SAP Governance, Risk, Compliance and Security Solutions

SAP Process Control

SAP

Public

Add partner
logo and alt text
Agenda

Challenges and Opportunities Driving GRC Transformation

SAP GRC Solutions

What’s Happening in Compliance and Control Management

Overview of SAP Process Control

Why SAP Process Control

Summary

Public 2
Enterprise Risk & Compliance Transformation Drivers
Agile and integrated GRC during uncertain times
Challenges

Prioritize strategy and decision making to manage rapid onset Key Focus
of interconnected global risk events with catastrophic losses Areas
Use collaborative tools and automation to focus policies Manage risk
and controls on areas where risks are the most significant

Ensure risks and control information is always up-to-date, Avoid losses

Three Lines Model transparent, and reliable by automating daily activities

Reduce costs
Reduce third-party and fraud risk with machine learning
by combining rules and predictive analytics to better
anticipate and prevent exceptions Strengthen
Compliance
Provide independent assurance of risk and compliance
standards to mitigate increased exposure to risk and
compliance failures
Public 3
SAP GRC and Security solutions
Solution mapping to key themes

Enterprise Risk Identity & Access Cybersecurity, Data International Trade

& Compliance Governance Protection & Privacy Management

 Manage risks, controls,  Manage access for enterprise  Manage cyber risk with greater  Manage import and export
and regulatory requirements applications – cloud or on-premise alignment to information security compliance as well as free
in business operations  Manage identities, authorized standards trade agreements in global
 Screen third parties and detect information access, data use,  Identify potential cyber threats supply chains
anomalies and fraud and sharing conditions and vulnerabilities in applications  Optimize trade utilizing special
 Provide independent assurance  Eliminate excessive logins  Secure files and data using customs procedures such as
with single sign-on bonded warehouses, processing
of risk and compliance standards transportable policies and
trade in China, and free trade
 Mitigate access risk violations encryption
zones in NA
and monitor financial impact  Enable greater control with  Screen third parties for improved
sensitive data masking compliance
and logging

Public 4
Best Run Companies are Transforming with SAP GRC and Security
Solutions
Impact  15% - 20% Reduction in
loss events
Ris
Focus Com k and  75% Reduction in manual effort
plia on selected control activity
nce
Traditional Business Models Best Run Business Models Provide One
 99% Reduction in segregation

Go
View of Risk

Ac erna
v
ce nc
Siloed risk investment / shadow IT Integrate GRC and Security capabilities of duties violations

ss e
Manage Digital
 80% reduction in time required
Manual and dated controls Automate controls within business processes to manage access and SoD
Identities
Multiple user profiles and logins Manage digital identities across landscapes

Cybersecurity
Latency/disconnected view of application threats Detect and correlate threats in near real time  5.3 billion events per day
Monitor analyzed for potential threats
Disparate approach to privacy requirements Establish and manage privacy requirements Opportunities Applications  Forensic analysis and modeling
of new attack detection patterns
Identification of personal information Use AI to identify and detect personal data

Inability to detect potential fraud and misconduct Screen transactions and business partners
Manage  Real-time attribute based

ac n
iv tio
Manual trade compliance processes Automate trade compliance on a single platform Requirements access controls

y
Pr c
d o te
 100% improvement of data

an Pr
Optimize Supply sharing and data restriction

ta
Chains

Da
al  $90 million annual ROI in duty
n ation
r
Inte Trade savings and broker savings,
self-filings, more
 7.6 million business partners
screened with greater uniformity

Public 5
 The IIA’s Three Lines Model (aka 3 Lines of Defense before 2020)

The position of
external
Roles are clearly assurance
defined in the new providers is
model for various addressed
leaders within an
organization

Public
Source: IIA’s new Three Lines Model 6
SAP GRC and Security Solutions
Enterprise Risk & Compliance
Sharing GRC vision, information, and responsibility across the enterprise

Real-time Audit Insights Enterprise Risk Intelligence

Provide independent assurance of risk Visibility of escalating risks provides the ability to aggregate
and compliance standards to risks across the enterprise via collaborative tools, enact
management and audit committees responses proactively and reduce risk losses
Product: SAP Audit Management, Product: SAP Risk Management
SAP Process Control, SAP Digital
Boardroom

Continuous Controls Monitoring

Predictive Analytics Continuous monitoring of business transactions can
Detect potential fraud earlier to reduce identify irregularities and provide automatically
financial losses generated auditable compliance documentation
Product: SAP Business Integrity Screening
Product: SAP Process Control,
Three Lines of SAP Business Integrity Screening
Defense

