esos PDF js viewor Customer : Reimagine Risk and Compliance with SAP GRC/ SAP Ariba November 2016 hitp:gn sap.convbrazildocumects/2018/1Vaa cacf-97¢-0010-82¢7-oda7 af atm ‘28Qual a importancia da conformidade dentro das empresas hoje?esos PDF js viewor What is GRC? “GRC is the integrated collection of capabilities that enable an organization to reliably achieve objectives while addressing uncertainty and acting with integrity - this is the outcome that we call Principled Performance.” oces “Every organizational business function and process is governed in some way to meet objectives. Each of these objectives has risks, as well as controls that increase the likelihood of success (or minimize the impact of failure). These are the fundamental concepts of GRC.”2 Forrester ee rea or as Stee a Be ca een ema Re ur ae vee oz E of an SAP afta hitp:gn sap.convbrazildocumects/2018/1Vaa cacf-97¢-0010-82¢7-oda7 af atmesos POF js viewer Why do we need brakes? SO os hitp:gn sap.convbrazildocumects/2018/1Vaa cacf-97¢-0010-82¢7-oda7 af atm 48esos POF js viewer Trends impacting governance, risk, and compliance practices Regulatory requirements Streamline compliance process and reporting New business models Safeguard profitability and growth OO OO Economic and political uncertainty Mitigate external and strategic risk Digital transformation Secure transactions and data across hybrid IT landscapes hitp:gn sap.convbrazildocumects/2018/1Vaa cacf-97¢-0010-82¢7-oda7 af atmesos POF js viewer Escalating challenges in risk, compliance, and security Changing Pressure on Disruptive Performance Increased : Ps 4 economic performance innovation Seca (egal) and political and and i requirements a a ST One 4 conditions profitability technology Supply chain Fines and Political and Mergers and acquisitions Digitalization of breakdown sanctions economic crises vs. consolidation products and services Mitigate risk and Automating External and Safeguarding Leveraging innovation improve compliance process _ strategic risk mitigation profitable to secure the performance and reporting growth organization ed hitp:gn sap.convbrazildocumects/2018/1Vaa cacf-97¢-0010-82¢7-oda7 af atm a8Como problemas de conformidade impactam o valor da empresa, sua imagem e reputagao?Market share Operational Costs Not Compliantesos POF js viewer What are these fines for? $1.45 Billion in Penalties for Bank that Concealed Transactions with Sanctioned Parties (march 2015) ‘The Justice Department announced March 12 that a global financial institution headquartered in Germany and its New York branch have agreed a total of $1.45 billion in penalties for concealing hundreds of millions of dollars in transactions prohibited by U.S. sanctions laws on behalf of Iranian and Sudanese businesses, Soutee: vn strrade comnews-publications-sconomic-sanctions-panaities: 03 Coutts Bank has been fined £8.75m (March 2012) Coutts Bank has been fined £8,75m and severely censured by the UK's Financial Services Authority (FSA) for failing to undertake sufficient anti-money laundering checks on their customers source: eee Sac) Diebold agrees to Pay $25.2 M Penalty (October 2013) The SEC alleges that Diebold spent approximately $1.6 million on leisure trips, entertainment, and other improper gits for government bank officials in China, During this same time period, the SEC alleges, Diebold spent over $147,000 on leisure trips and entertainment for offcials of government banks in Indonesia. As alleged in the complaint, Diebold executives in charge of the company’s operations iin Asia knew of these improper payments, which were falsely recorded in Diebold’'s books and records as training or other legitimate business expenses, crated comuptprasticesact MoneyGran, one of the world’s