Is GDPR The New SOX?

Jerome Pugnet

For those who, like me, have long been involved in governance, risk, and compliance (GRC) – like since the early 2000s – doesn’t this whole GDPR (General Data Protection Regulation) “drama” feel like déjà vu? We’re seeing a new strict regulation imposed on all types and sizes of companies, with tough deadlines and hefty fine risks. And as a result, we’re also seeing among a large majority of companies high anxiety and deep concerns that the requirements can’t be met in time. Familiar?

Quite symmetrically to the Sarbanes–Oxley Act of 2002 (SOX) in America, the GDPR is imposed unilaterally for application in the EU only, but due to the size of the market, it impacts companies all over the world, as so many have operations in the EU. And being less familiar with data privacy practices prevailing in Europe, non-EU companies find it maybe even more concerning, as shown by the current multiplication of conferences on the topic in the U.S. alone.

In parallel, CFOs are concerned more than ever with the costs that go with the processes and resources in place to respond to compliance requirements. Containing the cost of compliance ever since the “SOX wave” has proven very challenging, and reactive approaches to compliance and scattered responses to the diverse impositions of the legislation have particularly contributed to pushing these costs. No wonder they’re dreading a similar scenario with the advent of GDPR.

Improved technologies are making a difference

Luckily, technologies have moved a long way since the early days of SOX. Many of us certainly remember (from those glorious early days) the “joy” of documenting and manipulating masses of spreadsheets, Word documents, and other files, and the headaches of consolidating all this information to produce the reports and go through process walk-through, certifications, and sign-offs.

GDPR is also very much about documenting, making sure that the needed policies, controls, and procedures are in place, and being able to demonstrate this to the authorities. So, on the governance side of things, companies can capitalize on the experience from all these years (learned the hard way), which should allow for a more efficient and effective path to compliance – hopefully with less trauma and cost.

This naturally applies to the supporting technologies that are available to manage such compliance requirements, which involve in particular:

  • A robust control framework
  • Complete policy lifecycle management
  • Control evaluation and monitoring capabilities
  • Comprehensive reporting features

A number of vendors have emerged since the early 2000s to respond to these requirements at a diverse level of depth, which helped companies reduce the burden of financial compliance to a degree. At SAP, we’ve consistently developed best-of-breed capabilities through software implemented by hundreds of our customers to automate their compliance management. They also benefit from best practices coming from the breadth of experience from a large community of users and the broad SAP ecosystem of partners.

Choosing the right solution to help with compliance

So unlike the situation found in the early days of SOX, companies have good options for technologies they can use to govern their GDPR compliance. However, before choosing a solution, they should consider the degree of automation provided, the range of capabilities, and the flexibility of tools available. For example, to support the assessments and surveys the GDPR requires on data privacy risks and impacts and for the evaluation of processes and controls.

They may also want to ensure that the chosen solutions can fit into a three-lines-of-defense set, notably to take advantage of integrated audit management capabilities that can help deliver robust assurance on the effectiveness of their GDPR program.

On an ongoing basis – and since GDPR is here to stay – the automation and integration brought by the right GRC technology can also help monitor GDPR compliance more effectively and continuously, and make it a sustainable program while keeping costs under control.

Govern and operationalize GDPR compliance

Other technologies beyond GRC are also critical to “operationalize” GDPR compliance, which involves managing the complete data lifecycle on a day-to-day basis:

  • Privacy impact assessments
  • Secure storage of active data
  • Data access governance
  • Data breach notification and resolution
  • Archiving and deleting

All these capabilities are available from major technology providers and already widely used, but there again, the right solution choices are important to ensure that the requirements of the regulation can be met for all aspects of the management of personal data. And it is also critical that the chosen data management tools can operate harmoniously with the GRC solution that governs the overall GDPR program. Concretely, this signifies that controls can be plugged in at each step of the data management cycle to verify these processes are operating compliantly.

