SAP - TINET - Tarragona Internet
ron
2019-08-04 20:01:32 UTC
#1
xviii SAP GRC For Dummies
Introduction ................................................................. Part I: Governance, Risk, and Compliance Demystified.... Chapter 1: The ABCs of GRC ............................................................................................. Chapter 2: Risky Business: Turning Risks into Opportunities.................................... Chapter 3: Governance: GRC in Action.......................................................................... Part II: Diving into GRC .............................................. Chapter 4: How Sarbanes and Oxley Changed Our Lives ...........................................Prevent It....................................................................................................................... Chapter 5: Fraud, Negligence, and Entropy: What Can Go Wrong and How to Chapter 6: Access Control and the Role of Roles....................................................... Chapter 7: Taking Steps toward Better Internal Controls ......................................... Chapter 8: It’s a Small World: Effectively Managing Global Trade ........................... Part III: Going Green ................................................ Chapter 9: Making Your Company Environmentally Friendly .................................. Chapter 10: Keeping Employees Healthy and Safe..................................................... Chapter 11: Making Your Business Processes Environmentally Friendly ............... Chapter 12: Making Your Products Environmentally Friendly ................................. Part IV: Managing the Flow of Information................. Chapter 13: Sustainability and Corporate Social Responsibility ............................. Chapter 14: IT GRC ......................................................................................................... Chapter 15: Turning On the Lights with GRC and CPM ............................................ Part V: The Part of Tens ............................................ Chapter 16: Top Ten GRC Strategies ............................................................................ Chapter 17: Ten Best Practices in Global Trade ......................................................... Chapter 18: Ten Groups of GRC Thought Leadership Resources ............................ Glossary................................................................... Index ....................................................................... Introduction ..................................................................About This Book............................................................................................... Foolish Assumptions ....................................................................................... How This Book Is Organized...........................................................................Part I: Governance, Risk, and Compliance Demystified .................... Part II: Diving into GRC .......................................................................... Part III: Going Green ............................................................................... Part IV: Managing the Flow of Information.......................................... Part V: The Part of Tens......................................................................... Glossary................................................................................................... Icons Used in This Book .................................................................................. Where to Go from Here.................................................................................... Part I: Governance, Risk, and Compliance Demystified ....Chapter 1: The ABCs of GRC.Getting to Know GRC ....................................................................................... Getting in the Business Drivers’ Seat .......................................................... Getting Motivated to Make the Most of GRC ..............................................Complying with financial regulations ................................................ Failing an audit ..................................................................................... Experiencing a rude awakening.......................................................... Going from private to public............................................................... Managing growth .................................................................................. Taking out an insurance policy........................................................... Managing risk ........................................................................................ Reducing costs...................................................................................... Struggling with the high volume of compliance ............................... Introducing the GRC Stakeholders...............................................................GRC stakeholders inside a company ................................................. GRC stakeholders outside a company............................................... Understanding GRC by the Letters ..............................................................Governance ........................................................................................... Risk ......................................................................................................... Compliance ........................................................................................... C Is for Compliance: Playing by the Rules ..................................................Controls: Mechanisms of compliance................................................ Domains of compliance ....................................................................... R Is for Risk: Creating Opportunity.............................................................. G Is for Governance: Keeping Focused and Current.................................. Hitting the Audit Trail.................................................................................... Designing Your Approach to GRC ................................................................After the rush to clean up ................................................................... Stages of GRC adoption ....................................................................... What GRC Solutions Provide ........................................................................ Chapter 2: Risky Business: Turning Risks into Opportunities.Discovering Enterprise Risk Management .................................................. Defining Risk ................................................................................................... Ignoring Risk (At Your Peril)......................................................................... Sorting Through the Approaches to Risk Management ............................The ad hoc approach ........................................................................... The fragmented approach................................................................... The risk manager’s job approach....................................................... The systematic, enterprise-wide approach ...................................... A cultural approach ............................................................................. Risk Management Framework................................................................... Identifying the Critical Components of a SuccessfulA culture that takes risk seriously, from the C-suite down .............responsibility throughout the culture ........................................... A risk management organization: Distributing A systematic framework in place ....................................................... Technology that creates a risk picture .............................................. Taking the Four Steps to Enterprise Risk Management ............................Risk planning......................................................................................... Risk identification and analysis .......................................................... Risk response ........................................................................................ Risk monitoring .................................................................................... Analyzing What Went Wrong: When Risk Becomes Reality ...................... Automating the Risk Management Cycle .................................................... Taking the SAP Approach: SAP GRC Risk Management ............................SAP GRC risk management and key risk indicators .........................SAP GRC Risk Management ............................................................. Monitoring risks and key risk indicators with Using SAP GRC Risk Management: A Fictional Case Study .......................Where should we produce?................................................................. Using SAP Risk Management: An SAP Case Study ..................................... Gleaning the Benefits of SAP GRC Risk Management ................................ Chapter 3: Governance: GRC in Action.Getting to Know Governance........................................................................ Gleaning the Benefits of Good Governance ................................................ Drafting Governance Blueprints................................................................... Creating a Framework for Great Governance ............................................. Evaluating Your Governance Framework....................................................From a strategic and operational perspective ................................. From a legal and regulatory compliance perspective ..................... Hurdles to Instituting and Maintaining a Good Framework .....................Avoiding GRC silos ............................................................................... Making GRC strategic........................................................................... Justifying the cost of GRC ................................................................... Applying GRC too narrowly................................................................. Setting up checks and balances ......................................................... Making the Argument for Automation......................................................... The SAP Approach: Integrated Holistic IT for GRC.................................... Coming to Grips with Governance ............................................................... Part II: Diving into GRC...............................................Chapter 4: How Sarbanes and Oxley Changed Our Lives.Figuring Out Whether SOX Applies to You ................................................. Discovering Why SOX Became Necessary .................................................. Who Are Sarbanes and Oxley, Anyway? ...................................................... Breaking Down SOX to the Basics................................................................with a big stick .................................................................................. Sections 302 and 906: Threatening management Section 404: Ensuring a healthy immune system ............................. What does Section 404 mean for business? ...................................... Information Technology: SOX in a Box........................................................IT frameworks: Your template for compliance ................................. COSO’s control framework .................................................................. The SOX ripple effect ......................................................................... Paying Up: What’s SOX Going to Cost You? ..............................................SOX Costs Then .................................................................................. SOX Costs Now ................................................................................... Setting the Record Straight ......................................................................... Other Laws You Need to Know About ....................................................... We’re All In This Together: Convergence ..................................................Japan’s J-SOX ...................................................................................... Australia’s CLERP-9 ............................................................................ Canada’s C-11 ...................................................................................... Basel II.................................................................................................. Sorting Out the Benefits of SOX ................................................................. What Can Go Wrong and How to Prevent It. Chapter 5: Fraud, Negligence, and Entropy:Defining Fraud ..............................................................................................Motivations for fraud ......................................................................... Sowing the seeds of fraud ................................................................. Some common examples of fraud .................................................... The Barings Bank scandal: Operations risk extraordinaire .......... Negligence: More Likely Than Fraud ......................................................... Entropy: Errors, Omissions, and Inefficiencies ........................................ Cleaning Up: The Mop-Up Operation.........................................................Thinking like an auditor..................................................................... Making the computer your auditor.................................................. Chapter 6: Access Control and the Role of Roles.Understanding Access Control and Roles................................................. Getting a Handle on Access Control ..........................................................Users and permissions ...................................................................... The roles revolution........................................................................... How Access Control Got Messy .................................................................Every user is different........................................................................ Virtual things are hard to track ........................................................ IT and business don’t speak the same language ............................ Exceptional circumstances dictate exceptional access ................ Large scale increases complexity..................................................... Getting Clean ................................................................................................Figuring out where you stand ........................................................... Staying Clean ................................................................................................ Managing Exceptional Access .................................................................... The SAP Approach: SAP GRC Access Control .......................................... Where Do You Go from Here? ..................................................................... Chapter 7: Taking Steps toward Better Internal Controls.Understanding Internal Controls ............................................................... Exploring the Benefits of Better Controls .................................................Benefit one: Business process improvement.................................. Benefit two: Management by exception .......................................... Benefit three: Real-time monitoring ................................................. Benefit four: Mindset changes .......................................................... Seeing How Automating Controls Makes Things Easier.......................... Taking Five Steps to Better Internal Controls...........................................Documentation: The mapping exercise ........................................... Testing: Real-time and historical ...................................................... Remediation: Fixing the problem ..................................................... Analysis: Reports for management .................................................. Optimization: Barring risk ................................................................. Getting to Know the SAP Approach: SAP GRC Process Control.............Single system of record ..................................................................... Continuous monitoring...................................................................... Out-of-the-box monitoring................................................................. End-to-end internal controls ............................................................. Managing Global Trade. Chapter 8: It’s a Small World: EffectivelyUnderstanding Four Reasons Why Global Trade Is So Complex ...........Long supply chains ............................................................................ New regulations and security initiatives ......................................... Modernization of government IT systems ...................................... Increasing complexity of regulations............................................... Figuring Out the Complexities of Importing .............................................Classifying an item: What is it? ......................................................... Making way for the goods: Pre-clearance ....................................... Making it through: Clearing Customs .............................................. Reconciling value: The step most often missed ............................. Getting the lead out: Brand protection............................................ Making Sure You’re Complying with All 19,Exporting Restrictions .............................................................................Knowing who you’re dealing with .................................................... Obtaining the right export licenses ................................................. Knowing how the product will be used ........................................... Taking Advantage of the System: Trade Preference Management......... Discovering the Different Ways to Manage Global Trade ....................... Using the SAP Approach: SAP GRC Global Trade Services..................... Part III: Going Green .................................................Chapter 9: Making Your Company Environmentally Friendly.Processes, and Products ......................................................................... Discovering the Three Ps of Going Green: People, Going Green: It’s Not Just for Tree-Huggers Anymore............................. Understanding Why Your Company Should Go Green ............................ Going Green Is Good Business....................................................................Enhance your image........................................................................... Build trust with regulatory authorities ........................................... Influence future events ...................................................................... Implementing Green Practices ...................................................................Trees matter........................................................................................ Let there be (green) light!.................................................................. Water: To bottle or not to bottle?..................................................... Reduce your risk ................................................................................ Going Green Is also the Law........................................................................Compliance .........................................................................................relations nightmares ...................................................................... Risks of noncompliance: Fines and public A Final Word About Going Green ............................................................... Chapter 10: Keeping Employees Healthy and Safe.Keeping Your Employees Safe and Healthy: The Big Picture .................Enabling and maintaining good health ............................................ Avoiding accidents ............................................................................. Healthy benefits equal employee recruitment retention .............. Moving Down the Road to Zero Accidents ...............................................and safety program......................................................................... Organizing and managing a comprehensive health Assessing risks.................................................................................... Standardizing your procedures ........................................................ Managing accidents ........................................................................... Inspecting your sites and creating new safety measures.............. Educating your employees................................................................ Making the Case for Automation and Integration .................................... Taking the SAP Approach to Employee Health and Safety .....................The Occupational Health module .................................................... The Industrial Hygiene and Safety module ..................................... Environmentally Friendly. Chapter 11: Making Your Business ProcessesDiscovering Ways in which All Companies Can Go Green ...................... Reducing Your Energy Use and Costs........................................................Resources and Materials ......................................................................... Building, Renovating, and Cleaning with SustainableBegin at the beginning with green design ....................................... Pick the right spot .............................................................................. Crunch your numbers........................................................................ Make friends with your site plan ...................................................... Reduce unnecessary strains on your HVAC.................................... Exploit the advantages of technology ............................................. Command the water........................................................................... Use green and recycled building materials ..................................... Build smart, build green .................................................................... Renovate green ................................................................................... Clean green.......................................................................................... Recycle................................................................................................. Reducing travel................................................................................... Getting LEED Certified ................................................................................. Assessing Your Environmental Risks......................................................... Greening Manufacturing..............................................................................Green legislation ................................................................................. EPA Clean Air Act................................................................................ EPA Clean Water Act........................................................................... Waste Electrical and Electronic Equipment (WEEE)...................... Adopting Green Practices for Manufacturing...........................................Establish an energy management program..................................... Reduce emissions............................................................................... Reduce waste ......................................................................................Deal with hazardous substances ...................................................... Optimize occupational health .......................................................... Promote industrial hygiene and safety............................................ Ensure product safety........................................................................ Environmentally Friendly ........................................................................ Taking the SAP Approach to Making Your ProcessesSAP Environmental Compliance .......................................................SAP Environment, Health, and Safety........................................... SAP Waste Management: A core component of Chapter 12: Making Your Products Environmentally Friendly.Environmentally Friendly ........................................................................ Discovering What It Takes to Make Products Figuring Out What Your Materials Are and What They Do .....................Defining hazardous materials ........................................................... Defining dangerous goods ................................................................. Realizing the Benefits of Compliance ........................................................The benefits of complying................................................................. The risks of failing to comply ........................................................... Using Hazardous Materials Responsibly...................................................Customer compliance management ................................................ Supplier compliance management ................................................... Compliance reporting ........................................................................ Comprehensive task management ................................................... Working with Hazardous Materials ............................................................Packing................................................................................................. Materials communications................................................................ Transporting materials ...................................................................... Keeping Up with Materials Legislation......................................................Toxic Substances Control Act (TSCA) .............................................Chemicals (REACH) ........................................................................ Registration, Evaluation, Authorization of Reduction of Hazardous Substances (RoHS) .................................. Exploring the SAP Approach to Product Compliance .............................Compliance for Products by TechniData (CfP) .............................. SAP EH&S............................................................................................. Part IV: Managing the Flow of Information .................Chapter 13: Sustainability and Corporate Social Responsibility.Discovering the Great Power and Responsibility of Big Companies ..... Getting the Lowdown on Sustainability .................................................... Discovering Why Sustainability Is Good Business...................................Managers recognize sustainability as a top priority ..................... Stakeholders exert pressure ............................................................. Sustainable businesses have better access to capital................... Government regulations increasingly require it............................. Sustainability helps you manage risk .............................................. CSR protects your brand image........................................................ It helps you attract and keep the best employees ......................... CSR is ethical ...................................................................................... It helps business planning and innovation ..................................... CSR increases profits ......................................................................... Discovering the Possible Downside of CSR .............................................. Managing Sustainability Performance .......................................................The current reporting process is a mess ........................................ New tactics are required ................................................................... Discovering Why an Automated Solution Is Needed ...............................Sustainability reporting is a recurring problem ............................. Huge amounts of data are involved ................................................. Integration is a plus............................................................................ Automation creates supply chain transparency ............................ Automation means auditability ........................................................ Automation yields analytics and benchmarks ............................... An IT solution speeds distribution of data ..................................... Chapter 14: IT GRC.Getting a Handle on What IT GRC Is .......................................................... Understanding IT Governance in Terms of Risk and Compliance .........In terms of risk .................................................................................... In terms of compliance ...................................................................... Keeping up with the pace of change ................................................ Securing Your Software Applications ........................................................Taking basic application security measures................................... Consolidating security solutions...................................................... Making friends with the IT department........................................... Keeping the Kimono Closed: Data Privacy ............................................... Protecting Key Corporate Assets: Intellectual Property.........................Cinching Up the Kimono.................................................................... Leveraging the network ..................................................................... Other ways data can walk away ....................................................... Protecting IT assets............................................................................ Communication .................................................................................. Chapter 15: Turning On the Lights with GRC and CPM.Turning On the Lights with CPM ................................................................ Making the Case for CPM and GRC Integration ........................................Understanding obstacles to integration.......................................... Instrumenting the enterprise............................................................ Collecting the payoff from CPM and GRC integration ................... Supplier concentration ...................................................................... Loan processing.................................................................................. Seeing CPM and GRC Integration in Practice............................................The intersection of actuals ............................................................... Strategy, risk, and planning............................................................... Governance and strategy .................................................................. Discovering the Reusable Technology of GRC .........................................Repository ........................................................................................... Document management..................................................................... Case management .............................................................................. Workflow.............................................................................................. Process modeling ............................................................................... Policy engine ....................................................................................... Rule engine .......................................................................................... Controls ............................................................................................... Reporting ............................................................................................. Standardized interfaces to components ......................................... Composite apps on the platform...................................................... Part V: The Part of Tens .............................................Chapter 16: Top Ten GRC Strategies.Evaluate Which of the Most Prevalent GRC Issues Apply to You .......... Adopt Best Practices ................................................................................... Implement Key GRC Strategies................................................................... Set Yourself Up for Success ........................................................................ Watch Out for Danger Signs ........................................................................ Define GRC Roles and Responsibilities ..................................................... Shake Down the People Who Know ........................................................... Move to Strategic Adoption of Automated Controls ............................... Adopt Strategies for Cleaning Up Access Control ................................... Getting Your GRC Project Going and Keeping It Going ........................... Chapter 17: Ten Best Practices in Global Trade.Automate or Else .......................................................................................... Don’t Go to Pieces........................................................................................ Make Sure You Can Trust Your Partners ................................................... Avoid Importing Delays ...............................................................................Documenting Processes .......................................................................... Get On Board with the Government’s High-Tech Know Who is Allowed at the Party ............................................................ Know Who You’re Shipping to .................................................................... Get the Right Licenses ................................................................................. Take the Free Money.................................................................................... Leave a Paper Trail ...................................................................................... Chapter 18: Ten Groups of GRC Thought Leadership Resources.GRC Resources .............................................................................................Web sites ............................................................................................. Blogs..................................................................................................... Online journals ................................................................................... Risk Resources .............................................................................................Web sites ............................................................................................. Blogs..................................................................................................... Books ................................................................................................... SOX Resources .............................................................................................Web sites and forums......................................................................... Books ................................................................................................... Financial Compliance Resources ...............................................................J-SOX .................................................................................................... Basel II.................................................................................................. Foreign Corrupt Practices Act .......................................................... Access Control and Process Control Resources ......................................Web sites ............................................................................................. Articles................................................................................................. Wikis..................................................................................................... IT GRC Resources.........................................................................................Blogs..................................................................................................... Global Trade Resources ..............................................................................Web sites ............................................................................................. Blogs..................................................................................................... Employee Health and Safety Resources ....................................................Web sites and online journals........................................................... Blogs..................................................................................................... Articles................................................................................................. Going Green Resources ...............................................................................Web sites ............................................................................................. Wikis..................................................................................................... Articles................................................................................................. Blogs..................................................................................................... Books ................................................................................................... Sustainability Resources .............................................................................Web sites ............................................................................................. Articles................................................................................................. Blogs and books ................................................................................. Glossary ................................................................... Index ........................................................................
