SAP Governance, Risk, and Compliance (GRC) Solutions Road Map - April 2019 - Insights

 
SAP Governance, Risk, and Compliance (GRC) Solutions Road Map - April 2019 - Insights
SAP Governance, Risk, and Compliance (GRC)
Solutions Road Map
April 2019

PUBLIC
SAP Governance, Risk, and Compliance (GRC) Solutions Road Map - April 2019 - Insights
Legal disclaimer

The information in this presentation is confidential and proprietary to SAP and may not be disclosed without the permission of SAP.
This presentation is not subject to your license agreement or any other service or subscription agreement with SAP. SAP has no obligation
to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned
therein. This document, or any related presentation, and SAP’s strategy and possible future developments, products, and platforms, directions,
and functionality are all subject to change and may be changed by SAP at any time for any reason without notice. The information in this
document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. This document is provided without
a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular
purpose, or noninfringement. This document is for informational purposes and may not be incorporated into a contract. SAP assumes no
responsibility for errors or omissions in this document, except if such damages were caused by SAP’s willful misconduct or gross negligence.

All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from
expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates,
and they should not be relied upon in making purchasing decisions.

For all recent and planned innovations, potential data protection and privacy features include simplified deletion of personal data, reporting
of personal data to an identified data subject, restricted access to personal data, masking of personal data, read access logging to special
categories of personal data, change logging of personal data, and consent management mechanisms.

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   2
SAP Governance, Risk, and Compliance (GRC) Solutions Road Map - April 2019 - Insights
About SAP road maps

Companies today are planning their digital journeys – transforming business models, reengineering business
processes, and reimagining work.
SAP road maps highlight innovations that may help you plan and implement your digital journey. They span
products relevant to lines of business in your industry and explain how our innovations may add value to your
business.
In our road maps, you can learn about our innovations along four different timelines:
1. Recent innovations for our products that have been launched in the past weeks or months and can
   already be purchased
2. Planned innovations for our products that are intended to be launched in the short term or midterm
3. Product direction, providing a long-term perspective on high-level development plans for innovations for
   our solutions – inspired by your requirements
4. Product vision, providing a high-level and long-term business perspective on innovations for our products

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   3
SAP Governance, Risk, and Compliance (GRC) Solutions Road Map - April 2019 - Insights
Table of contents

Overview
▪ Introduction
▪ Product description
▪ Product portfolio overview

Vision and direction
▪ Key trends, customer needs, and value proposition
▪ Portfolio areas of future investment

Innovations
▪ Recent innovations
▪ Planned innovations
▪ Product direction
▪ Product vision

Wrap-up
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   4
SAP Governance, Risk, and Compliance (GRC) Solutions Road Map - April 2019 - Insights
Overview
SAP Governance, Risk, and Compliance (GRC) Solutions Road Map - April 2019 - Insights
SAP governance, risk, and compliance (GRC) solutions
Introduction

SAP GRC solutions help companies to streamline and automate risk
management and compliance processes across the enterprise.
Tightly integrated into SAP and non-SAP processes, SAP GRC solutions and
products help our customers worldwide to establish efficient, effective, and
real-time GRC practices.
Integrated GRC product suite
▪ Document, manage, analyze, and report on all GRC activities in a central environment
▪ Scale the GRC system over time to keep up with the demand from your business
▪ Build on industry standards and best practices

Embedded into SAP and integrates with other business applications
▪ Streamline and automate GRC workflows to avoid duplicate effort and reduce costs
▪ Connect GRC information with operational data to ensure information presented to
  stakeholders is up-to-date and relevant

State-of-the-art technology
▪ Leverages in-memory capabilities of SAP HANA for real-time detection and analytics
▪ Uses SAP Fiori to provide a seamless user experience across all devices

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   6
SAP Governance, Risk, and Compliance (GRC) Solutions Road Map - April 2019 - Insights
SAP GRC solutions

                                 Key capabilities

▪ Documentation: Central repository to document and manage all GRC
  activities across the organization
▪ Integration: Data integration of SAP and non-SAP systems that helps to
  automate GRC processes
▪ Reports and dashboards: Prebuilt reports and dashboards to help stay on
  top of GRC tasks and provide a consolidated view for GRC stakeholders
▪ Workflow: Streamlining GRC tasks, status follow-ups, and approvals
▪ Best practices: Continuous adoption of industry standards and best
  practices

