Improve Internal Controls with Governance, Risk, and Compliance Solutions Jay Castleberry Director, Technology Delivery & Maintenance Southern California Edison
Southern California Edison
0
WWW.SCE.COM
Southern California Edison (SCE) Company Overview One of the largest electric utilities in North America More than 14 million customers More than 17,000 employees Major organizational units: – Transmission & Distribution, – Nuclear Generation, – Supply Chain Operations, – Customer Service, – Information Technology SAP landscape – HCM, FICO, OS, EAM, SRM, CRM, SUS, BW, GRC, etc.
Southern California Edison
1
WWW.SCE.COM
Governance, Risk, and Compliance (GRC*) Drivers Overarching standards, processes, and priorities Opportunities
Business Drivers
Provide reasonable assurance
Integrate Compliance Realize operational efficiencies
Promote compliance excellence and personal responsibility
Enhance executive visibility
Ensure clear line of sight
Leverage best practices
Leverage best practices across the company
* In this context, 'GRC' does not refer to 'General Rate Case' Southern California Edison
2
WWW.SCE.COM
Leveraging Existing SAP GRC Investment
Strategic, long-term investment in SAP’s GRC technology Expand
Upgrade Build
Migrate Existing Functionality to version 10.0 & Leverage Inherent Enhancements
Baseline Install SAP Access Control 5.2 and SAP Process Control 2.5
Southern California Edison
Enhance and Build onto Existing Baseline Functionality
3
Implement SAP Risk Management 10.0 and Enable Integrated Capabilities
WWW.SCE.COM
GRC Maturity at SCE
Stakeholder Value
Past, Current, and Desired Future State
2013+
2012 2009
2010
2011
Stages of GRC Capability Maturity at SCE
SOX Compliance
IT Compliance
Southern California Edison
NERC CIP
4
GRC 10.0 Upgrade, ERM and ECMS
Access, EH&S, HR, etc
WWW.SCE.COM
GRC Maturity at SCE – SOX Compliance SOX Compliance 2009
Benefits Automated segregation of duties (SoD) Continuous controls monitoring Workflow automation Single system of record
Southern California Edison
5
WWW.SCE.COM
GRC Maturity at SCE – IT Compliance IT Compliance and NERC CIP 2010-2011
Benefits
Enabled monitoring Enabled automation Leveraged workflow
Qualifications Revocations Access List
Southern California Edison
6
WWW.SCE.COM
GRC Maturity at SCE – Enterprise Compliance GRC 10.0 Upgrade and ECMS 2012
Benefits
• Catalog • Workflow / Controls automation • Policy management • Increased performance and robustness • Ease of use • Business role management Southern California Edison
7
WWW.SCE.COM
GRC Maturity at SCE – Risk Management Addition of SAP Risk Management 2012
Benefits
Ability to quickly survey Focus on most relevant key risks Automation of workflow and data approval
Systematic sign-off of enterprise risk data Version control Customizable reporting Southern California Edison
8
WWW.SCE.COM
GRC Maturity at SCE
Stakeholder Value
Past, Current, and Desired Future State
2013+
2012 2009
SOX Compliance
2010
IT Compliance
2011
NERC CIP
GRC 10.0 Upgrade, ERM and ECMS
Access, EH&S, HR, etc
• Continue to broaden use of v10.0 to other areas of compliance and enable linkage of data elements • Enterprise Wide Identity Access Management
Southern California Edison
9
WWW.SCE.COM
SCE’s Vision for 2013 and Beyond
Moving to the Risk-Intelligent Maturity State
Expand continuous control monitoring Increase visibility to further compliance areas Enable linkage between data elements Replace additional legacy compliance systems
Expand and integrate enterprise wide identity access management capabilities with GRC
Southern California Edison
10
WWW.SCE.COM
Lessons Learned
Ensure adequate level of executive sponsorship
Look for value beyond compliance Define a roadmap for execution Start communication early Involve subject matter experts (SMEs)
Leverage existing assets and investments Use a common methodology to continuously assess risk Develop a platform for current and future requirements
Southern California Edison
11
WWW.SCE.COM
Thank You for Attending
Jay Castleberry
[email protected] www.SCE.com Southern California Edison
12
WWW.SCE.COM
