oCFO Solution Update

Finance and Risk Solutions - GRC

SEA DTO oCFO Team
Cindy Christania & Randall Yu
2020
INTERNAL
Key Objectives

S/4HANA Enterprise Management

Accounting and Financial Close Financial Operations

Cost Management and Profitability Analysis

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 2

oCFO Solutions
 Finance & Risk Chief Financial Officer

Vice President, Head, Corporate Head, Finance Head, Corporate Risk, Compliance
CISO, CIO
Finance Reporting Operations Treasury & Audit Officer

Financial Planning Accounting Finance Treasury Enterprise Risk Cybersecurity

& Analysis & Financial Close Operations Management & Compliance & Data Protection

Financial Planning & Analysis Accounting & Financial Close Receivables Management Payments and Bank Communication Enterprise Risk and Compliance Cybersecurity and Data Protection
SAP Business Planning and Consolidation SAP RealSpend SAP Receivables Management SAP S/4HANA Finance for cash mgmt. SAP Process Control SAP Enterprise Threat Detection
SAP Analytics Cloud S/4HANA Finance for central finance foundation SAP Cash Application SAP S/4HANA Fin.for cash mgmt, vers. for China SAP Risk Management SAP Privacy Management by BigID
SAP Customer Profitability Analytics SAP S/4HANA for Group Reporting SAP S/4HANA Cloud for customer payments SAP S/4HANA Finance for in-house cash SAP Audit Management SAP Data Privacy Governance
SAP Profitability and Performance Management SAP Business Planning and Consolidation SAP Digital Payments Add-On SAP Card Management SAP Business Integrity Screening SAP Data Custodian
SAP Analytics Cloud SAP S/4HANA Cloud for credit integration SAP Multi-Bank Connectivity SAP Regulation Management by Greenlight UI data protection masking
SAP Profitability and Performance Management UI data protection logging
SAP Disclosure Management Invoice Management and Accounts Payable Cash and Liquidity Management Access Governance SAP Code Vulnerability Analyzer
SAP Financial Closing cockpit SAP Invoice Management by Open Text SAP S/4HANA Finance for cash mgmt. SAP Access Control SAP Fortify by Micro Focus
SAP S/4HANA Cloud for Advanced Financial Closing SAP Information Extraction by OpenText SAP S/4HANA Fin.for cash mgmt, vers. for China SAP Cloud Identity Access Governance
SAP Advanced Payment Management SAP S/4HANA Finance for in-house cash SAP Identity Management
Blackline SAP S/4HANA Goods & Invoice Receipt Reconciliation SAP Business Planning and Consolidation SAP Cloud Platform Identity Provisioning
SAP Account Reconciliation & Automation by BlackLine SAP Analytics Cloud SAP Single Sign-On
SAP Intercompany Financial Hub by Blackline Real Estate Management SAP Cloud Platform Identity Authentication
SAP S/4HANA Real Estate Management Debt and Investment Management SAP Dynamic Authorization Management by NextLabs
• SAP Contract and Lease Mgmt for S4 SAP S/4HANA Finance for treasury & risk mgmt. SAP Access Violation Management by Greenlight
• SAP Real Estate Portfolio Mgmt for S4 Trading Platform Integration
SAP S/4HANA for asset retirement obligation (ARO) SAP Market Rates Management International Trade Management
SAP Common Area Maintenance Expense Recovery SAP Global Trade Services
Financial Risk Management SAP S/4HANA for international trade
Financial Shared Services SAP S/4HANA Finance for treasury & risk mgmt. SAP Watch List Screening
SAP Shared Service Framework for S/4HANA SAP Trade Repository Reporting by Virtusa
SAP Treasury and Risk Management, Impairment
Travel and Expense Management Accounting Extension for Expected Losses (RCS)
SAP Concur S/4HANA Financial Products Subledger (IFRS 9 & 17)