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   7
SAP Governance, Risk, and Compliance (GRC) Solutions Road Map - April 2019 - Insights
SAP GRC solutions
Product portfolio (select products)

                                                                                                                       SAP Cloud Identity
                     SAP                                                         Cloud                                                                                                       SAP Watch List                                                 SAP Data Privacy
                                                                                                                            Access
                   S/4HANA                                                                                                                                                                     Screening                                                      Governance
                                                                         Safeguard the                                   Governance
                                                                             digital
                     SAP                                                transformation                                       Govern access in the                                          Verify business partner                                              Address today’s data
                   Business                                                                                                         cloud                                                        compliance                                                      privacy challenges                                                             Partner
                    Suite                                                                                                                                                                                                                                                                                                                     extensions

                    Cloud
                  solutions                                              In-memory                                               SAP Audit                                                  SAP Business                                                             SAP Tax
                  from SAP                                                                                                      Management                                               Integrity Screening                                                        Compliance                                                                 Industry
                                                                           Be a trusted
                                                                          advisor to the                                                                                                                                                                                                                                                      extensions
                                                                            business                                      Transform audit beyond                                          Implement efficient fraud                                                 Comply with tax
                SAP Cloud                                                                                                       assurance                                                       detection                                                             regulations
                 Platform
                                                                                                                                                                                                                                                                                                                                                 LoB
                                                                                                                                                                                                                                                                                                                                              extensions
                Third-party                                                                                                      SAP Access                                                      SAP Process                                                       SAP Risk
                 systems                                                On premise                                                 Control                                                         Control                                                        Management
                                                                         Establish GRC
                                                                         best practices
    Native SAP integration                                                                                                                                                                Ensure effective controls                                          Manage enterprise risk
        and integration                                                                                                       Manage access risk                                                                                                                                                                                                  Ecosystem
                                                                                                                                                                                          and ongoing compliance                                             across the organization
         with non-SAP
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   8
SAP Governance, Risk, and Compliance (GRC) Solutions Road Map - April 2019 - Insights
Vision and direction
SAP Governance, Risk, and Compliance (GRC) Solutions Road Map - April 2019 - Insights
SAP GRC solutions
Key trends, customer needs, and value proposition

Digital                                                                                           New business                                                                                       Regulatory                                                                                  Economic and
transformation                                                                                    models                                                                                             requirements                                                                                political uncertainty

Assure compliance across                                                                          Safeguard profitability and                                                                        Deal with increasing                                                                        Mitigate external and
on-premise, cloud, and                                                                            growth without compromising                                                                        amount and complexity of                                                                    strategic risk
hybrid landscapes                                                                                 on compliance                                                                                      regulations to be followed

SAP GRC solutions help to                                                                         SAP GRC solutions help                                                                             SAP GRC solutions help                                                                      SAP GRC solutions help
safeguard on-premise, cloud,                                                                      to adapt existing processes                                                                        to streamline compliance                                                                    to add risk and compliance
and hybrid landscapes.                                                                            and procedures without                                                                             processes and address                                                                       information to improve
                                                                                                  compromising on compliance.                                                                        regulatory requirements.                                                                    strategic decisions.

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   10
SAP GRC solutions
Product or portfolio areas of future investment

                     User experience                                                                                                                               Consumption                                                                                                          Embedded compliance
                        Across all devices                                                                                                                  Cloud or on premise                                                                                                   Business processes integration

▪ Support for GRC experts and the                                                                                                      ▪ Solutions and products built for the                                                                                                     ▪ Tightly integrated into processes
  business                                                                                                                               cloud and on premise                                                                                                                       and business networks
                                                                                                                                       ▪ Solutions and products built to
                                                                                                                                         “manage” the cloud

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   11
Innovations
SAP GRC solutions – on-premise
Product road map overview – Key innovations

      Recent innovations                                                                                2019 – Planned innovations1                                                                      2020 – Product direction1                                                                       2021 – Product vision1

