SAP Solutions for Governance, Risk and Compliance

To access this document, please complete all fields below and click 'Read Document'.
By completing this form, you agree to the collection, use, disclosure and transfer of the profile information collected herein by TechTarget and the owner of the document. Based on the information provided, you may receive updates from the TechTarget network of IT-specific websites (and/or the document owner) to inform you of the latest White Paper, product, and content launches as they relate to your informational needs.
Once registration is complete, you will have access to all similar documents without having to fill out additional forms.

First Name: Last Name: Email Address:

Job Title:
Business Phone: Company:

Abstract: SAP Solutions for governance, risk and compliance (GRC) form an integrated portfolio of applications that embed and optimize all governance, risk and compliance activities to overcome the problems caused by business fragmentation and disjointed approaches to GRC management. Download this white paper to learn how to leverage information within your existing business applications to evaluate risk and apply controls directly within business processes. Achieve greater transparency and predictability, enabling your organization to improve GRC activities and overall enterprise performance. -- Select One -Learn how SAP solutions for GRC work together to automate end-to-end GRC activities including: Corporate governance and oversight. Risk management. Control testing and remediation case management. User access and authorization. Global trade services. Environment, health, and safety management.

Address 1: Address 2:
City:
State/Province:

Zip/Postal Code:
Country:
# of Employees:
Department:

UNITED STATES -- Select # of employees --- Select your department --- Select your industry --

Industry:

Read Document

Cancel

SAP SOLUTIONS FOR GOVERNANCE, RISK, AND COMPLIANCE

SOLUTION OVERVIEW

Information entered on this page and other data about your use of the attached document will be stored in a file on your computer and transmitted to TechTarget over the Internet. TechTarget may provide this information to the owners of the document and either party may use this data to contact you and/or track your use of the document. In consideration of access to the attached document, you agree to such storage and uses as more fully described in the TechTarget Privacy Policy.

A U N I F I E D A P P RO A C H T O G O V E R N A N CE, RISK, AND C OM P L I A N C E

To access this document, please return to page 1 to complete the form. By completing this form once, you will have access to all similar documents without needing to register again.

General Mills uses SAP as the global platform for integrated transaction processing and segregation of duties in ensuring Sarbanes-Oxley compliance in the area of information systems. Software and business processes that streamline and advance a companys risk management and compliance capabilities are an important aspect of corporate governance. SAP tools that deliver an integrated solution across the enterprise are an important and welcome new advance in this important area.
Michael Carr, Director of Information Systems, General Mills Inc.

. . . M A X I M I Z E S E N T E R P R ISE INTEGRIT Y A N D VA L U E

To access this document, please return to page 1 to complete the SAP form. solutions for governance, risk, and compliance (SAP solutions for GRC) form an integrated portfolio
of applications that embed and optimize all governance, risk, and compliance activities to overcome the

By completing thisby business fragmentation and disjointed approaches to GRC management. SAP soluform once, you will have access to all similar problems caused documents without needing to register again.
tions for GRC are powered by the SAP NetWeaver platform, which provides a common technical foundation that integrates with mySAP Business Suite and third-party applications. As a result, SAP solutions for GRC can leverage information within your existing business applications so you can evaluate risk and apply controls directly within business processes. This results in greater transparency and predictability, enabling you to improve GRC activities and overall enterprise performance.

SAP solutions for GRC work together to automate end-to-end GRC activities, including corporate governance and oversight; risk management; control testing and remediation case management; user access and authorization; global trade services; and environment, health, and safety management. The solutions support the following business-critical functions: Central management of GRC information in a single system of record, including corporate policies, regulations, compliance and control frameworks, business process flows, and risk and control libraries Proactive identification, analysis, and monitoring to forecast and respond to potential threats Automated controls to ensure appropriate user access and authorization Monitoring of business processes to promote desired behaviors and maximize results Streamlined management of global trade compliance and environment, health, and safety requirements

SAPs holistic approach to governance, risk, and compliance provides you with a strategic business weapon to protect brand and reputation, master uncertainty, optimize opportunity, and free resources for innovation and growth.