Global Tax Management

Tax Calculation Electronic Invoicing

SAP Tax Service SAP Document Compliance, on-premise edition
SAP Document compliance, invoicing option for PEPPOL Disclaimer:
Validation and Audit SAP NFE
SAP Tax Compliance This is non-exhaustive list and solution names may change at any time
Periodic Tax Declaration For any questions/ clarifications, contact any of oCFO Solution Engineers
SAP Advanced Compliance Reporting
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL SAP ERP, add-on for Polish SAF-T regulatory requirements 4
Tax Declaration Framework in Brazil
Governance, Risk and Compliance (GRC)
Solutions
 Finance & Risk Chief Financial Officer

Vice President, Head, Corporate Head, Finance Head, Corporate Risk, Compliance
CISO, CIO
Finance Reporting Operations Treasury & Audit Officer

Financial Planning Accounting Finance Treasury Enterprise Risk Cybersecurity

& Analysis & Financial Close Operations Management & Compliance & Data Protection

Financial Planning & Analysis Accounting & Financial Close Receivables Management Payments and Bank Communication Enterprise Risk and Compliance Cybersecurity and Data Protection
SAP Business Planning and Consolidation SAP RealSpend SAP Receivables Management SAP S/4HANA Finance for cash mgmt. SAP Process Control SAP Enterprise Threat Detection
SAP Analytics Cloud S/4HANA Finance for central finance foundation SAP Cash Application SAP S/4HANA Fin.for cash mgmt, vers. for China SAP Risk Management SAP Privacy Management by BigID
SAP Customer Profitability Analytics SAP S/4HANA for Group Reporting SAP S/4HANA Cloud for customer payments SAP S/4HANA Finance for in-house cash SAP Audit Management SAP Data Privacy Governance
SAP Profitability and Performance Management SAP Business Planning and Consolidation SAP Digital Payments Add-On SAP Card Management SAP Business Integrity Screening SAP Data Custodian
SAP Analytics Cloud SAP S/4HANA Cloud for credit integration SAP Multi-Bank Connectivity SAP Regulation Management by Greenlight UI data protection masking
SAP Profitability and Performance Management UI data protection logging
SAP Disclosure Management Invoice Management and Accounts Payable Cash and Liquidity Management Access Governance SAP Code Vulnerability Analyzer
SAP Financial Closing cockpit SAP Invoice Management by Open Text SAP S/4HANA Finance for cash mgmt. SAP Access Control SAP Fortify by Micro Focus
SAP S/4HANA Cloud for Advanced Financial Closing SAP Information Extraction by OpenText SAP S/4HANA Fin.for cash mgmt, vers. for China SAP Cloud Identity Access Governance
SAP Advanced Payment Management SAP S/4HANA Finance for in-house cash SAP Identity Management
Blackline SAP S/4HANA Goods & Invoice Receipt Reconciliation SAP Business Planning and Consolidation SAP Cloud Platform Identity Provisioning
SAP Account Reconciliation & Automation by BlackLine SAP Analytics Cloud SAP Single Sign-On
SAP Intercompany Financial Hub by Blackline Real Estate Management SAP Cloud Platform Identity Authentication
SAP S/4HANA Real Estate Management Debt and Investment Management SAP Dynamic Authorization Management by NextLabs
• SAP Contract and Lease Mgmt for S4 SAP S/4HANA Finance for treasury & risk mgmt. SAP Access Violation Management by Greenlight
• SAP Real Estate Portfolio Mgmt for S4 Trading Platform Integration
SAP S/4HANA for asset retirement obligation (ARO) SAP Market Rates Management International Trade Management
SAP Common Area Maintenance Expense Recovery SAP Global Trade Services
Financial Risk Management SAP S/4HANA for international trade
Financial Shared Services SAP S/4HANA Finance for treasury & risk mgmt. SAP Watch List Screening
SAP Shared Service Framework for S/4HANA SAP Trade Repository Reporting by Virtusa
SAP Treasury and Risk Management, Impairment
Travel and Expense Management Accounting Extension for Expected Losses (RCS)
SAP Concur S/4HANA Financial Products Subledger (IFRS 9 & 17)

