GRC_2016_US_Brochure

Las Vegas • March 15–18
GRC2016The premier event for organizations using
SAP®
GRC solutions to analyze risk,
optimize controls, detect and prevent fraud,
and enable compliance
A collaboration of and
www.grc2016.com
@InsiderGRC | #GRC2016

| 2
For more information and to register, visit www.grc2016.com or call SAPinsider at +1-781-751-8700
O V E R V I E W
Pre-Conference
Workshops
Main Conference
Monday, March 14
8:00 am Registration
9:00 am Pre-Conference
Workshops
12:00 pm Lunch
1:00 pm Pre-Conference
Workshops
6:00 pm Pre-Conference
Workshops
Conclude
Tuesday, March 15
9:00 am Keynote Panel
10:30 am Refreshment Break
11:00 am Breakout Sessions
12:15 pm Lunch
1:30 pm Breakout sessions
2:45 pm Refreshment Break
3:15 pm General Session
4:45 pm Breakout Sessions
6:00 pm Welcome Reception
6:15 pm Ask the Experts
7:15 pm Day 1 Concludes
Wednesday, March 16
7:45 am Speed Networking
11:45 am Lunch
6:00 pm Cocktail Hour
6:15 pm Ask the Experts
Thursday, March 17
11:45 am Lunch
2:15 pm Meet the Exhibitors
Friday, March 18
12:45 pm Conference
Concludes
Few would argue that Boards of Directors, CEOs, and other senior business
leaders expect finance and compliance departments to evolve into more strategic
business partners, but getting there will require new levels of technological and
process-related innovation.
Financials 2016 and GRC 2016 exist to help you get a step ahead of that curve.
Plan now to join us in Las Vegas and learn how new technologies are enabling
finance, risk, and compliance operations to provide better data to line-of-business
decision makers more quickly than ever before, how to use those technologies
to facilitate process optimization and cost reduction, and how to more effectively
translate data into analysis that can be used to drive meaningful and measurable
improvements in business performance.
This event is your opportunity to network with peers and directly access SAP
solutions experts who are here to help you achieve your most critical goals.
Please join us, your industry peers, and the SAP ecosystem in March, and leave
with a toolbox full of new ideas and insights to help you realize the full value and
potential of your SAP landscape.
I look forward to seeing you in Las Vegas.
Best Regards,
Ivo Bauermann
Global Vice President and General Manager, EPM Solutions, SAP

| 3
O V E R V I E W
Monday, March 14
Pre-Conference Workshops
Special three-hour Pre-Conference Workshops hosted on this day offer you the opportunity to fortify
your understanding of key SAP concepts and technologies, explore new trends and strategies, and
enhance your learning experience at the main conference. Advance sign-up is required.
Page 5
Tuesday, March 15 – Friday March, 18
Main Conference
Track 1 GRC leadership, process, and strategy
Business cases and blueprints to align your GRC roadmap with real-world business priorities
Page 9
Track 2 Access control, role design, and segregation of duties
Expert advice and customer stories on the detection, prevention, and remediation of system access violations
Page 12
Track 3 IT governance and security
Techniques to protect your SAP landscape and safeguard your data in the age of cloud and mobile
Page 17
Track 4 Process control, control automation, and continuous control monitoring
Guidance to automate and optimize control monitoring, control management, and compliance
Page 20
Track 5 GRC reporting and analytics
Tips and techniques to maximize visibility into your risk and compliance data
Page 23
Track 6 Implementations, integration, and upgrades
Advice and how-tos to get your GRC solutions up and running, optimize their performance, and connect the dots
between them
Page 25
Track 7 SAP risk, fraud, and audit management solutions
Expert advice to minimize risk and maximize assurance and compliance
Page 28

| 4
O V E R V I E W
Educational and Networking Opportunities
In-depth Sessions
Top experts from SAP, leading independent
consulting firms, and your industry counterparts
present roadmaps, tips, tricks, best practices, and
strategic recommendations that you can immediately
put to use upon returning to the office.
Customer Case Studies
Hear how leading companies tackle their
projects and initiatives. Take away best
practices and methodologies taught by the companies
that use them, and learn how to better utilize your existing
technology and plan for the future. Hear how your peers
have shortened project times, cut costs, evaluated key
criteria, and ultimately achieved success on massive, high-
stakes initiatives.
The world’s foremost experts on
SAP technology
Hear directly from the best of the best. Speakers
at this conference are experienced practitioners, industry
visionaries, and subject matter experts (SMEs) who you
can count on for reliable, accurate information. No sales
pitches, just practical content to help you nail your next
project, augment your skills, and advance your career.
Pre-Conference Workshops
Special Pre-Conference Workshops hosted the
day before the event offer you the opportunity
to fortify your understanding of key SAP concepts and
technologies, explore new trends and strategies, and
enhance your learning experience at the main conference.
Advance sign-up is required to ensure your spot.
Hands-on Labs
Roll up your sleeves and get valuable hands-
on experience with the latest technologies from
SAP. Experts will guide you through step-by-step exercises
to help you develop a comprehensive understanding of
each solution’s functionality and arm you with skills you
can use right away. Lab seating is limited and will be
available on a first-come, first-served basis. Please arrive
early.
2 Conferences – 1 Location
GRC 2016 is co-located with Financials 2016.
Registration at one event admits you to both at
no additional cost.
Exhibit Hall Receptions
Compare and contrast market leading solutions
and see for yourself how SAP and third-party
technologies fit into your IT infrastructure.
Ask the Experts Sessions
Sit down with leading experts on SAP solutions
for governance, risk, and compliance to get
detailed answers to your toughest questions. Draw on
the real-world experiences of some of the industry’s top
technologists and tap into one-on-one time with experts
and walk away with detailed answers to the questions that
matter most to you.
Panel Discussions
These sessions are informal, interactive get-
togethers where SAP customers can ask
panelists their most pressing questions. Each panel will be
moderated by a subject-matter expert. You do not need
to sign up in advance to attend, and there is no formal
agenda. Just come with your list of questions in hand.
Evening Reception
Have some fun after a day of intense learning,
and attend the evening reception to relax, catch
up with your co-workers and colleagues, and build your
professional network. Plus, market-leading solution providers
will be on hand to answer your questions and walk you
through prerequisites, decision points, trade-offs, and
timelines for your ongoing initiatives and upcoming projects.
Speed Networking
You’ve heard of speed dating—now try speed
networking! Participants will have 5 minutes
to make their initial introductions and converse before
moving on to meet another contact. An emcee will
provide instructions and keep things moving. Forge new
relationships and build a lasting network of peers you can
call on for years to come.
CPE Credits
This education program has been approved for 35.5 CPE credits. Advance your career and keep your certification
current. Earn credits by attending sessions offered at GRC 2016.

| 5
P R E - C O N F E R E N C E W O R K S H O P S
Monday, March 14
Join us for Pre-Conference
Workshops
Special deep-dive sessions that enable you to:
• Explore new trends and strategies
• Enhance your learning experience at the main conference
By registering for Pre-Conference Workshops, you can:
• Attend any sessions of interest to you
• Benefit from expert-led instruction, demos, guidelines, and
dedicated question-and-answer time
• Gain online access to the session slides and take-homes
• Participate in a networking lunch with other attendees
Morning Session, 9:00 am – 12:00 pm
Improving access governance: What’s new in SAP Access
Control?
Sarma Adithe and Kevin Tucholke, SAP
Attend this session and take a look at some of the new features available in the current release of SAP Access Control
that enable you to adopt a best-practice approach to access governance. Join us and examine:
• Customer Connect and how to use its access
certification, mass maintenance of emergency
access management, and mitigation management
functionalities
• SAP Access Control‘s business role management
enhancements and how to exploit them
• How to manage an SAP SuccessFactors integration,
including HR triggers and risk analysis
• How to approach an SAP Identity Management
integration
• SAP Access Control’s latest reporting functionality,
including when and how to use it

| 6
P R E - C O N F E R E N C E W O R K S H O P S
Afternoon Session, 1:00 pm – 4:00 pm
Faced with a complex SAP landscape?
Tips and tricks for managing and administering
your SAP GRC systems
Kurt Hollis, Deloitte
This session shows you how to better manage and administer your GRC system, including how to
properly size it, how to conduct performance tuning, how to check and maintain system connections,
and how to troubleshoot workflow issues. Join us and:
• Learn how to quickly identify the root cause
of problems and find existing solutions using
SAP’s new automated note search tool
• Learn how to most effectively manage users,
roles, profiles, and logon data in central user
administration (CUA)
• Get practical advice for setting up distribution
parameters within your transactions to
determine where individual parts of a user
master record are maintained
• Get answers to frequently asked support
questions and hear suggestions for logging
messages in the SAP Service Marketplace
• Get an overview of support tools available to
SAP customers and how they apply to different
GRC applications
Afternoon Session, 1:00 pm – 4:00 pm
How to choose the right tool for the right report:
Deep dive into your GRC reporting solutions
Swetta Singh and Thomas Frénéhard, SAP
Imagine that you’ve been tasked to provide custom reports on your GRC topics: Access control,
control and compliance, risk profile, or audit management — but you’re not sure where to start. This
in-depth workshop, designed for tech-savvy customers and consultants, looks at SAP BusinessObjects
Business Intelligence (BI) products now bundled with different SAP solutions for GRC and technical
alternatives for the design and deployment of custom reports and dashboards. Attend and get answers
to your most frequently asked questions on reporting capabilities and options, and equip yourself to
deliver the reports your business users need – often in a very short timeframe. In addition to seeing live
report demos, you’ll learn:
• What BI products can be associated with each
SAP solution to best complement it
• What you can already do by simply leveraging
the configuration options available in the
solutions
• How to modify SAP Crystal Reports embedded
in SAP solutions for GRC to suit your graphical
requirements
• Where to find preconfigured SAP Business
Warehouse (SAP BW) content for SAP
solutions for GRC
• How to use delivered operational data
providers (ODP) queries and how to create
your own
• How to work with SAP HANA reporting and its
virtual data model (VDM) queries
• How to develop custom GRC reports –
including cross-solutions – using the right tool
for the job, with a deep-dive focus on SAP
Lumira
• What standard SAP Fiori reports are available
for GRC, and how to add new reports to the
SAP Fiori launchpad
• What are the differences between SAP Cloud
for Analytics and on-premise BI tools
• What specific knowledge and types of profiles
you need to be successful in all of the above