Anomaly detection Regulation Management

Detect anomalies earlier to reduce losses in the Understand and manage regulatory requirements as
new environment that increase the risk of fraud they relate to risk and control management
Product: SAP Business Integrity Screening, Product: SAP Regulation Management by Greenlight,
SAP Process Control SAP Process Control

Public 8
SAP GRC and Security solutions
Solution mapping to key themes

Enterprise Risk Identity & Access Cybersecurity, Data International Trade

& Compliance Governance Protection & Privacy Management

 SAP Process Control  SAP Access Control  SAP Enterprise Threat Detection  SAP Global Trade Services
 SAP Risk Management  SAP Cloud Identity Access  SAP Privacy Governance  SAP S/4HANA for international
 SAP Audit Management Governance  SAP Privacy Management by BigID trade
 SAP Access Violation  SAP Watch List Screening
 SAP Business Integrity Screening  SAP Customer Data Cloud
Management by Greenlight
 SAP Regulation Management  SAP Data Custodian
 SAP Dynamic Authorization
by Greenlight  SAP Data Custodian, Key
Management by NextLabs
 SAP Single Sign-On Management Service (KMS)
 UI masking for SAP
 SAP Cloud Identity Services –
Identity Authentication  UI logging for SAP
 SAP Identity Management  SAP Code Vulnerability Analyzer
 SAP Cloud Identity Services –  SAP Fortify by Micro Focus
Identity Provisioning

Public 9
What’s Happening in Compliance and
Control Management
Compliance and control management challenges

 Lack of visibility and confidence

Reports annually Communicates
 Cost of compliance
CFO Investors, customers

 Manual, inefficient, slow, and inaccurate

Mission
processes
HR
 Lack of focus on most-critical
Compliance Finance
requirements, risks, and processes office Manufacturing
 Lack of scalability

 Information and data spread Operations, finance, audits, and local GRC

across many people and systems

 Inconsistent practices
 Lack of accountability Operations Finance Compliance Internal Risk Internal audit
controls management
Public 13
Compliance and control management challenges

Compliance failures can cause organizations to suffer

reputational damage, customer churn and costly fines. In fact,
the impact of noncompliance is greater than ever before. A
2018 report by the Ponemon Institute estimates noncompliance
costs to be 2.7 times the costs of maintaining or meeting
compliance requirements—and up 45 percent since 2011.

Only 19% of RM, IA and compliance functions are well-

integrated, or fully-integrated technologically with the
governance, risk and compliance (GRC) tool.

Public Source: PWC, “2019 State of Compliance Study” 14

Overview of SAP Process Control
SAP Process Control – objectives

Focus resources on high- Provide continuous insight Improve compliance and

impact processes, regulations, into the status of business process quality
and risks compliance and controls at the right cost

Prioritize control activities and efforts Help ensure GRC information is Achieve your compliance and
based on the most-critical needs: always up-to-date, transparent, and business process performance
 Key business processes consistent for effective decisions and goals, while keeping your GRC
 Critical regulatory mandates timely actions: program costs under control:
 Higher risks  Evaluation progress  Use of best-practice and intuitive
 Policy acceptance user tools
 Continuous control monitoring  Automated testing and monitoring
(CCM)
 Issue status

Public 17
 SAP Process Control
Help ensure effective controls and ongoing compliance

Document Report
Insightful reporting for
Single source of truth
analysis and accountability
shared across the enterprise
Enterprise Risk
& Compliance

Plan Evaluate
Planning of focused actions to End-to-end test and issue
help ensure timeliness resolution

Perform and Monitor

Streamlined manual and automated performance
Public 18
 Enterprise
SAP Process Control Risk &
Document controls and policies centrally and map to key regulations and organizations Compliance

Document

 Standardized internal control documentation

 Sharing compliance and control structures across regulations
and organizations
 Collaborative policy maintenance and approval

Public 19
Document – value proposition

Streamlined, scalable support for multiple compliance regulations

Harmonized controls across financial and operational regulations

Wherever you are, whatever regulations or Reduce effort and cost

company initiatives you are subject to, By sharing documentation and test results across
regulations and company initiatives

Maintain accountability
By establishing geographic and regulatory ownership
across the global enterprise

Harmonize and scale

With centralized maintenance of documentation and
optional local variation and language support

SAP Process Control can help you break down silos

among your multiple GRC initiatives.

