Professional Documents
Culture Documents
Presentation3 PDF
Presentation3 PDF
In Accounts Payable
Michael Heckner
October 12, 2012
GRC
Top Reasons Customers Invest Today
Compliance
Comply with governmental regulations and legislation
Comply with industry regulations
Comply with internal company policies
Policy
SAP GRC Process Control
Management
Corp. Ethics Corp. External Planning Strategy Corp. Assets Finance Human Information Legal Product Sales, Supply Chain Compliance Reporting
Governance Responsab./ Factors Resources Technology Development Marketing &
Sustainab. Communic.
Board Effectiveness / Addressing Biodiversity Competition Business Continuity Alliances Facilities and Accounting Corporate Culture Architecture Bankruptcy Discontinuance and Branding and Planning Communication and Compliance with
Knowledge Allegations Management (BCM) Equipment Divestiture Reputation Training Accounting
Management Standards and
Policies
Board Structure and Communication Climate Change Credit Rating Capital Planning Business Intangible Assets Audit Quality Health and Welfare Asset Management Competition Innovation, Research Communication Sourcing Compliance Culture Financial Disclosures
Leadership Concentration Benefits and Development
Compensation / Corrective Actions Community Customer Demands Knowledge Business Model Personal Safety Capital Management Human Resources Business Continuity Contract Launch Customer Relations / Production Compliance Financial Information
Performance and Discipline Investment Management Policies and Management (BCM) Management Customer Support Information Availability
Incentives / Procedures Management
Alignment
Corporate Ethical Culture / Tone Energy Management Economic Conditions Operational Planning Customers Physical Security Credit Implications of Change Management Corporate Liability Distribution Delivery Compliance Financial Statement
Responsibility & at the Top and Alternative / Industry Trends Significant Events Investigations Organization Fraud
Sustainability Sourcing
Reputation / Ethics Reporting Fair Trade External Fraud Performance Extended Enterprise Process Management Financial Asset Labor Relations Contracting and Environmental, Product Design / E-Commerce / Returns Compliance Management
Shareholder Certification Management Management Outsourcing Health and Safety Quality Internet Strategy Reporting Reporting
Relations
Risk Oversight Investigation Natural Resource Geopolitical Scenario Planning Growth Taxation Insurance and Organization Information Security Finance and Production Investor Relations Controls and Regulatory Reporting
Utilization and Hedging Structure Accounting Monitoring
Accounting
Transparency & Monitoring and Philanthropy Hazards / Innovation Utilization Liquidity Payroll Operations Government Substitution Marketing Programs Policies and Reporting Quality
Financial Integrity Auditing Catastrophic Loss Investigations Procedures
Policies and Project Financing Laws and Markets Pensions Performance / Talent Physical and Intellectual Property Technology Market Research Risk Assessment Statutory Reporting
Procedures Regulations Management and Environmental Obsolescence
Compensation
Program Assessment Resource Scarcity Markets Mergers / Planning / Budgeting Retirement Programs Privacy and Data Labor and Testing Marketing Strategy Supervision Sustainability
and Evaluation Acquisitions / / Forecasting Protection Employment Issues Reporting
Divestitures
Structure and Sustainability Third Party / Joint Outsourcing Taxation Talent Pipeline / Problem Legal and Regulatory Timing Public Relations Tax Reporting
Oversight Strategy Venture Recruitment Management Compliance
Requirements
Training Sustainable Water Policy Training and Project Management Legal Entity Planning Sales Strategy
Quality Development
Fraudulent AP activities
Prevent
Accounts Payable risk
(errors and fraud)
Prevent
Accounts Payable risk
(errors and fraud)
Prevent
Accounts Payable risk
(errors and fraud)
(resulting from lack of SoD)
Prevent
Accounts Payable
errors and fraud
(resulting from lack
of SoD)
Access
Control
Question:Prevent
Are Accounts Payable
SoD violations the
errors and
only risk to the fraud
(resulting
“Accounts from lack
Payable”
of SoD)
Process ???
IT General
Control 1:
Access
Control
Example:
What about abuse
of “one time vendor
accounts”
???
Process-Level IT General
Control 1: Control 1:
Accounts Access
Payable Control
Example:
What about abuse
of “one time vendor
accounts”
???
Payments
Example:
What about other
process level risks
in Accounts
Payable ???
Business Necessity:
Process and Access
Level Controls
to protect AP process
Process-Level IT General
Controls 1-n: Control 1:
Accounts Access
Payable Control
What about
other processes
and their controls?
# controls
Manual Controls
time
Today
Cost Reduction
# controls
Automated
Manual Controls
Manual Controls
time
More controls
More granularity
Less Manual Labor
Higher frequency of checks
Less Pushback from the Business
Consistency
Lower Cost of Preparing for an Audit
Automated
Automated
Manual Controls
Automated Assurance
Automated
Manual Controls
Managing Risk and Compliance ensures all categories of risk across the
organization are aggregated at the enterprise level and managed holistically
CEO / CFO
Risk
Planning
Risk
SAP GRC Solution
Identification
SAP
Risk
Analysis
SAP
Document Compliance
SAP
SAP
NetWeaver
Risk Mgmt Process Control
Initiatives Access Control
Access Planning
Audit Mgmt
Audit Planning
Risk
Response Access
Risk Plan and Remediate Analysis &
Monitoring Perform Issues and Response Access
Assessments Certify Monitoring
Manage Audit
and Tests Results Remediation
Engagements
Michael Heckner
Sr. Director,
EMEA Solutions Business Development
Contact information:
Michel Heckner
Sr. Director, EMEA Solution Business Development (GRC)
Zeppelinstrasse 2
85399 Hallbergmoos/München
+ 49 6227 – 7 – 54143