| 7
K E Y N O T E P A N E L
Keynote Panel • Tuesday, March 15, 9:00 am
Transforming the finance organization to thrive in
the digital world
Ivo Bauermann, SAP; Jonathan Feinstein, New York Life Insurance Company; Celina Rogers, CFO
Publishing; John Steele, Deloitte; Scott L Mitchell, Chairman OCEG
The economy isn’t going digital, it’s already there. What does this mean for Finance? As business
models, value chains and customer experiences are reconstructed to focus on the “segment of one,”
Finance will take a pivotal role in leading digital transformation. But achieving this requires Finance
and Risk teams to deliver instant insight to everyone who needs to make quick decisions. Finance
is partnering closer than ever with other functions like supply chain, marketing, and sales to analyze
the critical data needed to maintain a competitive edge and derive the financial implications “live” to
optimize outcomes.
Join Ivo Bauermann, Global Vice President and General Manager at SAP, as he discusses how
enterprise digitization is re-writing the rules of competition and how boardrooms of leading-edge
organizations are relying on the “live business” to make the right decisions. Ivo will discuss real-world
examples of companies that are thriving in this hyper-accelerated world. Joining Ivo on stage will be
a panel of experts including Jonathan Feinstein, Vice President and Head of Finance Transformation
at New York Life Insurance Company; Celina Rogers, Vice President and Editorial Director at CFO
Publishing; and John Steele, Principal and Head of the US SAP Finance Transformation Practice at
Deloitte Consulting.

| 8
S P O T L I G H T S E S S I O N
Spotlight Session • Wednesday, March 16, 8:30 am
The SAP solutions for GRC roadmap:
Planning your route to GRC excellence
Kevin McCollom, SAP
Globalization. Intensifying regulatory scrutiny. Expanding compliance mandates. The
proliferation of cyber threats. GRC leaders face an ever-growing array of emerging risks; and
new tactics and technologies are needed to monitor, detect, predict, prevent, and neutralize
them. Learn how SAP continues to invest in solutions that enable customers to meet these
challenges by proactively managing risks, compliance, and controls while increasing
security and automation. Join us and:
• Find out what’s new in the latest and greatest SAP solutions for governance, risk,
compliance (GRC) and security, and how these offerings can be leveraged to protect
organizational value
• Hear real-world use cases that illustrate how leading organizations are creatively
leveraging the features and functionality SAP solutions for GRC and security
• Learn about SAP’s growing cybersecurity solution portfolio, and how to exploit its
vulnerability monitoring and mitigation capabilities

| 9
T R A C K O N E
GRC leadership,
process, and
strategy
Business cases and blueprints to align your GRC
roadmap with real-world business priorities
Case study
Lessons from Johnson & Johnson’s experience
building a centralized GRC Center of
Excellence
Lynn Reed and Alka Paradkar, Johnson & Johnson
Understand the business drivers behind Johnson & Johnson’s deci-
sion to centralize its GRC functions under a GRC Center of Excellence
(COE). Follow its journey, feel its pain points, and predict and prepare
for the biggest cultural, organizational, and technical considerations
associated with the shift to shared risk and control services. Attend and
learn how to:
• Assess and select the right organizational and operating models
• Build a COE service catalog that differentiates commodity GRC
services from value-added services
• Identify the cross-functional skill set needed for success and how
to properly allocate resources
• Define and manage the division of responsibilities between the
GRC COE and your business/SAP platform owners
3 unified lines of defense: Getting risk,
compliance, and audit to talk to each other
Bruce McCuaig, SAP
Most companies have already implemented – at least partially – a Three
Lines of Defense model. But many have done so with little or no integra-
tion, making the process time-consuming and reactive in nature, rather
than proactive and optimized. This session illustrates how risk manage-
ment activities coalesce within the wider system of internal control as
part of an efficient, effective, and integrated assurance framework.
Attend and learn:
• Why an integrated GRC approach matters and how it supports a
Three Lines of Defense framework
• How to leverage SAP GRC solutions to establish a truly integrated
Three Lines of Defense model that delivers sound assurance
• How to go one step further and pave the way to continuous
auditing
Design a global GRC risk framework that
reduces risk and compliance costs:
Key lessons from real-world rollouts
Kaity Pedersen, EY
Attend this session and find new ways to overcome your most vexing
GRC risk framework design challenges. Participate and find new ways
to tackle the challenges associated with the existence of one or more
centralized systems and a global user base, handle outsourcing agree-
ments and contractors with varying levels of access to the production
environment, manage small subsidiaries with a limited set of users on
the same global platform and a dynamic set of access needs, and deal
with an increasingly complex and ever-evolving set of country- and
region-specific compliance and regulatory requirements, language
needs, and technology landscapes. Join us and:
• Learn how to integrate your GRC risk framework with your broader
set of business controls and enterprise risk and control matrix
• Weigh the pros and cons of employing segregation of duties vs.
sensitive access risk classifications
• Examine a design methodology for building a global risk framework
that accommodates diverse regulatory and compliance needs,
including the customization and integration of custom t-codes
• Discuss a governance process for managing risk frameworks globally
Risk-driven decision making: How SAP
Risk Management improves your strategic
planning capabilities
Thomas Frénéhard, SAP
Have you ever been involved in difficult strategic decisions such as
the launch of a new product or development of a region? Attend this
presentation to understand how you can build a risk management
approach directly into your decision making process to seize new
opportunities or avoid obstacles that could prevent your company from
achieving its objectives. Learn how to:
• Align your risks and strategic objectives to support more informed
business decisions from top executives
• Adopt an enterprise risk management process to better identify
and assess opportunities
• Leverage the capabilities and automations in SAP Risk Management
to blend these capabilities into your strategic planning

| 1 0
Leading security, controls, and GRC trends
for top-performing companies: How does your
organization stack up?
Mick McGarry, KPMG
This session walks you through a maturity model that illustrates the
core characteristics of top-performing organizations and shows how
to benchmark your own organization’s GRC adoption progress. Attend
and find out:
• How to assess your organization’s process and control IQ
• The degree of GRC technology adoption needed to support strong
process and control environments
• What opportunities exist for improvement, allowing you to better
plan future roadmaps and build a business case for wider
adoption
Stop the credibility killer: Managing reputational
risk to protect brand value
Thomas Frénéhard, SAP
Reputational risk is a hidden danger with significant potential costs,
including lost revenue, increased operating and regulatory expenses,
and the destruction of brand and shareholder value. Attend this session
to examine the key risk drivers that impact your business’ reputation
and learn how to automate the identification, assessment, and mitiga-
tion of those risks. You will uncover how to:
• Understand the details of what’s at stake and why you should care
about reputational risk
• Identify the internal and external triggers that can spark a
reputational crisis
• Design an effective plan to document and mitigate these risks
• Leverage the power of big data to continuously monitor this critical
company asset
Panel discussion
Journey to continuous monitoring success
Moderator: Bruce Romney, SAP
Panelists: Emily Damson, Eli Lilly and Company; Bill N. Kulich,
The Timken Company; Nathan Knight, Gulfstream Aerospace
Corporation, Marie-Luise Wagener, SAP SE
Join us as customers share their real-life experiences with continuous
control monitoring (CCM). Find out how different companies have built
their long-term CCM strategies, learn what tools they’re using, and find
out what new skills they had to acquire to get their CCM programs up
and running. Key discussion points will include:
• How they went about defining key risk indicators (KRIs)
• The biggest lessons they learned ... sometimes the hard way
• What they’re doing to get the biggest bang for their buck
• Where they’re headed next on their continuous monitoring
roadmap
Closing the regulatory compliance loop with
SAP Regulation Management and SAP Process
Control
James Rice, Greenlight Technologies
Regulations are simply a part of doing business in today’s world, but
staying current with regulatory changes and ensuring organizational
compliance is anything but simple. Attend this session to delve into the
intricacies of this practice and learn how to close the regulatory compli-
ance loop with SAP Regulation Management and SAP Process Control.
Attendees will learn to:
• Consolidate regulatory feeds in a single authoritative source for
alerts and requirements
• Leverage SAP Process Control to automate controls testing and
extend continuous monitoring of your controls’ effectiveness
across operational, financial, and IT systems
• Demonstrate end-to-end auditability of regulatory compliance
The road ahead: Practical options to extend
your investment beyond SAP Access Control
Kevin Tucholke, SAP
This session guides you through the strategic and technical consider-
ations associated with developing your internal GRC roadmap. Attend
and learn about other SAP solutions for GRC and explore the latest
integration scenarios and interfaces available for SAP Access Control
and SAP Process Control, SAP Risk Management, the SAP Dynamic
Authorization Management application by NextLabs, and other SAP
solutions for GRC. Join us and:
• Learn about the GRC solutions SAP has available and the key
integration points between them
• Understand the benefits of using certain SAP solutions for GRC
together
• Learn about the interfaces, APIs, and servers that enable
integrated scenarios between SAP Access Control, SAP Process
Control, SAP BI platform, SAP Identity Management, and SAP
Dynamic Authorization Management
• Examine integration scenarios that illustrate where efficiencies can
be gained through automation
How to fit SAP’s security portfolio into your
company’s cybersecurity strategy
Penka Tatarova, SAP
Attend this session to learn about SAP’s cybersecurity solutions port-
folio, how SAP security can be integrated with other SAP solutions for
GRC, and how it fits into your company’s roadmap. Join us and learn:
• The key capabilities and deployment scenarios of each primary
security solution within the SAP’s product portfolio
• When and how to use the newest SAP Business Suite security
tools, including SAP Unified Connectivity, SAP Read Access
Logging, and SAP Security Optimization Service
• About SAP Enterprise Threat Detection
T R A C K O N E

