SAPinsider EMEA 2023 | GRC

Don’t miss this opportunity to explore SAP Business Integrity Screening and find out how business partners and large volumes of transactional data may be screened to detect, prevent, and discourage fraudulent practices, as well as decrease third-party risk.
You will:

• Learn how to conduct anomaly detection and compliance checks, which can trigger alerts for relevant exception scenarios, such as potential asset misappropriation, policy violations, improper transactions, and fraud.
• Calibrate detection strategies and refine your detection tactics using calibration and modeling capabilities in order to run what-if assessments on past data to determine which approaches may be effective.
• Prevent bad actors and analyze scenarios based on exceptions to identify how to prevent recurrence and which tactics are most successful at discouraging anomalous and fraudulent behavior.
• Discover how to screen business partners. By screening against government agency, international organization, and private content provider lists, you may avoid doing business with high-risk or sanctioned partners.

Neil Patrick SAP Solution Management, GRC and Security

OMV is an international oil, gas and petrochemical company, that made the decision in 2021 to implement SAP Process Control as the tool of choice for its internal control system. After deciding on the system and the implementation partner, it took roughly 1.5 years to migrate over 15.000 controls from MS Excel files to the new, workflow-based application. Join this session to hear about the challenges faced, lessons learned, and long-term benefits achieved through the system implementation
You will:

• Learn how OMV’s approach to implement SAP Process Control took place over several stages.
• See how OMV is currently using SAP Process Control.
• Hear about the advantages of using a single source of truth and a workflow-based system for its internal control system.
• Understand the necessary effort for migration from MS Excel to SAP Process Control.
• Get an idea of OMV’s biggest challenges, lessons learned during and after the implementation as well as their outlook into the future.

Christoph Zipfel OMV AG Head of Process Governance and ICS Christoph has more than 15 years’ professional experience and is an expert in audit and the internal control system. He has a master’s degree in industrial engineering and holds several certifications in risk and process management, as well as internal audit. After working for the Austrian federal railways and PwC Austria he joined OMV in 2021 and is currently heading the department for process governance & ICS.

What do over 800 SAP clients, over 2 million user accounts, and more than 500,000 role assignment workflows per month have in common? They are all operated by Bosch as one of the largest SAP implementations in the world. Extensive ecosystems require a well-managed and executed risk governance approach. This includes finely tuned SoD definitions to reduce false positive risks and streamline complex SoD reports. Added capabilities such as integration into non-SAP IdM solutions help to further realize governance goals.

You will:

• Learn how Bosch partnered with Pathlock to bring their implementation of SeparationsEnforcer to the next level.
• Discover how complex ecosystems can have a well-managed and executed risk governance approach.
• Explore how finely tuned SoD definitions can reduce false positive risks and can help streamline complex SoD reports.

Stefanie Gürtler Bosch SAP Security Consultant Stefanie is a certified agile coach and has 13 years’ experience in SAP. As project manager, her tasks involve translating business needs and requirements into project scoping, implementation, and ownership / product management of GRC solutions.

Dr. Jürgen Holtz Bosch SAP Security Consultant Jürgen has 15+ years’ experience in SAP security and compliance management. This includes SAP security checks / audits, market studies, implementation, and training for GRC tools as well as providing SAP compliance subject matter expertise.

Breakout Session GRC

In the pharmaceutical industry, where strict regulations and data security are paramount, integrating user provisioning and risk control with SAP IDM (Identity Management) and SAP GRC (Governance, Risk, and Compliance) Access Control offers significant advantages.

This integration ensures a streamlined and robust system that not only meets regulatory requirements but also enhances operational efficiency. Moreover, integrating SAP GRC Access Control provides a comprehensive risk control framework that also enables a centralized view of user access and activity across the organization.

This holistic visibility helps detect and address potential segregation of duties (SoD) conflicts, ensuring compliance with regulations. By proactively managing access risks and SoD conflicts, the pharmaceutical company can establish a robust control environment and minimize the risk of fraudulent activities.

You will:

• Use SAP GRC Access Control in a regulated environment.
• See how SAP GRC can be integrated in IDM to manage the user’s digital identity.
• Explore how to comply with internal audit needs and information reporting.
• Discover how security is managed in a user-oriented way.

Jose Luis Romero Boehringer Ingelheim IT Enabling Function and Platform Services Jose is a seasoned IT professional with a wealth of experience in the field of SAP access management and security. Over the course of his career, he has worked for renowned organizations, utilizing his expertise to ensure data integrity and protect sensitive information. As an SAP Access Management Expert, he has been responsible for overseeing access controls and authorizations, ensuring compliance with industry regulations and company policies. Prior to joining Boehringer Ingelheim, Jose spent two years in Zurich as an SAP Security Expert, where he honed his skills in managing access controls, user provisioning, and risk mitigation.

