Reducing the Total Cost of Compliance with 2nd Generation GRC Solutions

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Introducing…

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Dan WilhelmsPresident – SymSoft

• Makers of Governance, Risk and Compliance (GRC) solutions for

SAP environments

• Spin-off of Milwaukee-based Symmetry Corporation• 14 years of technical implementation solutions for the SAP and Enterprise Security

marketplace

• One of the largest dedicated SAP Basis consulting organizations in the U.S. - 200

SAP implementations and over 90 SAP Basis and security managed services

customers

• 10 years of software development and marketing experience

• Previous reseller of Virsa, and SAP GRC integrator

• SAP Certified Hosting Partner

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

About SymSoft

• Developers of value added software solutions for SAP

technical operations

• Q-TMS – Automation and tracking of SAP Change Request

(transport) processing

• RBE – SAP Reverse Business Engineering analytics

• Password Manager – Re-sync SAP passwords across all

SAP landscapes

• Numerous proprietary utilities for SAP security

administration

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

About SymSoft

• The Current State of GRC

• Components Affecting the Total Cost of Compliance

• Beyond Compliance – Considering the “G” and the “R”

• Graham Packaging Case Study

• About ControlPanelGRC

• ROI calculator

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Agenda

• In the wake of SOX, many enterprises• Purchased expensive “1st generation GRC solutions

• “Toughed it out” with manual compliance operations

• Mixed satisfaction with 1st generation solutions• High price, high implementation costs, high TCO

• High maintenance fees, upgrades required

• Often “Shelfware”

• Lack of day to day, “meat & potatoes” utility

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

The Current State of GRC

• Many enterprises simply can’t afford an upper 6 figure solution

• Increasing audit requirements at odds with tight economy

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

The Current State of GRC• Auditors trending towards broader IT audits

• Taking a broader view of Controls – Beyond SODs

• Getting more application savvy

• The Current State of GRC

• Components Affecting the Total Cost of Compliance

• Beyond Compliance – Considering the “G” and the “R”

• Graham Packaging Case Study

• About ControlPanelGRC

• ROI calculator

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Agenda

• Purchased software license fees

• Annual software maintenance

• Infrastructure investments

• Implementation costs

• On-going infrastructure administration

• Annual audit preparation and reporting

• Opportunity cost – what you can’t do

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Components Affecting the Total Cost of Compliance

• 1st generation GRC solutions priced in upper 6 figures

• Exploit the gold rush into compliance

• 1st generation GRC solutions often “wrapped and rolled” into

larger ERP purchases

• Resulting in GRC “Shelfware”

• “Give away the razor and make it up on the blades”

• Often access to full functionality requires expensive upgrades

• 2nd generation GRC solutions are priced 50-75% less than 1st

generation solutions

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Purchased Software License Fees

• The “blades” for the razor

• 1st generation solutions often $60-80K per year

• Whether “Shelfware or not”

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Annual Software Maintenance

• 2nd generation GRC solutions

can often be justified on

avoiding 1st generation annual

software maintenance fees

alone!

• 1st generation GRC solutions require purchasing and implementing dedicated servers and infrastructure

• Often $200K or more• Additional line items on asset and depreciation tables• Another headache for IT infrastructure staff• 2nd generation solutions run inside SAP with no incremental

infrastructure investment• Existing infrastructure investments supporting 1st generation

GRC solutions can be retired or redeployed• Investing in new infrastructure can be avoided

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Infrastructure Investments

• 1st generation solutions usually require multi-month

implementations

• Major project, major distraction

• Usually “Integrator led” implementations

• 2nd generation GRC implementations measured in days

• Projects can be led by internal IT staff with on-call remote

vender support

• Projects can be “trickle in” implementations vs. “big bang”

• Time to ROI significantly reduced

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Implementation Costs

• 1st generation GRC solutions running on dedicated servers

require on-going IT administration

• Server administration - monitoring and maintenance

• Data backup and tape operations

• 3rd party break/fix contracts

• 2nd generation GRC solutions are “zero foot print”. With no

dedicated server infrastructure, there is no on-going

incremental infrastructure administration costs

• Net reduction in complexity of IT support operations

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

On-going Infrastructure Administration

• With manual or semi-automated processes, annual

audits can become annual “root canals”• IT staff irritated by having to manually extract and prepare

data

• Internal audit viewed as interruptions, not value add

• Time and money diverted from innovation

• External audit costs increased

• Audit preparation can be lengthy, distracting, and

expensive – can take months

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Annual Audit Preparation and Reporting

• Manual or semi-automated controls

tend to attract more scrutiny

• Day-to-day repetitive, tedious tasks

often take longer due to GRC

requirements

• User and Role provisioning

• Transport management

• Batch management

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Annual Audit Preparation and Reporting

• 2nd generation GRC solutions provide “Embedded Compliance” -audit reporting data is captured automatically as part of automated business processes

• Audit data is available real-time, ad hoc• More audit data becomes “self-service” to auditors, and more

importantly business process owners and executives

• Broader breath of scope of 2nd generation GRC solutions address increasingly broader audit scrutiny

• Cost of audit preparation reduced by 75%• Less time operating the business – More time improving the

business

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Annual Audit Preparation and Reporting

• Any hour spent proving what you did is an hour not spent

improving what you are going to do• Budget spent on compliance is budget not spent on innovation

• Performing manual IT operations tasks while performing

manual or semi-automated audit compliance tasks

represent a double whammy

• 2nd generation GRC solutions automate repetitive manual

tasks with embedded compliance to capture data to

automate audit compliance tasks

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Opportunity Cost

• The Current State of GRC

• Components Affecting the Total Cost of Compliance

• Beyond Compliance – Considering the “G” and the “R”

