grc
TRANSCRIPT
>GRCA BearingPoint Accelerator
Working closely with the client, we deliver a rigorous and e�ective integrated GRC (Governance, Risk and Compliance) solution – one that is not only right for the client, but also available for them.
ContentsMarket Drivers
Our Approach
Client Benefits
References
Contact
CLIENT BENEFITSOUR APPROACHMARKET DRIVERS REFERENCES CONTACT< >
GRC | A BearingPoint Accelerator
Market DriversOrganizations are facing ever-increasing global, local, and industry-specific regulatory challenges. These challenges have been cumbersome to meet with manual, non-structured e�orts in the past - but with mounting complexities and quantities of regulatory requirements, this becomes impossible. Organizations need to structure their compliance activities and consider how automation can help them manage regulatory compliance e�ectively.
In some areas, with the availability of automated tools, regulators intensify their regulatory requirements in such a way that impacted organizations have no choice but to use such automated tools and processes - for example within the area of Anti Money Laundering.
Beyond the external requirements brought forward by regulators, organizations understand more and more that GRC is not only a cost and a compliance topic, but it can also help shape a more e�ective, more streamlined and more transparent organization.
GRC functions are increasingly becoming integrated within the discipline and they connect across other disciplines such as the finance function.
CLIENT BENEFITSOUR APPROACHMARKET DRIVERS REFERENCES CONTACT< >
GRC | A BearingPoint Accelerator
Market DriversCompanies face many sources of risk - what could go wrong, what will go wrong
CLIENT BENEFITSOUR APPROACHMARKET DRIVERS REFERENCES CONTACT< >
GRC | A BearingPoint Accelerator
Risk Sources in Context of PESTEL Analysis: Political, Economic, Social, Technological, Environmental and Legislative.
Supply Stability• Bankruptcy of suppliers
Information Security• Swiss National Bank• LGT
Theft• Retail companies typically loose about
10 % of products because of theft
Incorrect Financial Statements• Enron (2001)• Worldcom (2002)• Parmalat (2003)
Environmental Risk• BP Deepwater Horizon (2010)• Tepko (Fukushima)
Others (Reputation)• Shell• Total• Glencore
Non Compliance (with Regulation)• Collaboration
External Fraud• Google (Chinese environment)• SecureID
Internal Fraud• Societe General (2008)• UBS (2011)• Gate Group
Market DriversFragmented, manual activities increase cost and fail to provide strategic value
CLIENT BENEFITSOUR APPROACHMARKET DRIVERS REFERENCES CONTACT< >
GRC | A BearingPoint Accelerator
Executive ManagementLack of Transparency • Poor visibility into enterprise risk exposure• Processes are too reactive and defensive• Fragmentation limits e�ectiveness of risk
and compliance initiatives
Compliance, Risk and AuditLack of resources • Limited time and personnel to e�ectively
manage risk and compliance• Ine�cient and costly manual processes• Inability to proactively mitigate risk events
Business OwnersLack of Alignment • Risk and compliance management processes
are not embedded within the business• Controls are not aligned to key risks• Limited risk and compliance influence on
business decisions
Our Approach Based on our SAP©-based GRC R2Go© solution and our experienced consultants, we provide help and guidance every step of the way – from the overall GRC strategy to specific actions, for example to maintain the right level of access control. We take an active collaborative approach across the key stages: scoping, blueprinting, implementation, testing, training, and go live. Early on in the process, we make sure we truly reflect our client's particular situation and issues so that we have a rich and robust scope rooted in the business, providing the foundation for a faster, more e�ective solution.
We are constantly evolving our GRC solution to ensure it keeps pace with the most recent developments and delivers the best possible support. To this end, we work closely with SAP© to take account of new features and functions of the core GRC software, so we can build as much as possible into our integrated solution.
Furthermore, we maintain relationships with top software vendors within the GRC market to assist clients in choosing the GRC platform that best fits their needs.
