7/30/2019 Insights on GRC_GRC Technology_AU1488
1/16
Unlocking the powerof SAPs governance,risk and compliancetechnology
Insights ongovernance, riskand compliance
March 2013
7/30/2019 Insights on GRC_GRC Technology_AU1488
2/16
iii Insights on governance, risk and compliance | March 2013
Introduction ........................................ 1
Governance, risk andcompliance defined ............................. 2
Value of GRC technology ..................... 6
SAP GRC technology solutions ............ 8SAP GRC Risk Management .......................... 9
SAP GRC Process Control .......................... 10
SAP GRC Access Control ........................... 11
Conclusion ........................................ 12
Contents
7/30/2019 Insights on GRC_GRC Technology_AU1488
3/16
1Insights on governance, risk and compliance | March 2013
IntroductionRisk management is no longer an ad hoc activity; it is an integral part of the day-to-dayoperations of organizations. External and internal risk management requirements arebecoming increasingly complex and intrusive, while the demand for more comprehensiveand actionable governance, risk and compliance (GRC) information continues to increase.The historic approach of managing risk in silos across different functions, processes,methods and infrastructure cannot keep up with these requirements; and, in manycases, risk management has become a growing operational and financial burden,limiting the organizations ability to keep pace with essential business growth andtransformational initiatives.
In order to manage these challenges, leading organizations are driving technology-enabledGRC transformation programs that can:
Create improved visibility of enterprise risks and how these are mitigated
Lower the cost of risk management through the reduction of manual processesand controls
Increase ef ciencies through standardization, simpli cation, automation andend-to-end process centralization
In this paper we will consider the scope of GRC; elaborate on what value GRC technologycan bring to the table; and demonstrate how SAP GRC software supports risk management,process control and access control.
A robust GRC technology solution can helpembed cost-effective risk managementpractices into daily business activities.
7/30/2019 Insights on GRC_GRC Technology_AU1488
4/16
2 Insights on governance, risk and compliance | March 2013
What is GRC?GRC is the umbrella term covering an organizations integrated approach to governance,risk and compliance. While interpreted differently in various organizations, GRC typicallyencompasses activities such as governance, enterprise risk management (ERM), internalcontrols, regulatory compliance and internal audit. GRC activities are increasingly beingintegrated and embedded into organizational structures, processes, systems and datastructures in order to avoid redundancies, as well as identifying and closing gaps. In otherwords, acting as assurance as a whole for the entire organization.
Governance improves the alignment of risk activities to the strategic objectives of thebusiness. The following governance activities enable clearer accountability and reporting,increase visibility of the risks that matter most to the organization, and enhance decision-making processes:
Strategy related:
Setting the business strategy and objectives
Establishing the organizations culture and values
Risk related:
De ning the roles and responsibilities of risk governance bodies
Determining risk appetite
Setting standards and policies
Risk management embeds risk activities into business functions and processes and helps toensure optimization across the enterprise. The following activities allow the performance
of predictive analytics to correlate driver-based performance management and identifytrends and anomalies for rapid response:
Identifying and assessing risk that affect the organizations ability to achieve businessobjectives
Determining risk response strategies
De ning control activities
Compliance facilitates controls and processes to meet regulatory and business requirements.The following activities integrate automated controls measures and continuous monitoringinto the transactional processing cycle, resulting in transparency of risk and controls andthe elimination of transactions at risk:
Testing adherence to control activities, policies, standards and commitments
Addressing issue management, tracking and remediation
Governance, risk
and compliancedefined
7/30/2019 Insights on GRC_GRC Technology_AU1488
5/16
3Insights on governance, risk and compliance | March 2013
The model below sets out Ernst & Youngs leading practice Risk Agenda. Its four components focus on increasing risk performancemanagement and integrated GRC, providing an end-to-end GRC approach for an enterprise-wide scope.