SAP Access Control                                                                               SAP Access Control                                                                              SAP Access Control                                                                              SAP Access Control
▪ Increased system landscape security                                                            ▪ Increased system landscape security                                                           ▪ Increased system landscape security                                                           ▪ Reduced risk of noncompliance through
  as SAP Access Control can monitor                                                                through extended access governance                                                              through extended access governance                                                              added support for system cross-domain
  SAP S/4HANA                                                                                      support for SAP Ariba and SAP                                                                   support for SAP Concur solutions, SAP                                                           identity management (SCIM)-based
                                                                                                   Fieldglass solutions, SAP S/4HANA                                                               Cloud for Customer                                                                              external applications through SAP Cloud
SAP Process Control                                                                                Cloud                                                                                                                                                                                           Identity Access Governance
▪ Reduced compliance cost through                                                                                                                                                                SAP Process Control
  optimized issue follow-up in continuous                                                        ▪ Streamlined compliance process
                                                                                                   through business role integration with                                                        ▪ Reduce risk of noncompliance through                                                          SAP Process Control
  control monitoring
                                                                                                   SAP Identity Management                                                                         extended support for SAP S/4HANA                                                              ▪ Reduced compliance cost through
SAP Risk Management                                                                                                                                                                                control monitoring                                                                              machine-aided scoping and control
▪ Improved insight into enterprise risk                                                          SAP Risk Management                                                                             ▪ Streamline compliance processes                                                                 evaluations
  through extended risk aggregation                                                              ▪ Reduced risk management cost and                                                                through added customization options
  algorithms                                                                                       foster collaboration through optimized                                                          on control assessment and test                                                                SAP Audit Management
                                                                                                   planning and execution of risk                                                                  workflows                                                                                     ▪ Reduced audit cost through enhanced
SAP Audit Management                                                                               workshops                                                                                                                                                                                       resource management capabilities during
▪ Avoid double efforts in an audit through                                                                                                                                                       SAP Audit Management                                                                              the end-to-end audit process
  improved search (on past audits)                                                               SAP Audit Management                                                                            ▪ Reduced compliance cost through
                                                                                                 ▪ Increase confidence in audit results                                                            improved integration between risk
SAP Tax Compliance                                                                                 through added quality and consistency                                                           management, process control, and
▪ Cut audit costs through embedded                                                                 checks                                                                                          audit management according to three
  documentation of identified tax issues                                                                                                                                                           lines of defense model
  and their remediation

1. This is the current state of planning and may be changed by SAP at any time without notice.

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   13
Planned

SAP Access Control                                                                                                                                                                                                                                                                                                                                                         innovations

Extended system landscape coverage and SAP Identity Management Integration

              Description                                                                                                                                Benefits

Extended access governance                                                                                                      ▪ Reduced compliance risk
▪        Support SAP Cloud Solutions - SAP                                                                                      ▪ Lower administration cost with
         Ariba*, SAP Fieldglass*, and SAP                                                                                         automated governance process
         S/4HANA Cloud*
                                                                                                                                ▪ Increase accuracy for user and
▪        User provisioning, Risk Analysis and
         Role Management
                                                                                                                                  role assignment
Integration into SAP Identity
Management
▪        Business role management integration

    * With SAP Cloud Identity Access Governance integration

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   14
Planned

SAP Risk Management                                                                                                                                                                                                                                                                                                                                                        innovations

Support for Risk Workshops

              Description                                                                                                                                Benefits

Complete risk evaluation in                                                                                                        ▪         Reduce risk management cost
collaborative way                                                                                                                  ▪         Easy communication between
•        Optimize Risk Workshop                                                                                                              different line of business
         planning procedure                                                                                                        ▪         Foster collaboration risk evaluation
•        Involves Risk Experts from different                                                                                                within Risk Experts group
         lines of Business
▪        Easy organize and execute Risk
         Workshop between different stack
         holders
▪        Quick summary Risk Workshop results

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   15
Planned

SAP Audit Management                                                                                                                                                                                                                                                                                                                                                       innovations

Enhanced quality and consistency checks

              Description                                                                                                                                Benefits