| 1 1
Panel discussion
How companies leverage SAP solutions for
GRC to safeguard assets, prevent fraud, and
comply with complex regulations
Moderator: Eric Bloesch, KPMG
Panelists: Carolyn Pittman, Newport News Shipbuilding;
Jessica Mann, Southwest Airlines; Curtis Nohl, Caterpillar;
Paul Malin, Sempra Energy; Kent Cowsert, KPMG
Join us for this interactive panel discussion as we explore ideas and
experiences from panel members representing a variety of business
functions who will share their successes and help you identify opportu-
nities to extend the benefits of your GRC suite capabilities. Join us and
get answers to questions like:
• What business drivers led to specific component selection and
implementation decisions?
• What opportunities exist or are planned to leverage GRC
capabilities across other business functions?
• How are other companies driving cross-functional business user
adoption?
Execute a value-driven GRC roadmap to further
leverage your SAP investment
Brian Rizman, PwC
Companies are often only willing to invest in risk and compliance
technologies as a reactive response to audit and compliance failures;
or worse – public embarrassment. This session guides you through
the process of developing a GRC vision and roadmap supported by
a strong and financially compelling business case. Attend and learn
how to pave the way for more proactive and progressive investments in
control optimization technologies as we examine:
• How to define the components of GRC maturity from a people,
process, and technology perspective
• How to communicate a GRC vision and roadmap with a
supporting financial model that avoids the common ROI-centric
investment justification pitfalls
• How to assess your company’s current-state capabilities and
define a future-state vision that effectively and convincingly
addresses key areas of risk exposure
• How to secure cross-functional buy-in for GRC initiatives and
how to address the direct and indirect financial benefits of GRC
investments
Case study
How Mars successfully completed a global SAP
security redesign with SAP Access Control and
built a security “playbook” to guide the project
Donna Kowalick, Mars
In 2013, Mars embarked on an effort to revamp its SAP security, mini-
mize segregation of duties (SoD) risk, and increase efficiencies around
access provisioning. This session walks you through the project, which
involved the redesign of the company’s SAP landscape and archi-
tecture and the creation of task-based roles that are free of SoD and
follow a standard naming convention. Hear how Mars implemented SAP
Access Control to monitor risks and automate the user provisioning
processes to maintain a clean SAP environment for its 15,000 users
and dozens of decentralized units around the world, and how the
company:
• Constructed a playbook to guide the rapid rollout of its new and
improved security design to dozens of sites globally
• Defined the overall project scope and addressed and resolved its
existing SAP environment considerations
• Handled the issues associated with standardized role architecture,
standardized role naming convention, task-based role definitions,
and the creation of risk-free template roles
Take home a sample SAP security roadmap, a sample SAP Access
Control implementation plan, and Mars’ playbook index.
Case study
How Jabil built its global governance structure
to achieve long-term SAP Access Control
success
Roberto Bayon, Jabil
This session walks you through the formation of Jabil’s global gover-
nance organization, which was established to orchestrate its 15,000-
user security redesign project and oversee the company’s long-term
SoD conflict minimization program. Hear how Jabil successfully
approached the standardization of SAP roles and the provisioning
processes used to achieve it, and explore how the company:
• Secured senior management support for its governance
organization
• Selected its governance team and divided roles and
responsibilities, including how it defined technical and functional
SAP GRC ownership for its SAP Access Control, SAP Process
Control, and SAP Access Violation Management systems and
processes
• Manages user provisioning, business role management, SoD
management, and firefighter access
• Managed its multi-phase rollout
• Handles ruleset reviews and communication with external auditors
T R A C K O N E

| 1 2
T R A C K T W O
Access control,
role design, and
segregation of
duties
Expert advice and customer stories on the detection,
prevention, and remediation of system access violations
Using SAP Dynamic Authorization Management
for policy-based control and fine-grained data
access and protection
Chris Radkowski, SAP
Attend this session to learn the ins and out of centralized authorization
systems, the standards running behind the scenes, and how to apply
this technology to your enterprise applications. By attending, you will:
• Learn how to use SAP Dynamic Authorization Management
integrated with SAP ECC to enable policy-based control over
access to transactions and other data
• Examine use case scenarios and see demos that show you how to
protect data and support attribute-based authorization
• Get tips to fully exploit the solution’s auditing functionality to
monitor and document regulatory compliance
Panel discussion
Customers of SAP Access Violation
Management share how they’re automating the
last mile of segregation of duties (SoD)
Moderator: Susan Stapleton, Greenlight Technologies
Panelists: Danielle Bass, Citrix; Susan Zortea, Jabil; Danielle
Appel, Stanley Black & Decker
Participate in this panel of SAP customers and hear how they quantify
financial exposure from SoD, minimize manual controls, and fast track
SoD compliance with SAP Access Violation Management. Hear first-
hand how to:
• Minimize manual mitigating controls for SoD
• Move to exception-based monitoring for actual SoD conflicts that
occur during transaction processing
• Quantify your financial exposure from access risk to drive change
where the risk may be too great
Case study
How Mars successfully completed a global SAP
security redesign with SAP Access Control and
built a security “playbook” to guide the project
Donna Kowalick, Mars
In 2013, Mars embarked on an effort to revamp its SAP security, mini-
mize segregation of duties (SoD) risk, and increase efficiencies around
access provisioning. This session walks you through the project, which
involved the redesign of the company’s SAP landscape and archi-
tecture and the creation of task-based roles that are free of SoD and
follow a standard naming convention. Hear how Mars implemented SAP
Access Control to monitor risks and automate the user provisioning
processes to maintain a clean SAP environment for its 15,000 users
and dozens of decentralized units around the world. See how Mars:
• Constructed a playbook to guide the rapid rollout of its new and
improved security design to dozens of sites globally
• Defined the overall project scope and addressed and resolved its
existing SAP environment considerations
• Handled the issues associated with standardized role architecture,
standardized role naming convention, task-based role definitions,
and the creation of risk-free template roles
Take home a sample SAP security roadmap, a sample SAP Access
Control implementation plan, and Mars’ playbook index.
Expert tips to simplify and automate your user
access request process
David Denson, PwC
This session offers practical advice on designing and implementing an
effective role design strategy that can be easily supported by SAP solu-
tions for GRC. Attend and learn how to:
• Implement access request BADIs to simplify the request process
and add additional controls to the request process
• Use the help center to deliver context-based information directly to
your users depending on the application they’re currently using
• Customize the access request screens and build custom reports
in GRC

| 1 3
Tips and tricks to customize your SoD ruleset
and post-SoD implementation considerations
Nathan Cummins, PwC
Designed for both functional and technical stakeholders, this session
guides you through the ruleset design process and shows you what you
need to consider – and what you should expect – during each stage of
your SoD ruleset design project. Attend and:
• Understand the functionality provided within GRC to boost
ruleset specificity
• Identify the most critical people, processes, communication, and
change considerations associated with ruleset design projects
• Learn how to adequately involve the business and bring it up to
speed on GRC rule construction and technical data analysis
• Get strategies and tips to design your roadmap and plan for future
enhancements
Case study
How ConocoPhillips conducts user access
reviews and monitors transaction usage in
SAP GRC 10.x
Trevor Wyatt, ConocoPhillips
Learn how ConocoPhillips uses SAP Access Control tools to conduct
periodic user access reviews, gather transaction usage statistics, and
determine who is accessing its SAP systems. Come away with user
access review (UAR) best practices and key configuration steps, and
learn how to obtain valuable transaction usage data from your SAP
systems. Attendees will:
• Find out how the company integrated the access control suite,
access request management, and business role management
functionality to make user access reviews fully operational in
version 10.x
• Explore the reports that ConocoPhillips uses to track and evaluate
transaction usage and understand how they use it to adjust user
access and propose enabling new SoD risks
• Walk through the steps ConocoPhillips takes to review and
remediate segregation of duties risks with transaction usage
data from SAP GRC enterprise role management (ERM) and risk
analysis and remediation (RAR)
Tactics and procedures to successfully audit
segregation of duties in SAP
Vincent Calabrese, KPMG
Auditing segregation of duties (SoD) can be quite complex and tech-
nical, creating a challenge for auditors across companies of all sizes.
This presentation provides:
• Top procedures for auditing SoD, regardless of the tool you are using
• Leading practices to bring together the IT and financial auditors
through the SoD auditing process
• Tips to validate your SoD ruleset to ensure complete and
accurate results
• A list of the key documentation requirements that are needed to
support your SoD audit
Hands-on lab
Part 1: A beginner’s guide to the configuration
of SAP Access Control
Kurt Hollis and Nicole Teibel, Deloitte
In this hands-on session, gain practical instruction to perform the
first risk analysis, first emergency access, and first access request
in a newly implemented SAP Access Control 10.1 system. An expert
instructor guides you through:
• Important configuration settings that will speed up your system
set-up process
• A technical overview of the architecture SAP GRC 10.1
• Setting up and customizing your rule set
• Running scheduled jobs for synchronization and risk analysis
Hands-on lab
Part 2: An advanced guide to the post-
installation configuration of SAP Access Control
Dylan Hack, David Jayne, Deloitte
Walk through the advanced configuration, set up, and use of SAP
Access Control, including SAP GRC user access review (UAR), GRC
segregation of duties (SoD) review, and Business Rule Framework plus
(BRFplus). Attend as our expert instructor shows you how to:
• Configure and use SAP GRC user access reviews (UARs),
including how to perform the UAR workflow setup and run your
first UAR, how to set up and automate periodic access reviews,
how to review and approve UAR items, and how to confirm the
completion of UARs
• Perform a segregation of duties review using GRC workflow
functionality, including how to set up your SoD workflow and run
your first SoD review, how to perform an admin review of work
items, how to review and approve SoD review items, and how to
confirm the completion of your SoD review
• Configure and set up advanced workflow and BRFplus
rules, confirm Business Configuration (BC) set activation and
configuration settings, define reviewers and coordinators, set up of
roles and users, and execute sync jobs
• Create a BRFplus application, create a business rule, define
decision tables, update line items generate BRFplus rule, and map
BRFplus rules to MSMP workflows
Take home the detailed workbook used to guide you through the session.
T R A C K T W O