Public 20
 Enterprise
SAP Process Control Risk &
Compliance
Perform periodic risk assessments to determine scope and test strategies

Plan

 Selection of scope and test strategies

 Triggering workflow-driven performance, assessments, and
tests of effectiveness
 Defining and scheduling continuous control monitoring rules
 Distribution of policies and related surveys

Public 21
Plan – value proposition

Risk assessments performed periodically

Determination of scope and test strategies

Not all internal controls are of equal importance. Determine scope

With top-down, risk-based scoping, By reviewing account materiality, as well as subprocess
and control risk

Use resources wisely

By implementing risk-based test strategies that neither
overtest nor undertest controls

Automate
Through selection of controls and transmittal of an
evaluation workflow based on test strategies

SAP Process Control can help you focus your

documentation and test efforts.
Public 22
 Enterprise
SAP Process Control Risk &
Compliance
Perform manual and automated, exception-based monitoring of ERP systems

Perform and Monitor

 Continuous control monitoring of configurations, master

data, transactions, and related changes
 Automatic routing of exceptions through the workflow to
appropriate users
 Manual control performance with collected evidence
available to testers

Public 23
Perform and monitor – value proposition

Automated control testing for SAP and non-SAP software systems

Exception-based, continuous control monitoring

Looking for a way to do more with less? Continuous

control monitoring and automated testing Create your own rules
Without programming and deploy them across
organizations using configurable parameters

Find issues faster

By scheduling continuous control monitoring to run on a
recurring basis – “set it and forget it”

Manage by exception
By routing only exceptions through the workflow to the
right person to review and correct, if needed
can reduce workload for business users and internal
auditors while increasing timeliness and reliability.

Public 24
SAP Process Control 12.0
Automated control testing and monitoring of process flow

Define data sources Map to Analyze and

Trigger
and business rules controls report

FIN

Transaction
controls
Delivered rules O2C
SAP and reports Audit trail
Scheduling
P2P

Master data
controls
HR
Configurable rules Dashboards and
Non-SAP analytics
and queries
IT Routing of
Configuration

workflow
controls

Fixed assets
Configurable Reports
deficiencies
FIN = finance; O2C = order to cash; P2P = procure to pay
Public
Optional in PC 12.0 25
SAP Process Control 12.0
Standalone rules

Business rules can now be used without controls Manually Trigger

Data Source

Organization Control and Automated Issue and

Business Rule Ad hoc Issue
Control Business Rule Monitoring Remediation

 The business rule works independently of defined context

 Exceptions are generated based on the business rule
 A responsible user decides how to handle the exceptions by viewing results in the job monitor
 Issues are not created or routed automatically; instead, the user raises ad hoc issues if needed
Public 26
 Enterprise
SAP Process Control Risk &
Compliance
Evaluate control design and effectiveness and raise and remediate issues

Evaluate

 User-definable surveys for self-assessments, control

design, and disclosures
 Manual and automated tests of effectiveness
 Workflow-driven evaluations, issue remediation,
notifications, and status reporting

Public 27
 Evaluate – value proposition

Comprehensive control performance, evaluations, and issue management

Clear ownership and accountability with best-practice workflows

Regardless of whether you evaluate your controls with Assign ownership and responsibility
self-assessments or more-formal tests of effectiveness, Without the need for IT authorization or workflow
experts

Avoid missed deadlines

Through automatic release of e-mail-based reminders
and escalations

Track it all
With detailed tracking of control performance,
evaluations, issues, and remediation plans
SAP Process Control can streamline workflow-driven
processes either online or offline.

Public 28
 Enterprise
SAP Process Control Risk &
Compliance
Support decisions and promote accountability with insightful analytics and sign-off

Report

 Reports and dashboards

 Audit trails and change analyses
 Sign-off surveys and certification

Public 29
Report – value proposition

Insightful analytics to support decisions and promote accountability

Built-in or custom reports with SAP BusinessObjects Business Intelligence (BI) suite

Whether you are tracking compliance status or Use extensive standard reports
producing year-end reports, To get deep and real-time insight into the status of your
controls and critical issues

Take action
By identifying the source of problems through drilling
down to the most-granular details, if necessary

Build your own

By slicing and dicing data for deeper analyses with
powerful visualization possibilities
SAP Process Control provides a variety of standard,
configurable, and custom reporting options.

