Conozca más sobre governance, risk and compliance y tome mejores decisiones de negocios

1. Gobierno Corporativo - Genere confianza al anticipar y
responder efectivamente al riesgo
Bruce Romney
Global Center of Excellence

2. © 2015 SAP AG. All rights reserved. 2

3. © 2015 SAP AG. All rights reserved. 3
Risks remain pervasive, persistent, complex and costly
Causes, indicators drivers and impacts are not connected
Financial
Credit
Hedging
Liquidity
Market
Treasury
Solvency
Operational
Assets Budget
Planning
HR
Marketing
Sales
Product/Services
Supply Chain
Technology
Quality
Human
Behaviour
Outage
IT
DoS
Cybercrime
Access
Security
Data
Loss
Business
Disruption
Political
Fiscal
Riots
Wars
Deficit
Strategic
Strategy
Competition
CorporateGovernance
Reputation
Communication
Succession
Industry
Stakeholders
expectations
Partnerships
Key Resources
Legal
Contracts
LitigationsIP
Privacy
Sustainability
Environment
Climate Change
Ethics
Health
Hazards
Energy
Natural
Resources
Compliance
Regulations
Reporting
Standards
Internal rules
Procedures
Policies
Etc.
Etc.
Etc.

4. © 2015 SAP AG. All rights reserved. 4

5. Riesgo empresarial y
operacional

6. © 2015 SAP AG. All rights reserved. 6
Monitoreo de los umbrales,
eficacia de la respuesta al riesgo,
acciones correctivas
Responder al riesgo
después de equilibrar
costos y beneficios
Entender la exposición al riesgo a
través de un análisis de escenarios,
modelos y otros factores.
Ligar riesgos,
indicadores, causas,
impactos y
respuestas.
Plan de gestión de riesgos
en el contexto que genere
valor a la organización
SAP Risk Management
Preservar los recursos de la empresa y generar valor

7. © 2015 SAP AG. All rights reserved. 7
Generate your risk mapping with the Bow Tie Builder

8. © 2015 SAP AG. All rights reserved. 8
Sample KRI monitoring
Human Resources (HCM)
• Average age of employee
• Average length of service
• Employee Utilization
• Employer-initiated leaving rate (dismissal)
• Time to fill open positions
Environmental Health and Safety
• Number of Incidents/Accidents per period
• Substances not registered with Regulatory
requirements
Supply Chain Management (SCM)
• Actual Capacity Utilization
• Purchase Order Quantity Confirmed
• Quality of Service Provision
Operations
• Accuracy in the Production Plan
• Delayed Services - Total value of delays
• Product Returns
• Rate of order completion
• Sales Figures Comparison
• Warranty claims
Financials
• Actual vs. planned revenue per country
• Budget overrun, compared to plan
• Cash position by day /currency
• Commodities prices
• Days Sales Outstanding
• FX Exposures, Commodity Exposures
• Liquidity Forecast by Day / Currency
• Number of Manual Postings/Period

9. La efectividad de los controles
y el cumplimiento

10. © 2015 SAP AG. All rights reserved. 10
Varios reglamentos generan iniciativas por separado
Board /
Supervisory Board
Office of the CFO
Legal
Sales
Risk Mgmt.
HR
Controlling
IT
Compliance
Mgmt.
Audit Mgmt.
Development
GRC Proj.
Mgmt.
Doc.
Mgmt.
Procure Planning CRM ERP HR PLM
Internes
Kontrollsystem
SOX SHCP /
SAT
INEGISAGARPAIMSS SEMARNAT SECOFI SCTNOM
Risk Mgmt.
Risk Mgmt.
Risk Mgmt.
Risk Mgmt.
Risk Mgmt.
Risk Mgmt.
Compliance
Compliance
Compliance
Compliance
Internal Control
System
Compliance
Internal Control
System
Internal Control
System
Internal Control
System

11. © 2015 SAP AG. All rights reserved. 11
Esto resulta en controles duplicados en un ambiente fragmentado
39% of the respondents say their organization creates new initiative for each
regulatory challenge.”
KPMG Survey
“
85% of internal controls at an average firm are manual.”
Financial Executives Research Foundation“
C10
C1 C1 C3 C4
C5 C6 C7 C8
C9 C11 C9
P1 P3
C15
C10 C11 C1 C3
C12 C12 C5 C7
C14 C9 C11
P7 P8
C15
C10 C11 C1 C3
C12 C12 C5 C17
C14 C19 C11
P13
C15
C10 C11 C1 C3
C12 C12 C5 C17
C14 C19 C11
P13
ISO31000 Basel II FCPA SAS70
P4P2 P5 P6 P10 P11 P12 P10 P11 P12

