Using RiskBusiness Content with GRC Risk Management and Process Control 10.

Applies to:
SAP GRC Risk Management 10.0 and SAP GRC Process Control 10.0

Summary
This document shows how customers can use content from RiskBusiness an international risk advisory firm that specializes in the design and delivery of integrated operational and enterprise risk management solutions for financial institutions with GRC Risk Management and GRC Process Control 10.0. This document is a how-to guide that describes a repeatable process that customers can use to deploy and manage content from RiskBusiness. Author(s): Company: Created on: Satyen Paneri (I822317) Governance, Risk, and Compliance Analytics Division November 20, 2012

Version 1.0

SAP COMMUNITY NETWORK 2012 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

Using RiskBusiness Content With GRC Risk Management and Process Control 10.0

Document History
Document Version 1.00 Description Initial version

SAP COMMUNITY NETWORK 2012 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

Using RiskBusiness Content With GRC Risk Management and Process Control 10.0

Typographic Conventions
Type Style Example Text Description Words or characters quoted from the screen. These include field names, screen titles, pushbuttons labels, menu names, menu paths, and menu options. Cross-references to other documentation Example text Emphasized words or phrases in body text, graphic titles, and table titles File and directory names and their paths, messages, names of variables and parameters, source text, and names of installation, upgrade and database tools. User entry texts. These are words or characters that you enter in the system exactly as they appear in the documentation. Variable user entry. Angle brackets indicate that you replace these words and characters with appropriate entries to make entries in the system. Keys on the keyboard, for example, F2 or ENTER.

Icons
Icon Description Caution Note or Important Example Recommendation or Tip

Example text

Example text

<Example text>

EXAMPLE TEXT

SAP COMMUNITY NETWORK 2012 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

Using RiskBusiness Content With GRC Risk Management and Process Control 10.0

Table of Contents
1. 2. 3. 4. Business Scenario............................................................................................................... 1 About RiskBusiness ............................................................................................................ 2 Prerequisites ........................................................................................................................ 3 Using RiskBusiness Content ............................................................................................. 4 4.1 RiskBusiness Taxonomies ........................................................................................... 4 4.1.1 4.1.2 4.1.3 4.2 4.2.1 4.2.2 4.2.3 5. 6. Taxonomy Elements Mapping ......................................................................... 5 Taxonomy Elements Samples ......................................................................... 7 Taxonomy Elements Import Procedure ........................................................... 7 KRI Library ....................................................................................................... 8 KRI Samples .................................................................................................. 10 Using RiskBusiness KRIs .............................................................................. 12

RiskBusiness KRI Library ............................................................................................. 8

Appendix A Mapping Organizations in CLM ................................................................... 13 Copyright ............................................................................................................................ 14

SAP COMMUNITY NETWORK 2012 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

Using RiskBusiness Content With GRC Risk Management and Process Control 10.0

1.

Business Scenario

Risk management in the financial services industry is quite different and is much more advanced than risk management in other industries. Financial risk management includes different types of risks such as Credit Risk, Market Risk, Operational Risk, and Liquidity Risk. Operational risk, as the name suggests, is risk arising from execution of a company's business functions. It is a very broad concept which focuses on the risks arising from the people, systems and processes through which a company operates. It also includes other categories such as fraud risks, legal risks, physical or environmental risks. A widely used definition of operational risk is the one contained in the Basel II regulations. This definition states that operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. The approach to managing operational risk differs from that applied to other types of risk, because it is not used to generate profit. In contrast, credit risk is exploited by lending institutions to create profit, market risk is exploited by traders and fund managers, and insurance risk is exploited by insurers. They all however manage operational risk to keep losses within their risk appetite - the amount of risk they are prepared to accept in pursuit of their objectives. Unlike other types of risk, operational risk impacts the entire organization, its people and all its business processes. GRC Risk Management 10.0 Service Pack 05 delivers specific enhancements to support Operational Risk Management for financial institutions: Define and manage complex dynamically changing organization, risk category, product and process hierarchies. Support multiple views (Management View, Legal View, Audit View, Basel View, Internal View, etc.) for the organization and risk category hierarchies. Manage internal and external loss events with allocation across multiple master data hierarchies. Loss events can also be easily uploaded and downloaded from the solution. Continuously monitor internal and external data sources using key risk indicators and aggregate across organization and risk categories. Perform risk control self-assessments, document issues, and manage resolution actions. Perform value-at-risk (VAR) simulations to determine capital requirements using the Advanced Measurement Approach (AMA). This is accomplished by exporting loss information from GRC-RM and using a NW certified Partner solution QRR OpVision. Monitor the operational risk management program and comply with Basel and Solvency regulations using comprehensive reports and analytics. The key benefits from these solution enhancements are: Improves the effectiveness of the operational risk management with: o Loss reduction, o Process optimization o Capital reduction o Increased rating agency confidence o Profit increases Comply with regulatory operational risk requirements (Basel II and III) Enterprise solution leveraging GRC Access Control and Process Control Solution can be interconnected with various operative systems (HR, Credit Processing, Transactional Banking, etc.) The operational risk management solution for banks and financial institutions was launched in Q4 2011 and the go-to-market materials are available here (internal SAP access only).