Quality Check for Audit                                                                                                            ▪         Reduce manual effort for
Engagement and Follow-up                                                                                                                     documentation when performing
                                                                                                                                             audits
▪        Working paper quality Check
                                                                                                                                   ▪         More efficient communication
▪        Finding quality check
                                                                                                                                             between auditors and audit leads
▪        Action plan quality check
                                                                                                                                   ▪         Increase confidence of audit results
Automatic Documentation                                                                                                                      through configurable checks
▪        Extract work done from performed audit
         procedures
▪        Reference working paper in
         documentation

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   16
Planned

SAP Business Integrity Screening                                                                                                                                                                                                                                                                                                                                           innovations

Productivity Improvements

              Description                                                                                                                                Benefits

Improve Screening Performance                                                                                                      ▪         Enable ultra large screening
▪        Inversion of screening order for faster                                                                                             scenarios (100+Mio Business
         screening of Business Partners in any                                                                                               Partners)
         kind of lists                                                                                                             ▪         Significant reduction of screening
                                                                                                                                             runtime
                                                                                                                                   ▪         Cost reduction due to reduced
Improved User Interfaces
                                                                                                                                             hardware sizing requirements
▪        Optimized Manage Alerts Fiori app
                                                                                                                                   ▪         Improved end user productivity in
▪        New Dashboard                                                                                                                       Manage Alert App due to optimized
                                                                                                                                             FIORI UIs with better transparency of
                                                                                                                                             information with and with less clicks
                                                                                                                                   ▪         New Overview Page usable as
                                                                                                                                             operative dashboard with additional
                                                                                                                                             KPIs and highlighted overdue actions

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   17
Planned

SAP Tax Compliance                                                                                                                                                                                                                                                                                                                                                         innovations

More Integration and Extended Documentation and Reporting Capabilities

              Description                                                                                                                                Benefits

Enhanced Documentation                                                                                                             ▪         Extended and more comprehensive
                                                                                                                                             documentation about remediation
▪ Storage of any kind of attachments                                                                                                         simplifies internal and external audits
  on hit, check and run level for better
                                                                                                                                   ▪         Better classification and reporting of
  documentation of decisions and                                                                                                             hits for better improvements of
  mitigations                                                                                                                                processes and data quality
Improved Reporting                                                                                                                 ▪         Simplification of tax declarations in
                                                                                                                                             Advanced Compliance Reporting thru
▪ Closing reasons on hit level to                                                                                                            direct access to status of hits in Tax
  enable automated                                                                                                                           Compliance
  reporting/analysis and classification
  of hits
Integration with Advanced
Compliance Reporting
▪ Direct access to open hits

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   18
SAP Access Control
Additional application connectivity

              Description                                                                                                                                Benefits

Support for Concur* and Cloud for                                                                                                  ▪         Improve security and reduce risk
Customer*                                                                                                                          ▪         Reduce administration cost by
 Centralized access governance                                                                                                              eliminating manual tasks.
  capabilities extended for new business                                                                                           ▪         Increase transparency and visibility
  processes                                                                                                                                  into user, role assignment

   * With SAP Cloud Identity Access Governance integration

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   19
SAP Process Control
S/4HANA Control Monitoring and additional customizing on control assessment and test

              Description                                                                                                                                Benefits

Continuous Control Monitoring in                                                                                                   ▪         Speedup compliance procedure by
S/4 Cloud                                                                                                                                    monitoring the business data
▪        Integrated with different lines of                                                                                        ▪         Quick feedback to business with
         business                                                                                                                            compliance monitoring results
▪        Consume more business content from                                                                                        ▪         Involve more stakeholders for
         S/4                                                                                                                                 evaluation activities
▪        Early alter based on business content
         change
More flexibility in evaluation flow
▪        Multiple lines of review in testing and
         assessment flow

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   20
SAP Audit Management
Extended support for Three Lines of Defense scenario

              Description                                                                                                                                Benefits

Audit Sampling using CCM                                                                                                           ▪         Reduce effort of collecting data and
Procedures                                                                                                                                   working papers when performing
                                                                                                                                             audits
▪        Leverage Process Control CCM feature
         to access different data sources for                                                                                      ▪         Lower TCO by reusing data source
         getting sampling data from ERP system                                                                                               between audit and compliance team
▪        Generate working paper automatically                                                                                      ▪         Better and closer collaboration
         using the sampling data                                                                                                             between assurance providers
Enhanced Integration with PC/RM
▪        Propose Control
▪        Get feedback from compliance team