Global Tax Management

Tax Calculation Electronic Invoicing

SAP Tax Service SAP Document Compliance, on-premise edition
SAP Document compliance, invoicing option for PEPPOL Disclaimer:
Validation and Audit SAP NFE
SAP Tax Compliance This is non-exhaustive list and solution names may change at any time
Periodic Tax Declaration For any questions/ clarifications, contact any of oCFO Solution Engineers
SAP Advanced Compliance Reporting
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL SAP ERP, add-on for Polish SAF-T regulatory requirements 6
Tax Declaration Framework in Brazil
 SAP GRC solutions
Key themes

Enterprise risk and Cybersecurity and International trade

Access governance
compliance data protection management

 Manage risks, controls, and  Manage identities, authorized  Protect data, control access,  Manage import and export
regulatory requirements in business information access, data use, and detect threats compliance as well as free trade
operations and sharing conditions agreements in global supply chains
 Help ensure compliance with
 Screen third parties and detect  Mitigate access risk violations information security standards  Optimize trade utilizing special
anomalies and fraud and monitor financial impact customs procedures such as bonded
 Identify vulnerabilities in code warehouses, processing trade in
 Provide independent assurance of and remote function call China, and free trade zones in NA
risk and compliance standards (RFC) connections
 Manage Intrastat and export
compliance in S/4HANA

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 7

SAP GRC solutions
Solution mapping to key themes

Enterprise risk and Cybersecurity and International trade

Access governance
compliance data protection management

✓ SAP Process Control ✓ SAP Access Control ✓ SAP Enterprise Threat Detection ✓ SAP Global Trade Services

✓ SAP Risk Management ✓ SAP Identity Management ✓ SAP Privacy Management by BigID ✓ SAP S/4HANA for international
trade
✓ SAP Audit Management ✓ SAP Single Sign-On ✓ SAP Data Privacy Governance
✓ SAP Watch List Screening
✓ SAP Business Integrity Screening ✓ SAP Cloud Identity Access ✓ SAP Data Custodian
Governance
✓ SAP Regulation Management by ✓ UI data protection masking
Greenlight ✓ SAP Cloud Platform Identity
Provisioning Service ✓ UI data protection logging

✓ SAP Cloud Platform Identity ✓ SAP Code Vulnerability Analyzer

Authentication Service
✓ SAP Fortify by Micro Focus
✓ SAP Dynamic Authorization
Management by NextLabs

✓ SAP Access Violation Management

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL by Greenlight 8
SAP GRC solutions
Solution mapping to key themes

Enterprise risk and Cybersecurity and International trade

Access governance
compliance data protection management

✓ SAP Process Control ✓ SAP Access Control ✓ SAP Enterprise Threat Detection ✓ SAP Global Trade Services

✓ SAP Risk Management ✓ SAP Identity Management ✓ SAP Privacy Management by BigID ✓ SAP S/4HANA for international
trade
✓ SAP Audit Management ✓ SAP Single Sign-On ✓ SAP Data Privacy Governance
✓ SAP Watch List Screening
✓ SAP Business Integrity Screening ✓ SAP Cloud Identity Access ✓ SAP Data Custodian
Governance
✓ SAP Regulation Management by ✓ UI data protection masking
Greenlight ✓ SAP Cloud Platform Identity
Provisioning Service ✓ UI data protection logging

✓ SAP Cloud Platform Identity ✓ SAP Code Vulnerability Analyzer

Authentication Service
✓ SAP Fortify by Micro Focus
✓ SAP Dynamic Authorization
Management by NextLabs

✓ SAP Access Violation Management

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL by Greenlight 9
Enterprise Risk & Compliance
Three lines of defense

• Provide one view of risk for Business Three lines of defense

Drivers
real-time decision support Risks
L1 L2 L3
Board and
• Manage risks, controls, and executive Operational
Board
Corporate
management Operational Independent
regulatory requirements in Financial risk & and
mgmt. assurance executive
compliance
business operations from a single Environmental mgmt.
source of truth Business
strategy and Human capital
objectives Aggregate
Manage Provide
• Screen third parties and detect Reputation and
operational independent
coordinate
anomalies and potential fraud Technology risks and
entity-level
assurance
Risk appetite compliance on first and
risk and
Compliance in business second lines
• Provide independent assurance operations
compliance
of defense
Strategic activities
of risk and compliance standards