Improve controls and processes
Better aligned risk coverage,including the identi cation ofstronger, more pervasive controls
Reduced level of effort associatedwith performing and testing controlsIncreased control and process ef ciencies enabledthrou gh automation and continuous monitoringImproved control mix th at addresses key businessrisks while driving process ef ciencies
Embed risk management
Comprehensive and continuousrisk management and monitoring
Central management of nancial,operational and compliance risksand cont rols across organization
Enhance risk strategy
Improved alignment to the objectives andstrategy of the businessImproved visibility of risks that mattermost to the organizationProactive identi cation of risksEnhanced decision making
Optimize riskmanagement functions
C o m p l i a n c e
G o v e r n a n c e
R i s k
-
Eliminat ion of duplicate and fragmentedrisk management activitiesIncreased integration and coordinationamong business, IT and compliance
Sustainability of risk management processEffective top-down and bottom up reportingReduced cost of control
Turningrisk intoresults
Enhance
risk strategy
Embedrisk
management
Optimize riskmanagement
functions
Improvecontrols and
processes
Risk Agenda P o l
i c y m a n a g e m e n t
R i s k m an a g e m e n t C o
m p l i a n
c e a nd a u d it m a n a g e m e n t
P r o
c e s s /
c o n t r o
l s o p t i m iz a t io n
a n d c o n t i n u o u s m o n i t o r i n g
D a t a a n a l y t i c s , s e c u r i t y a n d p e r f o r m a n
c e r e
p o r t
i n g
Global Fortune 100 food and beverage companyImplemented a common risk and controls framework and centralized its process controls libraryacross the organization to gain better visibility over its redundant control activities. Rationalized andautomated the testing process for over 90 SAP automated business process controls.
7/30/2019 Insights on GRC_GRC Technology_AU1488
6/16
4 Insights on governance, risk and compliance | March 2013
Governance, risk and compliance de ned
Why is GRC important now?The world is constantly evolving, creating external pressures onorganizations to drive performance and manage risk. A singlenegative risk event can destroy a companys reputation.
External and internal risk management requirements are
becoming increasingly complex and intrusive, while the demandfor more comprehensive, consolidated and actionable GRCinformation is also increasing. The historic approach of managingrisk in silos across different functions, processes, methods andinfrastructure cannot keep up with these evolving requirements.Risk management has become a growing operational andfinancial burden limiting its ability to keep pace with businessgrowth and transformational initiatives.
Future GRC focus
Decentralizedprocesses
Risk managedin silos
Fragmentedactivities
End-to-endprocesses
Enterprise-wide
Integratedactivities
Historic GRC focus
Inconsistent approach to capture andassess risks across the organization
Segregation of duties violations
Lack of condence in accuracy andprecision of risks identication
Fragmented, manual andad-hoc reporting
Inability to produce aconsolidated heat map
Focus on compliance over riskperformance management
Lack of process and controlstandardization
Multiple and manual risk activities
Signicant cost impact on business
Risk activities are consistently covered across allbusiness units
Centralized risk and risk assessment management
Top-down and bottom-up risk integration
Ability to manage risks at multiple organizational levels
Consistent and real-time reporting
Centralized and consolidated heat map
Drill-down capabilities
Signicant work-ow automation
Compliant role design and user provisioning activities
Centralized and consolidated views of end-to-endprocesses
Automated risk activities and processes
Signicant work-ow automation
Reasonable cost impact on business
Audit, risk and control functions have grown organically and inisolation, leading to challenges in alignment and communicationat all levels of the enterprise and the disintegration of risk planningand performance management. Companies are now being forcedto align in order to close gaps and eliminate overlaps, while focusing
on the risks that matter and create value. Also, cost pressuresin the current economic environment call for enhanced GRCmanagement in the identification of hidden costs, inefficienciesin control and compliance structures, and in reducing duplicativeactivities at corporate and business unit levels.
7/30/2019 Insights on GRC_GRC Technology_AU1488
7/16
5Insights on governance, risk and compliance | March 2013
Technology-enabled GRC transformationCompanies increasingly recognize the business value that GRCtechnology-enabled transformation offers. Business functionsthat previously focused on their goals in isolation are movingtoward the integration of business, risk, finance and capitalplanning management. This enables risk management to focus
on forward-looking developments and on building competitiveadvantage. A risk-aware culture should be promoted as a keyvalue-added activity through all levels of organizations, allowinga shifting focus from downside to upside risk management.
The following diagram shows the development from historicalfocus on risk and compliance functions in isolation through toa successful GRC transformation. The leading practice in GRCtransformation enables organizations to achieve an integratedend-to-end and enterprise-wide GRC state of maturity. It focuses
on high-performance levels of risk management that no longeronly protects but creates business value.
