risk Management

Formal integration of riskmanagement with strategy

Repeatable framework to analyze

and mitigate riskContinuously monitor key riskindicators across strategic objectives

SAP GRC Global Trade Services

Identify, manage and p rioritizerisk exposure across globalsupply chains

Automates export licensemanagement and electroniccustoms communication

SAP GRC Access Control

Enables compliant continuouscontrol of access andauthorization across the enterprise

Proactively protects informationand prevents fraud throughautomated access risk analysisand remediation

SAP GRC Process Control

Automated co ntinuous controlmonitoring across policies andregulatory requirements

Delivers cross-systems visibilityand a unied repository ofcompliance information forefcient multi-initiative management

Sensitive access and segregation ofduties, critical and emergency access

management, compliant access provisioning

GRC Process ControlCentral controls repository, self-assessments,automated process and congurable controlstesting, real time exception-based reporting

GRC Global Trade ServicesExport/import compliance, customs e-ling,

sanctioned party list screeningB u s i n e s s p r o c e s s p

l a t f o

r m

F i n

a n c e O p e r a t i o

n s

P r o d u c t i o n

S a l e s P u

r c h

a s

i

n g

O p t i

m i z e S t r a t e g i

z e

An a l y

z e

E x e c u t e

P l a n

B u s

i n e s s

p e r f o r m a n c e o p t i m i z a t i

o n Business

analytics

Know your business

Decide with condence

Act boldly


11/16


SAP GRC Risk ManagementSAP GRC Risk Management provides an integrated approachto understand and manage all of the risks that an organizationfaces. Its main purpose is to improve the quality of decisionmaking. Additionally, it provides management with the visibilityto recognize the interdependency of risks, thereby decreasing thelikelihood that the organization would be surprised by events thatcould have been predictable. The bene ts are:

Plan the integration of the management of risks and controlsacross the enterprise (strategic planning and businessprocesses); this will unify the way the organization approachesstrategic, nancial, operational and compliance risks.

Identify , in a proactive manner, risk and quantify exposureacross the enterprise to improve transparency; automaticallyidentifying and prioritizing risks through proactive alerts andescalations will provide additional security over regulatorycompliance and prevent loss of reputation and resources.

Analyze risks better and faster due to the improved decision-making process and the increased effectiveness and ef ciencyof the risk model.

Respond quickly with risk implementation and mitigationactivities to prevent risks from having negative impact.

Monitor the impact of risk against performance in anaccessible and visible way; this will provide an effectivereporting work ow.

SAP GRC Risk Management (SAP GRC RM) enables four major components of risk management model: risk governance, riskmanagement, risk integration, and business process performance.

SAP GRC RM provides the following functionality:

Common risk de nition (risk pro le, risk appetite,risk tolerances, strategy, objectives, etc.)

Risk repository and classi cation Automated risk assessment process Centralized and consolidated risk heat map Risk correlation and simulation Automated and work- ow driven risk management

end-to end process

Monitorrisks

Planrisks

Respondto risks

Identifyrisks

Analyzerisks


12/16


SAP GRC Process ControlSAP GRC Process Control enables an organization to automateits internal control model (automatic and manual controls andtesting/approval work ows) and compliance monitoring, therebyreducing the efforts taken by the organization and increasing thesecurity in the operations for the directive committee.

Control repository centralization : creates a repository thatcentralizes all the documentation processes and managementof the internal control model. This allows an early detection ofcon guration and master data changes.

Integration : increases integration and coordination amongbusiness, IT and compliance, allowing the embedding ofinternal controls into the business processes (functionalareas take a more relevant role).

Automation : ensures the compliance of the internal controlmodel (continuous control monitoring (CCM)) and real-timecontrol exception reporting, which increases the con dence

in the effectiveness of controls by eliminating the humanerror factor and improves the ef ciency of the internalcontrol model. By reducing the cost of compliance (less time,less people) and increasing the effectiveness, the number ofmanual controls required in processes will be minimized.