Public 30
SAP Process Control
Key features for comprehensive management of controls and compliance

Document Plan Perform and Monitor Evaluate Report

 Standardized internal  Top-down, risk-based  Continuous control  User-definable surveys  Comprehensive tracking
control environment scoping monitoring with for self-assessments, of evaluations and
documentation  Focused test strategies exceptions routed to control design, and related issues and
 Data upload from appropriate user(s) disclosures action plans
 Triggering of workflow
provided spreadsheet  Support for monitoring  Manual tests of  Reports and
tasks for performing
tool manual controls configurations, master effectiveness based on dashboards that can be
 Definition and sharing of data, transactions, and test plans personalized by users
 Creation and
data across multiple change logs  Automated tests of  Audit trails and change
scheduling of
regulations  Multiple data source effectiveness based analyses
continuous control
 User roles assigned at monitoring rules types including reports, upon business rules  Reporting tools from
the data object level queries, and  Management of ad hoc SAP BusinessObjects
 Distribution of policies
configurable tables and evaluation-based BI suite for use with
 Manual control and related surveys
 User-definable issues and remediation GRC solutions
performance steps and
due dates business rule  Comprehensive  Sign-off surveys and
parameters and workflow, notifications, certification
 Master data approval
deficiency levels and status reporting
workflow
Public 31
Why SAP Process Control
What SAP Process Control can do for your business
Our customers tell us what they like best about the solution – the “top 6”

Find problems faster and easier Readily adapt and scale

Through continuous control monitoring and By tapping into robust functionality and configurable
1 automated testing to manage by exception and 4 options to do more without programming and to
reduce efforts increase user productivity

Access a single source of the truth Reduce costs

With a unified framework and processes to Using configurable, interactive forms delivered
2 minimize data maintenance, reduce silos, and 5 through e-mail to empower business users without
save preparation time for internal and external costly training
audits

Have strong confidence in results

Avoid misses As a result of complete integration with business
Using workflow-driven evaluations and issue systems and other SAP GRC solutions for better
3 resolution to boost accountability and to improve 6
risk mitigation, strong control of the business, and
problem tracking and remediation improved assurance

Public 34
Find problems faster and easier
SAP Process Control – continuous control monitoring and automated testing

Benefits Capabilities
Prevent problems by monitoring Support for monitoring configurations,
configuration and master data changes master data, transactions, and change logs

Manage by exception to reduce effort and Multiple data source types including
increase reliability reports, queries, and configurable tables

Readily reuse business rules across User-definable business rule parameters

organizations with user-definable and deficiency levels
parameters
Continuous control monitoring with
Understand root causes of exceptions and exceptions routed to appropriate users
deliver fully evidenced tests
Ability to monitor both SAP and non-SAP
business systems

>200​ 75% 80%

Business rules deployed for ​exception-based ​ eduction in manual effort on selected control
R Estimated reduction in time required for CCM
continuous control monitoring (CCM) activities by managing by exception using CCM business rule creation and maintenance

Public 35
Single source of truth
SAP Process Control – unified approach

Benefits Capabilities
 Organization Multicompliance framework unifying
Effectively share important information and  management of the multiple regulatory
Processes
help ensure consistency and control management needs
 Controls
Minimize data maintenance and avoid  Centralized mapping and documentation
duplication of information Risks of the organization, processes, risks,
 Policies controls, and policies
Reduce the “silo effect” to manage better
and provide accountability Possibility to share controls across
different programs, business processes,
Get clear insight into compliance and and risks
control information
Flexibility for either more-centralized or
Minimize preparation for internal and decentralized management models for
external audits control information

“SAP Process Control provides a single source of the truth, helping top management “We wanted a single and integrated solution for ensuring the
make effective, risk-based decisions at any time, which adds considerable value to effectiveness of our internal control process, and that’s exactly
our company. We have also been able to strengthen our compliance process through what we found in SAP Process Control.”
automated and continuous management of internal controls.”
Christophe Louis, IT Project manager, GlaxoSmithKline Vaccines
Mrs. Vijaya Gupta, Deputy Chief Financial Officer, Hindustan Zinc Limited

Public 36
Avoid misses
SAP Process Control – workflow-driven evaluations and issue resolution

Benefits Capabilities
 Plan
Take advantage of the wealth of experience Comprehensive compliance and controls
 Route
within the broad SAP customer base and management
implement best practices  Evaluate