Valuecreation
Performance
R i s k m a n a g e m e n
t
Performancerisk management
Future focus Centralized and enterprise-wide risk assessment management Top-down and bottom-up risk integration Consistent and real-time reporting Centralized and consolidated heat map Consolidated end-to-end risk management processes Ability to manage risks at multiple organizational levels Automated and integrated risk activities across
business functions
Valueprotection
Risk insight andperformance
improvement
Risk identi cationand reporting
Historical focus Fragmented, manual and ad-h oc Inability to produce a consolidated heat map High instances of segregatio n of duties violations Inconsistent and fragmented approach to capture
and assess risks across the organization
Expanded focus
Historical focus
Integrate governance, riskand compliance to create anend-to-end, enterprise-wide
risk performance improvement
Enhancerisk
strategyEmbed riskmanagement
Improve controland p rocesses
Optimize riskmanagement
functions
The Risk Agenda: Client Agenda
Turningrisk intoresults
Compliance
7/30/2019 Insights on GRC_GRC Technology_AU1488
8/16
6 Insights on governance, risk and compliance | March 2013
Value of GRCtechnology
Traditional GRC technology solutions were aimed at providing organizations with a singleissue solution, but nowadays leading companies utilize GRC technologies for multiplepurposes. Whereas companies in the past focused on meeting a specific requirement,such as Sarbanes-Oxley compliance, leading organizations these days have other GRCactivities to be considered, such as audit management, regulatory compliance, ITgovernance, performance improvement and policy management. Therefore integration,central databases and reusability are more important than in the past.
Organizations use GRC technology to enable, integrate and optimize their risk managementfunctions and processes, while focusing on supporting strategic objectives and creatingvalue. GRC technology is emerging rapidly and is being adopted by leading organizations.It provides one risk management language, consistency, integration, cost efficiency,innovation and effective work flows. GRC technology offers solutions to fully integrategovernance, risk management, compliance and process improvement.
GRC technologies successfully transform risk performance levels by:
Automating and standardizing processes and controls
Embedding and maintaining one single version of risk and control data
Managing holistic views of risk and compliance exposures
Generating dynamic and real-time risk and control intelligence and reporting
Analyzing risk-driven indicators and exception-based decision making
Escalating via work ow through different levels of the organization
Global Fortune 500 medical technology companyRationalized 2,000 global process controls down to a total of 300, resulting in considerable savingsfrom automation and benchmarking of controls. This company also implemented SAP GRC AccessControl globally, which greatly improved audit results and resulted in considerable reduction in ongoingtesting efforts both internally and externally.
7/30/2019 Insights on GRC_GRC Technology_AU1488
9/16
7Insights on governance, risk and compliance | March 2013
Selection processDue to the increased importance of risk in driving shareholdervalue, information technology vendors are now providing morecomprehensive and exible GRC solutions, enabling companiesto expand their risk management programs and reach a greaterlevel of risk process maturity, while delivering quick wins in theshort-term.
Functionalrequirements
Technicalrequirements
Vendorqualication
Functionalrequirements
Vendorqualication
Technicalrequirements
Vendorqualication
Functionalrequirements
Technicalrequirements
Company prole, market positionand experience
Long-term product strategy
Strength of competitive differentiators
Partners
Customers
Implementation approach
TrainingSoftware licensing model, releasestrategy and maintenance support services
Product functionality
Data repository management
Reporting capabilities
Work ow management
Review, approvals and issuetracking functionality
Risk management functionality
Audit management functionalityControls monitoring functionality
Analytics functionality
Vendor and product information
Technical architecture
Performance and scalability
Product integration
Mobile devices, remote access
Software support model
Information security
In order to select the right GRC technology that meets riskmanagement objectives in line with the business strategy,please be guided by this checklist:
Global Fortune 500 oil and gas companyStrengthened its controls environment by standardizing its access management processglobally and implementing SAP GRC Access Control across its 20 SAP strategic systems. This
standardization drove ef ciencies (20%30%) around access management processes and improvedthe risk posture by relying more on preventive segregation of duties and sensitive access checksthan on reactive, manual procedures.
7/30/2019 Insights on GRC_GRC Technology_AU1488
10/16
8 Insights on governance, risk and compliance | March 2013
In the current market, many information technology vendors offer GRC technologysolutions. In this paper we focus on the GRC technology solutions of SAP:
SAP GRC Risk Management offers a holistic risk visibility, key risk indicators andenterprise risk intelligence through dashboards and surveys.