12. © 2015 SAP AG. All rights reserved. 12
Apoyo a las decisiones y soporte
de evidencia para el
cumplimiento a través de
analíticos
Monitoreo automatizado
basado en excepciones
Evaluar el diseño del control y la
eficiencia. Remediacion de
incidentes
Evaluaciones periódicas de
riesgos para determinar el
alcance y estrategias
Centralización de
documentación de controles y
políticas. Mapeo entre las
organizaciones y las
regulaciones clave
SAP Process Control
Asegurar la efectividad de los controles y el cumplimiento

13. © 2015 SAP AG. All rights reserved. 13
Identificar los problemas mas rápidamente mientras reduce
el tiempo y costo Beneficios
Identificar y analizar con
precisión las excepciones de
control en sistemas SAP y no
SAP
Seguimiento de excepciones a
través de workflows para
garantizar una investigación
oportuna, documentación y
remediación.
Reglas configurables, controles y
reportes predeterminados. Creación
de controles basado en mejores
practicas sin la necesidad de
programación.
Prueba de controles automatizadas

14. © 2015 SAP AG. All rights reserved. 14
Proceso de Compras
Puntos de Control
Identificar y
Calificar
Subcontratista
Evaluar
Ofertas
Adjudicar y
Negociar
Contrato
Implementar
acuerdos
estratégicos
Crear Orden
de
Compra
Disparar OC
al
proveedor
Recibir
Materiales y
Servicios obra
Aplicar
Acuerdos
Términos y
Condiciones
Aplicar reglas
de compra
Ejecutar
Compra
Recibir
Vale
Reciibir
factura
Pagar a
proveedores
Analizar
Desempeño
Ajustar
Contratos
Impulsar la
mejora
continua
¿Se hizo alguna
compra critica
fuera de
corporativo ?
¿Entregan a
tiempo los
proveedores de
materiales
criticos?
¿Se siguieron
las políticas de
compras en los
contratos
adjudicados?
¿Son correctos
los registros
en LibroMayor
Pagar
proveedor
¿Se pagaron
facturas
dobles a
proveeedor?

15. © 2015 SAP AG. All rights reserved. 15
Controles Predeterminados
Financial Close Process
Amount posted to prior period
GL postings - line Item level
GL postings - document type level
GL posting-detail level over deficiency limit
Recurring entries analysis
Recurring entries schedule changes
GL posting-acct level over deficiency limit
Accounting document changes - qty
Accounting document changes
Back posting flag changes
Exchange rate changes
GL changes - chart of accounts level
GL changes - company level
More than two open posting periods
"Permission to post" setting changes
Posting period & fiscal year changes
Treasury
Bank Master Data Changes
Fixed Assets
FA Monthly Depreciation Expense
FA Depreciation Keys Configuration
FA Master Data Changes
FA Account Determination Configuration
FA Depreciation Posting Rules Configuration

16. © 2015 SAP AG. All rights reserved. 16
Controles Predeterminados
Procure to Pay
Vendor master changes
Duplicate invoice parameter changes
Split vendor invoices v. tolerance
Payments without goods receipt
Payments without goods receipt – Company Code
Invoice tolerance setting changes
Overpaid purchase orders
Overpaid purchase orders-Comp. level
Duplicate invoice evaluation
Material price change analysis
Inventory doc differs from system date
Inventory doc differs from sys date- Company Code
Phys Inventory tolerance-doc level
Phys inventory tolerance-line level
Physical inventory tolerance-groups
Standard price change impact
Moving average price change impact
Phys inventory differences-doc level
Phys inventory differences-line level
Source list changes - plant level
Source list changes
POs created without GR reference
Incorrect purchase approval procedure
Inadequate purchase approvers, steps
Doc types w/ incorrect release procedure
POs created - incorrect procedures
POs created - incorrect proc, Doc Level
Changes to "create auto PO" setting
Auto Control: Purchase Transactions with onetime vendors
Auto Control: Vendor Credit notes

