SAP Governance, Risk, Compliance and Security Solutions

SAP Audit Management

SAP

Public

Add partner
logo and alt text
Agenda

Challenges and Opportunities Driving GRC Transformation

SAP GRC and Security Solutions

What’s Happening in Audit Management

Overview of SAP Audit Management

Why SAP Audit Management

Summary

Public 2
Agenda

Challenges and Opportunities Driving GRC Transformation

SAP GRC and Security Solutions

What’s Happening in Audit Management

Overview of SAP Audit Management

Why SAP Audit Management

Summary

Public 3
Enterprise Risk & Compliance Transformation Drivers
Agile and integrated GRC during uncertain times
Challenges

Prioritize strategy and decision making to manage rapid onset Key Focus
of interconnected global risk events with catastrophic losses Areas
Use collaborative tools and automation to focus policies Manage risk
and controls on areas where risks are the most significant

Ensure risks and control information is always up-to-date, Avoid losses

Three Lines Model transparent, and reliable by automating daily activities

Reduce costs
Reduce third-party and fraud risk with machine learning
by combining rules and predictive analytics to better
anticipate and prevent exceptions Strengthen
Compliance
Provide independent assurance of risk and compliance
standards to mitigate increased exposure to risk and
compliance failures
Public 4
SAP GRC and Security solutions
Solution mapping to key themes

Enterprise Risk Identity & Access Cybersecurity, Data International Trade

& Compliance Governance Protection & Privacy Management

 Manage risks, controls,  Manage access for enterprise  Manage cyber risk with greater  Manage import and export
and regulatory requirements applications – cloud or on-premise alignment to information security compliance as well as free
in business operations  Manage identities, authorized standards trade agreements in global
 Screen third parties and detect information access, data use,  Identify potential cyber threats supply chains
anomalies and fraud and sharing conditions and vulnerabilities in applications  Optimize trade utilizing special
 Provide independent assurance  Eliminate excessive logins  Secure files and data using customs procedures such as
with single sign-on bonded warehouses, processing
of risk and compliance standards transportable policies and
trade in China, and free trade
 Mitigate access risk violations encryption
zones in NA
and monitor financial impact  Enable greater control with  Screen third parties for improved
sensitive data masking compliance
and logging

Public 5
Best Run Companies are Transforming with SAP GRC and Security
Solutions
Impact  15% - 20% Reduction in
loss events
Ris
Focus Com k and  75% Reduction in manual effort
plia on selected control activity
nce
Traditional Business Models Best Run Business Models Provide One
 99% Reduction in segregation

Go
View of Risk

Ac erna
v
ce nc
Siloed risk investment / shadow IT Integrate GRC and Security capabilities of duties violations

ss e
Manage Digital
 80% reduction in time required
Manual and dated controls Automate controls within business processes to manage access and SoD
Identities
Multiple user profiles and logins Manage digital identities across landscapes

Cybersecurity
Latency/disconnected view of application threats Detect and correlate threats in near real time  5.3 billion events per day
Monitor analyzed for potential threats
Disparate approach to privacy requirements Establish and manage privacy requirements Opportunities Applications  Forensic analysis and modeling
of new attack detection patterns
Identification of personal information Use AI to identify and detect personal data

Inability to detect potential fraud and misconduct Screen transactions and business partners
Manage  Real-time attribute based

ac n
iv tio
Manual trade compliance processes Automate trade compliance on a single platform Requirements access controls

y
Pr c
d o te
 100% improvement of data

an Pr
Optimize Supply sharing and data restriction

ta
Chains

Da
al  $90 million annual ROI in duty
n ation
r
Inte Trade savings and broker savings,
self-filings, more
 7.6 million business partners
screened with greater uniformity

Public 6
SAP GRC and Security Solutions
SAP GRC and Security solutions
Solution mapping to key themes