• Enable continuous controls

monitoring with automated Embed risk & control monitoring in SAP S/4HANA
alerts to manage by exception

SAP Process Control | SAP Risk Management | SAP Audit Management | SAP Business Integrity Screening
SAP Regulation Management by Greenlight
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 10
 Three Lines of Defense: The concept applied to GRC

Line 1: Operations Line 2: Corporate GRC Line 3: Audit

Multiple teams, each with different responsibilities but working together to protect and drive the
enterprise by:
• Managing day-to-day risks and • Overseeing enterprise risk and • Providing independent assurance and
controls compliance oversight
• Complying with internal policies and • Providing guidance on risk and • Assessing effectiveness of risk
procedures compliance management practices management and internal controls
• Identifying and remediating issues • Consolidating risk and compliance • Reporting the status of risk and
information for management reporting control frameworks to management

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 11

Objectives of SAP Three Lines of Defense solutions

Focus policies and controls on Enable daily activities to

Prioritize strategy and decision
areas where day-to-day risks are sustainably self-correct and
making to increase performance
the most significant “run by themselves”

Use a risk-focused approach: Use collaborative tools and automation: Ensure GRC information is always
▪ Keep your GRC program costs under up-to-date, transparent, and
▪ Identify key value-adding risks
control reliable for effective decisions:
▪ Respond to compliance, financial
▪ Use of best-practice and intuitive user ▪ Evaluation progress
and operational risks
tools ▪ Policy acceptance
▪ Scan the horizon for emerging
▪ Automate testing and monitoring ▪ Continuous control monitoring
risks and opportunities
(CCM)
▪ Issue status

Independent assurance on risk assessment, control effectiveness and reporting

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 12

Solutions for enterprise risk and compliance from SAP
Three Lines of Defense
Risk and Compliance Chief Audit Executive
Business Process Owners Officers and Managers Internal Auditors
Control business operations and Assess entity-level risk and manage Provide independent assurance
control risks in business activities compliance activities

Enterprise Risk Management Audit Management

SAP Risk Management SAP Audit Management
Three lines Preserve and grow value Transform audit and assurance
of defense
Controls and Compliance Management
SAP Process Control*
Maintain effective controls and ongoing compliance

Policy Lifecycle Management

SAP Process Control and SAP Risk Management
Maintain effective controls and ongoing compliance

Automated Monitoring and Screening

SAP Business Integrity Screening and SAP Process Control
Screen business partners and continuously monitor systems

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 13

*Optional: SAP Regulation Management by Greenlight
Streamlining your three lines of defense

Single source of truth

…shared across the three lines of defense to
promote oversight and self-correcting processes

Workflow-driven processes
…the right task to the right person at the right time

Automated notifications
…what you need to know when you need it,
including key risk indicators

Continuous monitoring
…getting the data you need faster
and with less effort

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 14

 SAP Process Control
Help ensure effective controls and ongoing compliance

Document Report
Insightful reporting for
Single source of truth shared
analysis and accountability
across the enterprise
Enterprise Risk
& Compliance

Plan Evaluate
Planning of focused actions to End-to-end test and issue
help ensure timeliness resolution

Perform and Monitor

Streamlined manual and automated performance
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 15
SAP Risk Management
Preserve and grow value

Plan Monitor & Report

Plan risk management Monitor thresholds,
within the context of value effectiveness of risk responses,
to the organization Enterprise Risk and corrective actions
& Compliance

Identify Respond
Link risks, risk drivers, risk Respond to risk after balancing
indicators, impacts and responses costs and benefits

Analyze
Analyze risk via scenarios, modeling, and
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL other factors to understand exposure 16
SAP Audit Management
Transform audit. Move beyond assurance.