Built-in, best-practice workflows
Review
Achieve quicker implementation with built-in
 Resolve Workflow configuration features
workflows
 Track
Improve collaboration and streamline Comprehensive evaluation of control
evaluation and issue procedures design and operating effectiveness

Resolve issues faster and have better Complete issue management and
assurance of completeness tracking

Establish clear accountability and

transparency

Public 37
Readily adapt and scale
SAP Process Control – robust functionality with configurable options

Benefits Capabilities
Do more without programming Screen and data configurations based on
company, roles, and regulations
Adapt navigation to user-specific roles and
needs, for increased productivity Personalization options at field and user
levels
Help ensure users access only the data
that is relevant to them Strong authorization management for
selective access to critical regulatory data
Reuse high-value information and minimize Shared data, evaluations, and reporting
duplications for increased efficiency

Get insight at all required levels to analyze Broad range of reporting options:
key information and optimize decisions numerous standard reports and bundled
SAP BusinessObjects business
intelligence solutions

Public 38
Reduce costs
SAP Interactive Forms by Adobe

Benefits Capabilities
Capture critical control evaluation Interactive, multiuse Adobe forms enabled
information from the most knowledgeable for most SAP Process Control evaluations
source – business users and surveys

Simple delivery, completion, and submittal

Minimize user training costs through using e-mail
simplicity of use
Guided data entry with predefined fields,
Use existing surveys and test plans in drop-down menus, intelligent form
delivered templates for quick sequencing, and the like
implementation

Improve user involvement and

accountability

Thousands of business users in a large oil and gas company can perform comprehensive tests and
assessments without ever logging into SAP Process Control.

Demo scenario here: https://youtu.be/8rB4hQzK5LI

Public 39
Have strong confidence in results
Integration with business systems and other SAP GRC solutions

Benefits Capabilities
Help ensure the different types of risks are Map controls in SAP Process Control to
monitored and mitigated SAP Access Control
risks in SAP Risk Management as risk
SAP Business Integrity
Screening
responses
Deliver stronger and continuous control of
the business (with nothing falling into the Integrate with SAP Access Control to
cracks)
SAP Process Control
track access and segregation-of-duty
compliance
SAP Audit
Achieve and sustain compliance, making Management
SAP Risk Management

sure issues are identified and remediated Access control information for performing
audits and for sharing key issues
Increase assurance and improve audit
Tap into a complement to SAP Business
efficiency
Integrity Screening, which yields improved
controls against fraud, errors, and
Improve business reliability at multiple irregularities
levels

“The SAP Process Control application gives us the ability to manage testing for multiple regulations – across zones,
business units, and locations – from a central location, which creates great efficiencies for a global company such as
Kraft Heinz.”
Werner Besson, Head of Internal Controls, The Kraft Heinz Company
Public 40
Proven experience in using SAP Process Control

A company in the energy sector could use SAP Process Control to optimize use of limited resources by
reducing duplication of controls by up to 30% and automating testing for over 160 controls.

A major aerospace and consumer products company could save 1,400 hours in the first year by automating
just 20 controls across a large number of organizational units.

An oil and gas group could use a shared repository of process risks and controls across all areas including
finance, operations, and regulation-specific areas, which could result in 25% reduced time spent on
compliance activities and less time preparing for audits.

A life sciences company could save hundreds of hours of testing by automating 15% of their controls,
and the resulting confidence in the system could significantly reduce time spent double checking compliance
work.

A healthcare group could significantly improve the speed of resolution of deficiencies and gain better
visibility of remediation activities for their control owners.

Public 41
 Eli Lilly and Company: Responding to global health needs while
strengthening compliance with SAP Process Control
Company
​Eli Lilly and Company
Objectives
• Create a central global repository across business units while helping the finance group reduce the number of >200​
controls Business rules deployed for ​exception-
Headquarters • Eliminate disparate and regionalized manual work by control owners based continuous control monitoring
​Indianapolis, Indiana • Maximize scalability, consistency, and reliability of control performance and compliance reporting (CCM)
• Implement an automated, manage-by-exception, self-documenting monitoring process to reduce internal control
Industry efforts and improve business process performance
Life sciences
Why SAP
75%
Products and Services ​ eduction in manual effort on selected
R
• Ability to integrate across 14 systems in the global SAP solution landscape control activities by managing by
​Development, manufacture, • Positive experiences with legacy SAP solutions across the company
and sale of medicines exception using CCM
• Easy entry and lower total cost of ownership
Employees
​41,000
Resolution
• Implemented the SAP Process Control application across 72 countries, including four regional shared-service 80%
centers and three outsourcing hubs Estimated reduction in time required for
Revenue • Integrated with the SAP Access Control application to automate controls over segregation of duties CCM business rule creation and
​US$20 billion • Adopted new business rule parameter functionality to maximize reuse of business rules maintenance