KEY CHALLENGES

To access this document, please return to page 1 to complete the form.

A Definition of Governance, Risk, and Compliance

BUSINESS FRAGMENTATION HINDERS INNOVATION AND GROWTH

Internal GRC discipline fragmentation At the corporate level, as well as the departmental or regional levels, there is general uncertainty around the meaning and scope of the disciplines of governance, risk management, and compliance (see the sidebar). Most important, your management team may not recognize that these disciplines are inextricably linked and interdependent, and as a result, must function interdependently as part of an integrated strategy. Success requires that you align your corporate strategy with effective oversight and institutionalized policy setting, risk management, and business process control; you can only accomplish this through a holistic approach to governance, risk, and compliance that unifies these areas of fragmentation. As a result, you can capture new information about emerging threats and opportunities and exploit them for competitive advantage.

By completing this form once, to think about GRC: to all similar Heres a simple way you will have access documents without needing to register again.directives a company Governance manages the strategic
wants to follow. Risk management assesses the areas of exposure and potential impacts. Compliance is the tactical action to mitigate risk.
SAP Snaps Up Virsa Systems to Enhance Compliance Story, AMR Research,
April 3, 2006.

Much of the value creation and innovation within companies takes place as a consequence of the relationships between people, processes, and systems all of which may be fragmented across different organizations, functions, and geographies. Given the complexity and uncertainty of todays business environment, this fragmentation can hold your enterprise back in a number of ways: Organizational fragmentation Organizational fragmentation caused by disconnected, department-driven GRC activities can result in inconsistent policies, difficulty predicting risk, a lack of enterprise transparency, and duplication of effort. As you increase collaboration with partners and suppliers, the consequences of having no central body coordinating GRC activities enterprise-wide intensify because most legislation holds you accountable for good governance and compliance within your own organization, as well as across your extended enterprise.

System fragmentation Most businesses lack GRC information integrity because their departments use different metrics, standards, software, and methodologies for analyzing risk and compliance information. This makes it difficult to aggregate data, gain a complete view of enterprise risk, effectively monitor compliance and risk, and adjust business processes to meet changing requirements, market trends, and regulatory mandates. Regional fragmentation In most cases, policies and risks are generally defined and measured at the local level, without proper consideration for their impact on the global, multinational, national, or regional mandates with which an organization must also comply. Decision makers are often unaware of the interdependencies between mandates and the risks of noncompliance in specific regions and markets.

. . . T H AT D E M AN D I N N O VATIVE SOL UTIONS

To access this document, please return to page 1 to complete the form. By completing this form once, you will have access to all similar documents without needing to register again.

Fragmented GRC activities may be the status quo, but they are costing your business more than you think. AMR Research reports that compliance spending will reach $27.3 billion in 2006. And approximately two-thirds of the cost is in people because fragmented GRC efforts tend to result in peoplepowered GRC inefficient, manual processes that are duplicated across departments. Of even greater significance is the lost opportunity that results from a tactical, fragmented approach to managing GRC. Without a comprehensive and cohesive GRC strategy, you are deprived of a powerful tool for effectively navigating todays highly regulated business environments, as well as a critical driver of revenue and competitive advantage.

The High Cost of Point Solutions Organizations that choose individual solutions for each regulatory challenge they face will spend 10 times more on compliance projects than those that leverage each implementation for multiple requirements (0.9 probability).
Gartner Symposium/ITxpo, Technologies for Compliance: Automating Your Way Out of Confusion, French Caldwell, October 2005.

The Way Forward

In the face of shifting industry conditions, compliance mandates, and governance requirements set forth by executives and the board, you need to take a broader, more structured approach to managing governance, risk, and compliance. Doing so allows you to proactively identify inefficiencies and errors, adopt a risk-based approach toward embedding controls in business processes, and continuously monitor

operations to optimize and guide future policy. SAP solutions for governance, risk, and compliance deliver applications to help you achieve all of this and more.