CLIENT BENEFITSOUR APPROACHMARKET DRIVERS REFERENCES CONTACT< >
GRC | A BearingPoint Accelerator
Our ApproachComprehensive GRC Cycle
CLIENT BENEFITSOUR APPROACHMARKET DRIVERS REFERENCES CONTACT< >
GRC | A BearingPoint Accelerator
Enterprise Risk Management
• Risk Identification• Risk Response Management• Risk Reporting
Compliance Management
• Policy Management• Control Automation
Fraud Management
• Fraud Detection• Case Management• Fraud Reporting
IT & Access Risk Management
• Segregation of Duties• Compliant Identity Management
Client Benefits With our SAP©-based GRC R2Go© solution, clients can quickly and confidently meet their requirements across four core areas: Risk Management, Process Control, Access Control and Fraud Management. Uniquely, clients can take all four areas as an integrated solution to maximize the ease and e�ectiveness of their risk management and mitigation. We also o�er the flexibility to use one or more areas separately.
Risk catalogues, best practice processes, sample organizational structures and more – we have added a high degree of rich content across all core areas. This content is drawn from our wide-ranging experience of managing risks across di�erent sectors.
We enable our clients to take advantage of our integrated solution across the entire project lifecycle from scoping to training, to truly accelerate their GRC initiatives.
CLIENT BENEFITSOUR APPROACHMARKET DRIVERS REFERENCES CONTACT< >
GRC | A BearingPoint Accelerator
References Project details• Adaptive solution to manage increasing
data amounts and complexity• Real time reporting and one click
consolidation features• Integrate GRC cycle from Access,
Compliance and Risk Management• Understanding Compliance and Risk
Management and bringing expertise
BearingPoint achievement• Gather the requirements (workshops with stakeholders)• Align the solution with the key stakeholders• Build up a specific prototype to visualize potential
solutions• Assess the financial impacts of key requirements and
illustrate potential solutions• Close relationship to SAP to discuss enhancements to
product needed to meet requirements
Client results• SAP GRC 10.0 Process Control and Risk
Management Blueprint• Prototype equipped with master data• Business Processes adapted to the needs but
aligned to SAP product capabilities• Good understanding of the product for the involved
team• User Management Integration scenario
Project details• Develop and implement comprehensive
governance for the SAP user- and authorization management for all administration entities.
• The chosen software solution ensures compliance to the SAP governance, given the complex environment.
• Raise the Internal Control System awareness.
• Choosing a particular software.
BearingPoint achievement• Organizing workshops to gather requirements• Develop a governance document aligned to business
needs• Develop and implement a SAP GRC AC 10.0
prototype with the following components- Access Risk Analysis (ARA)- Access Request Management (ARM)
• Potential implementation scenarios • Train stakeholders
Client results• Fully working SAP GRC 10.0 AC prototype• SAP Governance• Business and IT rule set for Segregation of Duties
and critical authorizations• Implementation scenarios and their financial
impact• Basis for the software decision, linked with
know-how of the client prototype
SAP GRC 10 Process Control/Risk Management blueprint for a leading automotive supply manufacturer
BearingPoint was engaged to implement and integrate the Process Control and Risk Management modules of SAP`s GRC 10.0 solution.
BearingPoint is engaged to establish a GRC infrastructure in the SAP space which includes the definition of a governance, a client specific risk rule set and a SAP GRC 10.0 AC prototype.
Risk analysis concept and implementation in the public services environment
CLIENT BENEFITSOUR APPROACHMARKET DRIVERS REFERENCES CONTACT< >
GRC | A BearingPoint Accelerator
CLIENT BENEFITSOUR APPROACHMARKET DRIVERS REFERENCES CONTACT<
ContactAlexa HaisermannPartnerBearingPoint [email protected]
Franz HillerPartnerBearingPoint [email protected]
GRC | A BearingPoint Accelerator
Oliver EngelbrechtPartnerBearingPoint [email protected]
About BearingPoint
BearingPoint consultants understand that the world of business changes constantly and that the resulting complexities demand intelligent and adaptive solutions. Our clients, whether in commercial or financial industries or in government, experience real results when they work with us. We combine industry, operational and technology skills with relevant proprietary and other assets in order to tailor solutions for each client’s individual challenges. This adaptive approach is at the heart of our culture and has led to long-standing relationships with many of the world’s leading companies and organizations. Our global consulting network of 9,700 people serves clients in more than 70 countries and engages with them for measurable results and long-lasting success. For more information, please visit: www.bearingpoint.com
© 2015 BearingPoint. All rights reserved