Using RiskBusiness Content With GRC Risk Management and Process Control 10.0

RiskBusiness is a content provider for the operational risk management solution and this document is a how-to guide that describes a repeatable process that customers can use to deploy and manage this content in GRC Risk Management 10.0 and GRC Process Control 10.0.

2.

About RiskBusiness

RiskBusiness is an international risk advisory firm comprised of industry professionals who specialize in the design and delivery of market-leading integrated solutions for operational and enterprise risk management solutions to financial institutions large and small. Over 175 of the worlds largest and smallest banks, insurers, broker-dealers, hedge funds, asset managers & financial services institutions, in over 30 countries, have been using over 20 risk content, tools, information, advisory and education products and services for over 10 years. RiskBusiness provides numerous types of services for their client such as Risk Advisory Services, Risk Education Services, Risk Content Services, Risk Tool Services, and Risk Information Services. RiskBusiness integrated solution (shown below) enables organizations to build their risk capability across Business Function as well as Line of Business, providing greater risk intelligence to optimize compliance & business decision-making. This solution: Provides a platform with a flexible, integrated suite of risk management content and libraries with tools and information products to solve your specific needs Provides industry-leading, experience-based Taxonomy, KRI, and Scenario content to link process, risks and controls in order to categorize, measure and manage risk Delivers subject-matter-expertise and advice to implement & support risk management initiatives, regulatory compliance, business optimization and process improvement

The Integrated Risk Management Solution: Can be delivered in phases based on the timing of clients needs Is a cost-effective risk management platform Can be instantiated into any existing platform including excel Is an enterprise grade risk management tool designed to increase your return on investment in technology Supports multiple risk programs and risk functions

Using RiskBusiness Content With GRC Risk Management and Process Control 10.0

Legend:
RBA Content RBA Tools RBA Advisory

Risk Benchmarking Services (BBA, ABA, ABI etc.) Risk Programs

Risk/Control Assessment
Compliance Process

Risk Functions
Business Continuity Process IT Security Process

Loss/Incident Mgmt Process

Audit Process

SOX Process

KRI Library Scenario Library

KRI Mgmt Process

Scenario Mgmt Process

Capital Estimation/Mgmt Process

One or More Risk Platforms Expertise

Taxonomy (Process, Risk & Control)

The SAP partnership only leverages RiskBusiness content services taxonomies, KRI library, and scenario library. This is because the operational risk management solution and platform is provided by SAP. NOTE: Customers will have to license required content and other services (implementation, advisory, and support) as per their preference directly from RiskBusiness. SAP only offers the GRC Risk Management license and shows how customers can leverage RiskBusiness content with the solution this document.

3.

Prerequisites

The following software must be installed, configured, and ready-to-use for this How-To-Guide: GRC 10.0 (Process Control and Risk Management) with Service Pack 05 (preferably with the latest service package) GRC 10.0 Content Lifecycle Management (CLM)

This document also assumes that user is familiar with PC, RM, and CLM functionality and usage. For additional help please refer to the following. GRC Risk Management 10.0 Help Portal GRC Process Control 10.0 Help Portal GRC Process Control 10.0 CLM User Guide GRC Risk Management and Process Control 10.0 Content Starter Kits

Using RiskBusiness Content With GRC Risk Management and Process Control 10.0

4.