SAP GRC Process Control provides a central controls repository, self-assessments,automated process and work ow management, as well as con gurable controlstesting and real-time exception based reporting.
SAP GRC Access Control enables sensitive access management and segregation ofduties, critical and emergency access management, and compliant access provisioning.
SAP GRC Global Trade Services demonstrate export/import compliance, customse- ling and sanctioned party list screening in a global trade environment.
In the remaining part of this paper, we will focus on the rst three components:SAP GRC Risk Management, SAP GRC Process Control and SAP GRC Access Control.
SAP GRC
technologysolutions
GRC Risk ManagementHolistic risk visibility, key risk indicators, risk
intelligence through dashboards, surveys
GRC Access Control
Governance, risk and compliance
SAP GRC Risk Management
Formal integration of riskmanagement with strategy
Repeatable framework to analyze
and mitigate riskContinuously monitor key riskindicators across strategic objectives
SAP GRC Global Trade Services
Identify, manage and p rioritizerisk exposure across globalsupply chains
Automates export licensemanagement and electroniccustoms communication
SAP GRC Access Control
Enables compliant continuouscontrol of access andauthorization across the enterprise
Proactively protects informationand prevents fraud throughautomated access risk analysisand remediation
SAP GRC Process Control
Automated co ntinuous controlmonitoring across policies andregulatory requirements
Delivers cross-systems visibilityand a unied repository ofcompliance information forefcient multi-initiative management
Sensitive access and segregation ofduties, critical and emergency access
management, compliant access provisioning
GRC Process ControlCentral controls repository, self-assessments,automated process and congurable controlstesting, real time exception-based reporting
GRC Global Trade ServicesExport/import compliance, customs e-ling,
sanctioned party list screeningB u s i n e s s p r o c e s s p
l a t f o
r m
F i n
a n c e O p e r a t i o
n s
P r o d u c t i o n
S a l e s P u
r c h
a s
i
n g
O p t i
m i z e S t r a t e g i
z e
An a l y
z e
E x e c u t e
P l a n
B u s
i n e s s
p e r f o r m a n c e o p t i m i z a t i
o n Business
analytics
Know your business
Decide with condence
Act boldly
7/30/2019 Insights on GRC_GRC Technology_AU1488
11/16
9Insights on governance, risk and compliance | March 2013
SAP GRC Risk ManagementSAP GRC Risk Management provides an integrated approachto understand and manage all of the risks that an organizationfaces. Its main purpose is to improve the quality of decisionmaking. Additionally, it provides management with the visibilityto recognize the interdependency of risks, thereby decreasing thelikelihood that the organization would be surprised by events thatcould have been predictable. The bene ts are:
Plan the integration of the management of risks and controlsacross the enterprise (strategic planning and businessprocesses); this will unify the way the organization approachesstrategic, nancial, operational and compliance risks.
Identify , in a proactive manner, risk and quantify exposureacross the enterprise to improve transparency; automaticallyidentifying and prioritizing risks through proactive alerts andescalations will provide additional security over regulatorycompliance and prevent loss of reputation and resources.
Analyze risks better and faster due to the improved decision-making process and the increased effectiveness and ef ciencyof the risk model.
Respond quickly with risk implementation and mitigationactivities to prevent risks from having negative impact.
Monitor the impact of risk against performance in anaccessible and visible way; this will provide an effectivereporting work ow.
SAP GRC Risk Management (SAP GRC RM) enables four major components of risk management model: risk governance, riskmanagement, risk integration, and business process performance.
SAP GRC RM provides the following functionality:
Common risk de nition (risk pro le, risk appetite,risk tolerances, strategy, objectives, etc.)
Risk repository and classi cation Automated risk assessment process Centralized and consolidated risk heat map Risk correlation and simulation Automated and work- ow driven risk management
end-to end process
Monitorrisks
Planrisks
Respondto risks
Identifyrisks
Analyzerisks
7/30/2019 Insights on GRC_GRC Technology_AU1488
12/16
10 Insights on governance, risk and compliance | March 2013
SAP GRC Process ControlSAP GRC Process Control enables an organization to automateits internal control model (automatic and manual controls andtesting/approval work ows) and compliance monitoring, therebyreducing the efforts taken by the organization and increasing thesecurity in the operations for the directive committee.