Periodic and continuous monitoring : manages real-timenoti cation of potential control failures based on establishedbusiness rules; identi es production change anomalies thatmay indicate fraud through alerts; improves test effectivenessthrough con gured controls with 100% coverage; and increasesoperational ef ciency through standardization and policymanagement. Processes associated with the preparation andanalysis of con gured controls show higher ef ciencies. Costsassociated with audit failure are avoided.

Cross-system visibility : enables a uni ed repositoryof compliance information for ef cient multi-initiativemanagement and enhanced visibility to process-related riskexposure and controls testing throughout the enterprise.

SAP GRC technology solutions

SAP GRC Process Control enables organizations to execute coordinated, transparent and automated compliance and riskmanagement activities.

Key activities

S i g n - o

f f

a n d r e p o r t

Analytics and reportsCertify, signoff and

provide evidence

M o n i t o r

Monitor exceptions Remediate issues

E v a l u a t e

Test automatedcontrols

Test manualcontrols

Performassessments

S c o p e

Materialityanalysis

Riskassessments

Teststrategies

S e t - u p a n d

m a n a g e

Controlenvironment

Regulations,

policiesand audits

Enterpriseintegration

Functionality

Interactive, multi-format control, testing, exception andremediation status across processes, policies, geographiesand accounts

Policy and certi cation management

Near real-time noti cations of control exceptions andassociated impact

Work ow-enabled activity and response rules User de ned multi-step control effectiveness test plans ERP integration through 120+ delivered scripts or

customizable SAP queries/ reports for continuouscontrol monitoring

Centralized entity, process and control maps Risk assessment utilities and customizable testing

strategies de nitions

Compliance support for multiple mandates and forstrategic, nancial, operational and IT risks


13/16


SAP GRC Access ControlThis suite of solutions is made up of various tools that allow theautomation of the access control model of the organization,through a dual system that initially allows the organization todetect and clean the segregation of duties (SoD) violations (getclean), and then keep it clean in the future (stay clean) by an

automated process.SAP Access Control enables the four major components of accessmanagement: risk analysis and remediation, enterprise rolemanagement, super-user privilege management and compliantuser provisioning.

SAP GRC Access Control provides the following functionality:

Role centralization : centralized and consolidated role designand de nition that is business centered and compliance enabled;including a sensitive segregation-of-duties rule library.

Access monitoring and control: automated emergencyaccess management with integrated monitoring andreporting. Access anomalies indicating possible fraudulentactivities are identi ed through alerts and access requestscenarios; they can then be stimulated across businessprocesses and applications.

Automation : automated work ows that facilitate the accessmanagement end-to-end process, such as self-service useraccess request and related approval processes.

Compliance : compliant continuous control of access(including authorization), helping to enable the segregationof duties (SoD) management across the enterprise.

Protection : proactively helping to protect information andpreventing fraud through automated access risk analysisand remediation.

SAP GRC Access Control (SAP GRC AC) enables four major components of access management: risk analysis and remediation,enterprise role management, superuser privilege management and compliant user provisioning.

Businessrole

management

Access risk management

Accessrequest

Emergencyaccess

management

SAP GRC Access Control

Prevent Detect

Design rolesand prevent

violations

Provisionregular access

Provisionemergency

access

Identify andremediateviolations

SAP GRC AC provides:

Business-centered and compliance-enabled roledesign and de nition

Emergency access management with integratedmonitoring and reporting

Self-service user access request and approval process Centralized and consolidated sensitive and

segregation of duties rule library

Rapid identi cation of access violations and ability tosimulate access request scenarios

Automated and work ow driven access managementend-to end process


14/16


GRC technology creates value, reduces costs and improves your risk performance. Itenables your organization to automate, standardize, streamline processes, create holisticviews of risk and compliance, and analyze real-time business intelligence, and it allowsyour decision making to really make a difference. The following model helps to assessyour organizations GRC technology maturity level.