Enterprise Risk Identity & Access Cybersecurity, Data International Trade

& Compliance Governance Protection & Privacy Management

 SAP Process Control  SAP Access Control  SAP Enterprise Threat Detection  SAP Global Trade Services
 SAP Risk Management  SAP Cloud Identity Access  SAP Privacy Governance  SAP S/4HANA for international
 SAP Audit Management Governance  SAP Privacy Management by BigID trade
 SAP Access Violation  SAP Watch List Screening
 SAP Business Integrity Screening  SAP Customer Data Cloud
Management by Greenlight
 SAP Regulation Management  SAP Data Custodian
 SAP Dynamic Authorization
by Greenlight  SAP Data Custodian, Key
Management by NextLabs
 SAP Single Sign-On Management Service (KMS)
 UI masking for SAP
 SAP Cloud Identity Services –
Identity Authentication  UI logging for SAP
 SAP Identity Management  SAP Code Vulnerability Analyzer
 SAP Cloud Identity Services –  SAP Fortify by Micro Focus
Identity Provisioning

Public 9
Enterprise Risk & Compliance
Sharing GRC vision, information, and responsibility across the enterprise

Real-time Audit Insights Enterprise Risk Intelligence

Provide independent assurance of risk Visibility of escalating risks provides the ability to aggregate
and compliance standards to risks across the enterprise via collaborative tools, enact
management and audit committees responses proactively and reduce risk losses
Product: SAP Audit Management, Product: SAP Risk Management
SAP Process Control, SAP Digital
Boardroom

Continuous Controls Monitoring

Predictive Analytics Continuous monitoring of business transactions can
Detect potential fraud earlier to reduce identify irregularities and provide automatically
financial losses generated auditable compliance documentation
Product: SAP Business Integrity Screening
Product: SAP Process Control,
Three Lines of SAP Business Integrity Screening
Defense

Anomaly detection Regulation Management

Detect anomalies earlier to reduce losses in the Understand and manage regulatory requirements as
new environment that increase the risk of fraud they relate to risk and control management
Product: SAP Business Integrity Screening, Product: SAP Regulation Management by Greenlight,
SAP Process Control SAP Process Control

Public 10
What’s Happening in Audit Management
Challenges Facing Internal Audit

Compliance failures can cause organizations to

suffer reputational damage, customer churn and
costly fines. In fact, the impact of noncompliance
is greater than ever before.

A 2018 report by the Ponemon Institute estimates

noncompliance costs to be 2.7 times the costs of
maintaining or meeting compliance requirements
—and up 45% since 2011.

Only 19% of RM, IA and compliance functions are

well-integrated, or fully-integrated technologically
with the governance, risk and compliance (GRC)
tool.

Public Source: PWC, “2019 State of Compliance Study” https://www.pwc.com/us/en/services/risk-assurance/library/state-of-compliance-study.html 12

 Challenges Facing Internal Audit
Use technology, real-time dashboards and automation to stay connected

Public “2019 State of the Internal Audit Profession Study,” PwC. https://www.pwc.com/us/en/services/risk-assurance/library/internal-audit-transformation-study.html 13
SAP Audit Management powered by SAP HANA

Streamline Elevate the impact of Amplify the influence and

audits audit efforts value of internal audit

 Mobile capability to instantly  Integration with core SAP GRC  In-memory SAP HANA database for high-
capture audit evidence solutions for three lines of defense speed processing and total search capability
 Global monitoring of findings  Configurable SAP Fiori apps and  SAP HANA-based analytics and business
and follow-up views for better management and intelligence for planning, monitoring, and
 Offline audit execution and reporting deep analytical insights
follow-up  Flexible resource planning,  Collaborative tools to maximize continuous
scheduling, and time reporting stakeholder engagement

Public 14
 SAP Audit Management
Transform audit. Move beyond assurance.

Managing Audit Activity Monitoring Progress

Establish a risk-based plan, Monitor the disposition
prioritize audit activities and align of results reported to
with the needs of the enterprise management
Enterprise Risk
& Compliance

Planning the Engagement Communicating Results

Develop and document a Communicate engagement objectives,
plan for each engagement scope, conclusions, findings, and
recommendations

Performing the Engagement

Identify, analyze and document relevant information
Public 15
 Enterprise
SAP Audit Management Risk &
Compliance
Manage the audit activity

Managing the
Audit Activity

 Establish a framework for risk assessment

and prioritization
 Communicate plans and resource
requirements
 Deploy appropriate resources
 Report plan performance to senior
management and the Board

Public 16
Manage the audit activity – value proposition

Not all engagements are the same. Business Audit things that matter
risks and business complexity must be By understanding the objectives and strategies the
business is pursuing
understood.
Align with the business
By focusing on the risks and controls the business has
identified, enabling chief audit executives to create more
strategic and agile audit plans