Web Site
​www.lilly.com
Future plans
• Expand SOX and FCPA regulatory monitoring, self-assessment, and testing across global financial, supply
chain, and order-to-cash processes
Increased
Management confidence thanks to
• Increase visibility using dashboards in SAP Process Control complete visibility on the status of
controls and changes

Better​
Consistency and completeness of
control performance, helping streamline
"​ With SAP Process Control, we have saved time and money through automation. Most important, we processes and support audits ​
have freed up resources to focus on higher-value activities for Lilly.”
​Emily Swaim Damson, Security and Controls Lead, Eli Lilly and Company

Public Studio SAP | 45007​(16​/11​) This content is approved by the customer and may not be altered under any circumstances. 42
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
GSK Vaccines: Easing compliance with SAP Process Control

Company
GlaxoSmithKline Vaccines
Objectives
 Implement a single and integrated solution to support a strong control framework, Over 1 million
aligning on the company’s risk mitigation needs and business objectives SAP software transactions generated daily
Headquarters  Implement robust IT-controls and compliance processes for Life Science, data within scope
Rixensart, Belgium privacy, and financial regulations (including SOx)
 Shift to a more pro-active than reactive control management
Industry
Life sciences – pharmaceuticals Why SAP Smooth
 Integration of the SAP Process Control application with SAP software already used to
Products and Services
Vaccines
run company’s major business processes
 Single, integrated GRC solutions and landscape simplification
implementation
 Multi-compliance functionality and ability to support master data quality control Finishing within budget in
Web Site six months
www.gsk.com
Benefits
 Increased internal control monitoring efficiency
 Quicker action and resolution of issues
 Transparency and trust in internal controls and compliance for GSK-Vaccines Automation and
stakeholders and external auditors
 Streamlined process to manage master-data quality monitoring of
controls wherever
possible
Delivering growing efficiencies

“We wanted a single and integrated solution for ensuring the effectiveness of our internal
control process, and that’s exactly what we found in SAP Process Control.”
Christophe Louis, IT Project Manager, GlaxoSmithKline Vaccines

Public CMP20704 (13/12) 43

Achieving effective controls and continuous
compliance with SAP Process Control
Company Top objectives
Hindustan Zinc Limited  Ensure best-practice business process controls to minimize risk, enhance efficiency, and meet
regulatory and statutory requirements
30%
Lower auditing costs
Headquarters  Maintain effective and transparent control of security and processes
Udaipur, India  Achieve audit efficiency and reduce total cost of ownership

Industry Resolution
50%
Mining, mill products – primary Faster completion of the
 Implemented the SAP Process Control application and integrated with the existing SAP ERP
metals audit cycle
application
 Streamlined the compliance structure across all divisions, plans, and the corporate office
Products and Services
Producer of zinc, lead, silver,
 Configured associated workflows with process control roles, responsibilities, and activities
50%
and cadmium Key benefits Fewer manual reports
 Continuous monitoring to better manage control configurations
Employees
6,000
 Automated and standardized process compliance, simplifying processes, reducing errors and
omissions, and cutting costs 40%
 Paperless compliance with the Sarbanes-Oxley Act More-efficient risk and
Revenue  Better visibility and transparency into compliance management control management
Rs 136.35 billion (US$2.23 billion) processes

Web Site
www.hzlindia.com

Partner
KPMG Advisory Services Pvt. Ltd.
www.kpmg.com
“SAP Process Control provides a single source of truth, helping top management
make effective, risk-based decisions at any time, which adds considerable value to
our company. We have also been able to strengthen our compliance process through
automated and continuous management of internal controls.”
Mrs. Vijaya Gupta, Deputy Chief Financial Officer, Hindustan Zinc Limited

Public 32733 (14/09) This content is approved by the customer and may not be altered under any circumstances. 44
 Banking on SAP GRC solutions to manage
risks, controls, and policies