Govern and operationalize GDPR compliance

Despite the anxiety and pressure created by the arrival of the GDPR, companies have good options in terms of GRC and data management technology (unlike in the early days of SOX). They can also leverage the capital of experience accumulated throughout the years and best practices that consulting firms provide to get on the right path to GDPR compliance.

However, in their technology choices, it’s important to verify that the chosen solutions can help them both govern and operationalize GDPR compliance with both:

  1. Strong policy management and control automation capabilities on the governance side, and
  1. Comprehensive data management features to support the complete data lifecycle in accordance to the requirements of the regulation, on the operational side.

Finally, they should ensure that those GRC and data management solutions can interact seamlessly and integrate with their existing business applications where the personal data that so needs to be protected is the most widely used.

This will help make the GDPR journey much less painful and allow them to implement a sustainable GDPR program, where costs can be kept well under control.

Learn more

Visit and the GRC Tuesdays site, and read other GDPR-related blogs on this topic:

Learn how organizations are gaining instant financial insights and using them to make better decisions – both now and in the future. Register now for the 2017 Financial Excellence Forum, Oct. 10-11 in New York City

Follow SAP Finance online: @SAPFinance (Twitter) | LinkedIn | FacebookYouTube


Jerome Pugnet

About Jerome Pugnet

Jérôme Pugnet is a senior director of GRC Product Marketing at SAP SE, based in London, and has over 12 years of experience in risk and compliance management, business process control, IT governance, fraud and audit management domains, in particular in the financial services industry. He has over 16 years of previous experience on financial software and ERP, in implementation engagements and pre-sales advisory roles.

School’s Back! Do You Have The Right Skill Set For Dynamic Planning?

Brian Kalish

Part 7 in the Dynamic Planning Series

“Do I have the right skill set for FP&A in 2017 and beyond?” That is a question I am asked all the time, whether I’m in Kuala Lumpur, Montevideo, or San Francisco. The role of the modern FP&A professional has changed greatly over the past 20 years, but the change I have witnessed over the past five years has truly been amazing.

When I would add talent to my FP&A teams 10 years ago, what I wanted was a Jedi master in Excel who had a strong background in accounting. Those days are long gone, because the scope and scale of what our FP&A teams can actually accomplish, as far as planning, budgeting, and forecasting are concerned, have grown at an accelerating pace.

Due to advances that have occurred in the technology and tools available today, activities that we could only dream of accomplishing a few years ago are either possible right now or will be possible in the very near future. Gone are the days of scheduled (and instantly out-of-date) plans and static reporting. We now live in a world of dynamic planning and real-time reporting. We can incorporate our actuals, in real time, to be able to determine if we are on track to reach our goals and objectives and if not, to make changes to our activities. We now regularly incorporate integrated reporting into the normal course of our communications with our stakeholders.

Planning, budgeting, and forecasting 101: new curriculum

All of this change has created opportunities as well as challenges for today’s FP&A professional. While being able to utilize Excel is important (it’s never going away, folks), along with a strong understanding of accounting, those are merely table stakes in today’s world. The three key skill sets that today’s FP&A pro must possess are financial acumen, technology and communication fluency, and a keen insight into the business. A strong dose of curiosity is also critical to being a best-in-class FP&A professional.

Those FP&A professionals who are able to master these new technologies and tools that are coming down the pike will be the ones in the greatest demand. I hear from CFOs from around the world that they expect the amount of strategic work their FP&A teams will be doing to double over the next few years. The majority of these same CFOs believe they have the proper number of people in their FP&A teams. How do they expect to close this chasm between the expected increase in workload without a corresponding increase in headcount? The overwhelming response is technology.

The challenge for organizations will be to determine if they have the right people in place to maximize the ROI for their outlays of these new technologies and tools. Not to minimize my skill set, but you can give me the most advanced surgical devices available to mankind, and I can guarantee that you don’t want me operating on you. Similarly, for FP&A talent to succeed, they will need the flexibility and agility to learn, master, and leverage these new technologies into their organizations as they come online.