Establish resource requirements

By determining the quantity and characteristics of the
resources needed to do the job

Maintain effective and ongoing

SAP Audit Management can provide the communications
insight necessary to identify key audit entities By reporting plan performance to senior management
and rate the risk of the entire universe. and the board
Public 17
 Enterprise
SAP Audit Management Risk &
Compliance
Engagement planning

Engagement
Planning

 Establish engagement objectives and scope

 Assess relevant risks
 Plan appropriate and sufficient resources
 Develop and document engagement work program

Public 18
Engagement planning

Each engagement must be understood Establish objectives and scope

completely and planned appropriately. Distribute audit scope, period, objectives, and other key
information to key stakeholders

Assess relevant risks

Identify relevant risks in SAP Risk Management

Plan appropriate resources

Capture estimated resource requirements
Develop and manage talent

Enhance organizational knowledge

sharing
Develop and document work program
SAP Audit Management documents and
captures all the information necessary to plan
and conduct a successful audit.
Public 19
 Enterprise
SAP Audit Management Risk &
Compliance
Perform the engagement

Performing the
Engagement

 Identify relevant information

 Perform analysis and evaluation
 Document engagement information
 Supervise the engagement

Public 20
Perform the engagement – value proposition

The entire audit cycle is streamlined and Identify relevant information

available online for review and approval. Internal auditors can identify sufficient, reliable, relevant,
and useful information.

Perform analysis and evaluation

Internal auditors have the ability to access and analyze
information from mobile devices.

Detect fraud risks

SAP Audit Management integrates with SAP Business
Integrity Screening for fraud management.

Document engagement information

Internal auditors can drag and drop appropriate
documentation into their work papers.

SAP Audit Management frees up valuable audit Supervise the engagement

All user-relevant findings and working papers are
time and reduces elapsed time to complete.
available for supervisor review.

Public 21
 Enterprise
SAP Audit Management Risk &
Compliance
Communicate results

Communicating
Results

 Determine communication criteria

 Disseminate results

Public 22
Communicate results – value proposition

SAP Audit Management allows visualization of audit Determine communication criteria

findings for maximum impact and clear understanding. A standard template helps ensure that communication
criteria are met consistently.

Disseminate results
Internal auditors create their own charts and reports on a
variety of topics.
Internal auditors communicate effectively with
management and the board on assurance for the
business.

Collaborate with risk and compliance

functions in the lines of defense
Emerging risks are flagged and issues are shared across
compliance risk and audit.

Public 23
 Enterprise
SAP Audit Management Risk &
Compliance
Monitor progress

Monitoring
Progress

 Establish a follow-up process to monitor

management actions
 Capture incidents and losses
 Monitor the disposition of consulting engagements

Public 24
Monitoring progress – value proposition

SAP Audit Management provides a variety of

Establish a follow-up process to
standard, configurable, and custom reporting
monitor management actions
options. Streamline and automate follow-up activities

Capture incidents and losses

Improve assurance by integrating with SAP
Process Control to report incidents and losses

Monitor the disposition of

consulting engagements
Track audits and consulting engagements by status
Show completed and planned engagements
separately

Public 25
 SAP Audit Management
Key features for end-to-end audit management

Managing the audit Engagement Performing the Communicating Monitoring

activity planning engagement results progress

 Establish a framework  Establish engagement  Identify relevant  Determine  Establish a follow-up

for risk assessment objectives and scope information communication process to monitor
and prioritization   criteria management actions
Assess relevant risks Perform analysis and
 Communicate plans evaluation  Disseminate  Capture incidents and
 Plan appropriate and
and resource  results losses
sufficient resources Document
requirements  Monitor the disposition
 Develop and document engagement
 Deploy appropriate information of consulting
engagement work
resources  engagements
program Supervise the
 Report plan engagement
performance to senior
management and the
board

Public 26
Why SAP Audit Management
What SAP Audit Management can do for your business
Our customers tell us what they like best about the solution

Better prioritization of audit universe Reduced time per audit

1 Elevate audit impact with technology-based insight into 4 Increase efficiency and expand audit coverage through
the risks and controls the business owns integration with SAP Business Integrity Screening

Improved staff utilization Mobile capability

2 Access key audit information details with self-service 5 Capture audit documentation and evidence quickly with
scenarios and visualization from SAP Lumira mobile capabilities and drag-and-drop tools

