Book Your Summer Shop Summer Reading
SAP GRC For Dummies
Governance, risk, and compliance—these three big letters can add up to one giant headache. But GRC doesn't have to be a boil on your corporate behind. SAP GRC For Dummies untangles the web of regulations that confronts your company and introduces you to software solutions the not only keep you in compliance, but also make your whole enterprise stronger.

This completely practical guide starts with a big-picture look and GRC and explains how it can help your organization grow. You'll find out why these regulations were enacted; what you can do to ensure compliance; and how compliance can help you prevent fraud, bolster your corporate image, and envision and execute the best possible corporate strategy. This all-business handbook will help you:

  • Understand the impact of Sarbanes-Oxley
  • Control access effectively
  • Color your company a greener shade of green
  • Source or sell goods internationally
  • Keep your employees safe and healthy
  • Ensure that data is kept secret and private
  • Manage information flow in all directions
  • Enhance your public image through sustainability reporting
  • Use GRC as the basis for a powerful new corporate strategy

Complete with enlightening lists of best practices for successful GRC implementation and conducting global trade, this book also puts you in touch with thought leadership Web sights where you can deepen your understanding of GRC-based business strategies. You can't avoid dealing with GRC, but you can make the most of it with a little help from SAP GRC For Dummies.

"1102488518"
SAP GRC For Dummies
Governance, risk, and compliance—these three big letters can add up to one giant headache. But GRC doesn't have to be a boil on your corporate behind. SAP GRC For Dummies untangles the web of regulations that confronts your company and introduces you to software solutions the not only keep you in compliance, but also make your whole enterprise stronger.

This completely practical guide starts with a big-picture look and GRC and explains how it can help your organization grow. You'll find out why these regulations were enacted; what you can do to ensure compliance; and how compliance can help you prevent fraud, bolster your corporate image, and envision and execute the best possible corporate strategy. This all-business handbook will help you:

  • Understand the impact of Sarbanes-Oxley
  • Control access effectively
  • Color your company a greener shade of green
  • Source or sell goods internationally
  • Keep your employees safe and healthy
  • Ensure that data is kept secret and private
  • Manage information flow in all directions
  • Enhance your public image through sustainability reporting
  • Use GRC as the basis for a powerful new corporate strategy

Complete with enlightening lists of best practices for successful GRC implementation and conducting global trade, this book also puts you in touch with thought leadership Web sights where you can deepen your understanding of GRC-based business strategies. You can't avoid dealing with GRC, but you can make the most of it with a little help from SAP GRC For Dummies.

34.99 In Stock
SAP GRC For Dummies

SAP GRC For Dummies

SAP GRC For Dummies
Add to Wishlist
SAP GRC For Dummies

SAP GRC For Dummies

Overview

Governance, risk, and compliance—these three big letters can add up to one giant headache. But GRC doesn't have to be a boil on your corporate behind. SAP GRC For Dummies untangles the web of regulations that confronts your company and introduces you to software solutions the not only keep you in compliance, but also make your whole enterprise stronger.

This completely practical guide starts with a big-picture look and GRC and explains how it can help your organization grow. You'll find out why these regulations were enacted; what you can do to ensure compliance; and how compliance can help you prevent fraud, bolster your corporate image, and envision and execute the best possible corporate strategy. This all-business handbook will help you:

  • Understand the impact of Sarbanes-Oxley
  • Control access effectively
  • Color your company a greener shade of green
  • Source or sell goods internationally
  • Keep your employees safe and healthy
  • Ensure that data is kept secret and private
  • Manage information flow in all directions
  • Enhance your public image through sustainability reporting
  • Use GRC as the basis for a powerful new corporate strategy

Complete with enlightening lists of best practices for successful GRC implementation and conducting global trade, this book also puts you in touch with thought leadership Web sights where you can deepen your understanding of GRC-based business strategies. You can't avoid dealing with GRC, but you can make the most of it with a little help from SAP GRC For Dummies.