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   21
Product

SAP Access Control                                                                                                                                                                                                                                                                                                                                                              vision

Standards based application connectivity

              Description                                                                                                                                Benefits

Standards based integration                                                                                                        ▪         Extend access governance
                                                                                                                                             capabilities faster and easier to cloud
▪ Compatible with any SCIM
                                                                                                                                             applications
   (System Cross-domain Identity
                                                                                                                                   ▪         Deliver consistent compliance and
   Management)* application                                                                                                                  governance across a broad number
▪ Industry standard for cloud                                                                                                                of enterprise applications
   applications

   * With SAP Cloud Identity Access Governance integration

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   22
Product

SAP Process Control                                                                                                                                                                                                                                                                                                                                                             vision

Machine Aided Scoping

              Description                                                                                                                                Benefits

Compliance Scope definition in                                                                                                     ▪         Save compliance cost with
intelligent way                                                                                                                              automated scoping procedure
▪        Based on the compliance risk                                                                                              ▪         Focus compliance efforts in critical
         information history                                                                                                                 area to prevent risk
▪        Based on internal external audit results                                                                                  ▪         Find high possibility risk in early
                                                                                                                                             stage
▪        Based on risk analysis and compliance
         status within enterprise
▪        Consider the entire compliance
         environment
▪        Propose compliance scope for review
         and change

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   23
Product

SAP Audit Management                                                                                                                                                                                                                                                                                                                                                            vision

Enhanced Resource Management

              Description                                                                                                                                Benefits

Enhanced resource management
capabilities                                                                                                                       ▪         Provide the flexibility to do audit
▪        Break down audit plan                                                                                                               planning by audit groups
▪        Audit plan work flow enhancement                                                                                          ▪         Keeps an overview for the audit plan
                                                                                                                                             of the whole company
▪        Audit plan overview page
                                                                                                                                   •         Better insights to audit quality and
▪        Define assignment period for auditors
                                                                                                                                             cost through audit analytics
Audit Analytics
▪        Audit Cost Analysis
▪        Audit Engagement Quality Analysis
▪        Follow-up track

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   24
SAP GRC solutions – cloud
Product road map overview – Key innovations

       V1902 – Recent innovations                                                                       V1905 – Planned Q2/20191                                                                          V1908 – Planned Q3/20191                                                                         V1911 – Planned Q4/20191

SAP Cloud Identity Access                                                                        SAP Cloud Identity Access                                                                       SAP Cloud Identity Access                                                                       SAP Cloud Identity Access Governance
Governance                                                                                       Governance                                                                                      Governance                                                                                      ▪ Lower TCO and increase compliance
▪ End-to-end cloud-based access                                                                  ▪ Reduced cost of compliance by                                                                 ▪ Ensure regulatory compliance with                                                               through optimization of SAP S/4HANA
  governance solution                                                                              providing a single point of entry for                                                           Sarbanes-Oxley requirements through                                                             business roles
                                                                                                   employees and managers to request                                                               periodic review of user access                                                                ▪ Improved insights on access security risks
SAP Watch List Screening                                                                           access for SAP Cloud Platform                                                                 ▪ Seamless user and authorization                                                                 across the enterprise (with SAP Analytics
▪ End-to-end cloud-based business                                                                                                                                                                  management along the hire-to-retire                                                             Cloud)
  partner screening service for SAP                                                                                                                                                                business process
  S/4HANA Cloud                                                                                                                                                                                  ▪ Reduced compliance cost through                                                               SAP Watch List Screening
                                                                                                                                                                                                   added user and authorizations support                                                         ▪ Ensure regulatory compliance sanctioned
SAP Data Privacy Governance                                                                                                                                                                                                                                                                        party list screening for U.S.-based
                                                                                                                                                                                                   for SAP Analytics Cloud and SAP
▪ Cloud-based application built to                                                                                                                                                                 Concur solutions                                                                                customers
  support the fulfillment of (legal) data
  privacy requirements                                                                                                                                                                           SAP Data Privacy Governance                                                                     SAP Data Privacy Governance
▪ Streamline compliance efforts through                                                                                                                                                          ▪ Reduced risk of                                                                               ▪ EU GDPR: Generate statistics
  centralized process repositories and                                                                                                                                                             noncompliance: Automatically evaluate                                                           for automatic record of processing
  risk assessments                                                                                                                                                                                 records of processing, data protection                                                          activities, legally required by GDPR
▪ Reduced compliance cost through                                                                                                                                                                  impact assessments and security                                                                 (Art. 30)
  automated privacy control monitoring                                                                                                                                                             business impact analysis                                                                      ▪ Controls framework for DPP risk detection
  framework