Managing Audit Monitoring Progress

Activity Monitor the disposition
Establish a risk-based plan, of results reported to
prioritize audit activities and management
align with the needs of the Enterprise Risk
enterprise & Compliance

Planning the Engagement Communicating Results

Develop and document a plan Communicate engagement objectives,
for each engagement scope, conclusions, findings, and
recommendations

Performing the Engagement

Identify, analyze and document relevant information
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 17
SAP Business Integrity Screening
Define detection & screening strategies using simulations and calibration.

Design Analyze Performance

Determine screening lists, Monitor key performance
analyze patterns and define indicators and create
detection rules and models Enterprise Risk management reports
& Compliance

Set-up Investigate
Define detection strategy Manage alert workload with
through simulation and efficient evaluation, qualification
calibration and remediation of issues

Detect
Execute mass and real-time detection and
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL stop anomalies or irregular transactions 18
SAP Regulation Management by Greenlight
SAP Process Control

Intake Report
Maintain authoritative Demonstrate comprehensive
sources for multiple auditability of regulatory
regulatory alerts and Enterprise Risk compliance
mandates & Compliance

Evaluate Monitor
Identify and address compliance Align compliance requirements
gaps to meet new or changed with operational activities and
regulatory requirements automate testing of controls

Collaborate
Establish accountability and unify requirements and
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL
controls across operations and compliance stakeholders 19
SAP GRC solutions
Solution mapping to key themes

Enterprise risk and Cybersecurity and International trade

Access governance
compliance data protection management

✓ SAP Process Control ✓ SAP Access Control ✓ SAP Enterprise Threat Detection ✓ SAP Global Trade Services

✓ SAP Risk Management ✓ SAP Identity Management ✓ SAP Privacy Management by BigID ✓ SAP S/4HANA for international
trade
✓ SAP Audit Management ✓ SAP Single Sign-On ✓ SAP Data Privacy Governance
✓ SAP Watch List Screening
✓ SAP Business Integrity Screening ✓ SAP Cloud Identity Access ✓ SAP Data Custodian
Governance
✓ SAP Regulation Management by ✓ UI data protection masking
Greenlight ✓ SAP Cloud Platform Identity
Provisioning Service ✓ UI data protection logging

✓ SAP Cloud Platform Identity ✓ SAP Code Vulnerability Analyzer

Authentication Service
✓ SAP Fortify by Micro Focus
✓ SAP Dynamic Authorization
Management by NextLabs

✓ SAP Access Violation Management

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL by Greenlight 20
Access Governance
Empower organizations with self-service administration

• Reduce cost and improve security with

identity management and automated
Self-Service Requests Policy checks Approvals
provisioning and HR Events

• Manage access for enterprise Digital Identity

applications – cloud or on-premise - role Single Any
sign-on device
and/or attribute-based controls Onboarding Provisioning
Employees, Contractors,
• Enable greater user productivity Consultant, Partners

by eliminating excessive logins

with single sign-on
Auditing Certification Reporting
• Reduce audit costs by quantifying the
financial impact of access risk violations
• Support and monitor critical
Cloud Other Business
capabilities and accounts for privileged SAP S/4HANA
Applications Applications
users

SAP Access Control | SAP Identity Management | SAP Single Sign-On |

SAP Cloud Identity Access Governance | SAP Cloud Platform Identity Provisioning Service | SAP Cloud Platform Identity Authentication Service
SAP Dynamic Authorization Management by NextLabs | SAP Access Violation Management by Greenlight
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 21
SAP Access Control
Manage access risk

Analyze Risk
Find and remediate Monitor Privileges
segregation of duties and Monitor emergency access
critical access violations Access and transaction usage
Governance

Provision Users Certify Authorizations

Find and remediate segregation of Certify that access assignments
duties and critical access violations are still warranted

Maintain Roles
Define and maintain roles in business terms
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 22
 SAP Cloud Identity Access Governance
Optimize role definition and streamline governance

Privileged Access
Access Analysis Management
Achieve account-based access,
Analyze access, refine user log consolidation, and review
assignments, manage controls Access with automated log assessment
Governance

Role Design Access Certification

Optimize role definition and Review access, role, risk, and
streamline governance mitigation control

Access Request
Optimize access, workflow, policy-based
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL assignment, and processes 23
SAP Identity Management
Covering the entire identity lifecycle, business-driven and compliant

Hiring Resignation/
Achieve account-based Termination
access, log Are permissions
consolidation, and review Access automatically adjusted if
with automated log someone is promoted to a
assessment
Governance new position?