Product Details

ISBN-13: 9780470333174
Publisher: Wiley
Publication date: 05/12/2008
Series: For Dummies Books
Pages: 368
Sales rank: 1,101,627
Product dimensions: 7.20(w) x 9.20(h) x 0.80(d)

About the Author

Denise Vu Broady: Denise is SAP’s VP of Strategic Applications. She runs the SAP CFO Center of Excellence, a cross-solution team responsible for enabling customers to use SAP technology and products to transform the Office of the CFO. She has business development responsibility for the entire CFO portfolio of solutions, including Governance, Risk & Compliance (GRC); Enterprise Performance Management (EPM); and Spend Optimization. Denise has over 11 years of SAP-related experience. At SAP she has specialized in bringing new products to market; Denise played a central role in the launch of xApps, NetWeaver, Payroll Change Management, GRC and EPM. She came to SAP via the acquisition of TopTier where she was Product Manager. Earlier in her career, Denise gained hands-on SAP experience as a consultant on multiple R/2 and R/3 technical and functional projects. Denise has a BS in Management Science and Marketing from Virginia Tech and resides in New York City.

Holly A. Roland: Holly is the vice president of marketing for SAP’s Governance, Risk and Compliance (GRC) business unit. In this role, she is responsible for product strategy and marketing for SAP’s GRC products. Holly created the industry-leading executive advisory board for GRC, composed of customers, partners, and SAP executives, which facilitates collaboration among business executives and industry leaders to identify common GRC challenges, develop GRC best practices, and conceive of supporting technology solutions. Holly was instrumental in the integration of Virsa Systems and the successful design and execution of SAP’s GRC product launch in 2006. She publishes articles and serves as an expert speaker for international events and forums on GRC topics. Holly has more than 15 years of experience in financial accounting and reporting, regulatory compliance, business analytics, and enterprise software marketing and development. Prior to joining SAP, she led product strategy, marketing, and product management operations at Virsa Systems, Oracle Corporation, Hyperion Solutions, and Movaris. Holly also served as a public accountant for PriceWaterhouseCoopers where she audited large public companies and provided business consulting. Holly graduated cum laude from Santa Clara University with a BS in Commerce. She is based in SAP Labs in Palo Alto, California.

Read an Excerpt

Click to read or download

Table of Contents

Introduction 1

About This Book 1

Foolish Assumptions 2

How This Book Is Organized 2

Part I: Governance, Risk, and Compliance Demystified 3

Part II: Diving into GRC 3

Part III: Going Green 3

Part IV: Managing the Flow of Information 3

Part V: The Part of Tens 4

Glossary 4

Icons Used in This Book 4

Where to Go from Here 5

Part I: Governance, Risk, and Compliance Demystified 7

Chapter 1: The ABCs of GRC 9

Getting to Know GRC 9

Getting in the Business Drivers’ Seat 11

Getting Motivated to Make the Most of GRC 14

Complying with financial regulations 14

Failing an audit 15

Experiencing a rude awakening 17

Going from private to public 17

Managing growth 18

Taking out an insurance policy 19

Managing risk 19

Reducing costs 19

Struggling with the high volume of compliance 20

Introducing the GRC Stakeholders 20

GRC stakeholders inside a company 21

GRC stakeholders outside a company 21

Understanding GRC by the Letters 22

Governance 23

Risk 23

Compliance 23

C Is for Compliance: Playing by the Rules 25

Controls: Mechanisms of compliance 25

Domains of compliance 27

R Is for Risk: Creating Opportunity 30

G Is for Governance: Keeping Focused and Current 31

Hitting the Audit Trail 32

Designing Your Approach to GRC 33

After the rush to clean up 33

Stages of GRC adoption 34

What GRC Solutions Provide 35

Chapter 2: Risky Business: Turning Risks into Opportunities 39

Discovering Enterprise Risk Management 39

Defining Risk 40

Ignoring Risk (At Your Peril) 42

Sorting Through the Approaches to Risk Management 43

The ad hoc approach 43

The fragmented approach 43

The risk manager’s job approach 46

The systematic, enterprise-wide approach 46

A cultural approach 47

Identifying the Critical Components of a Successful Risk Management Framework 47

A culture that takes risk seriously, from the C-suite down 48

A risk management organization: Distributing responsibility throughout the culture 50