Using RiskBusiness Content

Taxonomies: comprises an online encyclopaedia of standard, risk-related classification structures that users may browse, customize, map to internal models, map to existing industry models (Basel II, etc.), or apply in building/enhancing integrated risk management programs. KRI Library: comprises a library of specific operational risk indicators, cross-linked to risk categories and business functions. Scenario Library: contains an extensive set of sample scenarios, created from one or more scenario event types.

Risk Content Services from RiskBusiness consists of three offerings:

This document shows how customers can leverage RiskBusiness Taxonomies and KRI Library within GRC Risk Management 10.0 and GRC Process Control 10.0. This document will later be further enhanced to show how customers can leverage the Scenario Library.

4.1

RiskBusiness Taxonomies

A key issue confronting operational risk managers today is a lack of broadly accepted standards for risk-related data classification. Numerous, inconsistent classification structures are used both within and between individual firms and among different regions, regulatory authorities and products. This prevents easy comparison of data across different interest groups and users. RiskBusiness taxonomies are a collection of risk classification hierarchies and consist of three primary components: Taxonomy Elements: are the primary mechanism to categorize data related to risks, exposures, losses, and mitigation. Each taxonomy element a name, description/definition, keywords, conditions, and qualifiers. These elements can be applied to loss data, risk and control assessments, indicators, scenarios and risk profiles. Examples of taxonomy elements are Risk Categories, Business Functions, Control Types, and Business Lines. Taxonomy Attributes: are a generic way of classifying data and are typically used to augment or support information which has been classified using taxonomy elements. Taxonomy attributes are also typically not financial services industry specific and are general industry standards published by internationally recognized bodies. Each taxonomy attribute has a name and a description/definition. Examples of taxonomy attributes are Geographical Regions, Currencies, Industries, and Control Classes. Taxonomy Dimensions: are various mechanisms to sub-filter, scale or sub-classify data which has been primarily categorized using taxonomy elements. Each taxonomy dimension has a name, description/definition, and instances. Examples of taxonomy dimensions are Gross Income Bands, Headcount Bands, Customer Relationship Bands, and Asset Size Bands.

Taxonomy elements are designed with varying degrees of granularity and hierarchy depth, based on experience with actual use in client initiatives. The greatest level of granularity occurs in the Risk Category and Control Type hierarchies. But for all taxonomy elements, whether or not highly granular, "base level" categories have been developed in accordance with strict rules of composition, designed to create clear and consistent boundary conditions to support objective, unambiguous classification. Customers subscribing to the RiskBusiness taxonomy services obtain software of creating and managing different taxonomies. Such software allows users to browse, search, and manage multiple taxonomy libraries. In addition this service can also be accessed programmatically (SDK) using an

Using RiskBusiness Content With GRC Risk Management and Process Control 10.0

XML/SOAP based request/response mechanism. This SDK enables tight integration between the RiskBusiness platform and the operational risk management solution. Taxonomies can also be easily exported from the RiskBusiness platform into Excel (XLS) documents. The SAP recommended approach for taxonomy content deployment is to export selected taxonomies into Excel (XLS) documents and then translate and use CLM (Content Lifecycle Management) for upload into GRC Risk Management 10.0 and GRC Process Control 10.0. Such an approach works well because the tight integration approach is more time consuming with the need for consulting type resources. Moreover, taxonomies map to GRC master data and once setup do not require frequent changes. The elements are the primary component of the taxonomy service that maps to master data within operational risk solutions. The attributes and dimensions are means for further classification, sub classification, and filtering the elements. Typically the attributes and dimensions will map to certain master data object attributes and/or configuration (IMG) settings. This document will describe how the elements are mapped and deployed as GRC master data. Users will have to determine which attributes and dimensions are applicable in their scenario and accordingly map and update the master data object or configuration setting. Such mappings are outside of the scope of this document.

