Southern California Edison (SCE)

Leverage best practices. Opportunities. ▫ Provide reasonable assurance. ▫ Promote compliance excellence and personal responsibility. ▫ Ensure clear line of ...
1MB Größe 23 Downloads 117 vistas
Improve Internal Controls with Governance, Risk, and Compliance Solutions Jay Castleberry Director, Technology Delivery & Maintenance Southern California Edison

Southern California Edison

0

WWW.SCE.COM

Southern California Edison (SCE) Company Overview  One of the largest electric utilities in North America  More than 14 million customers  More than 17,000 employees  Major organizational units: – Transmission & Distribution, – Nuclear Generation, – Supply Chain Operations, – Customer Service, – Information Technology  SAP landscape – HCM, FICO, OS, EAM, SRM, CRM, SUS, BW, GRC, etc.

Southern California Edison

1

WWW.SCE.COM

Governance, Risk, and Compliance (GRC*) Drivers Overarching standards, processes, and priorities Opportunities

Business Drivers

 Provide reasonable assurance

 Integrate Compliance  Realize operational efficiencies

 Promote compliance excellence and personal responsibility

 Enhance executive visibility

 Ensure clear line of sight

 Leverage best practices

 Leverage best practices across the company

* In this context, 'GRC' does not refer to 'General Rate Case' Southern California Edison

2

WWW.SCE.COM

Leveraging Existing SAP GRC Investment

Strategic, long-term investment in SAP’s GRC technology Expand

Upgrade Build

Migrate Existing Functionality to version 10.0 & Leverage Inherent Enhancements

Baseline Install SAP Access Control 5.2 and SAP Process Control 2.5

Southern California Edison

Enhance and Build onto Existing Baseline Functionality

3

Implement SAP Risk Management 10.0 and Enable Integrated Capabilities

WWW.SCE.COM

GRC Maturity at SCE

Stakeholder Value

Past, Current, and Desired Future State

2013+

2012 2009

2010

2011

Stages of GRC Capability Maturity at SCE

SOX Compliance

IT Compliance

Southern California Edison

NERC CIP

4

GRC 10.0 Upgrade, ERM and ECMS

Access, EH&S, HR, etc

WWW.SCE.COM

GRC Maturity at SCE – SOX Compliance SOX Compliance 2009

Benefits  Automated segregation of duties (SoD)  Continuous controls monitoring  Workflow automation  Single system of record

Southern California Edison

5

WWW.SCE.COM

GRC Maturity at SCE – IT Compliance IT Compliance and NERC CIP 2010-2011

Benefits

 Enabled monitoring  Enabled automation  Leveraged workflow

 Qualifications  Revocations  Access List

Southern California Edison

6

WWW.SCE.COM

GRC Maturity at SCE – Enterprise Compliance GRC 10.0 Upgrade and ECMS 2012

Benefits

• Catalog • Workflow / Controls automation • Policy management • Increased performance and robustness • Ease of use • Business role management Southern California Edison

7

WWW.SCE.COM

GRC Maturity at SCE – Risk Management Addition of SAP Risk Management 2012

Benefits

 Ability to quickly survey  Focus on most relevant key risks  Automation of workflow and data approval

 Systematic sign-off of enterprise risk data  Version control  Customizable reporting Southern California Edison

8

WWW.SCE.COM

GRC Maturity at SCE

Stakeholder Value

Past, Current, and Desired Future State

2013+

2012 2009

SOX Compliance

2010

IT Compliance

2011

NERC CIP

GRC 10.0 Upgrade, ERM and ECMS

Access, EH&S, HR, etc

• Continue to broaden use of v10.0 to other areas of compliance and enable linkage of data elements • Enterprise Wide Identity Access Management

Southern California Edison

9

WWW.SCE.COM

SCE’s Vision for 2013 and Beyond

Moving to the Risk-Intelligent Maturity State

 Expand continuous control monitoring  Increase visibility to further compliance areas  Enable linkage between data elements  Replace additional legacy compliance systems

 Expand and integrate enterprise wide identity access management capabilities with GRC

Southern California Edison

10

WWW.SCE.COM

Lessons Learned

 Ensure adequate level of executive sponsorship

 Look for value beyond compliance  Define a roadmap for execution  Start communication early  Involve subject matter experts (SMEs)

 Leverage existing assets and investments  Use a common methodology to continuously assess risk  Develop a platform for current and future requirements

Southern California Edison

11

WWW.SCE.COM

Thank You for Attending

Jay Castleberry [email protected] www.SCE.com Southern California Edison

12

WWW.SCE.COM