Documente Academic
Documente Profesional
Documente Cultură
Submitted by :
• Manas Choudhary (12030241142 ) – C Group Leader –
9665372521
• Shankar Kendre (12030241159) – C – 9960899626
• Raghavendra Aarole (Roll No) - C – 7709998886
• Ishan Mishra (12030241073) - A – 7276899981
• Rahul Vardhan Dinesh (12030241210) – D – 9420290268
Batch 2012-14
1
Agenda
• Fragmentation 01
• Integrated GRC 02
• SAP Solutions for GRC 03
• Segregation of Duties Violations 04
• Risk Analysis and Remediation 05-06
• Access Management 07
• Compliant Provisioning 08-09
• Benefits of SAP GRC 10-11
2
Fragmentation
Managing with confidence is difficult in an increasingly complex world
ASX ROHS Human
Segregation Credit Capital Project
Principle CLERP 9 SOX of duties Risk Risk
7 WEEE Risk
Board of
Australia Directors
Compliance
Governance Finance
U.S.A Risk Mgmt. Governance
Legal
Risk
Japan Mgmt. Sales
Compliance
Risk Mgmt.
Contracts
U.K.
Compliance
Compliance HR
Compliance
France Risk Mgmt. Controller
Risk Mgmt.
China
Governance IT
Compliance Policy Mgmt.
Germany Governance Risk Mgmt. Audit &
Compliance
India
Treasury
Proj. Doc.
Security Mgmt. Mgmt. Contracts Planning Customers ERP Production Billing
Integrated GRC
Forward looking organizations are seeking a unified approach to GRC
ASX ROHS Human
Segregation Credit Capital Project
Principle CLERP 9 SOX
WEEE Of Duties Risk Risk
7 Risk
Board of
Australia Directors
Compliance
Governance Finance
U.S. A. Risk Mgmt. Governance
Legal
Risk
Japan Mgmt. Sales
Compliance
Risk Mgmt.
Contracts
U.K.
Compliance
Compliance HR
Compliance
France
Risk Mgmt. Controller
Risk Mgmt.
China Governance IT
Compliance Policy Mgmt.
Germany
Governance Risk Mgmt. Audit &
Compliance
India
Treasury
Proj. Doc.
Security Mgmt. Mgmt. Contracts Planning Customers ERP Production Billing
SAP Solutions for GRC
A unified solution for GRC management
Business Process
Industry-Specific GRC
Life Sciences Chemicals Oil & Gas
Transparency to
High Tech Banking
balanced global risk
profile
Cross-Industry GRC
Risk
Management
Risk Management Standardization on
Compliance Access
Control
Process
Control
Global
Trade
Environment common GRC content
& Controls
and rules
GRC Repository Automates and embeds
GRC into business
processes
Business Process Platform
Business
Applications
Segregation of Duties Violations
Effective
Minimal Continuous
Management Oversight
Time To Compliance Access Management
and Audit
(Get Clean) (Stay Clean) (Stay in Control)
Risk Identification Enterprise Role Compliant User Superuser Privilege Periodic Access
and Remediation Management Provisioning Management Review and Audit
Rapid, cost-effective Enforce SoD Prevent SoD Close #1 audit issue Focus on remaining
and comprehensive compliance at violations at with temporary challenges during
initial clean-up design time run time emergency access recurring audits
Remediation Management
Mitigation Management Delivers 24/7, real-time
compliance by stopping
Reporting
Real-time Simulation
Mandatory Prevention “SAP GRC Access Control, with its
comprehensive preconfigured rule
set, reflected deep expertise within
Access Risks Library SAP that would have taken us a
very long time to replicate.”
Cross-Enterprise Rules Database Synopsys Inc.
Rules
Risk Elimination
End-to-End
Automation
ID Administration Superuser
Date Restrictions
Privileged
Security
Single User per ID New Session New Session New Session New Session
Alert Framework
Log Log Log Log
Reporting
Manager
email Approval
Role
Owner
spreadsheets,
paper forms
spreadsheets,
paper forms IT Security
Manual
Provisioning
Compliant Provisioning contd..
Compliant Provisioning with Dynamic Workflow
Request
• Embed cross-enterprise
100% Automated
HR Event
Generated preventive compliance into
Employee Path Workflow—based business process
Hired/Retired on request type and
user attributes
• Reduce cost of user
Mgr
Approval Via e-mail administration
Escalation • Improve productivity of
Workflow
end users
Risk 1 “Click” Preventive
• Auditable tracking for
Analysis Simulation
Exception auditors
Workflow
Automated
Provisioning 100% Automated
… … …
Benefits of SAP GRC
• Key Solution Capabilities and Benefits
– Identifies and prevents access and
authorization risks in cross-enterprise IT
systems to prevent fraud and reduce the
cost of continuous compliance and control
– Provides end-to-end automation for
detecting, remediating, mitigating, and
preventing access and authorisation risk
across the enterprise
– Allows for true cross-enterprise SoD risk
mitigation by integrating into SAP and non-
SAP systems
• Common Customer Challenges Addressed
– Need to comply with SOX regulations for
section 404, or similar regulations
– Weak support for the audit process to
ensure the right measures are in place to
prevent fraud
– Manual or people-intensive compliance
processes involving emails, spreadsheets
and/or paper
– Costly, manual remediation
– Uncontrolled role management
– Excessive super-user access
– Inefficient and un-auditable user
provisioning
– Reactive vs. preventative
• Establish approach and process to manage risk rules
• Gain alerts on potential violations
• Identify business functions which produces risks when executed by
same individual
• Focus on prevention vs. “a point in time” detection
• Simplify compliant enterprise level role administration
• Enforce compliant security for Privileged Access
• Increase visibility through timely notification
• Deliver audit ready, detailed reporting
• Lower risk and save money through proactive compliance
•
13
Thank You
14