4.1.1

Taxonomy Elements Mapping

Taxonomy elements are collections of hierarchies of operational risk classification data. Table below lists the elements provided by RiskBusiness, their definition/usage, and the mapping to the corresponding GRC master data object.

Taxonomy Element Business Lines

Definition Hierarchical collection of business lines within a financial institution. Examples of banking business lines are Retail Banking, Commercial Banking, Trading & Sales, Corporate Finance, Asset Management etc. Examples of insurance business lines are General Insurance, Reinsurance, Life, Insurance Broking etc.

GRC Master Data Object Mapping Organizations master or dependent hierarchy Customer may choose to directly use the business lines as the master organization hierarchy or setup as a dependent hierarchy with mappings to the master hierarchy for reporting Activity Hierarchy for Products/Services

Products or Services

Hierarchical collection of products or services offered by a financial institution. Products / services are aligned with business lines. Products offered by Retail Banking business are Retail Cards and Retail Credit; Commercial Banking offers Commercial Cards and Commercial Credit. Similarly General Insurance business offers Commercial Lines and Investment Products.

Using RiskBusiness Content With GRC Risk Management and Process Control 10.0

Business Functions Risk Categories Control Types Causal Type Direct Impact Type Indirect Impact Type Recovery Type

Business processes structure for a financial institution. Risk classification structure primarily derived from Basel II definitions. Subprocess and control structure. Causes for loss events. Direct business impact resulting from a loss event. Indirect business impact resulting from a loss event. Types of recovery measures used by a financial institution.

Activity Hierarchy for Business Processes Risk Catalog Subprocesses and Central Controls Risk / Loss Driver Type Risk Impact Type Risk Impact Type Risk Response Type

Each taxonomy element contains some key attributes. Elements may also contain additional attributes. Table below lists the key attributes along with a definition and suggested mapping to GRC master data attributes.

Element Attribute Name Level Definition Qualifications

Definition Element name Hierarchical level Element description Qualifiers (specified as includes and excludes) that help users further define usage of the element

GRC Master Data Object Attribute Mapping Object name. Supports only 40 characters. No direct mapping but used for setting up object hierarchy relations. Object description. No direct mapping. Will require setup of custom object attributes for loading into the operational risk solution. Users will typically use this attribute directly on the RiskBusiness platform to determine which elements are applicable for their use. Once this is done the qualification attribute has little significance for loading into the operational risk solution. No direct mapping. Will require setup of custom object attributes for loading into the operational risk solution. Users will typically use this attribute for searching and filtering data within the RiskBusiness platform. Once this is done the qualification attribute has little significance for loading into the operational risk solution.

Keywords

Search keywords. Used for enterprise search within the RiskBusiness platform

Using RiskBusiness Content With GRC Risk Management and Process Control 10.0

Unique ID

RiskBusiness assigned unique identifier

No direct mapping. Will require setup of custom object attributes for loading into the operational risk solution. Can be leveraged with CLM package schema definition and upload procedure to support change management.

4.1.2

Taxonomy Elements Samples

Samples of the different taxonomy elements are available here (internal SAP access only). Please note this is not a complete set and are just meant to provide examples. Actual content will have to be licensed from RiskBusiness.

4.1.3

Taxonomy Elements Import Procedure

The taxonomy elements import procedure is a manual one using GRC Content Lifecycle Management (CLM). The procedure is: Select the appropriate taxonomy elements from the RiskBusiness platform and export to Excel (XLS) document Import the taxonomy elements as described below

Taxonomy Element Business Lines

GRC Master Data Object Mapping Organizations

Import Procedure Refer to Section 4.1.5 Section 4.1.7 in the GRC Risk Management and Process Control 10.0 Content Starter Kits document on SCN for a detailed CLM import procedure. However, this procedure does not specifically cover the organizations import portion. For this please refer to Appendix A: Mapping Organizations in CLM. This is to be used within the context of the general import procedure described in the SCN document.