The knack to be able to explain our plans or tell a story about our budgets, forecasts, analyses, insights, and foresights to a wide array of audiences, is critical to the success of our organizations. When you enter into the world of dynamic planning, the importance of communications grows ten-fold, as organizations must be able to explain why change is necessary to achieve success.

In a future blog, I’ll expand upon my thoughts and ideas on the importance of understanding the business in order to maximize the value FP&A professionals can bring to our business partners as well as the company as a whole.

I hope to see you at the upcoming Financial Excellence Forum in New York City October 10–11. You can register here. We will be touching on these issues and much more.

To learn more about dynamic planning, read the whitepaper here.

Follow SAP Finance online: @SAPFinance (Twitter) | LinkedIn | FacebookYouTube


Brian Kalish

About Brian Kalish

Brian Kalish is founder and principal at Kalish Consulting. As a public speaker and writer addressing many of the most topical issues facing treasury and FP&A professionals today, he is passionately committed to building and connecting the global FP&A community. He hosts FP&A Roundtable meetings in North America, Europe, Asia, and South America. Brian is former executive director of the global FP&A Practice at AFP. He has over 20 years experience in finance, FP&A, treasury, and investor relations. Before joining AFP, he held a number of treasury and finance positions with the FHLB, Washington Mutual/JP Morgan, NRUCFC, Fifth Third Bank, and Fannie Mae. Brian attended Georgia Tech in Atlanta, GA for his undergraduate studies and the Pamplin College of Business at Virginia Tech for his graduate work. In 2014, Brian was awarded the Global Certified Corporate FP&A Professional designation.

Technology Makes Finance A Better Business Partner

Nilly Essaides

Think technology is taking the human factor out of finance? Think again. When finance embraces technologies, it only becomes a better business partner. Finance organizations that rank higher on a technology enablement scale have more effective relationships with their business counterparts.

The Hackett Group took its extensive benchmarking data, which splits organizations into world-class and peers, and ran the data through a proprietary model that defined which finance organizations are more technology-savvy based on a set of “markers.” (World-class organizations are in the top quartile based on comprehensive effectiveness and efficiency metrics.) Next, we profiled those companies to see what other qualities they have in common.

We found that tech-savvy finance organizations are better business partners:

  1. Their analysts have higher business acumen compared to peers—13% higher and within 0.01% of world-class finance teams. That’s because they have more time to learn about the businesses they serve. They can find out what makes them tick, who are their competitors and how they go to market. Consequently, they can then lead more productive conversations with operational management and build stronger ties.
  1. They are 28% more likely to use both financial and operational KPIs than peers when analyzing the performance of the company, providing a bridge the business and financial management and connecting the dots between business choices and financial outcomes.
  1. Finally, tech-savvy finance organizations spend more time on proactive decision-making and planning rather than historical reporting. This way they can provide their business counterparts with the insight they need to make forward-looking, smart business decisions.

Percentage of Analytical Time Spent on Proactive/Planning vs. Historical AnalysisPercentage of Analytical Time Spent on Proactive/Planning vs. Historical Analysis

Source: The Hackett Group Benchmarks 2017

Why is this important?

Digital transformation is changing the very nature of the business environment. The onus is on finance to up its game and help the enterprise keep pace with the fast-changing business environment. That means working closely with business leaders by understanding their operations inside-out, and giving them insightful answers that can help them steer their areas in the right direction.

Tech-savvy finance organizations have the tools to do both. They can free up the time of finance executives to build collaborative relationships with their partners. They can develop strong business acumen. And they have the integrated system environment to supports the adoption of digital tools that drive new solutions like Big Data and advanced analytics. Ultimately, our research proves that companies that rank high on the tech enablement scale are far ahead of peers in closing the performance gap with world-class finance organizations.

