grc

>GRCA BearingPoint Accelerator

Working closely with the client, we deliver a rigorous and e�ective integrated GRC (Governance, Risk and Compliance) solution – one that is not only right for the client, but also available for them.

ContentsMarket Drivers

Our Approach

Client Benefits

References

Contact

CLIENT BENEFITSOUR APPROACHMARKET DRIVERS REFERENCES CONTACT< >

GRC | A BearingPoint Accelerator

Market DriversOrganizations are facing ever-increasing global, local, and industry-specific regulatory challenges. These challenges have been cumbersome to meet with manual, non-structured e�orts in the past - but with mounting complexities and quantities of regulatory requirements, this becomes impossible. Organizations need to structure their compliance activities and consider how automation can help them manage regulatory compliance e�ectively.

In some areas, with the availability of automated tools, regulators intensify their regulatory requirements in such a way that impacted organizations have no choice but to use such automated tools and processes - for example within the area of Anti Money Laundering.

Beyond the external requirements brought forward by regulators, organizations understand more and more that GRC is not only a cost and a compliance topic, but it can also help shape a more e�ective, more streamlined and more transparent organization.

GRC functions are increasingly becoming integrated within the discipline and they connect across other disciplines such as the finance function.



Market DriversCompanies face many sources of risk - what could go wrong, what will go wrong



Risk Sources in Context of PESTEL Analysis: Political, Economic, Social, Technological, Environmental and Legislative.

Supply Stability• Bankruptcy of suppliers

Information Security• Swiss National Bank• LGT

Theft• Retail companies typically loose about

10 % of products because of theft

Incorrect Financial Statements• Enron (2001)• Worldcom (2002)• Parmalat (2003)

Environmental Risk• BP Deepwater Horizon (2010)• Tepko (Fukushima)

Others (Reputation)• Shell• Total• Glencore

Non Compliance (with Regulation)• Collaboration

External Fraud• Google (Chinese environment)• SecureID

Internal Fraud• Societe General (2008)• UBS (2011)• Gate Group

Market DriversFragmented, manual activities increase cost and fail to provide strategic value



Executive ManagementLack of Transparency • Poor visibility into enterprise risk exposure• Processes are too reactive and defensive• Fragmentation limits e�ectiveness of risk

and compliance initiatives

Compliance, Risk and AuditLack of resources • Limited time and personnel to e�ectively

manage risk and compliance• Ine�cient and costly manual processes• Inability to proactively mitigate risk events

Business OwnersLack of Alignment • Risk and compliance management processes

are not embedded within the business• Controls are not aligned to key risks• Limited risk and compliance influence on

business decisions

Our Approach Based on our SAP©-based GRC R2Go© solution and our experienced consultants, we provide help and guidance every step of the way – from the overall GRC strategy to specific actions, for example to maintain the right level of access control. We take an active collaborative approach across the key stages: scoping, blueprinting, implementation, testing, training, and go live. Early on in the process, we make sure we truly reflect our client's particular situation and issues so that we have a rich and robust scope rooted in the business, providing the foundation for a faster, more e�ective solution.

We are constantly evolving our GRC solution to ensure it keeps pace with the most recent developments and delivers the best possible support. To this end, we work closely with SAP© to take account of new features and functions of the core GRC software, so we can build as much as possible into our integrated solution.

Furthermore, we maintain relationships with top software vendors within the GRC market to assist clients in choosing the GRC platform that best fits their needs.



Our ApproachComprehensive GRC Cycle



Enterprise Risk Management

• Risk Identification• Risk Response Management• Risk Reporting

Compliance Management

• Policy Management• Control Automation

Fraud Management

• Fraud Detection• Case Management• Fraud Reporting

IT & Access Risk Management

• Segregation of Duties• Compliant Identity Management

Client Benefits With our SAP©-based GRC R2Go© solution, clients can quickly and confidently meet their requirements across four core areas: Risk Management, Process Control, Access Control and Fraud Management. Uniquely, clients can take all four areas as an integrated solution to maximize the ease and e�ectiveness of their risk management and mitigation. We also o�er the flexibility to use one or more areas separately.

Risk catalogues, best practice processes, sample organizational structures and more – we have added a high degree of rich content across all core areas. This content is drawn from our wide-ranging experience of managing risks across di�erent sectors.

We enable our clients to take advantage of our integrated solution across the entire project lifecycle from scoping to training, to truly accelerate their GRC initiatives.



References Project details• Adaptive solution to manage increasing

data amounts and complexity• Real time reporting and one click

consolidation features• Integrate GRC cycle from Access,

Compliance and Risk Management• Understanding Compliance and Risk

Management and bringing expertise

BearingPoint achievement• Gather the requirements (workshops with stakeholders)• Align the solution with the key stakeholders• Build up a specific prototype to visualize potential

solutions• Assess the financial impacts of key requirements and

illustrate potential solutions• Close relationship to SAP to discuss enhancements to

product needed to meet requirements

Client results• SAP GRC 10.0 Process Control and Risk

Management Blueprint• Prototype equipped with master data• Business Processes adapted to the needs but

aligned to SAP product capabilities• Good understanding of the product for the involved

team• User Management Integration scenario

Project details• Develop and implement comprehensive

governance for the SAP user- and authorization management for all administration entities.

• The chosen software solution ensures compliance to the SAP governance, given the complex environment.

• Raise the Internal Control System awareness.

• Choosing a particular software.

BearingPoint achievement• Organizing workshops to gather requirements• Develop a governance document aligned to business

needs• Develop and implement a SAP GRC AC 10.0

prototype with the following components- Access Risk Analysis (ARA)- Access Request Management (ARM)

• Potential implementation scenarios • Train stakeholders

Client results• Fully working SAP GRC 10.0 AC prototype• SAP Governance• Business and IT rule set for Segregation of Duties

and critical authorizations• Implementation scenarios and their financial

impact• Basis for the software decision, linked with

know-how of the client prototype

SAP GRC 10 Process Control/Risk Management blueprint for a leading automotive supply manufacturer

BearingPoint was engaged to implement and integrate the Process Control and Risk Management modules of SAP`s GRC 10.0 solution.

BearingPoint is engaged to establish a GRC infrastructure in the SAP space which includes the definition of a governance, a client specific risk rule set and a SAP GRC 10.0 AC prototype.

Risk analysis concept and implementation in the public services environment



CLIENT BENEFITSOUR APPROACHMARKET DRIVERS REFERENCES CONTACT<

ContactAlexa HaisermannPartnerBearingPoint [email protected]

Franz HillerPartnerBearingPoint [email protected]


Oliver EngelbrechtPartnerBearingPoint [email protected]

About BearingPoint

BearingPoint consultants understand that the world of business changes constantly and that the resulting complexities demand intelligent and adaptive solutions. Our clients, whether in commercial or financial industries or in government, experience real results when they work with us. We combine industry, operational and technology skills with relevant proprietary and other assets in order to tailor solutions for each client’s individual challenges. This adaptive approach is at the heart of our culture and has led to long-standing relationships with many of the world’s leading companies and organizations. Our global consulting network of 9,700 people serves clients in more than 70 countries and engages with them for measurable results and long-lasting success. For more information, please visit: www.bearingpoint.com

© 2015 BearingPoint. All rights reserved

www.bearingpoint.com

mailto:[email protected]