More significant findings Better quality audits

Maximize staff utilization and reduce travel costs with
3 Gain a single enterprise-wide view of audit activities and 6 better internal audit planning, resource management, and
a standardized audit approach
scheduling

Public 28
Better prioritization of audit universe
Unified approach of SAP Audit Management

Benefits Capabilities
Resources directed to high-risk areas More frequent risk assessments

Better alignment with the business Integration with SAP GRC solutions

More opportunity for advice and insight

Data analysis and mining tools

“SAP Audit Management is an integrated application with a new user interface that helps corporate audit
to manage the entire audit lifecycle efficiently while supporting our mission to be a trusted advisor to
executive management.”
Thomas Bamberger, Former Chief Audit Executive, SAP SE

Public 29
Improved staff utilization
Scheduling, time recording, and resource management

Benefits Capabilities
Lower overall cost of audit Objectives, scope, and work plan
documented in the system
Reduced footprint on the business
Resource management capabilities to
Higher staff morale select the right team

Automated selection and scheduling of

auditors

Public 30
More significant findings
Better planning results in better audits

Benefits Capabilities
Increase perception of audit value SAP HANA-based analytics and
business intelligence
Empower auditors to propose new risks
Continuous controls monitoring (CCM)
test results
Reduce elapsed time to report
Creation of custom charts and graphs by
auditors

“SAP Audit Management allows us to focus more on auditing and less on administration. Big Data analytics
opens up a number of new opportunities for us to look at information in different ways, thereby helping
transform our business and unlock value.”
Willem Ypma, IT Audit Manager, Tata Steel Europe

Public 31
Reduced time per audit
Increase productivity with time and expense management

Benefits Capabilities
Lower audit cost Drag-and-drop documentation

Increase coverage of the universe Automated audit announcements to

management and board
Accelerate identification of issues
Continuous tracking of audits and other
engagements by status

“We are the first in Russia to integrate SAP Audit Management system in our work. The new system has taken our internal audit to a
completely new level, and makes it faster, more transparent and more efficient.” Kirill Bogdanov, Aeroflot’s Deputy CEO for IT

Public https://www.traveldailynews.com/post/aeroflot-recognised-by-sap-for-pioneering-internal-audit-management-in-russia 32
Mobile capability
Drive productivity with mobile devices

Benefits Capabilities
Powerful search for faster documentation Mobile devices capture all forms of
audit evidence.
Better use of staff resources
Work papers are automatically indexed
Up-to-date audit files for management for easy reference.
review
Auditors create ad hoc issues in the
system.

Public 33
Tata Steel Europe transforms the audit process with SAP Audit
Management Running in SAP HANA Enterprise Cloud

Company
Tata Steel Europe
Objectives
 Support the audit process of the multilingual audit department operating in multiple locations end to end Reduced
 Improve audit efficiency, effectiveness, and timeliness Administrative effort in the
Headquarters  Reduce the overall cost of the audit audit process
IJmuiden, The Netherlands

Industry
Mill products – steel production
Why SAP
 Analytics solutions based on the SAP HANA platform and cloud enabled through the SAP HANA Lower
Enterprise Cloud service Up-front investment to set
 Risk-based, mobile functionality that alleviates paper-based workloads and audit planning and increases up the audit process
Products and Services
productivity
Steel

Employees
 SAP HANA Enterprise Cloud as an innovation accelerator with a focus on enterprise-wide issues and
tomorrow’s opportunities Increased
Productive audit time
30,000
Resolution
Web Site
www.tatasteel.com
 Integrated the SAP Audit Management application into the SAP software landscape
 Established a basis for easy, fast access to the latest technology and related up-to-date knowledge More
Consistency between
Benefits documentation, auditing,
 Improved transparency
reporting, and QA
processes
 Reduced total staff time and manual effort per engagement
 Increased audit coverage by using embedded analytics
 Gained new opportunities through better understanding of the business based on Big Data analytics

“SAP Audit Management allows us to focus more on auditing and less on administration. Big Data analytics
opens up a number of new opportunities for us to look at information in different ways, thereby helping
transform our business and unlock value.”
Willem Ypma, IT Audit Manager, Tata Steel Europe

41807 (15/12) This content is approved by the customer and may not be altered under any circumstances.
Public 34
SAP runs SAP: Transforming audits and moving beyond assurance