| 1 4
GRC user access reviews: How to streamline
your user recertification process
Dan Murphy, Winterhawk Consulting
This presentation guides you through the underutilized user access
review (UAR) functionality of SAP Access Control. Hear how you can
transition from a very manual user recertification process that can
take months to complete, to a streamlined, repeatable one that can be
achieved in a fraction of the time while still meeting critical SOX require-
ments. Attend and learn how to:
• Quickly get through your first UAR
• Reduce the time it takes to recertify access
• Reduce the cost of recertification
• Use partner groups to offload some of the burden
Case study
Lessons learned from Alabama Gas
Corporation’s successful migration to
SAP Access Control
Tammy Holiness, Alabama Gas Corporation
As the largest natural gas distributor in Alabama, Alabama Gas
Corporation (Alagasco) implemented SAP ECC, SAP CRM and SAP BI
to manage its utility business. To better manage the risk surrounding
SAP security, the company replaced its legacy SoD solution with SAP
Access Control to manage and mitigate security risks, improve SoD
reporting capabilities, and automate its security provisioning processes.
This session walks you through Alagasco’s GRC solution selection and
implementation process and shows you how the company:
• Built its GRC solution requirement definitions and vendor selection
criteria around cost, scalability, infrastructure, and support
• Constructed its GRC roadmap, including how it decided
which functionality to implement and how it established its
implementation priorities
• Crafted its implementation plan, including how it migrated and
optimized SoD rulesets, and engaged and collaborated with key
business process owners and stakeholders
How to quantify and mitigate the financial
impact of your “potential” segregation of
duties violations
Aric Quinones, Protiviti
Many companies use solutions like SAP Access Control to analyze user
access before roles are assigned and then report suspect activity to
business owners. This session examines how leading companies are
moving from reporting on these “potential” segregation of duties (SoD)
violations to calculating their actual financial exposure by leveraging
SAP Access Violation Management. Attend and learn how to:
• Use SoD quantification to reduce SoD violations and eliminate
material deficiencies
• Identify the different types of SoD risks that can be quantified
using transactional data analysis
• Leverage SoD quantification to identify high-risk areas prior to and
during an SAP security remediation project
• Determine if SAP Access Violation Management should be
considered as a permanent solution to monitor SoD violations, how
to sell it internally, and how to build it into your GRC roadmap
Take home a sample SAP Access Violation Management project plan to
guide your product assessment and implementation process.
Case study
How Jabil built its global governance structure
to achieve long-term SAP Access Control
success
Roberto Bayon, Jabil
This session walks you through the formation of Jabil’s global
governance organization, which was established to orchestrate its
15,000-user security redesign project and oversee the company’s
long-term SoD conflict minimization program. Hear how Jabil success-
fully approached the standardization of SAP roles and provisioning
processes to achieve those goals, and explore how the company:
• Secured senior management support for its governance organization
• Selected its governance team and divided roles and responsibilities,
including how it defined technical and functional SAP GRC ownership
for its SAP Access Control, SAP Process Control, and SAP Access
Violation Management systems and processes
• Manages user provisioning, business role management, SoD
management, and firefighter access
• Managed its multi-phase rollout
• Handles ruleset reviews and communication with external auditors
T R A C K T W O

| 1 5
Case study
How Sempra Energy implemented SAP GRC
10.1 and remediated more than 500K SoD
conflicts
Paul Malin, San Diego Gas & Electric
Walk through the journey Sempra Energy and its California utilities —
including San Diego Gas & Electric — went through during the upgrade
from SAP GRC 5.3 (using only 2 GRC modules for user access
provisioning) to SAP GRC 10.1 (using 4 GRC modules). See how the
company successfully remediated or mitigated over 500,000 SoD
conflicts in the process, and:
• Prepared its role master data (such as business process, sub-
process, owners, and backup owners) for SAP security role
provisioning in advance of initial testing and UAT and, in the process,
enabled a thorough understanding of the effect on the business
• Completed regression testing of all GRC modules after the upgrade
• Deconstructed composite roles back to single roles for provisioning
• Used role redesign to address document-type security
configuration changes and enable SoD conflict remediation
• Handled the post go-live management of SoD, from validating
mitigating controls and defining its mitigating control strategy to
tying mitigating controls to SoD remediation
Answers to your top 10 SAP Access Control
10.x design and configuration questions
Ruth E. Johnson, Customer Advisory Group
Attend this session and tackle some of the toughest questions
customers have about SAP Access Control design and configuration.
Learn how to jump the most common stumbling blocks, weigh your
options, and bring a question or two of your own. Find out how other
companies address questions like:
• Should we use multiple rulesets or just one?
• Where should SoD rulesets be maintained?
• Should the ruleset be transported or should we use SoD risk and
function change workflows? Or would a combination of those 2
approaches be best?
• How should connector groups be implemented, and how many are
required?
• Do we need an SoD detour, and who should be assigning the
mitigation controls?
• Does security still need to be part of the access request workflow?
• How many workflow paths are required, and why have more than
one?
• How do we perform SoD analysis during our workflow when it’s
only required in production?
• What’s the best way to build the access request workflow initiator?
Case study
Remediating SoD after a role redesign: How
Stanley Black & Decker used SAP access risk
analysis reports to reduce SoD conflicts
Rebecca Hodge, Stanley Black & Decker
Stanley Black & Decker faced volumes of data related to SoD conflicts
following its implementation of SAP GRC 10.0. Attend and see how the
company handled:
• The removal of excessive access
• Changes to security roles
• Updates to its GRC rule set
• The identification of business risk owners by function
• The development of mitigating controls for each risk and other
control gaps
Using event-driven identity management to
automate your access control process
Swetta Singh, SAP
This session examines how to manage access to your organization’s
information in today’s data-driven environment and explores how to
integrate identity management with HR applications to centralize and
streamline your SAP Access Control process. Attend this demonstration
and learn how to:
• Simplify access privileges management based on user lifecycle
changes
• Streamline operations and reduce administrative burden on IT and
help desk personnel
• Integrate SAP SuccessFactors for policy-based management of
identities in your SAP landscape
• Improve user assurance and compliance with closed-loop user
activity monitoring
Governing access in the cloud: Best practices
with SAP’s cloud identity, access governance
and administration solutions
Chris Radkowski, SAP
As organizations move enterprise applications to the cloud, new access
governance functionality is needed. This session shows you how to
use SAP Cloud Access Governance to support user administration
and compliance processes that reduce TCO and minimize or poten-
tially eliminate many data center operations. Attend and explore the
latest functionality and roadmap for SAP identity and access gover-
nance, including SAP Cloud Identity and the new SAP Cloud Access
Governance service. This session shows you how to exploit SAP’s iden-
tity and access governance solutions to:
• Enable simplified user access control, role management, policy-
driven identity automation, reporting, and certification processes
necessary for many compliance regulations
• Adopt a best-practice approach to access governance for cloud
applications
• Handle access management, compliance, and governance of SAP
HANA and SAP S/4HANA applications
T R A C K T W O

| 1 6
Hands-on lab
SAP Access Control reporting using
SAP HANA Live
Sarma Adithe & Ravi Erukulla, SAP
In this hands-on session we will guide users through new reporting
features in SAP Access Control. You will:
• Learn about new technologies including SAP Smart Business for
GRC and integration with SAP Business Intelligence
• Create, customize, and publish a report using SAP HANA Live and
SAP analytical tools such as SAP Lumira
Case study
Building the business case for SAP security role
redesign at Beam Suntory
Ivanka Gajecky, Beam Suntory
Beam Suntory used a first-gen role design solution since its initial
SAP implementation several years ago. But even as business needs
changed foundationally, role design changed only incrementally — and
pain points eventually emerged as outdated role structures became
hard to understand for both requestors and approvers. Join us at this
session to find out how Beam tackled these challenges and:
• Walk away with a framework to help you determine if role redesign
is appropriate for your organization
• Understand the key variables to consider when estimating the
effort and resources needed to plan and execute a role redesign
project, including the technical details, the number and types of
systems in scope (SAP ECC, SAP BW, SAP SCM), and the current
role definition details (e.g.: composite, parent/child)
• Define the key decision points for performing access control
design and role design in a phased approach (separately vs.
together)
Tips and tricks to manage and administer your
SAP Access Control and SAP Process Control
10.1 systems
Mohan Kommanaboina, KPMG
This session shows how to work around SAP Access Control and SAP
Process Control 10.0 and 10.1 technical issues and support packs,
and guides you through the different steps you need to take when
upgrading vs. implementing from scratch. You also obtain leading strat-
egies for exploiting its capabilities to their utmost potential. Attend this
session to:
• Learn how to quickly identify the root cause of problems and find
existing solutions using SAP’s new automated note search tool
• Equip yourself with leading practices and a better understanding
of the most effective ways to manage users, roles, profiles, and
logon data in the central user administration (CUA)
• Get practical advice for setting up distribution parameters within
your transactions to determine where individual parts of a user
• Get answers to frequently asked support questions and hear
suggestions for logging messages in the SAP Service Marketplace
• Get an overview of support tools available to SAP customers and
how they apply to different GRC applications
How to modernize your SAP Access Control
ruleset and mitigating control library
James Roeske, Customer Advisory Group
Are your GRC SoD ruleset and mitigating controls up to date and
covering your current compliance requirements and system function-
ality? This session guides you step-by-step through evaluating your
ruleset for completeness and accuracy using the tips and tricks consul-
tants use. Attend this session and:
• Get detailed advice to jumpstart your ruleset augmentation project,
including how to incorporate SAP standard ruleset updates
available via new support packs into your existing ruleset; find and
build SoD-related custom transaction codes; and validate and
update your SoD configuration to ensure compliance
• Dive into the world of mitigating control standards and processes,
exploring the content requirements auditors look for, and learning
mitigation documentation best practices related to ownership/
accountability and the compensating control monitoring standards
needed to achieve “good mitigation control”
• Examine SAP Access Control 10.0 and 10.1 functionality that
can be used to assist in ruleset and mitigation change control
and long-term maintenance – including workflow capabilities –
to manage change control and approvals for risks, functions,
mitigating controls, and mitigating control assignments
T R A C K T W O