Substitution Promotion/New Position

Who has adequate permissions Are permissions automatically
to fill in for a co-worker? adjusted if someone is promoted
to a new position?

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 24

SAP Cloud Platform Identity Provisioning Service
Identity Lifecycle Management for SAP’s cloud applications

Access
Governance

Integrate Protect
Quickly adopt new Prevent risks due to
business processes across excessive access rights
multiple applications and segregation-of-duties
violations

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 25

SAP Single Sign-On
Secure authentication, single sign-on and more

Productivity Landscape Security

Enable end users to focus Enable secure communication
on business tasks instead with certificate lifecycle
of manual authentication Access management and encryption
Governance

Secure Authentication Simplicity

Reduce exposure to cyber Quickly implement a
attacks by mitigating the risks of foundation for secure access
insecure passwords and extend it over time

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 26

SAP Cloud Platform Identity Authentication Service
Single sign-on for cloud- and hybrid-scenarios

Integrate Simplify
Seamlessly integrate with Provide optimal user
existing infrastructure and experience and easy to
applications Access consume self services
Governance

Protect
Reduce exposure to cyber attacks with flexible
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL
configuration for strength of authentication 27
 SAP Dynamic Authorization Management application by NextLabs
Enhancing security for data and business applications

Automate Controls Gain Insight

Use single policy platform to Monitor data and application
centralize and automate activity and streamline
data and application security Access business processes
Governance

Secure Access Prevent Violations

Use consistent and on-the-fly access Minimize fraud; prevent compliance
enforcement with dynamic authorization and security violations

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 28

SAP Access Violation Management application by Greenlight
Access control solution extension

Extend Report
Extend the capabilities of
Summarize financial exposure
SAP Access Control
Access due to SoD violations
across enterprise systems
Governance

Notify Monitor
Notify business owners when Correlate business transactions to users
SoD violations are executed to identify materialized SoD violations

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 29

SAP GRC solutions
Solution mapping to key themes

Enterprise risk and Cybersecurity and International trade

Access governance
compliance data protection management

✓ SAP Process Control ✓ SAP Access Control ✓ SAP Enterprise Threat Detection ✓ SAP Global Trade Services

✓ SAP Risk Management ✓ SAP Identity Management ✓ SAP Privacy Management by BigID ✓ SAP S/4HANA for international
trade
✓ SAP Audit Management ✓ SAP Single Sign-On ✓ SAP Data Privacy Governance
✓ SAP Watch List Screening
✓ SAP Business Integrity Screening ✓ SAP Cloud Identity Access ✓ SAP Data Custodian
Governance
✓ SAP Regulation Management by ✓ UI data protection masking
Greenlight ✓ SAP Cloud Platform Identity
Provisioning Service ✓ UI data protection logging

✓ SAP Cloud Platform Identity ✓ SAP Code Vulnerability Analyzer

Authentication Service
✓ SAP Fortify by Micro Focus
✓ SAP Dynamic Authorization
Management by NextLabs

✓ SAP Access Violation Management

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL by Greenlight 30
Cybersecurity and data protection Cybersecurity and
data protection

Users and Secure

▪ Manage cyber risk and align with information Authorizations Configuration

security standards

▪ Identify cyber attacks at the application layer with

real-time pattern detection
Custom Code Business Security
▪ Secure files and data using transportable policies Security Applications Audit Log
and encryption

▪ Enable sensitive data masking and logging

▪ Identify vulnerabilities in code and RFC Threat Secure Maintenance

Detection
connections of SAP Code

Data
Security

SAP Enterprise Threat Detection| SAP Privacy Management by BigID | SAP Data Privacy Governance | SAP Data Custodian
UI data protection masking | UI data protection logging | SAP Code Vulnerability Analyzer| SAP Fortify by Micro Focus
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 31
 SAP Enterprise Threat Detection
Effectively identify and analyze threats