A H O L I S T I C SO L U T I O N FO R G O VERN AN C E , R I S K , A N D C OMPLIAN CE

To access this document, please return to page 1 to complete the SAP solutions for GRC deliver the form.

SAP: TURNING GRC INTO COMPETITIVE ADVANTAGE

These solutions deliver world-class, integrated applications that leverage a common software platform and a central GRC data repository. When deployed together, these applications form a holistic solution for GRC. And because all the applications are integrated, they can break down requirements and relationships across different regulations and mandates. (See Figure 1.) These applications reach deep into your existing SAP and non-SAP software to embed compliance functions across the enterprise and beyond, giving you the real-time visibility you need to ensure compliance and maximize competitive advantage.
The GRC Repository

industrys first comprehensive, integrated portfolio of applications that By completing this form once, you will have access to all similar embed and optimize all governance, documents without needing to register again. compliance activities to risk, and overcome the problems of fragmentation across the enterprise. These solutions give you the visibility needed to stop simply reacting to business risks and events and to improve business predictability and performance.

Content Technology
Service

Business Process

SAP Solutions for Industry-Specific GRC

Cross-Industry GRC GRC Repository: Documentation and Monitoring Risk Management Access Controls Global Trade Environment Process Controls

SAP NetWeaver

Business Process Platform

SA

Or

acl

Pe op So le ft

Le

gac

Business Applications

The SAP GRC Repository application centrally documents and stores records for all governance, risk, and compliance information. The repository centrally manages all GRC content, including frameworks, policies, processes, risks, controls, test plans, applications, systems, remediation cases, and evidence. It ensures consistent, effective, and efficient coverage of regulatory frameworks, laws, and internal company policies by providing visibility into related requirements and by cross-referencing organizational policies and procedures with regulatory requirements.

Figure 1: SAP Solutions for Governance, Risk, and Compliance

. . . E N A B L E S R E A L-T IM E T R A N S PA R E N C Y

To access this document, please return to page 1 to complete the form. By completing this form once, you will have access to all similar documents without needing to register again.

Simplifying Segregation of Duties The transformative power of a central GRC Repository can be illustrated best through example. Consider the necessity of ensuring proper segregation of duties for such mandates as the Sarbanes-Oxley Act, FDA regulations, and the Gramm-Leach-Bliley Act. SAP solutions for GRC include access control applications that are integrated with the SAP GRC Repository application. All of an organizations policies, initiatives, and regulations that require proper segregation of duties (or, alternatively, need appropriate definition and assignment of compensating controls) are automatically documented within SAP GRC Repository, complete with links to the appropriate access controls for automated monitoring.

The repository gives you a complete, enterprise-wide view of all GRC activities so you can analyze risk, make informed decisions, and take a riskbased approach to satisfying multiple company initiatives and regulatory mandates. You can link risks and controls to multiple security and control frameworks such as the Committee of Sponsoring Organizations (COSO) and Control Objectives for Information and Related Technologies (COBIT) and to mandates like the Sarbanes-Oxley Act and U.S. Food

and Drug Administration (FDA) regulations. This ability enables you to take advantage of opportunities that you might not have noticed before to improve efficiency, optimize risk and return portfolios, and ultimately, increase business predictability and shareholder value. By providing a central repository that is reusable and flexible, SAP solutions for GRC also minimize duplicate GRC efforts so you can optimize effectiveness and combat complexity over the long run.

M A S T E R U N C E R TA I N T Y . . .

To access this document, please return to page 1 to complete the form. By completing this form once, you will have access to all similar documents without needing to register again.

