SAP Japan Makes New Strategic Announcement, Including Japanese SOX Legislation Support

GRC (Governance Risk Compliance) solution systemized, in addition to products from Virsa Systems

TokyoSAP Japan Co., Ltd. announced today that the company will systemize the Governance Risk Compliance (“GRC”) solution, which helps companies respond to compliance over a wide range of fields. As first step SAP Japan announced that it will start offering a Japanese version of Virsa Compliance Calibrator for SAP (“CC”).

Businesses need to comply with various forms of legislation, notably “Japanese SOX legislation,” which requires effective systems for internal control, and the cost of responding to such legislation continues to rise. Through its comprehensive GRC solution that efficiently ensures compliance, SAP Japan supports businesses that aim to enhance their corporate value through appropriate responses to legislation.

1. Provision of systematic compliance applications through GRC
To date, SAP Japan has provided a diverse range of compliance applications, including SOX solutions centered round mySAP ERP, and SAP Global Trade Service (“SAP GTS”), which supports compliance in international trade. Now, in conjunction with its acquisition of Virsa Systems (“Virsa”), SAP Japan has systemized its compliance products into the GRC solution.

In order to utilize IT in complying efficiently with several types of legislation, it has become extremely important for businesses to construct, in line with their IT strategy, a“system infrastructure.” The infrastructure will provide all the security and process integration capabilities needed for compliance, and the necessary “applications” to comply with each individual type of legislation. The GRC solution, which is based on SAP NetWeaver, seamlessly integrates all the applications needed for compliance. This solution has been reinforced using Virsa products that cover the areas of security, identity management, and SoD. The GRC solution enables businesses in all sectors to implement the series of processes involved in compliance – strategy definition, evaluation, monitoring, and action optimization – in efficient, sustained fashion.

In addition, SAP AG has established a new business unit specifically for GRC. At SAP Japan, an analogous specialist unit will be established toward the second half of this year to provide a comprehensive response to the Japanese market.

2. Release of Virsa Compliance Calibrator for SAP(J)
The first phase of the GRC solution in Japan will consist of a Japanese-language version of Virsa Compliance Calibrator for SAP (“CC”). CC automatically checks whether user authorization settings for SAP applications are appropriate from the viewpoint of preventing improper actions. This enables stronger SoD, which is one key issue regarding reinforced internal control using IT, at low cost.

3. Promotion of system for collaborating with partners and reinforcement of support for auditing bodies
To enable businesses to effectively utilize the ERP systems they have installed and strengthen their compliance, SAP Japan is promoting a system for collaboration with its partners. As well as developing products such as a Japanese-language version of CC, the company provides relevant information to its partners, introducing solutions, and offering training, to enable businesses that use SAP products to implement more advanced GRC management by utilizing products and services from SAP’s partners.

At the SAP BUSINESS SYMPOSIUM ’06 Internal Control Summit on May 25, SAP Japan will present numerous internal control solutions and case studies from its partners, proactively providing information and promoting the sale of such solutions to its customers and the market in general. In addition, SAP Japan will substantially boost its provision of information about the GRC solution to auditing bodies, to improve the efficiency of the auditing process regarding internal control for SOX compliance.

About Virsa Systems
Virsa Systems develops the most comprehensive real-time, sustained security and compliance control software for SAP systems. Virsa solutions, which were designed to continually meet the strict requirements of US SOX and other legislation, provide capabilities for automating risk assessment, eliminating false positives, and real-time simulation and rectification. Virsa, which offers the world’s largest built-in library of best-practice tools, promotes implementation and enables faster rectification of any problems. Widely recognized as a market leader, Virsa possesses the biggest customer base in this sector, and develops superior solutions for security, control, and corporate governance. Virsa was originally a SAP partner established as an unlisted company through investment by Kleiner Perkins, Lightspeed, and SAP Ventures. In May 2006, SAP announced that its acquisition of Virsa had been finalized.

<Comments from partner companies in GRC field>

ABeam Consulting (President: Kazumasa Nishioka) is collaborating with SAP Japan regarding the J-SOX solution announced in February 2006. We are enhancing our services for companies that have installed SAP products and are planning to implement arrangements for J-SOX compliance or internal control. In specific terms, as well as constructing a demonstration environment for internal control management tools, we will include methods for utilizing compliance-related products provided by SAP Japan in ABeam Consulting’s check tools for internal control capabilities, which SAP users can utilize in their own SAP environments when checking the status of their internal control. We also plan to do the same for ABeam ICMS Solution Pack for SAP , which will be provided after implementation standards are officially announced. By utilizing ABeam Consulting services, which include consultants specializing in internal control, businesses implementing internal control projects can not only document and evaluate their internal control, but also effectively and efficiently develop and operate a PDCA cycle for internal control that even encompasses overhauling of the control of IT task processing and business overall.”
(Yosuke Nakano, Principal, IES Division FAM Group President, ABeam Consulting)

Accenture Japan Ltd welcomes SAP Japan’s new strategy for solutions for compliance. We recognize that efforts for compliance require not only visualization of business but also of IT. With this announcement, we hope to work together with SAP Japan in providing efficient and effective support incorporating the GRC solution, in addition to supporting the promotion of the visualization of business and IT.”
(Yoichiro Hatanaka, Principal, Accenture Japan Ltd)

“We welcome SAP’s new compliance solution as an useful and concrete measure for SAP customers to strengthen measures for compliance. At Fujitsu, we hope to continue our close-knit partnership with SAP and to support our clients increase their corporate value by providing consulting and security governance including (authentication, access control, trail management and central control).”
(Junichi Higashi, Project Manager, Marketing (responsible for SAP business), Fujitsu)

IBM Japan and IBM Business Consulting Service (IBCS) welcome the new strategic announcement of a compliance solution by SAP Japan. We will offer this solution, together with consulting and system construction, to enable our clients to succeed through innovation.”
(Michio Hamaguchi, Director and Global ISV Solutions Manager, On-Demand Business, IBM Japan and Nobuaki Ohtake, Executive Director and value Delivery Center), IBM Consulting Service)

NEC truly welcomes SAP Japan’s announcement of the GRC solution. In the course of our longstanding provision of support services for SAP installation together with SAP Japan, we have built a strategic relationship. By strengthening integration between the corporate governance support that SAP Japan now provides and NEC’s J-SOX Compliance Support Service and Solutions for Reinforcing IT Internal Control, we will help our customers improve their CSR capabilities, reinforce their business infrastructure, and enhance their corporate value.”
(Junji Yasui, executive Director, NEC)