1. This is the current state of planning and may be changed by SAP at any time without notice.

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   25
V1905
SAP Cloud Identity Access Governance
Access Certification and support for SAP Cloud Platform services

              Description                                                                                                                                Benefits

Extend Access Analysis and                                                                                                         •         Consistent compliance and
Access Request                                                                                                                               governance for both delivered and
▪ Support for SAP Cloud Platform                                                                                                             custom cloud application services
   services                                                                                                                        ▪         Improve security and minimize
                                                                                                                                             incorrect assignments
▪ Cross system risk analysis
▪ Self-service and automated user                                                                                                  •         Reduce time and effort required to
                                                                                                                                             run periodic access reviews
   provisioning
Access certification
▪ Streamlined access review
   processes and status tracking
▪ Simplified campaign administration

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   26
V1908
SAP Cloud Identity Access Governance
Automated Identity lifecycle management, and SAP Analytics Cloud support

              Description                                                                                                                                Benefits

Extended support for SAP                                                                                                           ▪         Reduce cost and improve security
Analytics Cloud                                                                                                                    ▪         Enables the business to automate
▪ Access governance and                                                                                                                      and manage access
   compliance                                                                                                                      ▪         Streamline and improve the accuracy
▪ Centralized business role                                                                                                                  of role assignments
   management
Identity Lifecycle Management
▪ Integrated feed from
   SuccessFactors
▪ Automated rule-based access
   request
▪ Policy based assignments

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   27
V1908
SAP Data Privacy Governance
Automatic risk evaluation for ROPA, DPIA and SBIA

              Description                                                                                                                                Benefits

Evaluation Engine                                                                                                                  •         Record of Processing Activities and
▪        Flexible definition of evaluation                                                                                                   Data Protection Impact Assessment
         formulas                                                                                                                            are legal requirements of EU General
                                                                                                                                             Data Protection Regulation
                                                                                                                                   •         Security Business Impact Analysis is
                                                                                                                                             the foundation of a Security Risk
Show Detailed Evaluation Result                                                                                                              Framework
                                                                                                                                   •         Solution allows automatic evaluation
•        Record of Processing Activities                                                                                                     of all entries based on standardized
•        Data Protection Impact Assessment                                                                                                   flexible rules
•        Security Business Impact Analysis

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   28
V1911
SAP Cloud Identity Access Governance
Flexible reporting and S/4HANA business role optimization

              Description                                                                                                                                Benefits

Role optimization for SAP S/4                                                                                                             ▪         Simplify role administration and
HANA                                                                                                                                                design
▪        Develop business-oriented roles, based                                                                                           ▪         Better visibility into assignments
         on S/4HANA technical entitlements                                                                                                          and activities in your business
                                                                                                                                                    applications
▪        Align business process functions with
         role definitions
Improved insight on access
security risks
▪        Customized reports and dashboards
         based on governance data
▪        Exception based reporting to more
         easily optimize processes and identify
         anomalies
▪        Track trends, risks and SLA

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   29
V1911
SAP Watch List Screening
Reduced Manual Efforts and more screening scenarios, Screening for US-based customers

              Description                                                                                                                                Benefits