Bonaficio Hernandez Boehringer Ingelheim

Breakout Session GRC

Join us as we take an in-depth look at SAP’s public cloud solution for risk management and compliance – SAP Financial Compliance Management. The software already supports companies that are developing a single consolidated view over adequacy of controls. It is now extended to cover risk management as part of the same framework.

You will:

• Learn about this easy to use yet powerful, low TCO, quick to implement and operationalize, risk and control solution.
• See how this single view can elegantly show the impact of controls over risks, automate controls with read to use SAP S/4HANA content.
• Hear more about the pressing business challenges that Governance, Risk, and Compliance addresses.
• Explore how to reduce the overall cost of risk and control management.
• Discover what is new with SAP GRC solutions and what can you expect in the future.

Neil Patrick SAP Solution Management, GRC and Security

This session will provide a robust exploration of how SAP Cloud Identity Access Governance (SAP Cloud IAG) empowers businesses to conquer these challenges head-on. Within this session’s framework, we will delve into the capabilities of SAP Cloud IAG as a potent service from the SAP Business Technology Platform Cloud Platform (SCP). We will unpack how it operates in tandem with, rather than as a replacement for, SAP Access Control, thereby enhancing SAP’s existing GRC solutions. We will guide you through the SAP Cloud IAG’s intuitive, dashboard-driven interface, highlighting how it simplifies IAM tasks in the cloud, bolstering security, and fortifying compliance practices.

As we unravel the suite of SAP Cloud IAG’s offerings – from self-service access requests to in-depth access risk analysis and role design – attendees will glean insights into how these services can operate both independently and collaboratively, providing a flexible, tailored approach to IAM. By joining this action-oriented presentation, participants will equip themselves with knowledge and strategies to fully harness the power of SAP Cloud IAG, thereby maximizing efficiency, ensuring compliance, and optimizing IAM operations in their respective organizations.

You will:

• Streamline IAM processes.
• Navigate the intuitive, dashboard-driven interface of SAP Cloud IAG, mastering how to streamline complex IAM tasks in both on-premise and cloud environments.
• Maximize compliance practices by leveraging SAP Cloud IAG’s comprehensive access risk analysis capabilities, enhancing compliance and mitigating security risks in your organization.
• Harness self-service access requests and understand the benefits and procedures of self-service access requests for on-premise and cloud applications, boosting efficiency and user autonomy.
• Master role design by diving deep into the role design capabilities of SAP Cloud IAG, learning to create and manage roles effectively for optimal access governance.
• Customize identity and access management.
• Discover the flexibility of SAP Cloud IAG’s services while gaining insights into how you can operate both independently and collaboratively, allowing you to customize IAM solutions tailored to your unique business needs.

Alessandro Banzer Xiting SAP Security Expert Alessandro has worked in the field of IT since 2004, specializing in SAP in 2009 and working on global SAP projects in various roles since that date. He is an active contributor and moderator in the Governance, Risk, and Compliance space on SAP SCN. Alessandro is in charge of Xiting’s operations in the United States and a subject matter expert in SAP Access Control, SAP Cloud IAG, and SAP Security. Alessandro is a regular speaker at Sapphire, ASUG, SAPinsider, SAP TechEd, and other SAP Security related events.

Breakout Session GRC

User access is constant and ever-changing. From the creation of a person’s user account, their changing roles in an organization, to the day that it gets locked or deleted, potentially hundreds of access assignment shifts will be required to make sure that a person has the right access to do their job over their career. Facilitating those many changes in an efficient, compliant, and simplistic way is critical, especially in today’s growing IT environments.

Join us for a deep dive into the many challenges customers face in the “Compliant Access Provisioning Process” and the proven real word solutions that SAP access control and IAG provides to enable customers to automate, control, and empower end users to make sure that people have the right access at the right time to do their jobs.

You will:

• Examine critical issues that customers face in the quest for “compliant access provisioning” processes in today’s sophisticated environments including Fiori, SAP S/4HANA, SAP Cloud Apps, non-SAP systems and complex multi-landscape SAP environments.
• Explore proven solutions, techniques, processes, and configuration opportunities to leverage SAP GRC Access Control 12.0, and IAG (SAP identity and access governance) functionality to provide a comprehensive access provisioning for a full life cycle of a user account.
• Deep dive into the setup, configuration, and functionality of “SAP Access Control HR Triggers” and integration with SAP HR and SuccessFactors to provide event-driven access provisioning automation.
• Explore GRC access control and SAP cloud IAG functionality that assists with simplifying the access selection process to facilitate end user access request self-service. This includes deep diving into the functionality and setup, as well as proper utilization of default roles, role mapping, and business roles.
• Highlight SAP access control integration points to incorporate GRC access control functionality with identity management systems, LDAP active directory, SAP cloud applications via Version 12.0, and the SAP GRC IAG cloud bridge, as well as non-SAP systems using Pathlock AVM connector edition.