Control repository centralization : creates a repository thatcentralizes all the documentation processes and managementof the internal control model. This allows an early detection ofcon guration and master data changes.
Integration : increases integration and coordination amongbusiness, IT and compliance, allowing the embedding ofinternal controls into the business processes (functionalareas take a more relevant role).
Automation : ensures the compliance of the internal controlmodel (continuous control monitoring (CCM)) and real-timecontrol exception reporting, which increases the con dence
in the effectiveness of controls by eliminating the humanerror factor and improves the ef ciency of the internalcontrol model. By reducing the cost of compliance (less time,less people) and increasing the effectiveness, the number ofmanual controls required in processes will be minimized.
Periodic and continuous monitoring : manages real-timenoti cation of potential control failures based on establishedbusiness rules; identi es production change anomalies thatmay indicate fraud through alerts; improves test effectivenessthrough con gured controls with 100% coverage; and increasesoperational ef ciency through standardization and policymanagement. Processes associated with the preparation andanalysis of con gured controls show higher ef ciencies. Costsassociated with audit failure are avoided.
Cross-system visibility : enables a uni ed repositoryof compliance information for ef cient multi-initiativemanagement and enhanced visibility to process-related riskexposure and controls testing throughout the enterprise.
SAP GRC technology solutions
SAP GRC Process Control enables organizations to execute coordinated, transparent and automated compliance and riskmanagement activities.
Key activities
S i g n - o
f f
a n d r e p o r t
Analytics and reportsCertify, signoff and
provide evidence
M o n i t o r
Monitor exceptions Remediate issues
E v a l u a t e
Test automatedcontrols
Test manualcontrols
Performassessments
S c o p e
Materialityanalysis
Riskassessments
Teststrategies
S e t - u p a n d
m a n a g e
Controlenvironment
Regulations,
policiesand audits
Enterpriseintegration
Functionality
Interactive, multi-format control, testing, exception andremediation status across processes, policies, geographiesand accounts
Policy and certi cation management
Near real-time noti cations of control exceptions andassociated impact
Work ow-enabled activity and response rules User de ned multi-step control effectiveness test plans ERP integration through 120+ delivered scripts or
customizable SAP queries/ reports for continuouscontrol monitoring
Centralized entity, process and control maps Risk assessment utilities and customizable testing
strategies de nitions
Compliance support for multiple mandates and forstrategic, nancial, operational and IT risks
7/30/2019 Insights on GRC_GRC Technology_AU1488
13/16
11Insights on governance, risk and compliance | March 2013
SAP GRC Access ControlThis suite of solutions is made up of various tools that allow theautomation of the access control model of the organization,through a dual system that initially allows the organization todetect and clean the segregation of duties (SoD) violations (getclean), and then keep it clean in the future (stay clean) by an
automated process.SAP Access Control enables the four major components of accessmanagement: risk analysis and remediation, enterprise rolemanagement, super-user privilege management and compliantuser provisioning.
SAP GRC Access Control provides the following functionality:
Role centralization : centralized and consolidated role designand de nition that is business centered and compliance enabled;including a sensitive segregation-of-duties rule library.
Access monitoring and control: automated emergencyaccess management with integrated monitoring andreporting. Access anomalies indicating possible fraudulentactivities are identi ed through alerts and access requestscenarios; they can then be stimulated across businessprocesses and applications.
Automation : automated work ows that facilitate the accessmanagement end-to-end process, such as self-service useraccess request and related approval processes.
Compliance : compliant continuous control of access(including authorization), helping to enable the segregationof duties (SoD) management across the enterprise.
Protection : proactively helping to protect information andpreventing fraud through automated access risk analysisand remediation.
SAP GRC Access Control (SAP GRC AC) enables four major components of access management: risk analysis and remediation,enterprise role management, superuser privilege management and compliant user provisioning.
Businessrole
management
Access risk management
Accessrequest
Emergencyaccess
management
SAP GRC Access Control
Prevent Detect
Design rolesand prevent
violations
Provisionregular access
Provisionemergency
access
Identify andremediateviolations
SAP GRC AC provides:
Business-centered and compliance-enabled roledesign and de nition
Emergency access management with integratedmonitoring and reporting
Self-service user access request and approval process Centralized and consolidated sensitive and
segregation of duties rule library
Rapid identi cation of access violations and ability tosimulate access request scenarios
Automated and work ow driven access managementend-to end process
7/30/2019 Insights on GRC_GRC Technology_AU1488
14/16
12 Insights on governance, risk and compliance | March 2013
GRC technology creates value, reduces costs and improves your risk performance. Itenables your organization to automate, standardize, streamline processes, create holisticviews of risk and compliance, and analyze real-time business intelligence, and it allowsyour decision making to really make a difference. The following model helps to assessyour organizations GRC technology maturity level.