| 1 7
T R A C K T H R E E
IT governance
and security
Techniques to protect your SAP landscape and
safeguard your data in the age of cloud and mobile
The 5 biggest cybersecurity threats and how to
defend your SAP landscape against them
Julie Ford, Customer Advisory Group
The threat matrix has changed and auditors and compliance managers
are looking beyond traditional segregation of duties when analyzing
risk. With cloud and mobile connectivity to SAP on the rise, network
firewalls and perimeters may no longer defend applications. This
session shows you how to get – and stay – a step ahead of hackers
and protect your critical SAP data. Examine the emerging threat matrix,
identify the steps you need to take to protect your SAP landscape, and
learn how to:
• Manage security notes, application frequency, and priorities based
on landscape type
• Develop a bullet-proof SAP security policy and incorporate it into
your broader enterprise security program
• Anticipate and prepare for auditors’ questions related to system,
network, and communications security
SAP S/4HANA: What you need to know about
securing SAP’s next-generation platform
Nathan Cummins, PwC
Attend this session to better understand what’s changing with SAP
S/4HANA and what it means for your apps, architecture, users, and
data risk. Learn about the new security components that SAP’s
next-generation SAP HANA platform introduces, examine the unique
security and risk management considerations associated with various
SAP S/4HANA architectures, and leave this session equipped to:
• Manage security privileges and roles, including privilege types
and when to use them
• Use SAP S/4HANA’s administrative, data modeling, and user/
reporting functions
• Manage SAP Fiori user interface security, cybersecurity for SAP
HANA platforms, and audit logging features
• Use tools and accelerators to streamline SAP S/4HANA security,
such as integration with SAP GRC or SAP Identity Management,
the IDE web interface for security management, user authorization/
synchronization tools, and security mass maintenance scripting in
SAP HANA
• Prepare for your first SAP S/4HANA audit
Tips and tricks to automate data access
monitoring and reporting
Alex Ayers, Turnkey Consulting
This session identifies the key sensitive data attributes associated
with personally identifiable and commercially sensitive and walks you
through the different techniques you can use to monitor, detect and
report on its access. Attend and learn how to:
• Construct an automated monitoring framework that can be used as
the basis for your continuous access alert system
• Use sensitive access reporting functionality and process controls
to deliver alerts when control events are detected
• Integrate data leakage prevention (DLP) tools into your framework
to improve the detection of sensitive data being printed or
downloaded
How to fit SAP’s security portfolio into your
company’s cybersecurity strategy
Penka Tatarova, SAP
Attend this session to learn about SAP’s cybersecurity solutions port-
folio, how SAP security can be integrated with other SAP solutions for
GRC, and how it fits into your company’s roadmap. Join us and learn:
• The key capabilities and deployment scenarios of each primary
security solution within the SAP’s product portfolio
• When and how to use the newest SAP Business Suite security
tools, including SAP Unified Connectivity, SAP Read Access
Logging, and SAP Security Optimization Service
• About SAP Enterprise Threat Detection

| 1 8
Developing a comprehensive patch
management program to control system risks
Todd Babione, KPMG
The number of SAP security patches continues to rise, but many orga-
nizations put themselves at significant risk by waiting for service pack
upgrades to fix the issues. This session is designed to help you build a
tighter and more proactive patch management process to close system
vulnerability gaps as they arise. Attend and learn how to:
• Build an air-tight patch governance framework encompassing
system configuration management, operations management, and
system recommendations
• Establish a patch process methodology, including vulnerability
identification and evaluation, realization/testing, migration, and
technology enablement
• Understand how to fully deploy and tune the tools you
already own to speed and simplify the process of applying
patches. Key components covered include early watch alerts,
configuration validation, secure operation services, and system
recommendations
Security concepts and best practice guidelines
for implementing and running SAP HANA
Alex Ayers, Turnkey Consulting
Attend this session to learn the fundamentals of SAP S/4HANA and
SAP HANA database security to prepare you for implementing and
running SAP S4/HANA and SAP HANA solutions. Get guidance on new
security features in SAP S/4HANA, learn the new SAP HANA database
authorization concept, and understand key control points. You will:
• Learn how to secure SAP S/4HANA using SAP Fiori, SAP
NetWeaver Business Client, and ABAP authorization mechanisms
• Understand the SAP HANA security model and how it is used to
control access to data and applications
• Learn about differences between design time and run time roles
and the methodology involved in designing SAP HANA roles
• Get best practice guidelines for aligning SAP HANA access with
organizational standards implemented across your landscape.
How to use SAP Enterprise Threat Detection to
protect Big Data and detect breaches
Penka Tatarova, SAP
This session shows you how to use SAP Enterprise Threat Detection
to continuously monitor, identify, analyze, and neutralize a variety of
internal and external security breach attempts and anomalies in user
behavior. Attend this session to learn about the solution’s functionality
and view demos of supported scenarios, including:
• Attack scenarios
• Alerting and response functionality
• Event browsing functionality
• Forensic workbench functionality
SAP cybersecurity: What you need to know to
protect your SAP ecosystem from threats and
attacks
Peter M. Hobson, PwC
Learn how to minimize SAP landscape vulnerabilities and detect and
prevent intrusions using cybersecurity, data and critical asset protection
tools, such as attack and penetration testing, breach indicator assess-
ments, and vulnerability scans. This session also examines the use of
SAP role design and SAP Access Control to supplement cybersecurity,
data and asset protection initiatives. Attend and get expert advice on:
• The 4 most common threat actors, their motivations, and typical
targets within your SAP ecosystem
• The 10 essential safeguards of an effective cybersecurity program
• The 5 key things top leaders do to protect their SAP ecosystems
which others tend to overlook
• The 6 key things to consider when evaluating your ability to
respond to new cybersecurity challenges and threats within your
SAP ecosystem
• The 5 common types of assets that organizations consider to be
critical, and what they’re doing to protect them within SAP
Managing risk with master data governance
and controls
David Sentance, PwC
Attend this session and learn how to leverage SAP solutions to better
assess your organization’s data quality and track your data cleansing
and data quality improvement over time. Learn simple approaches that
will help you improve your master data maintenance controls, and get
acquainted with the latest SAP solutions for master data governance.
Attend and learn:
• How to mitigate the top 3 risks associated with poor customer,
vendor, material, and finance master data governance
• How to better assess your data quality leveraging SAP tools
• How to use SAP solutions for enterprise information management
to improve data governance processes
• How to build a simple roadmap that can be used to support
the business case for the implementation of SAP’s master data
governance solutions
T R A C K T H R E E

| 1 9
T R A C K F O U R
Process control,
control automation,
and continuous
control monitoring
Guidance to automate and optimize control monitoring,
control management, and compliance
The 5 key attributes of an effective SAP control
optimization framework
Clark Oeler, Deloitte
Learn how to efficiently and cost-effectively optimize your SAP internal
controls using a streamlined testing process and real-time configuration
monitoring. Examine the most critical project attributes – governance,
tools, rollout and localization, and knowledge transfer and training –
needed to successfully design or redesign your existing control frame-
work. Attend and:
• Learn how to optimize role alignment between internal audit,
business owners, and other control resources
• Understand the different approaches to control optimization –
including top-down and bottom-up – and learn when and how to
use them
• Identify opportunities for technology enablement that may exist
in your organization – including controls automation and controls
testing – and see how SAP GRC 10.1 can be used to streamline
and enhance these processes
Work smarter to get the most from SAP Process
Control continuous control monitoring (CCM)
Jan Gardiner, SAP
Help fight “CCM-phobia” in your organization by developing a sound
strategy and roadmap for continuous control monitoring (CCM). This
session shares valuable CCM strategies and spotlights important SAP
Process Control functionality to help you:
• Develop a CCM roadmap and project approach designed to help
you get quick wins and ensure return on investment
• Understand the right product functionality to use to achieve
different types of monitoring and testing
• See how the latest enhancements to SAP Process Control make
creating and managing business rules easier and faster
• Learn about how SAP itself uses “smart controls” in SAP Process
Control to minimize workload and ensure reliable controls
• Leverage innovations with SAP HANA to continuously monitor big data
Hands-on lab
How to set up and configure SAP Process Control
Jessica Scott and Mel Hensey, Deloitte
Attend this hands-on session and walk through the implementation
steps associated with SAP GRC 10.1, with specific emphasis on SAP
Process Control. Attend as our expert instructor shares key guidelines,
best practices, and pitfalls to avoid. Attend to understand the key
implementation tasks and processes needed to get your SAP Process
Control project up and running, including how to:
• Perform your baseline configuration
• Define user security and roles
• Set up, configure, maintain, assign, assess, and test controls
• Automate control monitoring
• Manage planning, scheduling, reporting, and analysis
• Handle sign-offs and certifications
• Upload data from CSV files
Tips to develop an effective control
automation strategy
Natalie Reuss, EY
Having a clear strategy to implement automation at your organization is
a key component of success. Attend this session for practical tips and
guidance to roll out a control automation strategy within your organiza-
tion. You will:
• Get valuable tips to help define your automation strategy and
outline project goals
• Learn how a phased approach can help maximize the capabilities
of your control environment
• Walk through a live demonstration of the types of automation rules
which can be utilized in SAP Process Control
• Learn which continuous control monitoring techniques are most
utilized in both SAP Process Control and other tools within the
GRC suite
• Hear how other customers have successfully deployed an
automation strategy