For more on how technology is influencing the future of finance, see Jobs Of The Future: The Collaborative Financial Officer.


Nilly Essaides

About Nilly Essaides

Nilly Essaides is senior research director, Finance & EPM Advisory Practice at The Hackett Group. Nilly is a thought leader and frequent speaker and meeting facilitator at industry events, the author of multiple in-depth guides on financial planning & analysis topics, as well as monthly articles and numerous blogs. She was formerly director and practice lead of Financial Planning & Analysis at the Association for Financial Professionals, and managing director at the NeuGroup, where she co-led the company’s successful peer group business. Nilly also co-authored a book about knowledge management and how to transfer best practices with the American Productivity and Quality Center (APQC).

Diving Deep Into Digital Experiences

Kai Goerlich


Google Cardboard VR goggles cost US$8
By 2019, immersive solutions
will be adopted in 20% of enterprise businesses
By 2025, the market for immersive hardware and software technology could be $182 billion
In 2017, Lowe’s launched
Holoroom How To VR DIY clinics

From Dipping a Toe to Fully Immersed

The first wave of virtual reality (VR) and augmented reality (AR) is here,

using smartphones, glasses, and goggles to place us in the middle of 360-degree digital environments or overlay digital artifacts on the physical world. Prototypes, pilot projects, and first movers have already emerged:

  • Guiding warehouse pickers, cargo loaders, and truck drivers with AR
  • Overlaying constantly updated blueprints, measurements, and other construction data on building sites in real time with AR
  • Building 3D machine prototypes in VR for virtual testing and maintenance planning
  • Exhibiting new appliances and fixtures in a VR mockup of the customer’s home
  • Teaching medicine with AR tools that overlay diagnostics and instructions on patients’ bodies

A Vast Sea of Possibilities

Immersive technologies leapt forward in spring 2017 with the introduction of three new products:

  • Nvidia’s Project Holodeck, which generates shared photorealistic VR environments
  • A cloud-based platform for industrial AR from Lenovo New Vision AR and Wikitude
  • A workspace and headset from Meta that lets users use their hands to interact with AR artifacts

The Truly Digital Workplace

New immersive experiences won’t simply be new tools for existing tasks. They promise to create entirely new ways of working.

VR avatars that look and sound like their owners will soon be able to meet in realistic virtual meeting spaces without requiring users to leave their desks or even their homes. With enough computing power and a smart-enough AI, we could soon let VR avatars act as our proxies while we’re doing other things—and (theoretically) do it well enough that no one can tell the difference.

We’ll need a way to signal when an avatar is being human driven in real time, when it’s on autopilot, and when it’s owned by a bot.

What Is Immersion?

A completely immersive experience that’s indistinguishable from real life is impossible given the current constraints on power, throughput, and battery life.

To make current digital experiences more convincing, we’ll need interactive sensors in objects and materials, more powerful infrastructure to create realistic images, and smarter interfaces to interpret and interact with data.

When everything around us is intelligent and interactive, every environment could have an AR overlay or VR presence, with use cases ranging from gaming to firefighting.

We could see a backlash touting the superiority of the unmediated physical world—but multisensory immersive experiences that we can navigate in 360-degree space will change what we consider “real.”

Download the executive brief Diving Deep Into Digital Experiences.

Read the full article Swimming in the Immersive Digital Experience.


Kai Goerlich

About Kai Goerlich

Kai Goerlich is the Chief Futurist at SAP Innovation Center network His specialties include Competitive Intelligence, Market Intelligence, Corporate Foresight, Trends, Futuring and ideation. Share your thoughts with Kai on Twitter @KaiGoe.heif Futu


Why Artificial Intelligence Is Not Really Artificial – It Is Very Tangible

Sven Denecken

The topic of artificial intelligence (AI) is buzzing through academic conferences, dominating business strategy sessions, and making waves in the public discussion. Every presentation I see includes it, even if it’s only used as a buzzword – its frequency is rivaling the use of “Uber for X” that’s been so popular in recent years.