Objectives
Company
SAP SE  Implement an audit management solution covering entire audit lifecycle Reduced
Administrative effort covering
Headquarters  Improve audit efficiency and reduce overall cost of ownership the entire audit lifecycle
Walldorf, Germany  Elevate audit impact with technology-based insight into business risks
Industry
High tech
Why SAP Increased
 Support for a shift from periodic to continuous assurance through integration of audit Productivity by using intuitive
processes with the SAP Risk Management application and the SAP Business Integrity user interfaces and
Products and Services technology
Business software applications
Screening application
and services  Analytics solutions from SAP and the SAP HANA platform to focus on enterprise-level

Employees
issues and opportunities today and tomorrow Simplified
 Software, risk-based tools, and mobile functionality to improve working paper Use by developing a
74,400 management, audit planning, and productivity solution for auditors by
auditors
Web Site Benefits
www.sap.com  Gained transparency of audit engagements
 Reduced total staff time and manual effort per engagement
 Increased audit efficiency and expanded audit coverage by leveraging Big Data
 Shifted from assurance to advisory engagements by using analytics
 Achieved stronger stakeholder relationship

“SAP Audit Management is an integrated application with a new user interface that helps corporate audit
to manage the entire audit lifecycle efficiently while supporting our mission to be a trusted advisor to
executive management.”
Thomas Bamberger, Chief Audit Executive, SAP SE

Public 35
 PUBLIC

How Does Better Audit Management Help

Improve the Customer Experience and
Provide Assurance Around the World?

Delivering an amazing customer experience in more

than 40 countries
With a robust portfolio of more than 20 online food delivery brands, Delivery Hero SE
offers an amazing array of food choices and satisfying experiences to its worldwide
customer base. Delivering 1,390 meals every minute and generating nearly €1 billion in
annual sales helps this German-based company maintain its number one market position
in 33 of 41 countries. The company delivers not only food, but also groceries and
convenience items. Yet every country has its own restaurant partners, operating
procedures, laws and regulations, culture, and systems. Delivery Hero needed a way to
provide internal audit assurance efficiently and effectively throughout its diverse
global operations.

Public 36
By managing worldwide internal audit assurance with a single
system, Delivery Hero spends more time satisfying consumers.

Using the SAP® Audit Management, SAP Access Control, SAP Process Control, and SAP Risk
Management applications, Delivery Hero has been able to:
• Report on audit status, findings, risks, and action plans using real-time dashboards
• Ensure that risks, controls, and organizational structures are aligned across the three lines of defense (as
defined by the Institute of Internal Auditors)
• Enable timely follow-up of management action plans (MAPS) with automated notifications to management
• Adequately manage and monitor audit engagements across the world, to ensure that audits are completed on
time and within budget

“The SAP Audit Management application enables our internal audit team to provide
management and the audit committee with real-time updates on our audits and the
effectiveness of clearing management action plans across all of our segments, countries,
and entities.”
Larry Herzog Butler, Head of Internal Audit, Delivery Hero SE

Delivery Hero SE Industry Employees Revenue Featured Products and Services

Berlin, Germany Retail – online 19,000 €0.8 billion SAP Audit Management, SAP Process
food delivery (US$0.88 billion) Control, and SAP Risk Management

Public 37
Summary
Why SAP GRC and Security solutions

Simple Integrated Safe

 Do more with less: reduce the cost  Take advantage of native integration  Reduce risk by choosing an
and effort of your GRC and security for real-time exception monitoring industry-recognized, leading
programs and decision making GRC and security portfolio
 Use a modular approach to deploy at  Get up and running faster, leveraging  Meet the requirements of your
your own speed industry and line-of-business content organization by choosing how you
 Gain an enterprise approach and  Go lean with automated monitoring want to deploy – in the cloud or
view into your GRC and security on very large amounts of data on premise
activities and bring together  Share and learn from a community
disparate parts of the organization and partner ecosystem that is
second to none

Public 39
For more information

Find detailed information

SAP Audit Management product page

Explore ROI with our Value Calculator

Take a look at
www.sap.com/GRC
www.sap.com/security
www.sap.com/finance

Follow our blogs

GRC Tuesdays

Follow us on Twitter
#SAPGRC and #SAPFINANCE

Public 40
Thank you
Contact information:
F name L name
Title
Address
Phone number