A systematic framework in place 52

Technology that creates a risk picture 53

Taking the Four Steps to Enterprise Risk Management 53

Risk planning 54

Risk identification and analysis 55

Risk response 56

Risk monitoring 57

Analyzing What Went Wrong: When Risk Becomes Reality 57

Automating the Risk Management Cycle 58

Taking the SAP Approach: SAP GRC Risk Management 58

SAP GRC risk management and key risk indicators 59

Monitoring risks and key risk indicators with SAP GRC Risk Management 60

Using SAP GRC Risk Management: A Fictional Case Study 61

Where should we produce? 62

Using SAP Risk Management: An SAP Case Study 63

Gleaning the Benefits of SAP GRC Risk Management 64

Chapter 3: Governance: GRC in Action 67

Getting to Know Governance 67

Gleaning the Benefits of Good Governance 69

Drafting Governance Blueprints 70

Creating a Framework for Great Governance 71

Evaluating Your Governance Framework 76

From a strategic and operational perspective 76

From a legal and regulatory compliance perspective 77

Hurdles to Instituting and Maintaining a Good Framework 78

Avoiding GRC silos 79

Making GRC strategic 79

Justifying the cost of GRC 80

Applying GRC too narrowly 81

Setting up checks and balances 82

Making the Argument for Automation 82

The SAP Approach: Integrated Holistic IT for GRC 83

Coming to Grips with Governance 85

Part II: Diving into GRC 87

Chapter 4: How Sarbanes and Oxley Changed Our Lives 89

Figuring Out Whether SOX Applies to You 90

Discovering Why SOX Became Necessary 91

Who Are Sarbanes and Oxley, Anyway? 92

Breaking Down SOX to the Basics 93

Sections 302 and 906: Threatening management with a big stick 93

Section 404: Ensuring a healthy immune system 96

What does Section 404 mean for business? 97

Information Technology: SOX in a Box 98

IT frameworks: Your template for compliance 99

COSO’s control framework 99

The SOX ripple effect 100

Paying Up: What’s SOX Going to Cost You? 100

SOX Costs Then 100

SOX Costs Now 101

Setting the Record Straight 101

Other Laws You Need to Know About 102

We’re All In This Together: Convergence 102

Japan’s J-SOX 102

Australia’s CLERP-9 103

Canada’s C-11 103

Basel II 103

Sorting Out the Benefits of SOX 103

Chapter 5: Fraud, Negligence, and Entropy:

What Can Go Wrong and How to Prevent It 105

Defining Fraud 106

Motivations for fraud 107

Sowing the seeds of fraud 107

Some common examples of fraud 108

The Barings Bank scandal: Operations risk extraordinaire 109

Negligence: More Likely Than Fraud 111

Entropy: Errors, Omissions, and Inefficiencies 111

Cleaning Up: The Mop-Up Operation 112

Thinking like an auditor 113

Making the computer your auditor 113

Chapter 6: Access Control and the Role of Roles 115

Understanding Access Control and Roles 115

Getting a Handle on Access Control 116

Users and permissions 117

The roles revolution 118

How Access Control Got Messy 118

Every user is different 118

Virtual things are hard to track 119

IT and business don’t speak the same language 119

Exceptional circumstances dictate exceptional access 120

Large scale increases complexity 120

Getting Clean 121

Figuring out where you stand 121

Staying Clean 123

Managing Exceptional Access 124

The SAP Approach: SAP GRC Access Control 125

Where Do You Go from Here? 126

Chapter 7: Taking Steps toward Better Internal Controls 127

Understanding Internal Controls 127

Exploring the Benefits of Better Controls 128

Benefit one: Business process improvement 129

Benefit two: Management by exception 129

Benefit three: Real-time monitoring 129

Benefit four: Mindset changes 131

Seeing How Automating Controls Makes Things Easier 131

Taking Five Steps to Better Internal Controls 134

Documentation: The mapping exercise 134

Testing: Real-time and historical 135

Remediation: Fixing the problem 135

Analysis: Reports for management 135

Optimization: Barring risk 136

Getting to Know the SAP Approach: SAP GRC Process Control 136

Single system of record 136

Continuous monitoring 137

Out-of-the-box monitoring 137

End-to-end internal controls 138

Chapter 8: It’s a Small World: Effectively Managing Global Trade 141

Understanding Four Reasons Why Global Trade Is So Complex 142

Long supply chains 143

New regulations and security initiatives 144

Modernization of government IT systems 145

Increasing complexity of regulations 146

Figuring Out the Complexities of Importing 148

Classifying an item: What is it? 148

Making way for the goods: Pre-clearance 149

Making it through: Clearing Customs 149

Reconciling value: The step most often missed 149

Getting the lead out: Brand protection 150

Making Sure You’re Complying with All 19,391

Exporting Restrictions 150

Knowing who you’re dealing with 150

Obtaining the right export licenses 151

Knowing how the product will be used 152

Taking Advantage of the System: Trade Preference Management 153

Discovering the Different Ways to Manage Global Trade 153

Using the SAP Approach: SAP GRC Global Trade Services 154

Part III: Going Green 157

Chapter 9: Making Your Company Environmentally Friendly 159

Discovering the Three Ps of Going Green: People, Processes, and Products 160

Going Green: It’s Not Just for Tree-Huggers Anymore 161

Understanding Why Your Company Should Go Green 162

Going Green Is Good Business 164

Enhance your image 164

Build trust with regulatory authorities 166

Influence future events 166

Implementing Green Practices 167

Trees matter 167

Let there be (green) light! 167

Water: To bottle or not to bottle? 168

Reduce your risk 168

Going Green Is also the Law 169

Compliance 169

Risks of noncompliance: Fines and public relations nightmares 170

A Final Word About Going Green 171

Chapter 10: Keeping Employees Healthy and Safe 173

Keeping Your Employees Safe and Healthy: The Big Picture 174

Enabling and maintaining good health 175

Avoiding accidents 175

Healthy benefits equal employee recruitment retention 176

Moving Down the Road to Zero Accidents 177

Organizing and managing a comprehensive health and safety program 177

Assessing risks 178

Standardizing your procedures 179

Managing accidents 180

Inspecting your sites and creating new safety measures 181

Educating your employees 182

Making the Case for Automation and Integration 183

Taking the SAP Approach to Employee Health and Safety 184

The Occupational Health module 184

The Industrial Hygiene and Safety module 185

Chapter 11: Making Your Business Processes Environmentally Friendly 189

Discovering Ways in which All Companies Can Go Green 190

Reducing Your Energy Use and Costs 190

Building, Renovating, and Cleaning with Sustainable Resources and Materials 192

Begin at the beginning with green design 192

Pick the right spot 192

Crunch your numbers 193

Make friends with your site plan 193

Reduce unnecessary strains on your HVAC 194

Exploit the advantages of technology 194

Command the water 194

Use green and recycled building materials 194

Build smart, build green 196

Renovate green 196

Clean green 196

Recycle 197

Reducing travel 198

Getting LEED Certified 198

Assessing Your Environmental Risks 201

Greening Manufacturing 202

Green legislation 202

EPA Clean Air Act 203

EPA Clean Water Act 204

Waste Electrical and Electronic Equipment (WEEE) 206

Adopting Green Practices for Manufacturing 208

Establish an energy management program 208

Reduce emissions 209

Reduce waste 210

Deal with hazardous substances 210

Optimize occupational health 210

Promote industrial hygiene and safety 211

Ensure product safety 211

Taking the SAP Approach to Making Your Processes Environmentally Friendly 211

SAP Environmental Compliance 212

SAP Waste Management: A core component of SAP Environment, Health, and Safety 215