While AI is a trending topic, it’s not mere buzz. It is already deeply ingrained into the strategy and design of our products – well beyond a mere shout-out in presentations. As we strive to optimize our products to better serve our customers and partners, it is worth taking AI seriously because of its unique role in product innovation.

AI will be inherently disruptive. Now that it has left the realm of academic projects and theoretical discussion – now that it is directly driving speed and hyper-automation in the business world – it is important to start with a review that de-mystifies the serious decisions facing business leaders and clarifies the value for users, customers, and partners. I’ll also share some experiences on how AI is contributing to solutions that run business today.

Let’s first start with the basics: the difference between AI, machine learning, and deep learning.

  • Artificial intelligence (AI) is broadly defined to include any simulation of human intelligence exhibited by machines. This is a growth area that is branching into multiple areas of research, development, and investment. Examples of AI include autonomous robotics, rule-based reasoning, natural language processing (NLP), knowledge representation techniques (knowledge graphs), and more.
  • Machine learning (ML) is a subfield of AI that aims to teach computers how to accomplish tasks using data inputs, but without explicit rule-based programming. In enterprise software, ML is currently the best method to approach the goals of AI.
  • Deep learning (DL) is a subfield of ML describing the application of (typically multilayer) artificial neural networks. Neural networks take inspiration from the human brain, with processors consisting of small neuron-like computing units connected in ways that resemble biological structures. These networks can learn complex, non-linear problems from input data. The layering of the networks allows cascaded learning and abstraction levels. This can accomplish tasks like: starting with line recognition, progressing to identifications of shapes, then objects, then full scene. In recent years, DL has led to breakthroughs in a series of AI tasks including speech, vision, and language processing.

AI applications for cloud ERP solutions

Industry 4.0 describes the trend of automation and data exchange in manufacturing. This comprises cyber-physical systems, the Internet of Things (IoT), cloud computing, and cognitive computing – everything that adds up to create a “smart factory.” There is a parallel in the world beyond manufacturing, where data- and service-based sectors need to capture and analyze more data quickly and act on that information for competitive advantage.

By serving as the digital core of the organization, enterprise resource planning (ERP) solutions play a key role in business transformation for companies adapting to the emerging reality of Industry 4.0. AI solutions powered by ML will be a broad, high-impact class of technologies that serve as a key pillar of more responsive business capabilities – both in manufacturing and all the sectors beyond. As such, ERP must embrace AI to deliver the vision for the future: smarter, more efficient, more flexible, more automated operations.

Enterprise applications powered by AI and ML will drive massive productivity gains via automation. This is not automation in the sense of repetitive, preprogrammed processes, but rather capabilities for software to handle administrative tasks and learn from user behavior to anticipate what every individual in the company might need next.

Cloud-based ERP is ideal for companies looking to accelerate transformation with AI and ML because it delivers innovation faster and more reliably than any onsite deployment. Users can take advantage of rapid iterations and optimize their processes around outcomes rather than upkeep.

Case in point: intelligent ERP applications need to include a digital assistant. This should be context-aware, designed to make business processes more efficient and automated. By providing information or suggestions based on the business context of the user and the situation, the digital assistant will allow every user to spend more time to concentrate on higher-value thinking instead of on repetitive tasks. Combined with built-in collaboration tools, this upgrade will speed reaction to changing conditions and create more time for innovation.

Imagine a system that, like a highly capable assistant, can greet you in the morning with a helpful insight: “Hello Sven, I have assessed your situation and the most recent data – here are the areas you should focus on first.” This approach to contextualized analysis of real-time data is far more effective than a hard-programmed workflow or dump of information that leaves you to sort through outdated information.

Personal assistants have been around in the consumer space for some time now, but it takes an ML-based approach to bring that experience, and all its benefits, to the enterprise. Based on the pace of change in ML, a cloud-based ERP can best deliver the latest innovations to users in a form that has immediate business applications.

