Southern California Edison

Anuncio
Improve Internal Controls with
Governance, Risk, and Compliance
Solutions
Jay Castleberry
Director, Technology Delivery & Maintenance
Southern California Edison
Southern California Edison
0
WWW.SCE.COM
Southern California Edison (SCE)
Company Overview
 One of the largest electric utilities in North
America
 More than 14 million customers
 More than 17,000 employees
 Major organizational units:
– Transmission & Distribution,
– Nuclear Generation,
– Supply Chain Operations,
– Customer Service,
– Information Technology
 SAP landscape – HCM, FICO, OS, EAM, SRM,
CRM, SUS, BW, GRC, etc.
Southern California Edison
1
WWW.SCE.COM
Governance, Risk, and Compliance (GRC*) Drivers
Overarching standards, processes, and priorities
Opportunities
Business Drivers
 Provide reasonable
assurance
 Integrate Compliance
 Realize operational
efficiencies
 Promote compliance
excellence and personal
responsibility
 Enhance executive
visibility
 Ensure clear line of sight
 Leverage best practices
 Leverage best practices
across the company
* In this context, 'GRC' does not refer to 'General Rate Case'
Southern California Edison
2
WWW.SCE.COM
Leveraging Existing SAP GRC Investment
Strategic, long-term investment in SAP’s GRC technology
Expand
Upgrade
Build
Migrate Existing
Functionality to
version 10.0 &
Leverage Inherent
Enhancements
Baseline
Install SAP Access
Control 5.2 and SAP
Process Control 2.5
Southern California Edison
Enhance and Build
onto Existing
Baseline
Functionality
3
Implement SAP Risk
Management 10.0
and Enable
Integrated
Capabilities
WWW.SCE.COM
GRC Maturity at SCE
Stakeholder Value
Past, Current, and Desired Future State
2013+
2012
2009
2010
2011
Stages of GRC Capability Maturity at SCE
SOX Compliance
IT Compliance
Southern California Edison
NERC CIP
4
GRC 10.0 Upgrade,
ERM and ECMS
Access, EH&S,
HR, etc
WWW.SCE.COM
GRC Maturity at SCE – SOX Compliance
SOX Compliance 2009
Benefits
 Automated segregation of
duties (SoD)
 Continuous controls
monitoring
 Workflow automation
 Single system of record
Southern California Edison
5
WWW.SCE.COM
GRC Maturity at SCE – IT Compliance
IT Compliance and NERC CIP 2010-2011
Benefits
 Enabled monitoring
 Enabled automation
 Leveraged workflow
 Qualifications
 Revocations
 Access List
Southern California Edison
6
WWW.SCE.COM
GRC Maturity at SCE – Enterprise Compliance
GRC 10.0 Upgrade and ECMS 2012
Benefits
• Catalog
• Workflow / Controls
automation
• Policy management
• Increased performance
and robustness
• Ease of use
• Business role
management
Southern California Edison
7
WWW.SCE.COM
GRC Maturity at SCE – Risk Management
Addition of SAP Risk Management 2012
Benefits
 Ability to quickly survey
 Focus on most relevant
key risks
 Automation of workflow
and data approval
 Systematic sign-off of
enterprise risk data
 Version control
 Customizable reporting
Southern California Edison
8
WWW.SCE.COM
GRC Maturity at SCE
Stakeholder Value
Past, Current, and Desired Future State
2013+
2012
2009
SOX Compliance
2010
IT Compliance
2011
NERC CIP
GRC 10.0 Upgrade,
ERM and ECMS
Access, EH&S,
HR, etc
• Continue to broaden use of
v10.0 to other areas of
compliance and enable
linkage of data elements
• Enterprise Wide Identity
Access Management
Southern California Edison
9
WWW.SCE.COM
SCE’s Vision for 2013 and Beyond
Moving to the Risk-Intelligent Maturity State
 Expand continuous control monitoring
 Increase visibility to further compliance areas
 Enable linkage between data elements
 Replace additional legacy compliance systems
 Expand and integrate enterprise wide identity access
management capabilities with GRC
Southern California Edison
10
WWW.SCE.COM
Lessons Learned
 Ensure adequate level of executive sponsorship
 Look for value beyond compliance
 Define a roadmap for execution
 Start communication early
 Involve subject matter experts (SMEs)
 Leverage existing assets and investments
 Use a common methodology to continuously assess risk
 Develop a platform for current and future requirements
Southern California Edison
11
WWW.SCE.COM
Thank You for Attending
Jay Castleberry
Jay.Castleberry@sce.com
www.SCE.com
Southern California Edison
12
WWW.SCE.COM
Descargar