largest remitters, fined $122,400 by AUSTRAC (Jan 2015) MoneyGram Payment Systems, has been fined AS122,400 for contraventions of Australia's anti-money laundering and counter-terrorism financing laws. asnsorsestargest hitp:gn sap.convbrazildocumects/2018/1Vaa cacf-97¢-0010-82¢7-oda7 af atm 98.esos PDF js viewor You ‘2 T8MILLION . ‘og hitp:gn sap.convbrazildocumects/2018/1Vaa cacf-97¢-0010-82¢7-oda7 af atm 028esos POF js viewer Integrated GRC vs no GRC process ... It'S an expensive call to ignore Bee i 42% wR = redundant ‘activities j lz nT eee eee 40% HIGHER : 38% HIGHER : 48% HIGHER data management costs personnel costs i operational costs hitp:gn sap.convbrazildocumects/2018/1Vaa cacf-97¢-0010-82¢7-oda7 af atm 1128Em que medida a transformagao digital impacta a integragao e o fluxo de processos entre as areas de Compras & Suprimentos e Conformidade?esos POF js viewer Digital business requirements Balancing Live insight Managing more innovation and risk into the business complex regulations Cee ee hitp:gn sap.convbrazildocumects/2018/1Vaa cacf-97¢-0010-82¢7-oda7 af atm 1928esos POF js viewer Reimagine risk and compliance with SAP Ariba/ SAP GRC solutions Embed compliance Gain insight Strengthen the business hitp:gn sap.convbrazildocumects/2018/1Vaa cacf-97¢-0010-82¢7-oda7 af atm 1428esos POF js viewer Embed compliance with SAP Ariba Controllable and repeatable process Visibility & Controllable & Automated process with stendard polcies and templates Audit trail oe ae a ar ens —_—— Visibility & Tracking of Collaboration between Buyer and Supplier ea sources \)MPIEMENE, invoice, Monitor Leer ag pena ETE Contract compliance assured Seway match & payment against contract terms Standard Approved Vendor List with formal set-up process Defined, managed and auditable PO approval Review employee ‘expenses against policy Non-PO invoice validation Embed governance and compliance by integrating P2P Processes with control, visibility and contract compliance hitp:gn sap.convbrazildocumects/2018/1Vaa cacf-97¢-0010-82¢7-oda7 af atmesos POF js viewer Embed compliance with SAP Ariba P2P processes SS = Area Example: Requisitioning, Invoicing, Contract Compliance - ~ Risk Poor processes, lack of visibility, and no documentation =a a ee eee ° Risk will vary by process and by category . +Can purchases be made without proper approval? ri Questions +Can systems and data integration errors lead to misstatements? | 1 | asked by +Can requesters buy from unauthorized vendors? . *Are non-PO invoices checked for proper usage and approval? audit Solution In Ariba Procurement onDemand *Must have a controllable process *Must put SPEND through the process +Must have visibility to both the process and the spend Embed governance and compliance by integrating P2P Processes with control, visibility and contract compliance ed hitp:gn sap.convbrazildocumects/2018/1Vaa cacf-97¢-0010-82¢7-oda7 af atm 08esos POF js viewer Gain insight with SAP GRC QS) Visualize links between risk drivers and impacts Predict unusual patterns in transactions Monitor with management by exception Gain insight to help make better decisions. Visualize and predict how risk may impact performance. sma. hitp:gn sap.convbrazildocumects/2018/1Vaa cacf-97¢-0010-82¢7-oda7 af atmesos POF js viewer | Strengthen the business with SAP GRC Anticipate risk and compliance events to minimize impact Prepare with a variety of preventive actions Respond quickly to regulatory changes Not Startea Past aue Strengthen the business by employing the right combination of SAP GRC solutions. tale hitp:gn sap.convbrazildocumects/2018/1Vaa cacf-97¢-0010-82¢7-oda7 af atm aneProblemas mais comuns encontrados e como sao feitos os controles?esos POF js viewer Screening list