Conclusion
Aligns and integrates the management of risks and controls across the enterprise (strategicplanning and business processes)
Aligns and integrates the management of risks and controls across the enterprise(strategic planning and business processes)
Unies the management of strategic, nancial, operational and compliance risksIncreases the effectiveness and efciency of risk modelIncreases visibility into the impact of risk against performanceProvides an additional security over regulatory compliance and prevents reputation and
resource lossProactively identies risk and quantify exposure across the enterprise to improve transparencyImproves the decision making process and provides an effective reporting workowAutomatically identify and prioritize risks through proactive alerts and escalationsImplements risk response and mitigation activities to prevent risks from having a negative impact
GRC Risk Management
SAP GRC
Implements a real balanced scorecard over SAP enhancing automated controls andmonitoring techni quesAllows business areas to detect, prevent, monitor and approve unusual operations and transactionsReal-time notication of predened rule-based exceptions in order to obtain an effective response
Control automation signicantly reduces audit execution, documentation and trackingexception timesReduces the effort time to manage the internal control model in the whole organizationEstablishes a cost-effective combination of resources designated to perform internal control testing
Changes the traditional and reactive internal control model to a proactive and dynamic modelthat is exception basedOptimizes nancial and operational processes to gain a higher internal control level (increasecontrol condence and effectiveness)
GRC Process Control
GRC Access Control
Real-time diagnostic of segregation of duties risks over applications
Real-time monitoring of critical t-codes and user activityProvides a centralized control repository and a monitoring risks dashboardPrevention of the risk of segregation of duties conicts propagationAutomatic and controlled approval of the accesses by the different data ownersUser management optimization in all the systems (granting/revoking/modifying user privileges)Compliance with the best practices in terms of roles and proles management, ensuring theirdenition, documentation, creation, testing and maintenance in a consistent way throughoutall the administration process
Automatic management of the emergency access in a controlled and auditable environment
With SAP solutions for GRC, companies can turn risk into results and improve nancial performance by embedding consistentand sustainable risk management practices while improving managements ability to make decisions. The value of GRC integrationis outlined in the recent Ernst & Young article for the special report on GRC in SAPinsider , published December 2012:http://www.ey.com/Publication/vwLUAssets/10-2012_GRC/$FILE/10-2012_GRC_Ernst&Young.pdf
7/30/2019 Insights on GRC_GRC Technology_AU1488
15/16
13Insights on governance, risk and compliance | March 2013
Want to learn more?Insights on governance, risk and compliance is an ongoing series of thought leadershipreports focused on IT and other business risks and the many related challenges andopportunities. These timely and topical publications are designed to help you understandthe issues and provide you with valuable insights about our perspective.
Please visit our Insights on governance, risk and compliance series atwww.ey.com/GL/en/Services/Advisory/IT/IT-risk-library-page
The future of internal audit is now: increasingrelevance by turning risk into results
We explore actions internal audit can take to realizestrategic alignment, increase business relevanceand achieve a risk maturity that acceleratesfinancial performance.
Risk management
Turning risk into results: enabling risk managementwith SAP GRC
Ernst & Youngs GRC Risk Management (RM) solution paperfocuses on enabling risk management. It highlights whatwe see in the market, opportunities, benefits and relatednext steps.
Smart Control: transforming controls to reducecost, enable growth and keep the business safe
Balancing value, cost and risk in processes andcontrols helps create a competitive advantage.Becoming streamlined helps you anticipate andrespond to changes.
Process control
Access control
A risk-based approach to segregation of duties
Read clear guidance on a sound risk-based methodologythat integrates IT and financial controls, resulting in an
approach that is both manageable and cost effective.
Turning risk into results: enabling accessmanagement with SAP GRC
Ernst & Youngs SAP GRC Access Control (AC) solution paper
focuses on managing access risks. It looks at how you can lowercost and effectively sustain access management throughcentralization,standardization, automation and integrationwith other GRC modules.