. . . AND OPTIMIZE OPPOR T U N I T Y

To access this document, please return to page 1 to complete the Enterprise Risk Management likelihood of impact, as well as monitor form.
GRC activities and time frames at the Executives recognize that proper risk most granular level information that management improves decision By completing this form once, you willvalue. But compa- all similar have access to is automatically aggregated to create making and creates documents without needing to tackle risk again. within register reactively higher-level views and risk networks. nies often departmental silos and overlook critical interactions between risks. At the same time, because risk management is often A conservative estimate is that regarded as a theoretical exercise with organizations are missing out on billions no practical methodology, front-line of dollars in potential savings annually managers arent equipped to properly through inefficient risk management analyze risk-reward trade-offs and carry practices. out appropriate responses that are Source: Aberdeen Group, 2006 backed by quantitative metrics. The SAP GRC Risk Management application addresses these issues by enabling you to implement proactive, collaborative processes to balance opportunities with financial, legal, and operational risks at all levels of the enterprise. The software provides a best-practice framework for enterprise risk identification, collaborative risk analysis, predefined risk responses, and continuous risk monitoring and reporting so that you can effectively anticipate and respond to changing business conditions. Key risk indicators enable you to monitor the overall risk portfolio and to alert management immediately when high-impact and high-probability risks exceed companyspecific thresholds. Managers can analyze risks in terms of severity and

All of these activities are monitored through executive-level dashboards and reports that provide you with visibility into key risk metrics and policy compliance. The software provides role-based dashboards to provide transparency to managers at all levels of your organization from line managers to business unit, country, division, and regional managers, and ultimately, to executive management and the board.

C ONT I N U O U S LY I M P RO VE C O N T ROL S

To access this document, please return to page 1 to complete the Business Process Control form.
The SAP GRC Process Control application applies a risk-based approach to By completing this form once, you will have access tocontrol environment all similar setting up your documents without needing to register again. and identifying the most effective and efficient controls needed to achieve compliance. The application integrates directly with control documentation in SAP GRC Repository, enabling you to centralize control management and to eliminate the need to integrate separate tools for documentation, testing, remediation, and control monitoring. Upon completion of control documentation, you can choose to implement controls for key risks with a combina-

SAP GRC Process Control allows you to monitor hundreds of critical procure-to-pay, order-to-cash, and reconcile-to-report configurations and transactions, as well as IT controls. You can deploy a single automated control test for multiple combinations of criteria, reducing the amount of set up and ongoing maintenance required. The software also automatically routes manual control tests to the appropriate personnel for timely performance and guides testers with step-by-step procedures and approved templates to minimize errors. In addition, flexible survey creation functionality allows you to perform self-assessments for entity-level controls, as well as for management sign-off. SAP GRC Process Control pinpoints risks of control violations through a global heat map, making it easy for executives and auditors to prioritize corrective action and avoid the development of material weaknesses in the control environment. The software automatically creates remediation cases for each control exception, immediately alerting control owners and managers so that they can quickly take action to address risk. To prevent future risk from entering production environments, you can use SAP GRC Process Control to perform real-time what-if analyses that simulate the impact of application control changes before changes are put into effect.

tion of automated controls monitoring, manual controls tests, or selfassessments. This powerful combination works together to help you establish controls that promote desired employee behavior and optimize business processes, as well as ensure that your organization meets compliance mandates on time and in a costeffective manner.

DELIVER AS PROMISED

To access this document, please return to page 1 to complete the form. By completing this form once, you will have access to all similar documents without needing to register again.

Globalization is not an emerging trend; its a business reality. Whats changed is the increased level of complexity and risk associated with moving goods across borders, especially after the 9/11 terrorist attacks. Technology is the key enabler of any global trade management strategy, and companies must take a broader perspective and view their entire enterprise software platform as a global trade management solution.
Adrian Gonzalez, Director, Logistics Executive Council, ARC Advisory Group

Global Trade Services

The SAP Global Trade Services (SAP GTS) application helps you master the manifold challenges of international trade. You can automate and streamline complex import and export processes, ensure regulatory compliance, expedite customs clearance, mitigate the financial risk of global transactions, and take full advantage of international trade agreements.