Conclusion

Aligns and integrates the management of risks and controls across the enterprise (strategicplanning and business processes)

Aligns and integrates the management of risks and controls across the enterprise(strategic planning and business processes)

Unies the management of strategic, nancial, operational and compliance risksIncreases the effectiveness and efciency of risk modelIncreases visibility into the impact of risk against performanceProvides an additional security over regulatory compliance and prevents reputation and

resource lossProactively identies risk and quantify exposure across the enterprise to improve transparencyImproves the decision making process and provides an effective reporting workowAutomatically identify and prioritize risks through proactive alerts and escalationsImplements risk response and mitigation activities to prevent risks from having a negative impact

GRC Risk Management

SAP GRC

Implements a real balanced scorecard over SAP enhancing automated controls andmonitoring techni quesAllows business areas to detect, prevent, monitor and approve unusual operations and transactionsReal-time notication of predened rule-based exceptions in order to obtain an effective response

Control automation signicantly reduces audit execution, documentation and trackingexception timesReduces the effort time to manage the internal control model in the whole organizationEstablishes a cost-effective combination of resources designated to perform internal control testing

Changes the traditional and reactive internal control model to a proactive and dynamic modelthat is exception basedOptimizes nancial and operational processes to gain a higher internal control level (increasecontrol condence and effectiveness)

GRC Process Control

GRC Access Control

Real-time diagnostic of segregation of duties risks over applications

Real-time monitoring of critical t-codes and user activityProvides a centralized control repository and a monitoring risks dashboardPrevention of the risk of segregation of duties conicts propagationAutomatic and controlled approval of the accesses by the different data ownersUser management optimization in all the systems (granting/revoking/modifying user privileges)Compliance with the best practices in terms of roles and proles management, ensuring theirdenition, documentation, creation, testing and maintenance in a consistent way throughoutall the administration process

Automatic management of the emergency access in a controlled and auditable environment

With SAP solutions for GRC, companies can turn risk into results and improve nancial performance by embedding consistentand sustainable risk management practices while improving managements ability to make decisions. The value of GRC integrationis outlined in the recent Ernst & Young article for the special report on GRC in SAPinsider , published December 2012:http://www.ey.com/Publication/vwLUAssets/10-2012_GRC/$FILE/10-2012_GRC_Ernst&Young.pdf


15/16


Want to learn more?Insights on governance, risk and compliance is an ongoing series of thought leadershipreports focused on IT and other business risks and the many related challenges andopportunities. These timely and topical publications are designed to help you understandthe issues and provide you with valuable insights about our perspective.

Please visit our Insights on governance, risk and compliance series atwww.ey.com/GL/en/Services/Advisory/IT/IT-risk-library-page

The future of internal audit is now: increasingrelevance by turning risk into results

We explore actions internal audit can take to realizestrategic alignment, increase business relevanceand achieve a risk maturity that acceleratesfinancial performance.

Risk management

Turning risk into results: enabling risk managementwith SAP GRC

Ernst & Youngs GRC Risk Management (RM) solution paperfocuses on enabling risk management. It highlights whatwe see in the market, opportunities, benefits and relatednext steps.

Smart Control: transforming controls to reducecost, enable growth and keep the business safe

Balancing value, cost and risk in processes andcontrols helps create a competitive advantage.Becoming streamlined helps you anticipate andrespond to changes.

Process control

Access control

A risk-based approach to segregation of duties

Read clear guidance on a sound risk-based methodologythat integrates IT and financial controls, resulting in an

approach that is both manageable and cost effective.

Turning risk into results: enabling accessmanagement with SAP GRC

Ernst & Youngs SAP GRC Access Control (AC) solution paper

focuses on managing access risks. It looks at how you can lowercost and effectively sustain access management throughcentralization,standardization, automation and integrationwith other GRC modules.

Turning risk into results: enabling compliance and process management with SAP GRC

Ernst & Youngs SAP GRC Process Control (PC) solution paperfocuses on enabling compliance and process optimization. Itcovers the Rapid SAP process and control diagnostic whichprovides accelerated current state assessment ofSAP processes, controls and technology.