James Roeske Customer Advisory Group CEO James Roeske is CEO and co-founder of the Customer Advisory Group LLC. James has over 27 years of SAP security, audit, GRC, and executive management experience. Over those years, James has had a professional focus on technical configuration of SAP R/3 security, segregation of duty design, user provisioning solutions, GRC software solution design, and corporate compliance implementations for companies around the world. Prior to founding the Customer Advisory Group, Mr. Roeske held strategic positions at Virsa Systems, SAP America, and SAP Canada. This has allowed him to lead, plan, and participate in over 280 SAP GRC and security projects for some of the largest and most complex compliance environments across the globe.

Breakout Session GRC GRC – Process Control, CCM + Controls Optimization

Access Governance plays a vital role in ensuring compliance, especially in rapidly changing IT infrastructure. Join us to learn how SAP defines its strategy for customers who deploy their GRC solutions in native cloud, hybrid and on-premise environments.

You will:

• Explore the latest roadmap news for GRC Access Control and Cloud Identity Access Governance.
• See how to position GRC access governance solutions in the context of SAP’s identity lifecycle management.
• Discuss the recent innovations SAP has brought to their customers.

Gero Maeder SAP VP, GRC Development

Bo Baade-Pedersen SAP Business Development Expert

Breakout Session GRC

When strengthening your organization’s risk awareness posture, you need to start with a solid internal control framework that can deal with accountability and timeliness issues. Hear how Vestas successfully streamlined their path to compliance. Explore what challenges they faced and how they eventually achieved their vision with controls executed on time with a 99% success rate, 100% transparency in execution, and a foundation for continuous dialogue.

You will:

• Learn why change management is essential for a compliance transformation.
• Discover how to embed change management elements into the project methodology.
• Hear how Vestas used SAP process control to support their financial compliance agenda and its digitalization.

Diego Allera Vestas Wind Systems GRC Senior Specialist Diego Allera, GRC Senior Specialist at Vestas, leads finance and compliance digital transformations. In his 15+ years of international experience, he has helped drive successful SAP implementations and GRC solutions globally in MAERSK, DSV and Vestas. He believes in decisions by principle as his main philosophy and takes a pragmatic approach to change management to support user and technology adoption.

Breakout Session GRC

Environment, social, and governance (ESG) are increasingly becoming more business-relevant topics. Legislation and non-governmental organizations now require additional data and standards for reliable ESG information. ESG is also becoming a deciding factor for consumers, employees, and investors. If you have not acted yet, it is time to do so.

While ESG is not a new topic, many organizations do not know enough about the requirements, ESG standards, deadlines, and how to get ready for the upcoming ESG reporting requirements. Although ESG reporting tools are already available, the best reporting tool will not help if the required data is not accessible. ESG is not a popular topic in the business community and there is no lack of contractionary opinions and a lot of confusion in the market. However, soon every organization will need to produce a plan for ESG and whitewashing is not a sustainable option.

You will:

• Understand what ESG means for your organization.
• Learn how you can get your SAP system ready for the upcoming ESG reporting requirements.
• Discover what ESG functionality is available in your SAP system.
• Identify what relevant ESG data is already available in your SAP systems and what is missing.

Heiko Hecht IBIS America Inc. COO Heiko started working with SAP software in 1994. Heiko serves as a subject matter expert for Financial Accounting, System Upgrades/Transformations, Compliance, Process Discovery/Mining, ESG and Solution Documentation with SAP Solution Manager. Heiko is responsible for the collaboration with SAP and the roll out of SAP TRAC (Total ROI Analysis Campaign) and SAP STAR (System Transformation via Alignment and Reassessment). TRAC is part of SAP’s MOVE program to implement SAP S/4HANA systems more efficiently and faster. Heiko was part of the original SAP Solution Manager development team and supports customers and partners jumpstarting Solution Documentation since 2005 to enable Impact Analysis, Monitoring and Testing among other ALM tasks. Heiko earned his PhD in Business Administration in 2003 and is a regular speaker at SAP events in the U.S. and Europe. Since 2004, Heiko has actively supported the rollout of RBE Plus and SAP Solution Manager with focus on customers in the U.S. and Canada.

Breakout Session GRC

In today’s constantly shifting compliance landscape, it is important for GRC teams to have the tools they need to help their organizations achieve their goals safely and securely. Attend this session to come away with practical tips on how to create a business case for the Identity Access Governance and GRC solutions your company needs.

