Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Access Risk
Management
Manage access
risk and
prevent fraud
SAP GRC
Access Control
SAP GRC
Access
Approver mobile
application
Controls &
Compliance
Monitoring
Enterprise Risk
Management
Ensure
effective
controls and
ongoing
compliance
Preserve and
grow value
Planning and
performing
Audits
Drive a unified
audit
management
function
Fraud
detection and
investigation
Prevent, detect,
investigate,
and monitor
fraud patterns
and predictions
SAP GRC Fraud
Management
Prevent Frauds
Unified GRC
Framework
Segregation of
Duties
Policy
Management
Legal Compliance
Internal Controls
Effectiveness
2011 SAP AG. All rights reserved.
CONFIGURABLE WORKFLOW
RESULT
IDM Systems
SAP
Business Suite
SAP IDM
Novell IDM
Other
SAP
Mobility
Option
Other
AC Direct Entry
Help Desk
More
Request
generated
Risk
Analysis
Manager
Approval
Automated
provisioning
Business workflow
reduces manual tasks
and streamlines access
request processing
Leverage existing
resources for workflow
administration and
configuration
HR Systems
SAP HR
PeopleSoft HR
Other
Key Benefits
Other SAP
Applications
Mitigation
Exception
workflow
Heterogeneous
Environment
Execute
Procurement
Pay
Suppliers
Drive
Continuous
Improvement
Identify &
Qualify
Vendors
Apply
Sourcing
Rules
Receive
Electronic
Invoice
Evaluate
Bids
Award &
Negotiate
Contract
Apply
Agreement
Terms &
Conditions
Create
Purchase
Order
Pay
Supplier
(EFT)
Were sourcing
policies followed in
awarding contracts?
Dispatch
Electronic
PO to
Supplier
Receive
Goods or
Services;
Inspect
Adjust
Contracts
Unknown/complex
Patterns
Know Patterns
Know fraud
behaviors
Unusual
behaviors
Similar, but
different from
known behaviors
Unknown fraud
behaviors
Rules
Predictive
Algorithms
Hybrid combination of
Rules and Predictive Algorithms to detect fraud
Fraud Management
Monitoring
Prevention
Detection
Investigation
Fraud
Pattern
Analysis
Define Rules
& Predictive
Models
Online
Detection
Head of Fraud
Investigation
Fraud
Investigator
Calibration &
Simulation
Mass
Detection
Alert
Notification
Claim Handling
& Settlement
Setup
Fraud Detection
Strategy
Integration
Configuration
Platform
Inquire &
Analyze
Investigation
Evaluation &
Decision
Business
Analyst
Head of Claim
Management
CIO
15
25
27
Risk Planning
(Bow-tie Builder)
Define the context within which business risks are to be managed
28
Risk Assessment
Business context based assessments
Identify and assess the impact of risk events on the business
30
Risk Response
Implement responses Superior mitigation with automation
Evaluate and select the risks to be addressed and create risk responses
31
Risk Monitoring
Proactive risk management and prevention
Monitor the effectiveness and completeness of the response actions
32
Fraud
Enterprise Risks
Responses
Accept
Avoid
Transfer
Control
Reduce
Regulations
Process
Process Risks
Procure to Pay
Fraudulent
invoices paid
Vendor Mgmt
Valid
invoices not
entered
AP Invoicing
Access Risks
User can
enter vendor
& PO
User can
enter invoices
& payments
Controls
Review of new
vendors and
related invoice
support
Review of
uninvoiced
goods
receipts
Policies
AP SOD
rules in AC
Mitigate
Access
Violations
Monitor
Access
Status
33
Strategic Alignment
Predictable Performance
Confident Decisions
Unified GRC
is the key step en route
to building the linkage
from strategy to
execution, because you
can prove that linkage
works.
Allocate resources
and capital where it is
most needed
Improve predictability
and performance.
34
Thank You!
Murali Narayanamurthy
Director Office of the CFO & GRC
Solutions
SAP India Private Limited
(+91) 9820972906
murali.narayana.murthy@sap.com