1.
>
GRC
A BearingPoint Accelerator
Working closely with the client, we deliver a rigorous and
effective integrated GRC (Governance, Risk and
Compliance) solution – one that is not only right for the
client, but also available for them.

2.
Contents
Market Drivers
Our Approach
Client Benefits
References
Contact
CLIENT BENEFITSOUR APPROACHMARKET DRIVERS REFERENCES CONTACT< >
GRC | A BearingPoint Accelerator

3.
Market Drivers
Organizations are facing ever-increasing global, local, and industry-specific regulatory challenges.
These challenges have been cumbersome to meet with manual, non-structured efforts in the past - but
with mounting complexities and quantities of regulatory requirements, this becomes impossible.
Organizations need to structure their compliance activities and consider how automation can help
them manage regulatory compliance effectively.
In some areas, with the availability of automated tools, regulators intensify their regulatory
requirements in such a way that impacted organizations have no choice but to use such automated
tools and processes - for example within the area of Anti Money Laundering.
Beyond the external requirements brought forward by regulators, organizations understand more and
more that GRC is not only a cost and a compliance topic, but it can also help shape a more effective,
more streamlined and more transparent organization.
GRC functions are increasingly becoming integrated within the discipline and they connect across
other disciplines such as the finance function.
CLIENT BENEFITSOUR APPROACHMARKET DRIVERS REFERENCES CONTACT< >
GRC | A BearingPoint Accelerator

4.
Market Drivers
Companies face many sources of risk - what
could go wrong, what will go wrong
CLIENT BENEFITSOUR APPROACHMARKET DRIVERS REFERENCES CONTACT< >
GRC | A BearingPoint Accelerator
Risk Sources in Context of PESTEL Analysis: Political, Economic,
Social, Technological, Environmental and Legislative.
Supply Stability
• Bankruptcy of suppliers
Information Security
• Swiss National Bank
• LGT
Theft
• Retail companies typically loose about
10 % of products because of theft
Incorrect Financial Statements
• Enron (2001)
• Worldcom (2002)
• Parmalat (2003)
Environmental Risk
• BP Deepwater Horizon (2010)
• Tepko (Fukushima)
Others (Reputation)
• Shell
• Total
• Glencore
Non Compliance (with Regulation)
• Collaboration
External Fraud
• Google (Chinese environment)
• SecureID
Internal Fraud
• Societe General (2008)
• UBS (2011)
• Gate Group

5.
Market Drivers
Fragmented, manual activities increase cost
and fail to provide strategic value
CLIENT BENEFITSOUR APPROACHMARKET DRIVERS REFERENCES CONTACT< >
GRC | A BearingPoint Accelerator
Executive Management
Lack of Transparency
• Poor visibility into enterprise risk exposure
• Processes are too reactive and defensive
• Fragmentation limits effectiveness of risk
and compliance initiatives
Compliance, Risk and Audit
Lack of resources
• Limited time and personnel to effectively
manage risk and compliance
• Inefficient and costly manual processes
• Inability to proactively mitigate risk events
Business Owners
Lack of Alignment
• Risk and compliance management processes
are not embedded within the business
• Controls are not aligned to key risks
• Limited risk and compliance influence on
business decisions

6.
Our Approach
Based on our SAP©-based GRC R2Go© solution and our experienced consultants, we provide help and guidance every step of
the way – from the overall GRC strategy to specific actions, for example to maintain the right level of access control. We take an
active collaborative approach across the key stages: scoping, blueprinting, implementation, testing, training, and go live. Early on
in the process, we make sure we truly reflect our client's particular situation and issues so that we have a rich and robust scope
rooted in the business, providing the foundation for a faster, more effective solution.
We are constantly evolving our GRC solution to ensure it keeps pace with the most recent developments and delivers the best
possible support. To this end, we work closely with SAP© to take account of new features and functions of the core GRC
software, so we can build as much as possible into our integrated solution.
Furthermore, we maintain relationships with top software vendors within the GRC market to assist clients in choosing the GRC
platform that best fits their needs.
CLIENT BENEFITSOUR APPROACHMARKET DRIVERS REFERENCES CONTACT< >
GRC | A BearingPoint Accelerator