Turning risk into results: enabling compliance and process management with SAP GRC
Ernst & Youngs SAP GRC Process Control (PC) solution paperfocuses on enabling compliance and process optimization. Itcovers the Rapid SAP process and control diagnostic whichprovides accelerated current state assessment ofSAP processes, controls and technology.
7/30/2019 Insights on GRC_GRC Technology_AU1488
16/16
Ernst & Young
Assurance | Tax | Transactions | Advisory
About Ernst & YoungErnst & Young is a global leader in assurance, tax,transaction and advisory services. Worldwide,our 167,000 people are united by our sharedvalues and an unwavering commitment to quality.We make a difference by helping our people,our clients and our wider communities achievetheir potential.
Ernst & Young refers to the global organizationof member firms of Ernst & Young GlobalLimited, each of which is a separate legal entity.Ernst & Young Global Limited, a UK companylimited by guarantee, does not provide servicesto clients. For more information about ourorganization, please visit www.ey.com.
About Ernst & Youngs Advisory ServicesThe relationship between risk and performanceimprovement is an increasingly complex andcentral business challenge, with businessperformance directly connected to the recognitionand effective management of risk. Whether yourfocus is on business transformation or sustainingachievement, having the right advisors on your sidecan make all the difference. Our 25,000 advisoryprofessionals form one of the broadest globaladvisory networks of any professional organization,delivering seasoned multidisciplinary teamsthat work with our clients to deliver a powerfuland superior client experience. We use proven,integrated methodologies to help you achieveyour strategic priorities and make improvementsthat are sustainable for the longer term. Weunderstand that to achieve your potential as an
organization you require services that respond toyour speci c issues, so we bring our broad sectorexperience and deep subject matter knowledgeto bear in a proactive and objective way. Aboveall, we are committed to measuring the gains andidentifying where the strategy is delivering thevalue your business needs. Its how Ernst & Youngmakes a difference.
2013 EYGM Limited.All Rights Reserved.
EYG no. AU1488
In line with Ernst & Youngs commitment to minimizeits impact on the environment, this document hasbeen printed on paper with a high recycled content.
This publication contains information in summary form and istherefore intended for general guidance only. It is not intendedto be a substitute for detailed research or the exercise ofprofessional judgment. Neither EYGM Limited nor any othermember of the global Ernst & Young organization can acceptany responsibility for loss occasioned to any person actingor refraining from action as a result of any material in thispublication. On any specific matter, reference should be madeto the appropriate advisor.
ED None
At Ernst & Young, our services focus on our clients speci c business needs and issues becausewe recognize that these are unique to that business.
Effective risk management is critical to helping modern organizations achieve their goals andit offers the opportunity to accelerate performance while protecting against the uncertainties,barriers and pitfalls inherent in any business. Integrating sound risk management principles andpractices throughout operational, nancial and even cultural aspects of the organization canprovide a competitive advantage in the market and drive cost-effective risk processes internally.
Our 15,000 Risk professionals draw on extensive personal experience to give you freshperspectives and open, objective support wherever you are in the world. We work with you todevelop an integrated, holistic approach to managing risk and can provide resources to addressspeci c risk issues. We understand that to achieve your potential, you need tailored servicesas much as consistent methodologies. We work to give you the bene t of our broad sectorexperience, our deep subject-matter knowledge and the latest insights from our work worldwide.Its how Ernst & Young makes a difference.
For more information on how we can make a difference in your organization, contact your local
Ernst & Young professional or a member of our team listed below.
Contact details of our leaders
Global
Paul van Kessel +31 88 40 71271 paul .van.kessel@nl .ey.com
Randall J. MIller +1 312 879 3536 [email protected]
Areas
Americas
Michael L. Herrinton +1 703 747 0935 [email protected]
Bernard R. Wedge +1 404 817 5120 [email protected]
EMEIA
Jonathan Blackmore +44 20 795 11616 [email protected]
Manuel Giralt Herrero +34 91 572 7479 [email protected]
Asia-Paci c
Jenny S. Chan +86 21 2228 2602 [email protected]
Rob Perry +61 3 9288 8639 [email protected]
Japan
Yoshihiro Azuma +81 3 3503 1100 [email protected]
Haruyoshi Yokokawa +81 3 3503 2846 [email protected]
How Ernst & Young makes a difference