You will:

• Discover the key benefits and features of SAP’s Identity Access Governance and GRC solutions, gaining a comprehensive understanding of how they strengthen access controls, mitigate risks, and streamline compliance processes.
• Learn about customer success stories, where organizations have leveraged SAP solutions to improve their security posture, meet compliance requirements, and drive operational efficiency.
• Acquire essential tools and strategies for building a compelling business case to implement SAP’s Identity Access Governance and GRC solutions within your organization, effectively aligning security and compliance goals with overall business objectives.

Breakout Session GRC

GRC is an integration and orchestration of capabilities. Perfetti Van Melle has started its journey from a reactive and manual GRC Maturity Model in search of an integrated, proactive and automated approach. The pillars for this journey are SAP GRC Access Control, Process Control and Audit Management solutions. This session is going to focus on the steps that have already been implemented, which improvements have occurred, and the lessons learned up to now. Upcoming steps are also going to be discussed, as well as their coverage extension to SAP BTP and non-SAP solutions.

You will:

• Understand how the SAP solutions can be integrated to enhance your GRC Model.
• Find out how these solutions can help to reduce your internal controls and audit costs.
• Gain insights into potential issues, proactively addressing them and preventing costly and detrimental impacts.

Breakout Session GRC

We will review over 30 new risk management and process control features that were developed based on real business cases for the internal SAP SE GRC organization. Attend this session to become familiar with these hidden gems and understand how they can benefit your processes.

You will:

• Review new SAC dashboards for enhanced reporting analytics, which also supporting audit requirements.
• Receive adaptable word templates for improved print reporting capabilities.
• Learn more about one single entry screen for risk management, including personalization options.
• Discuss mandatory field settings and enhanced field labeling.
• Explore enhanced copy features.

Marie-Luise Wagener-Kirchne SAP VP, Product Management Finance and Risk, GRC Solutions

Breakout Session GRC

This session provides an overview and roadmap of SAP Enterprise Risk Compliance solutions and looks at how they can support continuous, automated risk and compliance monitoring across systems and processes.

You will:

• Learn how to manage risks while accomplishing business goals.
• Reduce the time and costs associated with risk management and compliance.
• Gain advanced insight into abnormalities and risks.
• Discover how to reduce auditing costs and risks.

Marie-Luise Wagener-Kirchne SAP VP, Product Management Finance and Risk, GRC Solutions

Breakout Session GRC

Risk analysis and compliant provisioning across your entire landscape of business systems is critical for accomplishing compliance, especially as audits are becoming more in-depth year after year. Discover the technical options of how SAP GRC can communicate and analyze cloud, non-ABAP, and non-SAP systems.

You will:

• Hear a clear explanation of the functionality capabilities of SAP GRC access control when integrated with a non-SAP or non-ABAP based system.
• Receive a detailed review of the three primary technical alternatives of connectivity, their pros and cons, and implementation requirements of the options available to GRC customers to allow SAP GRC to interact with Cloud, non-ABAP, and non-SAP based systems.

James Roeske Customer Advisory Group CEO James Roeske is CEO and co-founder of the Customer Advisory Group LLC. James has over 27 years of SAP security, audit, GRC, and executive management experience. Over those years, James has had a professional focus on technical configuration of SAP R/3 security, segregation of duty design, user provisioning solutions, GRC software solution design, and corporate compliance implementations for companies around the world. Prior to founding the Customer Advisory Group, Mr. Roeske held strategic positions at Virsa Systems, SAP America, and SAP Canada. This has allowed him to lead, plan, and participate in over 280 SAP GRC and security projects for some of the largest and most complex compliance environments across the globe.

Breakout Session GRC

What do you do when you have outdated technology and SAP roles, a lack of ownership and knowledge regarding GRC processes, and significant risk exposure? Hear how Vestas Wind Systems remediated and mitigated SoDs, making it easy to stay compliant. See how their pragmatic change management approach leveraging SAP GRC AC and PC to redesign roles to remediate SoDs and access risks resulted in a 90% reduction of SoDs across the company, simplified role concepts, and mitigated 100% of their SoDs risks mitigated.

You will:

• Learn how Vestas leveraged data to design the new roles and conduct focused dialogues with the business.
• See how they secured prioritization of the transformation initiative and minimized the use of business resources.
• Explore how Vestas leveraged RPA to support their access internal controls.

Diego Allera Vestas Wind Systems GRC Senior Specialist Diego Allera, GRC Senior Specialist at Vestas, leads finance and compliance digital transformations. In his 15+ years of international experience, he has helped drive successful SAP implementations and GRC solutions globally in MAERSK, DSV and Vestas. He believes in decisions by principle as his main philosophy and takes a pragmatic approach to change management to support user and technology adoption.

Francis Panilla Vestas Wind Systems Identity and Access Management Architect

Back to Top ↑