16/16

Ernst & Young

Assurance | Tax | Transactions | Advisory

About Ernst & YoungErnst & Young is a global leader in assurance, tax,transaction and advisory services. Worldwide,our 167,000 people are united by our sharedvalues and an unwavering commitment to quality.We make a difference by helping our people,our clients and our wider communities achievetheir potential.

Ernst & Young refers to the global organizationof member firms of Ernst & Young GlobalLimited, each of which is a separate legal entity.Ernst & Young Global Limited, a UK companylimited by guarantee, does not provide servicesto clients. For more information about ourorganization, please visit www.ey.com.

About Ernst & Youngs Advisory ServicesThe relationship between risk and performanceimprovement is an increasingly complex andcentral business challenge, with businessperformance directly connected to the recognitionand effective management of risk. Whether yourfocus is on business transformation or sustainingachievement, having the right advisors on your sidecan make all the difference. Our 25,000 advisoryprofessionals form one of the broadest globaladvisory networks of any professional organization,delivering seasoned multidisciplinary teamsthat work with our clients to deliver a powerfuland superior client experience. We use proven,integrated methodologies to help you achieveyour strategic priorities and make improvementsthat are sustainable for the longer term. Weunderstand that to achieve your potential as an

organization you require services that respond toyour speci c issues, so we bring our broad sectorexperience and deep subject matter knowledgeto bear in a proactive and objective way. Aboveall, we are committed to measuring the gains andidentifying where the strategy is delivering thevalue your business needs. Its how Ernst & Youngmakes a difference.

2013 EYGM Limited.All Rights Reserved.

EYG no. AU1488

In line with Ernst & Youngs commitment to minimizeits impact on the environment, this document hasbeen printed on paper with a high recycled content.

This publication contains information in summary form and istherefore intended for general guidance only. It is not intendedto be a substitute for detailed research or the exercise ofprofessional judgment. Neither EYGM Limited nor any othermember of the global Ernst & Young organization can acceptany responsibility for loss occasioned to any person actingor refraining from action as a result of any material in thispublication. On any specific matter, reference should be madeto the appropriate advisor.

ED None

At Ernst & Young, our services focus on our clients speci c business needs and issues becausewe recognize that these are unique to that business.

Effective risk management is critical to helping modern organizations achieve their goals andit offers the opportunity to accelerate performance while protecting against the uncertainties,barriers and pitfalls inherent in any business. Integrating sound risk management principles andpractices throughout operational, nancial and even cultural aspects of the organization canprovide a competitive advantage in the market and drive cost-effective risk processes internally.

Our 15,000 Risk professionals draw on extensive personal experience to give you freshperspectives and open, objective support wherever you are in the world. We work with you todevelop an integrated, holistic approach to managing risk and can provide resources to addressspeci c risk issues. We understand that to achieve your potential, you need tailored servicesas much as consistent methodologies. We work to give you the bene t of our broad sectorexperience, our deep subject-matter knowledge and the latest insights from our work worldwide.Its how Ernst & Young makes a difference.

For more information on how we can make a difference in your organization, contact your local

Ernst & Young professional or a member of our team listed below.

Contact details of our leaders

Global

Paul van Kessel +31 88 40 71271 paul .van.kessel@nl .ey.com

Randall J. MIller +1 312 879 3536 [email protected]

Areas

Americas

Michael L. Herrinton +1 703 747 0935 [email protected]

Bernard R. Wedge +1 404 817 5120 [email protected]

EMEIA

Jonathan Blackmore +44 20 795 11616 [email protected]

Manuel Giralt Herrero +34 91 572 7479 [email protected]

Asia-Paci c

Jenny S. Chan +86 21 2228 2602 [email protected]

Rob Perry +61 3 9288 8639 [email protected]

Japan

Yoshihiro Azuma +81 3 3503 1100 [email protected]

Haruyoshi Yokokawa +81 3 3503 2846 [email protected]

How Ernst & Young makes a difference

Date post:	14-Apr-2018
Category:	Documents
Upload:	euglena-verde
View:	220 times
Download:	0 times

Insights on GRC_GRC Technology_AU1488

Documents