7.
Our Approach
Comprehensive GRC Cycle
CLIENTBENEFITSOUR APPROACHMARKETDRIVERS REFERENCES CONTACT< >
GRC | A BearingPoint Accelerator
Enterprise Risk Management
• Risk Identification
• Risk Response Management
• Risk Reporting
Compliance Management
• Policy Management
• Control Automation
Fraud Management
• Fraud Detection
• Case Management
• Fraud Reporting
IT & Access Risk Management
• Segregation of Duties
• Compliant Identity Management

8.
Client Benefits
With our SAP©-based GRC R2Go© solution, clients can quickly and confidently meet their requirements across four core areas:
Risk Management, Process Control, Access Control and Fraud Management. Uniquely, clients can take all four areas as an
integrated solution to maximize the ease and effectiveness of their risk management and mitigation. We also offer the flexibility
to use one or more areas separately.
Risk catalogues, best practice processes, sample organizational structures and more – we have added a high degree of rich
content across all core areas. This content is drawn from our wide-ranging experience of managing risks across different sectors.
We enable our clients to take advantage of our integrated solution across the entire project lifecycle from scoping to training, to
truly accelerate their GRC initiatives.
CLIENT BENEFITSOUR APPROACHMARKET DRIVERS REFERENCES CONTACT< >
GRC | A BearingPoint Accelerator

9.
References
Project details
• Adaptive solution to manage increasing
data amounts and complexity
• Real time reporting and one click
consolidation features
• Integrate GRC cycle from Access,
Compliance and Risk Management
• Understanding Compliance and Risk
Management and bringing expertise
BearingPoint achievement
• Gather the requirements (workshops with stakeholders)
• Align the solution with the key stakeholders
• Build up a specific prototype to visualize potential
solutions
• Assess the financial impacts of key requirements and
illustrate potential solutions
• Close relationship to SAP to discuss enhancements to
product needed to meet requirements
Client results
• SAP GRC 10.0 Process Control and Risk
Management Blueprint
• Prototype equipped with master data
• Business Processes adapted to the needs but
aligned to SAP product capabilities
• Good understanding of the product for the involved
team
• User Management Integration scenario
Project details
• Develop and implement comprehensive
governance for the SAP user- and
authorization management for all
administration entities.
• The chosen software solution ensures
compliance to the SAP governance,
given the complex environment.
• Raise the Internal Control System
awareness.
• Choosing a particular software.
BearingPoint achievement
• Organizing workshops to gather requirements
• Develop a governance document aligned to business
needs
• Develop and implement a SAP GRC AC 10.0
prototype with the following components
- Access Risk Analysis (ARA)
- Access Request Management (ARM)
• Potential implementation scenarios
• Train stakeholders
Client results
• Fully working SAP GRC 10.0 AC prototype
• SAP Governance
• Business and IT rule set for Segregation of Duties
and critical authorizations
• Implementation scenarios and their financial
impact
• Basis for the software decision, linked with
know-how of the client prototype
SAP GRC 10 Process Control/Risk Management blueprint for a leading automotive supply manufacturer
BearingPoint was engaged to implement and integrate the Process Control and Risk Management modules of SAP`s GRC 10.0 solution.
BearingPoint is engaged to establish a GRC infrastructure in the SAP space which includes the definition of a governance, a client specific risk rule set and a SAP GRC 10.0 AC prototype.
Risk analysis concept and implementation in the public services environment
CLIENTBENEFITSOURAPPROACHMARKETDRIVERS REFERENCES CONTACT< >
GRC | A BearingPoint Accelerator

10.
CLIENT BENEFITSOUR APPROACHMARKET DRIVERS REFERENCES CONTACT<
Contact
Alexa Haisermann
Partner
BearingPoint Germany
alexa.haisermann@bearingpoint.com
Franz Hiller
Partner
BearingPoint Germany
franz.hiller@bearingpoint.com
GRC | A BearingPoint Accelerator
Oliver Engelbrecht
Partner
BearingPoint Germany
oliver.engelbrecht@bearingpoint.com
About BearingPoint
BearingPoint consultants understand that the world of business changes constantly and that the resulting complexities demand intelligent and
adaptive solutions. Our clients, whether in commercial or financial industries or in government, experience real results when they work with us. We
combine industry, operational and technology skills with relevant proprietary and other assets in order to tailor solutions for each client’s
individual challenges. This adaptive approach is at the heart of our culture and has led to long-standing relationships with many of the world’s
leading companies and organizations. Our global consulting network of 9,700 people serves clients in more than 70 countries and engages with
them for measurable results and long-lasting success.
For more information, please visit: www.bearingpoint.com
© 2015 BearingPoint. All rights reserved