Intelligent Screening                                                                                                              ▪         Reduction of manual decisions due
                                                                                                                                             to automatic closure previously
▪ Identification and automatic closure                                                                                                       detected matches
  of previously manually decided hits
                                                                                                                                   ▪         Support of more refined screening
                                                                                                                                             scenarios due to multiple lists beyond
                                                                                                                                             sanctioned party list
Additional Lists and additional List
                                                                                                                                   ▪         Free choice of content providers
Providers
▪ Enabling multiple list (eg. sanction
  and PEP
▪ Enabling multiple list providers

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   30
V1911
SAP Data Privacy Governance
Statistics for automatic record of processing activities & Controls Framework

              Description                                                                                                                                Benefits

Analyze person related data in S/4                                                                                                 ▪         Get a quick overview where person
Hana                                                                                                                                         related data is stored in the system
▪        Analyze S/4 database for person                                                                                           ▪         Correlate this data with legal ground
         related data                                                                                                                        for processing and retention period
▪        Generate statistics                                                                                                       ▪         Assist the DPO in establishing a
                                                                                                                                             compliance framework
▪        Correlate with Record of Processing
         Activities
▪        Controls framework for DPP risk
         detection

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   31
Wrap-up
Key points to take home

1             Support of hybrid landscapes

              Existing GRC On-Premise applications planned to cover hybrid landscapes and
              applications and support customers through their digital transformation

2             Cloud-based GRC services

              Additional cloud-based SAP GRC services and applications planned to
              complement on-premise offering and support new customer business
              models

3             GRC API Hub

              GRC API Hub planned to become future basis for partner and
              custom application on SAP Cloud Platform to react faster on
              regulatory changes

                                                                                                                                                                                                                                                       This is the current state of planning and may be changed by SAP at any time.
 © 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
 This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   33
SAP Transformation Navigator
Supporting your digital transformation

                                                                                                                                                                                    Move my landscape
                                                                                        SAP                                                                                         Future product map
                                                                                   Transformation
                                                                                      Navigator

                                                                                                                                                                                    Evolve my business
Today                                                                                                                                                                               New capabilities
                                                                                                                                                                                                                                                                                                                                   Future
SAP ERP–centric                                                                                                                                                                                                                                                                                                                    SAP S/4HANA–
product map                                                                                                                                                                                                                                                                                                                        centric product map

                                                                                                                                                                                    Use a greenfield approach
                                                                                                                                                                                    New digital platform

SAP Transformation Navigator provides you with clear guidance to chart the Intelligent Enterprise:
▪ Based on your currently used products, this free self-service produces an individualized report highlighting business value, detailing integration to SAP S/4HANA
  and other cloud products, and explaining transformation services and license information.
▪ With the new time-slider feature, you can even identify the best point in time to engage in your journey to becoming an intelligent enterprise.
▪ Discover the tool and your transformation path at https://support.sap.com/stn.

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   34
Related road maps

For in-depth information and road map updates for specific SAP
governance, risk, and compliance (GRC) solutions, please review
the following related road maps.

Related product road maps available on sap.com/roadmaps:
▪ SAP Access Control
▪ SAP Global Trade Services and SAP S/4HANA for International Trade

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.   35
Learn more
SAP customers and partners

► SAP Road Maps
► SAP Community
► IT Planning Resources
► Innovation Discovery
► SAP Transformation Navigator
► SAP User Groups

► SAP GRC Solutions

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is
provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.
Thank you.
Follow us

www.sap.com/contactsap

Studio SAP | 57823enUS (19/04)

© 2019 SAP SE or an SAP affiliate company. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of
SAP SE or an SAP affiliate company.
The information contained herein may be changed without prior notice. Some software products marketed by SAP SE and its
distributors contain proprietary software components of other software vendors. National product specifications may vary.
These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or
warranty of any kind, and SAP or its affiliated companies shall not be liable for errors or omissions with respect to the materials.
The only warranties for SAP or SAP affiliate company products and services are those that are set forth in the express warranty
statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional
warranty.
In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or
any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation,
and SAP SE’s or its affiliated companies’ strategy and possible future developments, products, and/or platforms, directions, and
functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason
without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or
functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ
materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, and they
should not be relied upon in making purchasing decisions.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered
trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product and service names
mentioned are the trademarks of their respective companies.
See www.sap.com/copyright for additional trademark information and notices.
You can also read