Products or Services Business Functions

Activity Hierarchy Activity Hierarchy

Activity Hierarchy cannot be imported with the Flat XML CLM Schema. Customers have the following options for importing these catalogs: Import using the Hierarchical XML CLM Schema for GRC Risk Management. Setup the content manually in the GRC Risk Management system. Refer to Section 4.1.5 Section 4.1.7 in the GRC Risk Management and Process Control 10.0 Content Starter Kits document on SCN for a detailed CLM import procedure.

Risk Categories Control Types Causal Type Direct Impact Type Indirect Impact Type

Risk Catalog Subprocesses and Central Controls Risk / Loss Driver Type Risk Impact Type Risk Impact Type

Using RiskBusiness Content With GRC Risk Management and Process Control 10.0

Recovery Type

Risk Response Type

IMG (Transaction: SPRO) entry Governance, Risk and Compliance Risk Management Response and Enhancement Plan Maintain Response Types.

4.2
...

RiskBusiness KRI Library

KRI Library

4.2.1

The RiskBusiness KRI Library was designed and developed in conjunction with the Risk Management Association (RMA) and its member organizations. The KRI Library is a structured repository of metrics designed to support the ongoing measurement and monitoring of risk and control exposures on a consistent basis, both within or across firms. The KRI Library consists of over 2,500 KRI specifications, created through working groups whose participants represented some fifty financial services institutions from around the world, and further developed by ongoing special working groups. The KRI Library employs the KRI Framework (a sub-set of the RiskBusiness Taxonomy) to define a series of "risk points." Risk points represent significant pairings of Detailed Risk Categories and Business Functions. Each defined "risk point" is associated with a set of applicable KRIs. By subscribing to the KRI Library, a client is automatically entitled to use the KRI Framework, a construct maintained by RiskBusiness that is fully compatible in functionality and taxonomic content with other RiskBusiness products and services. Key Features of the KRI Library include: Detailed mappings and specifications relating to use, metrical criteria and data collection rules for more than 2,500 indicators. Facility for subscribers to define custom indicators and to select standard indicators to modify for internal use. Ability to record comments on each indicator for discussion among subscribers. Access to standardized industry "risk profiles". Right to use the KRI Framework.

For additional information on the KRI Library and the related RiskBusiness services please see the document on Setting up a Key Risk Indicator Program.

4.2.1.1

Finding the right (and good) KRIs

The RiskBusiness KRI Library consists of over 2500 indicators for Banking and Insurance clients. RiskBusiness provides guidance and assistance on finding both the right and the good KRIs for use within specific customer scenarios. Such guidance is provided as follows:

Using RiskBusiness Content With GRC Risk Management and Process Control 10.0

Industry Risk Profiles

An industry risk profile is a one-page profile of the points of risk for a specific industry, organization, business line or product. The KRI library provides a number of industry risk profiles under the Industry Risk Maps tab. Figure below is a schematic of an industry risk profile. A risk point is the intersection point between the three dimensions of the industry risk profile. It is a specific risk associated with a specific business activity for a specific business line or product. The risk profile dimensions are defined and standardized to ensure a comprehensive and robust assessment of risk.

The industry risk profiles in the library are aggregated from profiles provided by various industries. Each risk point in the profile is color coded [using a nine-point scale with green representing low risk (1-3), amber representing medium risk (4-6), and red representing high risk (7-9)] to reflect the level of risk assessed by the industry, based on this aggregation. Industry risk profiles are useful for getting an industry view on the points of highest risk within a line of business or region.

Search for KRIs

Customers can directly search for KRIs from the library with different search criteria: Search keywords Search by Risk Categories, Business Lines, and Business Functions Advanced search using all KRI attributes

KRI Effectiveness Ratings

Every KRI in the library is given several ratings to assist users in assessing their effectiveness. Some of these can be used as search criteria. These criteria help identify the good KRIs from the right set of KRIs selected by the above methods. Key ratings include: Internal Comparability: Rated on a scale from 0 (cannot meet criteria) to 3 (meets all criteria) External Comparability: Rated as either Yes or No

Using RiskBusiness Content With GRC Risk Management and Process Control 10.0

Ease of Use: Rated on a scale from 0 (cannot meet criteria) to 3 (meets all criteria) Nature: Leading, current or lagging, or any combination of these three Effectiveness: Rated on a scale from 0 (cannot meet criteria) to 3 (meets all criteria)

The library also indicates whether each KRI is being used or considered for KRI Benchmarking, whether it has been flagged as being in use by another financial institution; and in many cases, how it scored in a popularity vote by KRIeX subscribers.