| 2 0
Tips and tricks to manage and administer your
SAP Access Control and SAP Process Control
10.1 systems
Mohan Kommanaboina, KPMG
This session shows how to work around SAP Access Control and SAP
Process Control 10.0 and 10.1 technical issues and support packs,
and guides you through the different steps you need to take when
upgrading vs. implementing from scratch. You also obtain leading strat-
egies for exploiting its capabilities to their utmost potential. Attend this
session to:
• Learn how to quickly identify the root cause of problems and find
existing solutions using SAP’s new automated note search tool
• Equip yourself with leading practices and a better understanding
of the most effective ways to manage users, roles, profiles, and
logon data in the central user administration (CUA)
• Get practical advice for setting up distribution parameters within
your transactions to determine where individual parts of a user
• Get answers to frequently asked support questions and hear
suggestions for logging messages in the SAP Service Marketplace
• Get an overview of support tools available to SAP customers and
how they apply to different GRC applications
Building an SAP Process Control deployment
plan: Answers to your most frequently asked
implementation questions
Steve Toshkoff, Protiviti
This session walks you through the capabilities of SAP Process Control,
identifies the features and functionality most often being used by
customers, and shows you how to best define the scope and scale of
your initial deployment and roll out. Come away with the knowledge you
need to frame out your implementation plan as we explore and answer
questions like:
• What are key considerations as you explore the adoption of SAP
Process Control?
• What are the key roles and responsibilities that must be defined for
process control implementations?
• What are the key success factors and considerations associated
with “net-new” implementations?
• What functionality does SAP Process Control offer to manage your
compliance initiatives?
• How do you go about defining an optimal security role structure
within SAP Process Control?
More than speed alone: What SAP HANA-based
controls in SAP Process Control can do for you
Atul Sudhalkar, SAP
Customers have been adopting continuous control monitoring (CCM) at
an increasing pace, to the point where many have reached the limit of
acceptable monitoring load on their systems. Using SAP HANA-based
backend applications (e.g., SAP Business Suite on SAP HANA, SAP
S/4HANA) offers new ways to expand CCM usage so customers can
monitor more controls over longer test periods and process more data.
In this session, covering both the business and technical perspectives,
you will:
• Learn about SAP HANA-based automated controls and the unique
value SAP HANA offers CCM
• Understand how you can avoid ABAP programming and instead
use SQL or even SAP HANA graphical tools to create SAP HANA
constructs (“calculation views”) to support CCM
• Get an overview of the technical infrastructure, learn how
to configure the systems, and create views and SAP HANA
monitoring rules
• See transaction monitoring rules in action that demonstrate SAP
HANA’s capabilities and processing power
How to identify and tackle the 12 most common
hidden control problems using standard SAP
functionality
Steve Biskie, High Water Advisors
Despite what your traditional testing is telling you, your internal
controls may be broken and you may not know it. Common process
work-arounds can result in your 3-way match (PO-receipt-invoice)
process appearing to work, when in reality your key controls are being
bypassed. Other common user behavior can circumvent the money
you spend each year on security and segregation of duties. Attend this
session and learn how to use existing SAP reports, combined with the
creative use of SAP queries, to detect and resolve these issues and
more. Attend this session to:
• Learn how the key to the 3-way match process is often the timing
of each event (such as creation of the PO relative to the invoice
receipt), rather than configuration and workflow
• Spot potential employee ID sharing instances that compromise
your SoD efforts
• Examine how to monitor these issues over time using simple,
straight-forward data analysis techniques
Get a list of SAP customizations that may not be showing up on your
SAP Access Control and SAP Process Control reports, and learn how
and where to find them – including custom transactions, disabled
authorization objects, and custom movement type
T R A C K F O U R

| 2 1
T R A C K F I V E
GRC reporting
and analytics
Tips and techniques to maximize visibility into your
risk and compliance data
Tips to help you improve the way you create
custom reports in SAP GRC 10.1
Prateek Jain, EY
Attend this session and learn new ways to create custom reports using
the standard tables within SAP GRC 10.1. Understand the challenges
some users encounter when reviewing standard reports, and learn how
to build custom reports that satisfy the needs of your GRC adminis-
trator, internal audit, and compliance groups. Attend and learn:
• How to publish reports in SAP Business Client
• Which back-end tables contain the data you need and the best
ways to get at this
• How to create custom reports using queries in SAP
Making sense of the GRC data deluge: How
to create practical, meaningful, and interactive
dashboards
Christopher Anderson, Protiviti
The creation of meaningful GRC dashboards can be a daunting task for
companies with a significant number of violations or large amounts of
SAP users working from multiple offices, regions, plants, warehouses,
etc. This session provides guidelines and step-by-step instructions
on how to prepare and deliver GRC dashboards that are meaningful
and actionable for management, simple to communicate, and easy to
understand. Attend and:
• Learn the requirements for GRC reporting – what is management
looking for? What are some best practices to present information
in a meaningful way?
• See how to identify and customize key reports and build access to
files that contain valuable information
• Learn how to summarize your critical GRC data in easy-to-read graphs
• Understand the different applications available as well as which to
use to create executive GRC reports
Unraveling the mystery of executive reporting,
dashboards, and ad hoc analytics
Mitesh Chugh, EY
Many companies struggle to glean actionable insight from the wealth
of information stored in their GRC system. Adding to the challenge
associated with the volume of data is the multitude of data sources
that contain it (SAP GRC, SAP ECC, SAP SRM, etc). This presentation
examines tools and approaches to identify, access, and report on the
most critical data points associated with daily compliance monitoring.
Attend and:
• Better understand your control evaluation and control
characteristics data, continuous control monitoring evaluation and
exception information, and the self-assessment data associated
with disclosure surveys, control self-assessments, Indirect Entity-
Level Control (IELC) self-assessments, and policy surveys
• Learn how to merge these different data elements to achieve
an end-to-end view of risks, controls, evaluations, and issue
remediation actions
• Understand KPIs from GRC, such as average duration-to-close
issues, trend curve analysis for issues year-over-year and by
process, and pre-defined, weighted averages for responses from
self-assessments based on specific questions and responses
• Learn how to make the right tool section decision (SAP Lumira®
, SAP
BusinessObjects, and SAP BusinessObjects Web Intelligence) and
how to determine when more than one tool is needed

| 2 2
How to interpret and use SAP access risk
analysis (ARA) reports to tighten your security
environment
Jonathon Pasquale, KPMG
What are your SAP access risk analysis (ARA) reports telling you about
your security design? What do they say about your users and how your
security access is mapped to them? How do you begin cleaning up the
SoDs that ARA is uncovering? This session shows you:
• How to turn the data from your GRC system into actionable
information
• Where to start after running the first SoD report
• How to use your ARA data to remediate access violations
Finding hidden gems: Unraveling the mystery
of executive reporting, dashboards and ad hoc
analytics
Mitesh Chugh, EY
Many companies struggle to glean actionable insight from the wealth
of information stored in their GRC system. Adding to the challenge
associated with the volume of data is the multitude of data sources
that contain it (SAP GRC, SAP ECC, SAP SRM, etc). This presentation
examines tools and approaches to identify, access, and report on the
most critical data points associated with daily compliance monitoring.
Attend and:
• Better understand your control evaluation and control
characteristics data, continuous control monitoring evaluation and
exception information, and the self-assessment data associated
with disclosure surveys, control self-assessments, Indirect Entity-
Level Control (IELC) self-assessments, and policy surveys
• Learn how to merge these different data elements to achieve
an end-to-end view of risks, controls, evaluations, and issue
remediation actions
• Understand KPIs from GRC, such as average duration-to-close
issues, trend curve analysis for issues year-over-year and by
process, and pre-defined, weighted averages for responses from
self-assessments based on specific questions and responses
• Learn how to make the right tool section decision (SAP
Lumira, SAP BusinessObjects, and SAP BusinessObjects Web
Intelligence) and how to determine when more than one tool is
needed
An updated guide to the latest reporting and
analytics options for SAP solutions for GRC
Swetta Singh, SAP
In 2015, SAP started bundling additional SAP BusinessObjects
Business Intelligence (BI) products with SAP solutions for GRC. Are
you aware that you can download these for free? Attend this session to
examine the different reporting options available to view and analyze
the information you manage, monitor, and record with the latest release
of SAP solutions for GRC. In this non-technical session, you will see
reporting examples and learn:
• Which SAP BusinessObjects Business Intelligence (BI) products
are now bundled with each GRC product and what you can do
with them
• Strategies to develop custom reports using the right BI tool for the job
• Discover the tips and tricks to make the most out of the BI tools to
create and manage your reports
T R A C K F I V E