17. © 2015 SAP AG. All rights reserved. 17
Vista general de administración de políticas
Monitorear
Efectividad
Crear,
Alcance,
Revisión,
Aprobar y
Publicar
Distribuir
Confirmar
Aceptación vía
Surveys,
Aprobaciones o
Exámenes
Adjuntar la política
existente como una
respuesta al riesgo
Cualquier persona con correo electrónico
(Interna o Externa)
Adjuntar política a
un Control o a un
Riesgo

18. Unificar la función de auditoría

19. © 2015 SAP AG. All rights reserved. 19
SAP Audit Management
Unificar la función de auditoría a toda la organización
Planning
Developing and approving a
risk based audit plan for
approval by the Board
Preparation
Setting objectives, scoping the
audit, assigning resources,
and scheduling the audit
activity
Execution
Identifying and analyzing relevant
information and documenting results
Reporting
Forming an opinion and
disseminating results to
stakeholders
Follow-Up
Monitoring management
progress in resolving actions or
accepting risks

20. © 2015 SAP AG. All rights reserved. 20
Customizable Home Page
 Tile-based home screen,
easy to configure
 One screen for all devices
 Role based authorization
is embedded
 Customized tile is
supported

21. © 2015 SAP AG. All rights reserved. 21
Audit Preparation
 Develop the work program from
draft or from previous programs
and documentation
 Structure with Key Scope, Scope,
and Work Package
 Auditors click on stored template
to bring up attachments and audit
programs
 Promotes collaboration and best
practice sharing among audit
professionals

22. © 2015 SAP AG. All rights reserved. 22
Audit Execution
 Evidence collection with
collaborative mode
 Drag and drop working
paper
 Document your work with
Work Done Notes
 Supervisors can review
audit working papers
 Conduct interviews, gather
information, record evidences, and
prepare findings, conclusions and
recommendations
 Central data storage, easy to
access with search and analytics

23. © 2015 SAP AG. All rights reserved. 23
Audit Reporting
 Generate the final audit report
 Rework is supported
 Communicate with
stakeholders
 Review is in place as required
by standards

24. Cumplir con reglamentos y la
normatividad

25. © 2015 SAP AG. All rights reserved. 25
Varios reglamentos generan iniciativas por separado
Board /
Supervisory Board
Office of the CFO
Legal
Sales
Risk Mgmt.
HR
Controlling
IT
Compliance
Mgmt.
Audit Mgmt.
Development
GRC Proj.
Mgmt.
Doc.
Mgmt.
Procure Planning CRM ERP HR PLM
Internes
Kontrollsystem
SOX SHCP /
SAT
INEGISAGARPAIMSS SEMARNAT SECOFI SCTNOM
Risk Mgmt.
Risk Mgmt.
Risk Mgmt.
Risk Mgmt.
Risk Mgmt.
Risk Mgmt.
Compliance
Compliance
Compliance
Compliance
Internal Control
System
Compliance
Internal Control
System
Internal Control
System
Internal Control
System

26. © 2015 SAP AG. All rights reserved. 26
Unified Regulatory Change Management
IT
Unified Control
SAP Regulation Management by Greenlight
ComplianceBusiness Audit Legal
Requirements Requirements
Solvency
Requirements Requirements Requirements
BaselMultiple
Agencies

27. © 2015 SAP AG. All rights reserved. 27
SAP Regulation Management by Greenlight Technologies
Regulation Intake, Collaboration & Execution
1 Regulatory Citations
 Capture, intake and reporting of
regulations
 Leverage content from UCF, LexisNexis,
Thomson Reuters, etc.
 Regulatory alerts and monitoring
2 Requirements
 Version control and gap analysis
 Delta change management
 Pre-built reports for regulatory
requirements
3
Collaboration
 Central repository for regulatory content,
requirement and reporting
 Comment and interact from start to finish
 Share and review best practices
Workflow
 Dynamic, multi-threaded workflow
capabilities
 Review all or part of citations,
requirements or controls at any time
Control Definition
 Best practice control mapping & content
creation
 Unified control framework for all
regulatory agencies
 Map controls back to citations
4 Controls Management
 Manage, monitor and test controls against
production systems*
Control Automation
 Automatically execute control tests and
import results*
Reporting and Documentation
 Capture, store and report results*
 Manage and maintain findings*
IT ComplianceBusiness Audit Legal
Basel
* With SAP Process Control

28. Beneficie de SAP GRC con más de 5,000 clientes

29. Gracias!
Contact information:
Bruce Romney
bruce.romney@sap.com