Analyze Integrate
Efficiently enrich, analyze, Integration of SAP and
and correlate logs Cybersecurity non-SAP log data
and Data
Protection

Evaluate Investigate
Automatically evaluate attack detection Forensic analysis and modeling of
patterns with real-time alerting existing and new attack detection
patterns and dashboards

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 32

SAP Privacy Governance
Data protection and privacy (DPP) governance for the extended enterprise

Manage Policies Monitor and Report

Create, disseminate, and Report status and details
acknowledge DPP policies via a unified cockpit
Cybersecurity
and Data
Protection

Survey and Track Manage Risks and Controls

Gather and report records of Identify and audit related risks
processing activities (ROPA) and mitigating controls

Access Business Impact

Perform data privacy (DPIA) and
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL
cybersecurity* business impact analysis 33
SAP Data Custodian
Public-cloud data transparency and control

Cybersecurity
and Data
Protection

Data Transparency Data Control

Monitor and report on data Create and enforce
access, storage, movement, public-cloud data access,
processing, and location in location, movement, and
the public cloud processing policies

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 34

UI Masking for SAP
Protect sensitive information in the user interface layer

Secure Access Integrate

Determine sensitive UI Leverage UI Logging for
fields and apply protective Cybersecurity SAP and SAP Enterprise
actions in runtime based and Data Threat Detection to identify
on users’ authorizations Protection potential data abuse

Automate Authorizations Gain Insights

Determine users’ special authorization Understand who tries and succeeds to
in runtime, based on static roles or access sensitive data, and whether to
dynamic attribute-role settings refine solution setup

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 35

 UI Logging for SAP
Data access transparency and analysis

Integrate
Log Data Access
Integration with UI Masking for
Coherent log of users’ input Cybersecurity SAP for better data protection,
and system output on the UI and Data and with SAP Enterprise Threat
level, enriched with meta Protection Detection for advanced and
information for analysis automated analysis of access

Report
Gain Insight
Understand how and which data are Draw on comprehensive access data
accessed, and set up alerts in case of to report internally and externally
access to critical or sensitive data

Investigate
Receive alerts to specific, questionable activities, and deep-dive
into the log file to identify and prove improper data access
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 36
SAP NetWeaver AS, add-on for code vulnerability analysis
Identify and remedy security vulnerabilities in ABAP custom code

Analyze Integrate
Analyze security Integrate with other elements
vulnerabilities Cybersecurity of the SAP landscape as
and Data well as non-SAP solutions
Protection

Evaluate Remedy
Evaluate security Remedy security
vulnerabilities vulnerabilities

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 37

SAP GRC solutions
Solution mapping to key themes

Enterprise risk and Cybersecurity and International trade

Access governance
compliance data protection management

✓ SAP Process Control ✓ SAP Access Control ✓ SAP Enterprise Threat Detection ✓ SAP Global Trade Services

✓ SAP Risk Management ✓ SAP Identity Management ✓ SAP Privacy Management by BigID ✓ SAP S/4HANA for international
trade
✓ SAP Audit Management ✓ SAP Single Sign-On ✓ SAP Data Privacy Governance
✓ SAP Watch List Screening
✓ SAP Business Integrity Screening ✓ SAP Cloud Identity Access ✓ SAP Data Custodian
Governance
✓ SAP Regulation Management by ✓ UI data protection masking
Greenlight ✓ SAP Cloud Platform Identity
Provisioning Service ✓ UI data protection logging

✓ SAP Cloud Platform Identity ✓ SAP Code Vulnerability Analyzer

Authentication Service
✓ SAP Fortify by Micro Focus
✓ SAP Dynamic Authorization
Management by NextLabs

✓ SAP Access Violation Management

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL by Greenlight 38
International Trade Management International
Elevate global trade in the organization trade

▪ Automate trade processes for imports

and exports and screen third parties for
improved compliance and efficiency Importer Broker Exporter