| 2 3
T R A C K S I X
Implementations,
integration, and
upgrades
Advice and how-tos to get your GRC solutions up and
running, optimize their performance, and connect the
dots between them
Building an SAP Process Control deployment
plan: Answers to your most frequently asked
implementation questions
Steve Toshkoff, Protiviti
This session walks you through the capabilities of SAP Process Control,
identifies the features and functionality most often being used by
customers, and shows you how to best define the scope and scale of
your initial deployment and roll out. Come away with the knowledge you
need to frame out your implementation plan as we explore and answer
questions like:
• What are key considerations as you explore the adoption of SAP
Process Control?
• What are the key roles and responsibilities that must be defined for
process control implementations?
• What are the key success factors and considerations associated
with “net-new” implementations?
• What functionality does SAP Process Control offer to manage your
compliance initiatives?
• How do you go about defining an optimal security role structure
within SAP Process Control?
Live demo
The GRC value treasure hunt: Find and exploit the
enhancement gems in SAP Process Control and
SAP Risk Management 10.1 support packages
Jan Gardiner and Thomas Frénéhard, SAP
Are you on an older version or support package of SAP Process
Control or SAP Risk Management? If so, you’re missing key enhance-
ments delivered in version 10.1 support packages. In this live demo,
walk through the latest support package enhancements, which include:
• Business parameters to reduce CCM rule maintenance
• Risk harmonization between SAP Risk Management and SAP
Process Control
• Configurable offline survey forwarding for risk assessments, policy
surveys, and disclosure surveys
• Assignment of risk responses to risk drivers and/or impacts
Migrating your SoD ruleset during an SAP
Access Control 10.1 implementation or upgrade
Vijan Patel, Protiviti
If you’re in the process of making the switch from non-SAP segregation
of duties (SoD) tools to SAP Access Control 10.1 – or upgrading from
an earlier version of SAP Access Control – don’t miss this important
opportunity to learn how to plan and execute your ruleset conversion
project. This session provides step-by-step guidance to help you move
from the standard-delivered ruleset to fully customized and optimized
rules that identify key risks related to security/basis, purchasing, and
selling. Join us and examine:
• The key steps to convert an SoD ruleset from non-SAP solutions and
older SAP Access Control versions to SAP Access Control 10.1
• How to properly test and validate SAP Access Control 10.1
against your legacy system to ensure that everything’s in sync
post-conversion
• Common conversion challenges and lessons learned, including
how to set up accurate authorization object restrictions, how to
deal with different versions of similar transaction codes, and how
to handle the process of ruleset conversion validation
• How to approach the performance of periodic ruleset reviews
What’s holding up your SAP GRC upgrade? How
to jumpstart your project and lead it to success
Alpesh Parmar, ultimumIT
Attend this session and learn how to build a compelling business case
for the migration from SAP GRC 5.3 to GRC 10.1. Join us and:
• Examine the technical benefits of the upgrade, including Java
stack elimination, improved workflow flexibility, and easier SAP
HANA integration
• Understand the landscape simplification advantages
• Identify the potential risks and pitfalls of staying with version 5.3
Get detailed project planning, test scoping, and process validation
advice to ensure a quick and successful upgrade

| 2 4
SAP GRC integration: How to get your SAP GRC
functionality and core data to work together to
optimize your ROI
James Roeske, Customer Advisory Group
This session steps you through the key integration points between the
different SAP Access Control sub-modules including access risk anal-
ysis (ARA), access request management (ARM), business role manage-
ment (BRM), and emergency access management (EAM). Leverage
this knowledge to tighten integration between your key SAP GRC and
ERP solutions and streamline the flow of data. Attend and learn how to:
• Exploit the key integration functionality for change control, master
data, approval functionality, and workflow integration within ARA,
BRM, EAM, and ARM
• Understand how SAP GRC solutions, including SAP Process
Control, SAP Risk Management, and SAP Fraud Management,
work together in an integrated compliance environment
Step by step: Extending SAP Access Control
with SAP Fiori applications
Vyacheslav Plyushchikov, Advanced View Computer
Technologies
This session takes you on a deep dive into the customization of SAP
Fiori apps for SAP Access Control with company-specific functionality
and look and feel. Participate and learn how to modify, test, debug and
troubleshoot SAP Fiori apps and OData calls, and get tips and tricks
on app deployment, single sign-on integration, and custom theming.
Attend and get the firsthand knowledge of:
• Planning SAP Fiori apps enhancements
• Deploying SAP Web IDE
• Extending SAP Fiori apps for SAP Access Control
• Testing and debugging frontend SAP Fiori apps
• Testing and debugging backend OData calls
• Tips and tricks of deploying extended SAP Fiori apps
Making the business case for SAP solutions for
GRC: Examining the value of integration
Bruce Romney, SAP
Many companies understand that integrated GRC applications deliver
value, but they may have difficulty making the business case to get
them funded. Attend this session and:
• Discover the value proposition for integrating SAP solutions for GRC
• Learn how to deliver increased return on your GRC investment
• Review the latest research conducted by SAP on GRC practices
• See how to use our new value calculators to identify cost
reductions and efficiencies for selected SAP solutions for GRC
Creating an integrated master data governance/
GRC roadmap
Jay Gohil, Protiviti
Attend this session and learn how to integrate data governance projects
with GRC initiatives to establish appropriate ownership, manage risk,
and unlock opportunities for cost savings and operational efficiencies.
Join us and learn how to:
• Determine who has access to key data elements – such as vendor,
customer, and HR master data – and examine how to use SAP
Access Control to assign and manage risk ownership
• Implement key master data elements to ensure compliance with
data governance policies, including how to use access control rule
sets to identify core data risks, how to use process control CCMs
to properly maintain key master data elements, and how to use
SoD controls to prevent fraud
• Use tools such as SAP Master Data Governance and SAP
NetWeaver Master Data Management to ensure that your data
elements have associated policies and are properly approved, and
to enable associated business rules for your SAP data
• Establish a combined steering committee/governance organization
to streamline and empower your master data governance and
GRC initiatives
“Hypercare”: How to handle security and control
requirements immediately after a major system
implementation or upgrade-related go-live
Holly Marrs, PwC
With so many moving parts such as mass data loads, user training,
increased volume of system changes, and elevated access demands,
how do you maintain compliance with IT general controls during the
critical period immediately following a major system cut-over? How
should you work with both internal and external audit to demonstrate
the modified controls unique to your particular go-live scenario? Walk
through the key planning steps and learn how to use SAP solutions for
GRC to minimize risk and maintain compliance. Join us at this session
and:
• Understand how to properly plan for the period of hypercare
• Identify the key hypercare stability metrics needed to quantify your
progress and resolve issues during the post-go-live period
• Learn how to configure SAP Access Control and SAP Process
Control 10.x functionality to make this process more automated
and efficient
T R A C K S I X

| 2 5
How to use SAP Business Partner Screening to
secure your growing business network
Vishal Verma, SAP
Risk and compliance in your business network -- and, in particular,
watch-list screening -- poses unique challenges. This session shows
you how to cope with an increasing number of business partners and
the complexities of those relationships. Join us and learn how to comply
with enhanced enforcement of screening-related regulations. This
session shows you how to:
• Comply with regulations like the USA Patriot Act, know-your-
customer (KYC), and counter-terrorism financing (CTF)
• Minimize false positives using advanced screening algorithms,
risk-driven screening strategies, and intelligent whitelisting
• Improve alert resolution efficiency with intuitive user interface,
weak alias simulation, and workflow-driven alert resolution
Essential strategies to integrate SAP GRC with
SAP Identity Management
Sachin Singh, Deloitte
This session shows you how to integrate the SAP Access Control and
SAP Identity Management solutions to improve the efficiency and effec-
tiveness of your access control process and achieve compliant identity
management Attend and learn how to:
• Achieve a compliant identity management and enterprise-wide
access request process that detects and prevents SoD risks prior
to provisioning
• Centralize approvals for both identity management and
compliance requests
• Provide a controlled ad hoc access request mechanism
• Address the 6 key design considerations for self-service access
requests, including requestor, user interface, provisioning tool,
workflow design, and compliance check and notification
Take home a sample SAP GRC/SAP Identity Management integration
plan and sample documents highlighting key integration features.
Taking GRC mobile: How to use SAP Fiori to
enable GRC on mobile devices
David Denson, PwC
This session guides you through the catalog of SAP Fiori apps for GRC
and their functionality, examines the differences between SAP Fiori
transactional apps, fact sheet apps, and analytical apps, and helps you
understand the technical infrastructure and system landscape require-
ments needed to run each app type. Join us and:
• Step through the technical / infrastructure setup for SAP Fiori
• Get tips on customizing GRC apps to enhance the user
experience and address your business needs
• Examine the key security considerations associated with setting up
SAP Fiori apps for GRC on mobile devices
• Learn how to enhance the approver experience and increase
service levels by enabling mobile access approvals
T R A C K S I X