With SAP GTS, you can manage and standardize trade compliance processes throughout your organization. The software automatically screens business partners against official sanctionedparty lists, checks for embargo restrictions, and manages export and import licenses. SAP GTS expedites customs processes by facilitating interactions between your enterprise and customs agencies, driving the efficient movement of goods and information across international borders. SAP GTS also lets you tap into the opportunities

available through trade agreements, such as the North American Free Trade Agreement (NAFTA) and those of the European Union, and automates and streamlines all aspects of restitution management to ensure more efficient export refund processing and less risk of forfeiting securities. The Unicodeenabled software provides a single, central solution for all of your global trade requirements no matter where you do business.

P RO T E C T B R A N D A N D R E P U TAT ION

To access this document, please return to page 1 to complete the Environment, Health, and Safety form.
SAP solutions for GRC include applications that help you efficiently manage your business while ensuring compliance with complex environmental, health, and By completing this form once, you will have access toand regulations, such as Restriction of Hazardous Substances (ROHS), all similar safety processes documents without needing to register again. from Electronics and Electronic Equipment (WEEE), the Health and Safety Waste at Work Act, and regulations around emissions trading schemes. SAP Environment, Health & Safety The SAP Environment, Health & Safety (SAP EH&S) application streamlines all activities necessary to implement EH&S processes safely, effectively, and in accordance with laws and regulations. The softwares central database makes it easy to manage product safety specifications, hazardous substance inventories, and dangerous goods for safe handling, tracking, document management, and risk calculation. You can also create hazardous waste permits and ensure that authorized waste quantities are not exceeded by selecting suitable disposal firms and by allocating disposal costs among internal departments. SAP EH&S also supports the full range of industrial hygiene and safety processes, centrally managing core tasks, such as risk assessments, exposure logs, incident management, exposure profiles, and safety management of specific work areas. SAP xApp Emissions Management The SAP xApp Emissions Management (SAP xEM) composite application, which was jointly developed by SAP and its special expertise partner TechniData, helps you improve manufacturing productivity by

. . . AND S AFEGUARD S TAKEHOLDE R S

To access this document, please return to page 1 to complete the aligning business processes with correct operations. The extensive form.
required environmental regulations reporting functionality in SAP xEM worldwide. The software also allows fulfills legal requirements for docuBy completingthe financial benefitsyou will have access toreporting to regulatory this form once, of all similar you to reap mentation and documents without needing to register again. the emissions trading markets because authorities. it determines and documents emission credits and communicates emissions SAP Solution for Product Compliance credits with emission trading platCompliance for Products is a solution for forms. SAP xEM tracks, analyzes, and environmental product compliance that records emission data. Integration with was developed on the SAP NetWeaver plant and equipment maintenance platform by TechniData. The software systems supports equipment calibracollects, organizes, analyzes, and tion and maintenance tasks; sophistievaluates data about various products, cated tools calculate emissions (such factories, suppliers, countries, and as greenhouse gases) that cant be customers information needed to measured directly. When a reference provide proof of compliance with value exceeds normal plant values for environmental directives that regulate operations, automatic notifications the development, manufacture, are fired off to determine the impact distribution, disposal, or recycling and trigger changes necessary to of products.

The software documents product content and regulatory or sectorspecific substances lists, integrates compliances checks and analyses with central business processes, and automates communications with customers and suppliers. For example, when a product is being checked for compliance with the ROHS directive, the solution verifies that all the necessary information, such as the lead content of a supplied part, is in place. If this data has not been provided, the solution automatically requests the suppliers manufacturing department to disclose the exact lead weight percentage of the product and notifies the user when the supplier has provided the data.

E N A B L E C O L L A B O R AT I O N

To access this document, please return to page 1 to complete the form. By completing this form once, you will have access to all similar documents without needing to register again.

Access Control Proper segregation of duties (SOD) and access control over sensitive transactions is one of the most effective safeguards against fraud and a prerequisite for sound corporate oversight. It is also one of the most difficult controls to effectively deploy and sustain given the thousands of users, roles, and processes that all require access and authorization evaluation, testing, and remediation. The immense task of managing

proper user and role access can only be accomplished when business process owners (who can determine appropriate access in business terms) and IT experts (who can define the underlying technical objects that make up business functions) work together. The problem is that communication between the two groups is typically disjointed and unsuccessful because there is no bridge linking business language with IT capabilities.