• Graham Packaging Case Study

• About ControlPanelGRC

• ROI calculator

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Agenda

• In the wake of SOX, the focus was on demonstrating compliance

• Focus shifting to reducing the on-going Total Cost of Compliance

• Leveraging the GRC investment for competitive advantage

• Truly reducing risks

• Not just theft and fraud, but mistakes and inconsistencies

• More manageable business processes

• Appropriate, visible controls – key to management dashboards

• Automating manual tasks

• Using GRC as the engine to drive change

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Beyond Compliance

• Shifting from the “C” to the “G” and the “R” in GRC

• Any enterprise, regardless of size, can benefit from

implementing a 2nd generation GRC solution

• Less time operating, more time innovating

• More manageable operations

• Lowering costs

• Driving change

• Optimizing business processes

• Increasing business agility

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Beyond Compliance

• The Current State of GRC

• Components Affecting the Total Cost of Compliance

• Beyond Compliance – Considering the “G” and the “R”

• Graham Packaging Case Study

• About ControlPanelGRC

• ROI calculator

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Agenda

• Employs 7,500 people at 80 plants spread across 16 countries

• Privately held, but registered with the Securities and Exchange

Commission (SEC)

• Global leader in the design, sale

and manufacture of value-added,

custom molded plastic containers

• Based in York, Pennsylvania

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Graham Packaging Case Study

• Challenges• Using expensive 1st generation GRC product

• Limited to SOX compliance and SOD

• Leveraging just one-quarter of functionality

• Big implementation project facing company from

time/expense perspectives

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Graham Packaging Case Study

• Solution• ControlPanelGRC significantly less in cost

• Easy to implement and easy to use

• Quicker time to value or time to benefit of entire toolset

• Payback significant

• Automation of master data transport

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Graham Packaging Case Study

• Results• Saving significant amount of money

• Saving one week’s time in audit preparation

• Automated reporting satisfies external auditors

• Reduces repetitive tasks 50% now

• More IT people using solution, becoming more resourceful

• Less dependence on security personnel

• ROI in less than 12 months

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Graham Packaging Case Study

• The Current State of GRC

• Components Affecting the Total Cost of Compliance

• Beyond Compliance – Considering the “G” and the “R”

• Graham Packaging Case Study

• About ControlPanelGRC

• ROI calculator

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Agenda

• ABAP based software solution “Built by GRC professionals for GRC professionals”

• Integration of existing SymSoft technology and new functionality

• 7 modules sold separately or full suite• Broad functionality – Beyond SODs

• Change management, Batch management, application and security administration, numerous business process accelerators

• Powerful workflow engine automates routine administrative tasks

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

About ControlPanelGRC

• “Embedded compliance”• Audit/compliance data is captured automatically

• Reporting becomes a by-product

• Whole new price point• 1/3 the cost of 1st generation solutions

• Opens the market to smaller publically traded and

privately held regulated enterprises (Pharmas, FDA)

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

About ControlPanelGRC

• ControlPanelGRC Modules Maps to Business Processes:• Risk Analyzer - Analysis of Segregation of Duty and

Sensitive Authorization risks

• Emergency Access Manager (formerly SymSoft Fire Call) –

Temporary authorization and tracking to troubleshoot production

issues

• User and Role Manager – Automated workflows to accelerate day-to-

day SAP security administration. Numerous practical accelerators

• AutoAuditor - Automated execution and delivery of

compliance reports – documented review

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

About ControlPanelGRC

• ControlPanelGRC Modules Maps to Business

Processes:• Transport Manager (formerly SymSoft Q-TMS) -

Automates the Change Request process via a

workflow that maintains an audit trail

• Batch Manager – Compliant management,

approval, documentation and monitoring cross-

system Batch Jobs

• Usage Analyzer (formerly SymSoft RBE) –

Tracking and reporting or actual system usage.

License Optimization

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

About ControlPanelGRC

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

About ControlPanelGRC

• The Current State of GRC

• Components Affecting the Total Cost of Compliance

• Beyond Compliance – Considering the “G” and the “R”

• Graham Packaging Case Study

• About ControlPanelGRC

• ROI calculator

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Agenda

Cost Area1st Gen. Solution -Previously Purchased

1st Gen. Solution -New Purchase

2nd Gen Solution

Initial Software License $0.00 $500,000 $125,000 Upgrade fees $100,000 $0 $0 3 years annual maintenance $240,000 $330,000 $60,000 Dedicated servers and infrastructure $200,000 $200,000 $0

New implementation costs $0.00 $75,000 $25,000 Incremental costs to fully implement $75,000 $100,000 $25,000

3 years annual IT admin and support $30,000 $30,000 $0

3 years annual cost of audit preparation and reporting

$120,000 $120,000 $30,000

Opportunity Cost - IntangibleTCO - Next 3 years $765,000 $1,355,000 $265,000

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

ROI Calculator

• Auditors trending towards broader IT audits• Focus moving from compliance to managing the Total Cost of

Compliance• 2nd generation GRC solutions are priced 50%-75% less than 1st

generation software• Savings on maintenance fees alone offers compelling reasons to

consider 2nd generation solutions

• New solutions offer embedded compliance and automation of repetitive tasks

• ControlPanelGRC driving better business execution, not just demonstrating compliance

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Wrap Up

www.ControlPanelGRC.com

Professional Solutions for Compliance Automation

Thank you!

For ControlPanelGRCcase studies, articles, and

archived webinars please visit www.controlpanelgrc.com