4.2.2

KRI Samples

Samples of the KRIs for Banking and Insurance are available here (internal SAP access only). Please note this is not a complete set and are just meant to provide examples. Actual content will have to be licensed from RiskBusiness. Each KRI has a unique ID (or number) and details that include Definition, Specification, Guidance, and Usage. As an example details for KRI 60100: Card Delinquency - Number of Delinquent Card Accounts is shown below.

Using RiskBusiness Content With GRC Risk Management and Process Control 10.0

Using RiskBusiness Content With GRC Risk Management and Process Control 10.0

4.2.3

Using RiskBusiness KRIs

As shown above RiskBusiness not only provides a library of over 2500 KRIs each with detailed business specifications, it also provides a KRI Framework along with guidance on how to select the appropriate indicators. GRC Risk Management 10.0 embeds a KRI Framework for documenting, automating, and monitoring risk indicators. Service Pack 05 also introduced the capabilities to define KRIs for organizations (in addition to risks) along with KRI Aggregation (roll-up) capabilities. Hence, it is recommended that customers select the appropriate KRIs using RiskBusiness guidance but then use the KRI Framework in GRC Risk Management 10.0 solution. For details on these solution capabilities please refer to the Product documentation. The RiskBusiness KRI specifications are business specifications and not technical automation specifications. Hence the selected KRIs selected will need to be leveraged as manual KRIs in the GRC Risk Management 10.0 solution. Please refer to Appendix A in the GRC Risk Management and Process Control 10.0 Content Starter Kits document on SCN for setting up and using manual KRIs. Customers will have to plan and deploy automation of the KRIs with internal resources. SAP recommends implementing selected KRIs as manual KRIs and plan for automation in a later project phase.

Using RiskBusiness Content With GRC Risk Management and Process Control 10.0

5.

Appendix A Mapping Organizations in CLM

To map and import new organizational entities in CLM: Either delete all rows from the Organization CLM worksheet or insert new rows as described below. Either option is fine as we are only adding/deploying new content. To insert new data proceed as described below. CLM Entity Organization Column ID Name Description Orgunit Parent Business Lines Attribute Mapping Specify IDs using the ORGUNIT/00000001, ORGUNIT /00000002, ORGUNIT /00000003, format Business Lines Name Business Lines Definition Specify ID of the parent Orgunit using the ORGUNIT /00000001, ORGUNIT /00000002, ORGUNIT /00000003, format Specify the Orgunit view as per the desired mapping from the exported CLM data. Regardless of whether Business Lines are to mapped under the master organization hierarchy or as a dependent hierarchy, the system will require the setup of the organization view in IMG configuration along with a root node definition. The exported CLM information will contain this view ID. Depending on where the Business Lines need to be uploaded find and copy the correct view ID in this column. Repeat Settings: Indirect ELC Test Repeat Settings: Indirect ELC Assessment Review Settings: Remediation Plan Review Settings: Indirect ELC Test Review Settings: Indirect ELC Assessment Average Cost Per Control Currency Enter C for each Orgunit entry Enter C for each Orgunit entry

Orgunit View

Enter C for each Orgunit entry Enter C for each Orgunit entry Enter C for each Orgunit entry

Enter 0 for each Orgunit entry Enter EUR or USD for each Orgunit entry

Review the parent entries such that the desired Business Lines hierarchy structure is defined. The other organization attributes defined above are mandatory organization attributes in the system and need default values to avoid errors during content deployment.

Using RiskBusiness Content With GRC Risk Management and Process Control 10.0

6. Copyright
2012 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Sun Microsystems, Inc. JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects Software Ltd. Business Objects is an SAP company. Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other Sybase products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Sybase, Inc. Sybase is an SAP company. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.