. . . AND PAR T N E R FO R S U C C E S S

To access this document, please return to page 1 to complete the SAP to do so within a controlled, fully form. solutions for GRC closes this gap

Partnering for Success

with a comprehensive set of access auditable environment. The appliRecognizing the importance of external control applications that enable all cation assigns a temporary ID that collaboration for innovation, SAP is By completing this form once, you will have accesssuper user broad, yet to all similar corporate compliance stakeholders grants the committed to establishing a robust documents without needing to register again. including business managers, auditors, regulated access and tracks and GRC ecosystem that includes recogand IT security managers to collablogs every activity the super user nized domain experts and thought oratively manage proper SOD enforceperforms using that temporary ID. leaders in diverse fields, including, but ment. The applications include the following: Virsa Compliance Calibrator: The Virsa [software] allowed us to significantly reduce Virsa Compliance Calibrator applicathe amount of time to document and test the tion supports real-time compliance effectiveness of our compliance with segregation by stopping security and controls of duties requirement in SAP [software]. violations before they occur. With the most comprehensive library of SOD Jayne Gibbon, Internal Audit Manager, Kimberly-Clark Corporation rules available for enterprise applications, such as SAP, Oracle, and PeopleSoft, the application makes it easy for business process owners to select rules applicable to your organization. Virsa Role Expert: The Virsa Role not limited to, audit, management, and Virsa Access Enforcer: The Virsa Expert application centralizes and risk consultancies; key software and Access Enforcer application supports standardizes enterprise role managetechnology partners; and information fully compliant user provisioning ment, eliminating manual errors and and content partners. Key software and throughout the employee life cycle. enforcing best practices. The applitechnology partners integrate applicaLeveraging the applications dynamic cation empowers business managers tions through the SAP NetWeaver workflow functions, you can to define functional roles, as well as platform to provide much needed automate even the most complex IT managers to define the associated transparency over the extended GRC approval processes, as well as prevent technical permissions. ecosystem. In addition, professional risks from entering production Virsa FireFighter for SAP: The services partners support the GRC environments by performing realVirsa FireFighter application for SAP ecosystem by delivering deep intellectime analysis on proposed user enables your super users to perform tual capital and by bringing decades access. emergency activities outside the of proven best-practice content and parameters of their normal role, but methodologies.

A W E A LT H O F B E N E F I T S

To access this document, please return to page 1 to complete the By embarking on an integrated strategy form.
and employing a comprehensive GRC solution, you can proactively achieve By completing this form once, you will have access to all similar significant returns on your investment.

SIGNIFICANT RETURN ON INVESTMENT

Here are some of the ways that your business can benefit from SAP solutions for GRC: Free resources for innovation and growth Integrate GRC applications to simplify GRC tasks and reduce total cost of ownership Shift from manual, resourceintensive control activities to embedded and automated control processes Rationalize and reuse corporate controls and risk responses to reduce effort and increase productivity Manage by exception with actionable dashboards and key performance indicators, threshold-based alerts, and automated escalation procedures Protect brand and reputation Identify and resolve potential points of failure by continuously monitoring control activities across the enterprise Prevent issues and weaknesses using mandatory risk analysis for critical processes Ensure compliance with global import and export regulations Improve transparency with thresholdbased global dashboards that aggregate financial exposure to control deficiency risks Prevent brand erosion from environmental, health, and safety catastrophes by automatically classifying and tracking hazardous substances

documents without needing to register again.

Consider the following: Customers who have used the access controls applications have reported a 25% savings in audit costs, a 28% reduction in the cost of managing user authorization risk, and a 32% savings in time spent on managing user authorization risk. Typical user and role approval processes are reduced from two weeks to two days. Customers can automate nearly 100% of their export processes, enabling them to reduce headcount and redeploy employees on more strategic activities. Customers can ensure that they do not deal with sanctioned parties in millions of trade compliance screenings per month.