Banque Cantonale de Fribourg Ranked high among Switzerland’s commercial banks – with the lowest cost-income ratio in the Swiss Featured Partner
Fribourg, Switzerland market – Banque Cantonale de Fribourg (BCF) efficiently manages its GRC processes using SAP GRC
/www.bcf.ch solutions. With support from Riscomp, integrating operational risk, controls, and policy management
into the broader IT landscape has improved transparency for employees and other stakeholders.
Industry
Banking Before: Challenges and Opportunities
• Streamline risk management and control for more transparent processes
• Automate loss and policy management and integrate them with other GRC processes
Products and Services
Banking services for private and
corporate customers
• Improve scalability of GRC reporting, user interface, and processes
• Maintain status as an efficiency leader within the Swiss banking industry 15%
Reduction in risk and loss events
Why SAP and Riscomp GmbH
Employees
• Replaced legacy systems with standard SAP GRC solutions to provide essential, almost fully preconfigured
450
functionality and reporting and extended functionality through policy management

Revenue
• Improved user experience by integrating the renewed user interface with the SAP Fiori UX
• Engaged Riscomp as a reliable partner for the initial implementation and subsequent support, functional 20%
SFr 255,7 million enhancements, and upgrades
Increase in risk and control
management efficiency
SAP Solutions After: Value-Driven Results
© 2017 SAP SE or an SAP affiliate company. All rights reserved.

SAP governance, risk, and • Accelerated approvals, reduced paper usage, and real-time insight for losses
compliance (GRC) solutions, • Resourcefully managed access to all policy documents
including the SAP Risk Manage-
ment and SAP Process Control
• Preserved historical information on risks, losses, and controls through data migration to the new applications
• Increased overall efficiency with more integrated risk and control management 50%
applications, and the SAP Fiori Less time required for loss
user experience (UX) documentation
“With this integrated standard solution, BCF is covering its analysis and risk-mapping
needs. Automated management of internal controls, policies, and loss events is faster with
significantly reduced paper usage, and all processes have enhanced workflows.”
Pierre Romanens, Head of Risk Management, Banque Cantonale de Fribourg

Public
Studio SAP | 54368enUS (17/10) ǀ This content is approved by the customer and may not be altered under any circumstances.
45
SAP: Greater digital compliance with SAP Process Control and
SAP S/4HANA
Company
SAP SE​
Objectives
• Create exception-based business-process compliance monitoring using automated controls More​
• Analyze 1 billion data records from multiple data sources, which cannot usually be done in one step Analytical breadth to
Headquarters • Make use of Big Data analytic capabilities address high-risk areas
​Walldorf, Germany
Why SAP
Industry
​High tech
• Ability to more easily design queries, conditional filters, and complex calculations using SAP HANA platform
calculation views
Faster​
Analysis of and exception
• No limitations on the number of joins, conversions, and conditional filters reporting on 1 billion data
Products and Services • Ability to analyze 1 billion data records in just 11.2 seconds
​Enterprise software records
and services Resolution
Employees
• Implemented the SAP® Process Control application integrated with the SAP S/4HANA suite
• Created additional query and filter logic required to support exception-based monitoring Better​
​77,000 Calculations and filtering to
Benefits focus on exceptions with high
Revenue • High-performance analysis without any negative source-system impact business impact
​€6.34 billion • High-volume data analysis of complex control structures
• Control management by exception
Web Site
www.sap.com​

Public 46
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
 PUBLIC

How Can a Global Food Company

Manage Regulatory Compliance
Around the World?

Serving up satisfaction from more than 40 countries

The Kraft Heinz Company has a portfolio of more than 200 food brands, including 8
brands that each generate more than US$1 billion in annual sales. It maintains operations
in more than 40 countries and satisfies the taste buds of consumers in nearly 200. Yet
every country in which Kraft Heinz operates has its own set of regulations governing how
businesses interact, records are kept, and products are built and serviced. How can a
food company operating in so many countries manage regulatory risk and compliance
efficiently and effectively?

Public 47
By managing worldwide regulatory compliance with a single
system, Kraft Heinz can spend more time satisfying consumers.