▪ Leverage free trade agreements to International trade

management
drive bottom line savings
▪ Manage special customs procedures
such as e-filing, bonded warehouses,
processing trade in China, foreign trade Carriers Trade Content Customs / Authorities
zones to optimize duty rates
▪ Centralize international trade on a Import / Export
Management
Screening Free Trade
Agreements
Special Customs
Procedures
single platform to drive consistency
across global operations Other Business
SAP S/4HANA SAP ERP Applications

SAP Global Trade Services | SAP S/4HANA for international trade | SAP Watch List Screening
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 39
SAP S/4HANA for international trade
Run global trade in SAP S/4HANA

Embargo Intrastat
Block transactions related Support for European
to embargoed countries requirements around order-
International Trade to-cash and procure-to-pay
Management processes

Legal Control Classification

Create, manage, and Classification of materials
assign export licenses to support export control
and Intrastat

SAP GTS and SAP Watch List Integration

Enable broader global trade management requirements
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL
in an SAP S/4HANA software environment 40
SAP Global Trade Services
Run global trade

Restricted Party
Special Customs
Screening Procedures
Ensure proper screening Leverage foreign-trade zones,
of restricted or denied processing trade in China,
parties with inline process International bonded warehousing, inward
blocking and release Trade and outward processing relief
Management (IPR/OPR), Intrastat, Excise
Movement and Control System
(EMCS), and others

Export Management Trade Preference

Manage export compliance, Leverage any free trade
classification, outbound agreement with preference
trade finance, and customs determination and vendor or
services with direct filing customer declaration-handling

Import Management
Effectively manage import compliance, classification, inbound
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL
trade finance, and customs services with direct filling
41
SAP Watch List Screening
Avoid risk and improve screening compliance

International Trade
Management

Restricted-Party Integration and

Screening extensibility
Use a SaaS model that simplifies Pre-built integration with SAP
screening, provides instant access S/4HANA and published APIs
to up-to-date watch lists, to extend to other systems
streamlines uploads – and
accelerates time to value

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 42

POP QUIZ
Multiple Choice
Questions?
Next Steps

For learning and certification: go to SAP Learning Hub

For more information, please contact: Jessica Chang jessica.chang01@sap.com
SAP solution Direct links
SAP Process Control https://help.sap.com/doc/fd2b9c6949de43938078489525288f13/PRO_2.0/en-US/5002506e7a261014960c9f21259e90af.html?collapse=5

SAP Risk Management https://help.sap.com/doc/fd2b9c6949de43938078489525288f13/PRO_2.0/en-US/5002506e7a261014960c9f21259e90af.html?collapse=5

SAP Audit Management https://help.sap.com/doc/fd2b9c6949de43938078489525288f13/PRO_2.0/en-US/5002506e7a261014960c9f21259e90af.html?collapse=5

SAP Business Integrity Screening https://help.sap.com/doc/fd2b9c6949de43938078489525288f13/PRO_2.0/en-US/5002506e7a261014960c9f21259e90af.html?collapse=5

SAP Access Control https://help.sap.com/doc/fd2b9c6949de43938078489525288f13/PRO_2.0/en-US/5002506e7a261014960c9f21259e90af.html?collapse=5

SAP Cloud Identity Access Governance SAP Cloud Identity Access Governance 1.0 Open-ended Program

SAP Identity Management SAP Identity Management (e-book ADM920_EN_Col17)

SAP Cloud Platform Identity Provisioning Identity and Access Management in SAP Cloud Platform (e-book SECCL1_EN_Col11)

SAP Global Trade Services https://help.sap.com/doc/fd2b9c6949de43938078489525288f13/PRO_2.0/en-US/5002506e7a261014960c9f21259e90af.html?collapse=5

Cybersecurity and Data Protection Solutions openSAP Thought Leaders – Cybersecurity – The essential challenge for digital transformation (COURSE openSAP_cs1-tl_EN_10)

© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ INTERNAL 45

Thank you 謝謝
Salamat Terima kasih
Cảm ơn bạn ขอขอบคุณ