F R E E R E S O U RC E S FO R I N N O VAT I O N A N D G ROW T H

To access this document, please return to page 1 to complete the form. By completing this form once, you will have access to all similar documents without needing to register again.

Master uncertainty and optimize opportunity Analyze risk exposure and trends to optimize risk-return portfolio Optimize capital allocation based on insight into enterprise risk position Implement effective controls to promote desired behavior and improve results of business processes Identify and exploit opportunities in international trade preference agreements

Safeguarding Your Success SAP solutions for GRC are delivered by SAPs experienced and knowledgeable professional services team who can help you realize the full value of your investment. Leveraging SAP experts, methodologies, tools, and certified partners, our professional services teams can accelerate implementations, meet deadlines, transfer knowledge, and enable long-term

success, no matter how large or how complex the project. Equally important, you are assured that no factors are overlooked that might jeopardize the achievement of your goals. And once your solution is in place, our comprehensive, customized training programs make it easy to ramp up employees and ensure successful adoption across your enterprise.

S U P P O R T FO R K E Y B U S I N E S S P RO C E S S E S

To access this document, please return to page 1 to complete the form. Activity Benefits
Governance

GOVERN. ASSESS. RESPOND. MONITOR. OPTIMIZE.

Enable strong alignment between strategic objectives, risk management, and compliance activities to create stakeholder value have access to all similarinformation Minimize fragmentation of GRC Reduce again. redundant efforts and resources spent on multiple GRC requirements Provide a foundation for risk-return portfolio optimization, business performance optimization, business control, transparency, and predictability Improve managements ability to achieve strategic objectives Understand key risks that organization faces to ensure that a comprehensive strategy is in place to manage risks in the best manner Gain new insights for decision making and capital allocation across various risk classes (for example, insurance, operational, external, and financial) Reduce the probability of default, credit downgrade, or serious financial loss Strengthen managements confidence that business controls are well designed and operating effectively Boost employee morale by focusing skilled resources on activities that require expertise and judgment Reduce cost and increase assurance by shifting from point-in-time testing to continuous controls monitoring Evaluate and prioritize response to highest impact control violation risk Ensure vigilant trade compliance and help facilitate tighter national security Streamline electronic communications with customs authorities Mitigate the financial risk of global trade through automated handling of payment guarantees Maximize opportunities offered by trade preference agreements Deploy global EH&S processes while adapting them to practices in individual circumstances and geographies Ensure safe handling and tracking of hazardous substances, dangerous goods, and waste products Deliver full-scale health management to provide for employee health and well-being Ensure the compliance of individual products with ROHS, WEEE, and End of Life Vehicle (ELV) regulations Improve manufacturing productivity by aligning business processes with the fulfillment of environmental regulations for emissions management Enable all corporate compliance stakeholders to collaboratively manage proper segregation of duties enforcement Detect and resolve in real time segregation of duties and user authorization control violations Ensure efficient and compliant provisioning of user access throughout the entire employee life cycle Allow super users privileged but controlled access to quickly address emergency requirements or help mitigate situations where segregation of duties cant be accomplished

By completing this form once, you will documents without needing to register
Risk management

Business process control

Global trade services

Environment, health, and safety management

Access and authorization control

THE RIGHT C HOICE

To access this document, please return to page 1 to complete the form. By completing this form once, you will have access to all similar documents without needing to register again.

A SOLID FOUNDATION FOR GRC

SAP solutions for GRC are the right choice for your business. A large number of customers in a variety of industries including some of the worlds best-known brands are already reaping the benefits of an integrated, comprehensive GRC solution. To find out more, visit www.sap.com/grc.

www.sap.com /contactsap

To access this document, please return to page 1 to complete the form. By completing this form once, you will have access to all similar documents without needing to register again.

50 081 153 (06/09)

2006 by SAP AG. All rights reserved. SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. Printed on environmentally friendly paper. These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies (SAP Group) for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.