Using the SAP® Access Control, SAP Process Control, and SAP Risk Management applications, The Kraft
Heinz Company has been able to:
• Rely on one system to monitor compliance with multiple complex regulatory statutes, including the Sarbanes-
Oxley Act in the United States and the General Data Protection Regulation (GDPR) in the European Union
• Add monitoring and compliance support for new regulations, such as the Federal Corrupt Practices Act, as
required
• Test and report on regulatory compliance across zones and business units
• Provide greater visibility into the regulatory controls framework and performance for management and internal
auditors, as well as external auditors
• Maintain controls across multiple regulations to reduce duplication in control frameworks and testing

“The SAP Process Control application gives us the ability to manage testing for multiple
regulations – across zones, business units, and locations – from a central location, which
creates great efficiencies for a global company such as Kraft Heinz.”
Werner Besson, Head of Internal Controls, The Kraft Heinz Company

The Kraft Heinz Company Industry Employees Revenue Featured Products and Services
Pittsburgh, Pennsylvania and Consumer 39,000 US$26.1 billion SAP Access Control, SAP Process
Chicago, Illinois products Control, and SAP Risk Management

Public 48
 PUBLIC

How Can Continuous Control

Monitoring Help Ensure Consistent
and Compliant Processes and Data?

Monitoring the transactions of almost 20,000 direct

customers around the globe
From print media to packaging, Flint Group brings color and function to products that we
touch, see, and use each day. From its 140 sites worldwide, the company supplies a wide
product portfolio spanning printing inks, digital printing presses, blankets, pressroom
chemistry, and flexographic products. To do this, it runs a single global ERP system.
But on occasion, business and auditing teams were still using spreadsheets to identify
incorrect and incomplete customer master data. Flint Group needed a more efficient and
effective way to gain clear visibility into payment and processing transactions to quickly
identify and address process and data inconsistencies.

Public 49
Using real-time insights into key issues, Flint Group reduces
compliance risk with scalable support for internal controls.

With a single instance of the SAP® ERP application running operations at 140 global sites, Flint Group
uses the SAP Process Control application to:
• Automate the identification of errors and inconsistencies so they can be reviewed and fixed quickly – saving
time for IT and regional lines of business
• Save 8 hours per project for the corporate internal audit team and 2–3 hours per month for each of the dozens
of issues analyzed by treasury, accounting, and finance in the United States, Europe, and Asia
• Enable consistent and correct order-to-cash processes, with emphasis on making sure customers get
authorized discounts
• Automatically check transactions and master data – eliminating the need for manual reviews, expediting
monitoring and reporting, and greatly improving data quality
• Give nontechnical users the ability to build advanced scripts for continuous monitoring that are truly useful for
the business, thanks to a global business rule framework
• Quickly and easily extend scripts from one region to another, making it possible to run more than 50 scripts at
once across the globe

“SAP Process Control makes it easy for us to continuously monitor our operational and
transactional processes. It improves collaboration between the business and internal
auditors while helping ensure that inconsistencies and errors are quickly remedied.”
Malte Globig, Head of Internal Audit, Flint Group

Flint Group Industry Employees Revenue Featured Solutions and Services

Luxembourg City, Luxembourg Chemicals 7,900 €2.2 billion SAP ERP and SAP Process Control
(US$2.47 billion)

Public 50
Summary
Summary
With SAP Process Control you can:

Automate key compliance and control activities to reduce efforts and costs
Focus resources on what’s most important: high-impact risk mitigation, ongoing compliance,
and key business process performance

Increase control visibility and transparency for better and quicker action
Integrate your GRC with critical business systems (SAP GRC solutions and other ERPs) and
continuously monitor controls of critical business processes for accurate and timely insight

Improve confidence and business process performance

Leverage SAP expertise and tools, such as best-practice workflows and best-in-class
reporting

Public 52
Why SAP GRC and Security solutions

Simple Integrated Safe

 Do more with less: reduce the cost  Take advantage of native integration  Reduce risk by choosing an industry-
and effort of your GRC and security for real-time exception monitoring recognized, leading
programs and decision making GRC and security portfolio
 Use a modular approach to deploy at  Get up and running faster, leveraging  Meet the requirements of your
your own speed industry and line-of-business content organization by choosing how you
 Gain an enterprise approach and  Go lean with automated monitoring want to deploy – in the cloud or
view into your GRC and security on very large amounts of data on premise
activities and bring together  Share and learn from a community
disparate parts of the organization and partner ecosystem that is
second to none

Public 53
For more information

Find detailed information

SAP Process Control product page

Explore ROI with our Value Calculator

Take a look at
www.sap.com/GRC
www.sap.com/security
www.sap.com/finance

Follow our blogs

GRC Tuesdays

Follow us on Twitter
#SAPGRC and #SAPFINANCE

Public 54
Thank you.
Contact information:

© 2022 SAP SE or an SAP affiliate company. All rights reserved. See Legal Notice on www.sap.com/legal-notice for use terms, disclaimers, disclosures, or restrictions related to SAP Materials for general audiences.