An early application of ML in the enterprise will be intelligence derived from past patterns. The system will capture much richer detail of customer- and use-case-specific behavior, without the costs of manually defining hard rule sets. ML can apply predictive detection methods, which are trained to support specific business use cases. And unlike pre-programmed rules, ML updates regularly as strategies – not monthly or weekly – but by the day, hour, and minute.

How ML and AI are making cloud ERP increasingly more intelligent

Digital has disrupted the world and changed the way businesses operate, creating a new level of complexity and speed. To stay competitive, businesses must transform to achieve a new level of agility. At the same time, advances in consumer technology (Siri, Alexa, and Google Now in the personal assistant space, and countless mobile apps beyond that) have created a desire and need for intuitive user interfaces that anticipate the user’s needs. Building powerful tools that are easy to interact with will rely on ML and predictive analytics solutions – all of which are uniquely suited to cloud deployment.

The next wave of innovation in enterprise solutions will integrate IoT, ML, and AI into daily operations. The tools will operate on every type of device and will apply native-device capabilities, especially around natural language processing and natural language interfaces. Augment this interface with machine learning, and you’ll see a system that deeply understands users and supports them with incredible speed.

What are some use cases for this intelligent ERP?

Digital assistants already help users keep better notes and take intelligent screenshots. They also link notes to the apps users were working on when they were created. Intelligent screenshots allow users to navigate to the app where the screenshot was taken and apply the same filter parameters. They recognize business objects within the application context and allow you to add them to your collection of notes and screenshots. Users can chat right from the business application without entering a separate collaboration room. Because the digital assistants are powered by ML, they help you move faster the more you use them.

In the future, intelligent cloud ERP with ML will deliver value in many ways. To name just a few examples (just scratching the surface):

  1. Finance accruals. Finance teams use a highly manual and speculative process to determine bonus accruals. Applying ML to these calculations could instead generate a set of unbiased accrual figures, so finance teams have more time during closing periods for activities that require review and judgment.
  1. Project bidding. Companies rely heavily on personal experience when deciding to bid for commercial projects. ML would give sales and project teams access to decades-worth of projects from around the world at the touch of a button. This capability would help firms decide whether to bid, how much to bid, and how to plan projects for greatest profitability.
  1. Procurement negotiation. Procurement involves a wide range of information and continuous supplier communication. Because costs go directly to the bottom line, anything that improves efficiencies and reduces inventory will make a real difference. ML can mine historical data to predict contract lifecycles and forecast when a purchasing contract is expected so that you can renegotiate to suit actual needs, rather than basing decisions on a hunch.

What does the near future hold?

An intelligent ERP puts the customer at the center of the solution. It delivers flexible automation using AI, ML, IoT, and predictive analytics to drive digital transformation of the business. It delivers a better experience for end users by providing live information in context and learning what the user needs in every scenario. It eliminates decisions made on incomplete or outdated reports.

Digitization continues to disrupt the world and change the way businesses operate, creating a new level of complexity and speed that companies must navigate to stay competitive. Powering business innovation in the digital age will be possible by building and deploying the latest in AI-powered capabilities. We intend to stay deeply engaged with our most innovative partners, our trusted customers, and end users to achieve the promises of the digital age – and we will judge our success by the extent to which everyone who uses our system can drive innovation.

Learn how SAP is helping customers deploy new capabilities based on AI, ML, and IoT to deliver the latest technology seamlessly within their systems


Sven Denecken

About Sven Denecken

Sven Denecken is Senior Vice President, Product Management and Co-Innovation of SAP S/4HANA, at SAP. His experience working with customers and partners for decades and networking with the SAP field organization and industry analysts allows him to bring client issues and challenges directly into the solution development process, ensuring that next-generation software solutions address customer requirements to focus on business outcome and help customers gain competitive advantage. Connect with Sven on Twitter @SDenecken or e-mail at