Chapter 12: Making Your Products Environmentally Friendly 217

Discovering What It Takes to Make Products Environmentally Friendly 218

Figuring Out What Your Materials Are and What They Do 219

Defining hazardous materials 220

Defining dangerous goods 221

Realizing the Benefits of Compliance 222

The benefits of complying 223

The risks of failing to comply 224

Using Hazardous Materials Responsibly 225

Customer compliance management 226

Supplier compliance management 226

Compliance reporting 226

Comprehensive task management 226

Working with Hazardous Materials 227

Packing 227

Materials communications 228

Transporting materials 228

Keeping Up with Materials Legislation 229

Toxic Substances Control Act (TSCA) 229

Registration, Evaluation, Authorization of Chemicals (REACH) 230

Reduction of Hazardous Substances (RoHS) 234

Exploring the SAP Approach to Product Compliance 235

Compliance for Products by TechniData (CfP) 236

SAP EH&S 238

Part IV: Managing the Flow of Information 243

Chapter 13: Sustainability and Corporate Social Responsibility 245

Discovering the Great Power and Responsibility of Big Companies 246

Getting the Lowdown on Sustainability 247

Discovering Why Sustainability Is Good Business 250

Managers recognize sustainability as a top priority 250

Stakeholders exert pressure 251

Sustainable businesses have better access to capital 253

Government regulations increasingly require it 254

Sustainability helps you manage risk 254

CSR protects your brand image 255

It helps you attract and keep the best employees 256

CSR is ethical 256

It helps business planning and innovation 256

CSR increases profits 257

Discovering the Possible Downside of CSR 258

Managing Sustainability Performance 258

The current reporting process is a mess 259

New tactics are required 259

Discovering Why an Automated Solution Is Needed 260

Sustainability reporting is a recurring problem 260

Huge amounts of data are involved 260

Integration is a plus 261

Automation creates supply chain transparency 261

Automation means auditability 262

Automation yields analytics and benchmarks 262

An IT solution speeds distribution of data 263

Chapter 14: IT GRC 265

Getting a Handle on What IT GRC Is 266

Understanding IT Governance in Terms of Risk and Compliance 267

In terms of risk 268

In terms of compliance 269

Keeping up with the pace of change 271

Securing Your Software Applications 272

Taking basic application security measures 272

Consolidating security solutions 273

Making friends with the IT department 274

Keeping the Kimono Closed: Data Privacy 275

Protecting Key Corporate Assets: Intellectual Property 276

Cinching Up the Kimono 276

Leveraging the network 277

Other ways data can walk away 278

Protecting IT assets 279

Communication 280

Chapter 15: Turning On the Lights with GRC and CPM 281

Turning On the Lights with CPM 282

Making the Case for CPM and GRC Integration 284

Understanding obstacles to integration 285

Instrumenting the enterprise 286

Collecting the payoff from CPM and GRC integration 287

Supplier concentration 288

Loan processing 289

Seeing CPM and GRC Integration in Practice 289

The intersection of actuals 289

Strategy, risk, and planning 290

Governance and strategy 290

Discovering the Reusable Technology of GRC 291

Repository 291

Document management 291

Case management 292

Workflow 292

Process modeling 292

Policy engine 292

Rule engine 293

Controls 293

Reporting 293

Standardized interfaces to components 293

Composite apps on the platform 294

Part V: The Part of Tens 295

Chapter 16: Top Ten GRC Strategies 297

Evaluate Which of the Most Prevalent GRC Issues Apply to You 297

Adopt Best Practices 298

Implement Key GRC Strategies 299

Set Yourself Up for Success 299

Watch Out for Danger Signs 299

Define GRC Roles and Responsibilities 300

Shake Down the People Who Know 301

Move to Strategic Adoption of Automated Controls 302

Adopt Strategies for Cleaning Up Access Control 302

Getting Your GRC Project Going and Keeping It Going 303

Chapter 17: Ten Best Practices in Global Trade 305

Automate or Else 305

Don’t Go to Pieces 305

Make Sure You Can Trust Your Partners 306

Avoid Importing Delays 306

Get On Board with the Government’s High-Tech Documenting Processes 306

Know Who is Allowed at the Party 307

Know Who You’re Shipping to 307

Get the Right Licenses 307

Take the Free Money 307

Leave a Paper Trail 308

Chapter 18: Ten Groups of GRC Thought Leadership Resources 309

GRC Resources 309

Web sites 309

Blogs 310

Online journals 310

Risk Resources 311

Web sites 311

Blogs 311

Books 311

SOX Resources 312

Web sites and forums 312

Books 312

Financial Compliance Resources 312

J-SOX 313

Basel II 313

Foreign Corrupt Practices Act 313

Access Control and Process Control Resources 314

Web sites 314

Articles 314

Wikis 314

IT GRC Resources 315

Blogs 315

Global Trade Resources 315

Web sites 315

Blogs 316

Employee Health and Safety Resources 316

Web sites and online journals 317

Blogs 317

Articles 317

Going Green Resources 317

Web sites 317

Wikis 318

Articles 318

Blogs 319

Books 319

Sustainability Resources 319

Web sites 319

Articles 320

Blogs and books 320

Glossary 321

Index 331

From the B&N Reads Blog
Page 1 of

Related Subjects

Psychology
Psychology - Theory, History & Research
Behavioral Psychology
Psychology
Psychology - Theory, History & Research
Behavioral Psychology

Customer Reviews