entities Content providers PST, AG Go MKDATA _[sanktionslisten!de customsinfo SOMITE THOMSON SERVICES Joins with DESCARTES DOW 1onEs. hitp:gn sap.convbrazildocumects/2018/1Vaa cacf-97¢-0010-82¢7-oda7 af atmesos POF js viewer Know your Business Partner Screening list entities © & OR © oR OR © or... °° fs = — = = - —= = Fs The Business Partner 21128 hitp:gn sap.convbrazildocumects/2018/1Vaa cacf-97¢-0010-82¢7-oda7 af atmesos POF je viewer Know your Business Partner (cont.) Address List Entity 6: ‘Address List Entity ina ‘Address List Entity s7988 foress List Entity He areas = Entity ade Address List Entity Andrey V 93546 Alright resened. 008 Adare Address List List Entity 08 hitp:gn sap.convbrazildocumects/2018/1Vaa cacf-97¢-0010-82¢7-oda7 af atm 28esos POF js viewer Fraud: the challenge is pervasive Not going down: 5 Of, the typical organi the typical organization loses 5% of its revenues to fraud Going Up: $3 7 2013 estimated and projected global total fraud loss. trillion ‘Source: 2014 Report to the Nations on Occupational Fraud and Abuse, ‘Association of Certified Fraud Examiners hitp:gn sap.convbrazildocumects/2018/1Vaa cacf-97¢-0010-82¢7-oda7 af atm 2308esos POF js viewer Fraud Managemen Pre-Defined Rules for Internal Fraud and Compliance =Iy Vendors & yi 4 * Frequent changes in vendor master data Service Providers * Vendors located in high-risk countries Payments ¥¢€ + Smurfing on outgoing payments (split-invoices) $ * Irregularities in payments to vendors Customers * Customers located in high-risk countries Rid * Bank account and address in different countries * List screening (eg. PEP lists) Accounting a Accounting documents posted on exceptional dates Procurement *« Address screening Conflicts of interest Irregularities in purchase orders Invoices * Irregularities in invoices + High-value keyword search Travel Expenses & Irregularities in travel expenses Compliance + Foreign Corrupt Practices Act * Anti-Bribery Act List: Business Content hitp:gn sap.convbrazildocumects/2018/1Vaa cacf-97¢-0010-82¢7-oda7 af atm 2028esos POF js viewer Fraud Management for Industry and External Fraud Simple Rule Creation in Project or by Partners Insurance we Public Sector Rid Banking om Irregularities in reported claims/losses Identification of fraudulent individuals ‘Verification of claims in the context of coverage and other claims Tax retums / registration Social service applications Antiemoney laundering Countering terrorist financing Payment fraud and credit theft Telecommunication Hacked SIM cards Retail Loss detection at Point of Sale (POS) Oil & Gas = Theft of fuel + Imegularities in pricing hitp:gn sap.convbrazildocumects/2018/1Vaa cacf-97¢-0010-82¢7-oda7 af atm 2808esos POF js viewer Three lines of defense Operational business, GRC professionals, and internal audit Desired state Neither gaps in controls, nor unnecessary duplication of coverage Reality (Examples) Disconnected silos Duplication of work “GRC professionals” (Risk mgmt, security, quality, ...) O Cc a Operational business Only 1 or2 lines Lines only for specific functions (eg. for IT, for financial reporting, ...) hitp:gn sap.convbrazildocumects/2018/1Vaa cacf-97¢-0010-82¢7-oda7 af atm 2508esos POF js viewer Assurance and Compliance — One Platform — Multiple Solutions Compliance Industry- and Use Cases Internal Fraud Cate] (e.g. Tax- ery elle) Audit Planning and Execution One Source of Data — One Operational Concept — Shared Methodologies hitp:gn sap.convbrazildocumects/2018/1Vaa cacf-97¢-0010-82¢7-oda7 af atm 2708esos POF js viewer Nayla Santos a n yo u Business Development Manager - SAP Ariba Joao Paulo Fortes Centro de Exceléncia SAP GRC - Latin América hitp:gn sap.convbrazildocumects/2018/1Vaa cacf-97¢-0010-82¢7-oda7 af atm 208