| 2 6
T R A C K S E V E N
SAP risk, fraud,
and
audit management
solutions
Expert advice to minimize risk and maximize
assurance and compliance
Hands-on lab
Using key features in SAP Audit Management 1.2
James Chiu and Bruce McCuaig, SAP
Attend this instructor-led, hands-on session to tour the key innovations
of SAP Audit Management 1.2. Join us and learn how to:
• Create, manage, and perform audits using the latest SAP Fiori UX
technology
• Leverage integration points between SAP Risk Management and
SAP Process Control
• Exploit key features in SAP Audit Management to reduce costs,
increase management engagement, and elevate the impact of
your audit department
Bringing SAP Process Control and SAP Risk
Management together to improve visibility,
reduce costs, and streamline end-to-end
compliance processes
Solene Alos, EY
This session identifies the key integration points between SAP Process
Control and SAP Risk Management from both a strategic and func-
tional standpoint and shows you how to leverage them to reduce
risk management costs and achieve new efficiencies via end-to-end
process automation and centralization. Attend and learn how to:
• Eliminate duplicate and fragmented risk activities and minimize
manual processes
• Enable SAP Risk Management users to propose or assign controls
from SAP Process Control to risks
• Use the fourth phase of the risk management lifecycle – risk
response – to evaluate analyzed risks and select the ones to be
“treated” by assessing the cost of implementing each option
against the benefits derived from it
Case study
How Stanley Black & Decker prepared for and
successfully passed its GRC audit
Erin Swartmiller, Stanley Black & Decker
To better monitor access and address SAP security controls, Stanley
Black & Decker embarked on a complete role redesign project,
including the design and rollout of conflict-free roles and the deploy-
ment of SAP Access Control 10.0 to monitor security risks. Attend
this session as the company shares its lessons learned to help you
successfully prepare for and pass your GRC audits. Join and come
away with:
• Key questions your external auditors will ask, such as: Were custom
transactions assessed for ruleset inclusion? What’s the approval
workflow? How are access requests controlled by authorized
approvers in GRC? Is evidence stored to support their approvals? Are
IT General Controls (ITGCs) in place for the system?
• Tips to keep your external auditor on board with your implementation
plans, and the audit evidence they will likely require
• Advice to prepare your system and implementation teams for an
audit, with specific emphasis on documentation requirements and
the GRC policies, procedures, and configurations that are typically
requested and heavily scrutinized
• Tips on how to best scope GRC projects according to your internal
control environment
Lecture
Get SAP Audit Management up and running fast!
Marie-Luise Wagener, SAP SE
Explore the top technical tips and tricks to take your SAP Audit
Management project to the next level of a mature audit management
lifecycle. During this session and live demonstration you will:
• Get an overview of the standard SAP Audit Management process
supported in the SAP Audit Management solution and how it
integrates with SAP Risk Management
• See how SAP Audit Management can be enhanced and
extended by custom defining fields, relabeling existing fields, and
adapting workflows

| 2 7
T R A C K S E V E N
Strategies for successful external audit alignment:
From project inception through post-go-live
Shivraj Patil, EY
Whether your large transformation project is people-, process-, or tech-
nology-related, learn how to ensure compliance during and after your
project. Find new ways to leverage compliance checkpoints to ramp up
efficiency, realize the projected cost benefits, and collaborate with audi-
tors to strengthen controls. Determine what to share with your external
auditor and learn how to:
• Define and embed compliance checkpoints within each stage of
your audit program
• Develop and adopt a strategy to promote external audit alignment
for complex projects
• Plan for remediation of audit findings within the project lifecycle
• Monitor key compliance indicators post-go-live to support strong
governance and an efficient and effective controls environment
• Engage key internal audit members and implementation partners
as part of the project to properly manage any external audit
Build high-impact, low cost risk management
frameworks that give you critical visibility into
your business
William Kahng, EY
Learn how to transform your enterprise risk management program by
enabling it through SAP Risk Management. Attend this session for
an in-depth overview of SAP Risk Management and how to use it to
improve visibility and integration by linking your risk and control frame-
works. Join us and:
• Discover how to lower the cost of risk management by eliminating
duplicate and fragmented risk activities and minimizing manual
processes
• Determine how to increase efficiencies through automation and
end-to-end process centralization
• See demos of SAP Risk Management’s key features, and discover
how they enable the five phases of risk management lifecycle:
Risk planning, risk identification, risk analysis, risk response, and
risk monitoring
Lecture
End-to-end fraud management: Analyzing high-
risk transactions of business affiliates
Nesimi Buelbuel, SAP
Learn firsthand how SAP Fraud Management helps you holistically
manage high-risk transaction scenarios associated with your core busi-
ness affiliates. During this session you will:
• Examine the SAP Fraud Management features and functionalities
designed to identify and investigate suspicious transactions
• Understand supporting detection and screening methodologies
that can help you minimize false positives while analyzing
critical transactions
• Learn best practice and recommendations for a
successful implementation
The most common audit findings in SAP: What
you should know, and how to prevent them
Steve Biskie, High Water Advisors
During this session, you’ll be exposed to many of the most prevalent
(but least talked about) audit-related findings for companies running
SAP. Join us and delve into areas like security, change control and
transports, journal entry creation, master data maintenance, key config-
uration settings, and more. Review actual audit reports and see how
each issue identified could have been prevented with either smarter
SAP control settings or more intelligent monitoring of SAP data. In addi-
tion to well-known areas of focus – such as segregation of duties and
locking the production client – you’ll learn how to:
• Use SAP transactions and reports to identify and mitigate the use
of development “back doors,” incomplete logging settings, the
failure to effectively use tolerances, user ID sharing, inappropriate
firefighter usage, high-risk GL entries, and vendor master data
settings susceptible to fraud
• Enable additional SAP control configuration, refine the way
standard reports are used, and develop additional monitoring
procedures to detect or prevent these issues
• Adopt creative techniques to validate the appropriateness of
control settings that don’t have a “right” answer, but should
generate similar results across similar company codes using the
same currency
• Create simple report variants – including the use of SAP query – to
identify many of these issues

| 2 8
T R A C K S E V E N
Overcoming your biggest audit pain: A practical
guide to managing report completeness and
accuracy in an SAP control environment
Jason Colo, PwC
The completeness and accuracy of information produced in support
of internal controls is a hot topic in today’s SAP risk and controls envi-
ronment. The increased regulatory focus on proper internal controls
reporting is prompting auditors to dive deeper than ever before. Attend
this session and get practical advice to help you plan for and respond
to this increased scrutiny, including:
• How to use available table data in SAP ECC to support
management’s confidence in the numbers
• An understanding of the transaction codes that business end
users commonly refer to for reporting purposes
• How to read the technical details in SAP tables to understand
reporting changes
• How to use the SAP information that’s already at your fingertips to
better assess the completeness and accuracy of your key reports
Using SAP Fraud Management to improve your
financial processes and bottom line
Tomás Kong, SAP
This session shows you how to exploit SAP fraud management on SAP
HANA to analyze large volumes of data from multiple data sources and
identify potential fraud activity you wouldn’t otherwise see. Attend and
learn how to:
• Identify unknown fraud patterns that aren’t identified by current
detection methods
• Integrate the solution into your broader SAP solutions for GRC
portfolio — not only from an IT perspective, but also from a
business perspective
• Use SAP’s predictive analytics and screening solutions to
complement SAP Fraud Management
How to use SAP Audit Management to transform
internal audit
James Chiu, SAP
In a survey of internal auditors, 54% believed that technology will funda-
mentally change how audit services are performed and how the value
of those services is measured. This session shows you how to use the
features and functionality of SAP Audit Management 1.2 to support
your end-to-end audit cycle. Join us and learn how to:
• Enable the assessment of risk to improve of audit planning
• Integrate with SAP Process Control, SAP Risk Management, and
SAP Fraud Management to tighten alignment with business needs
• Provide reusable audit template libraries and ensure optimal
resource utilization
• Configure screens and settings to improve audit scheduling,
management, and reporting
• Track and manage audit issues with global monitoring and follow-up
• Simplify document capture with drag-and-drop and working paper
management functionality
Practical ways to achieve internal audit
transformation with SAP Audit Management
Shola Oguntunde, EY
This session walks you through the capabilities of SAP Audit
Management, including its working paper management features, global
monitoring of findings and remedial action capabilities, and scheduling
and resource management functionality. Examine the solution’s integra-
tion with SAP Process Control, SAP Risk Management, and SAP Fraud
Management, and learn how to:
• Configure screens and views to improve and automate
management reporting
• Accelerate decision making, provide a single view of risk, and
better manage the skill inventory of your audit department
• Leverage the integration between SAP Audit Management and
SAP Fraud Management for continuous transaction monitoring
• Explore key integration points between SAP Audit Management,
SAP Process Control, and SAP Risk Management, including how
to import risks, controls, and control test data

| 2 9
P R I C I N G
GRC 2016 is co-located with Financials 2016. Registration
at one conference admits you to both events at no additional
cost. It’s the perfect opportunity to educate your entire team.
Send your team!
Bring your team and you can divide and conquer all of your
learning objectives. Call Ryan Longval at 781-751-8858 to
learn how your organization can take advantage of exclusive
group rates.
Produced by Wellesley Information Services, LLC, publisher of
SAPinsider. ©2016 Wellesley Information Services. All rights
reserved. WIS information products include SAPinsider and
insiderPROFILES magazines, SAP Experts online libraries and
anthologies, SAP Professional Journal, and SAPinsider Seminars
OnDemand. SAP products and services mentioned herein as well
as their respective logos are trademarks or registered trademarks
of SAP SE (or an SAP affiliate company) in Germany and other
countries. All other product and service names mentioned
are the trademarks of their respective companies. WIS is not
affiliated with SAP SE or any of the SAP SE group of companies.
GRC 2016 is conducted independently by WIS, publisher of
SAPinsider, with permission from SAP SE.
GRC2016
Las Vegas • March 15-18
MGM Grand
3799 S. Las Vegas Blvd.
Las Vegas, NV 89109
1.877.880.0880
Conference Rates
Register and pay by
January 15, 2016
and SAVE $200
Register and pay by
February 12, 2016
and SAVE $100
Register and
pay after
February 12, 2016
All-Access Pass, March 14-18
Includes access to Pre-conference Workshops,
all conference sessions, keynote address, exhibit
hall, networking activities, receptions, lunches,
and refreshments
$2,599 $2,699 $2,799
Gold Pass, March 15-18
Includes access to all conference sessions, keynote
address, exhibit hall, networking activities, receptions,
lunches, and refreshments
$2,199 $2,299 $2,399
Workshop Pass, March 14
Includes access to Pre-conference Workshops, lunch,
and refreshment breaks
$899 $899 $899

GRC_2016_US_Brochure

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (19)

Andere mochten auch

Andere mochten auch (10)

Ähnlich wie GRC_2016_US_Brochure

Ähnlich wie GRC_2016_US_Brochure (20)

Mehr von Jimmy Singh Mathur

Mehr von Jimmy Singh Mathur (10)

GRC_2016_US_Brochure