Managing enterprise risk in a consistent, efficient, sustainable manner has become a critical boardroom priority as CFOs and chief risk officers (CROs) are facing unprecedented levels of business complexity, changing geopolitical threats, new regulations and legislation, and increasing shareholders demands. In response to these growing business challenges, SAP is delivering SAP GRC Risk Management to equip companies with the tools they require to help manage key risk exposures and vulnerabilities alongside the pursuit of new business opportunities, delivering more informed decision-making, improved business performance and competitive advantage. The announcement was made at SAPPHIRE ’07, SAP’s international customer conference, being held in Vienna, Austria, May 14 – 16.
According to a recent Deloitte report, titled “Disarming the Value Killers: A Risk Management Study,” nearly half of the Fortune 1000 companies lost 20 percent of their stock value as a result of a significant business event, with half of those companies requiring greater than one year to regain lost value; more than one-fifth of those companies never recovered. SAP GRC Risk Management enables organizations to guide risk appetite and threshold planning, identify and analyze risks, balance the costs of risk avoidance with opportunities for growth and continuously monitor risk profiles over time. The new risk management application from SAP is a key component of the company’s growing portfolio of solutions for governance, risk and compliance (SAP solutions for GRC), and supports SAP’s multi-year plan to holistically address the increasingly strategic role of the CFO in driving business performance.
“Historically, risk management has often been a fragmented operation, particularly for large, distributed global businesses,” wrote Michael Rasmussen, vice president, Forrester Research, in his February 2007 report “Business Drivers For Enterprise Risk Management.” “Individual silos of risk management have emerged in enterprises worldwide as they react to mounting pressures, including dynamic and distributed business environments, changing geopolitical threats, and new legislation … Today, executives are trying to establish a more consistent approach to risk management throughout the enterprise that will help aggregate better data for decision-making… A federated approach to measuring and managing risk is clearly beneficial for large enterprises.”
Becoming a Risk-Intelligent, Risk-Agile Organization
Smart companies today recognize that the ability to balance risks and opportunities separates companies that thrive from companies that merely survive. Risk-intelligent enterprises view risk not only as protecting existing assets from negative incidents or events, but also as being prepared for opportunity and taking calculated, measured risks to drive growth and value creation. An integrated, systematic, comprehensive risk management framework and set of advanced technology tools allow organizations to accomplish these dual objectives.
“We often see companies struggle to refine their risk management approach to encompass the entire business and address the full spectrum of risks,” said David M. Johnson, managing director, Technology Risk Services group, Protiviti. “It’s important for these companies to incorporate a holistic, proactive risk management framework using the SAP GRC Risk Management solution that will enable them to better understand and manage risk across the enterprise.”
“Fragmented approaches to risk management often result in duplication of efforts and technologies, inconsistent measurement approaches and reporting, an obscured view of comprehensive risks across the organization, and importantly, a lack of confidence in an organization’s operational, financial and legal integrity,” said Amit Chatterjee, senior vice president, GRC business unit, SAP. “SAP provides a holistic, integrated, enterprise-wide risk management platform, and is uniquely positioned to help companies access and leverage the wealth of operational data that exists in an organization’s existing IT systems to help expose, manage and respond to an increasingly wide range of potential high-risk events.”
SAP GRC Risk Management – An Integrated, Cross-Enterprise Approach
SAP GRC Risk Management enables organizations to implement proactive risk management processes throughout the enterprise. The application provides a best-practice framework for enterprise risk identification, collaborative risk analysis, risk-response management and continuous risk monitoring and reporting. SAP GRC Risk Management provides critical process automation for all key risk management activities.
- Risk Planning – SAP GRC Risk Management facilitates a consistent, cross-enterprise approach, enabling companies to overcome “siloed” activities to create a complete and accurate risk profile for the enterprise based on customizable risk catalogs and measures. Executives can identify risks concurrent with new strategy development and determine the appropriate risk appetite that should be used for different units within the organization.
- Risk Identification and Analysis – Key risks can be identified, regardless of where they exist, and analyzed based on qualitative or quantitative methods. In many cases, this process can be automated and embedded within key business processes, such that when high-impact, high-probability indicators exceed thresholds, proactive alerts are delivered via workflows to experts for assessment and resolution. Some risks cannot be automatically identified, in which case collaborative, user-friendly self-assessments gather and route the relevant information. Regardless of whether the risk was automatically or manually identified, the application’s analytics can be used to prioritize risks.
- Risk Response – Once critical risks have been identified, SAP GRC Risk Management helps organizations develop an appropriate response strategy based on which responses generate the best ROI. The application delivers a customizable risk response playbook, or a set of best practices based on past experiences and loss event analysis, which facilitates strategy recommendations for optimum risk avoidance, mitigation or recovery across business silos.
- Risk Monitoring – As the business environment and subsequent risk profile of an organization change over time, executives need to understand the status across the enterprise and be able to compare and re-prioritize risk-adjusted opportunities. Role-based dashboards for risk managers and business professionals provide transparency for more informed decision-making, monitoring risks in context of business unit objectives, and capturing incidents and losses to help companies avoid making the same mistakes twice.
SAP GRC Risk Management leverages enterprise service-oriented architecture (enterprise SOA) and is built on the standards-based SAP NetWeaver(R) platform, which supports the integration of SAP Business Suite applications as well as non-SAP software. SAP NetWeaver unifies technology components into a single platform, allowing organizations to reduce IT complexity and obtain business value from their IT investments.
Growing SAP Risk Management Partner Ecosystem
The complexities of enterprise risk management are significant and growing every day, and customers often require risk specialty products or services based on specific industry, regional or functional needs. With SAP GRC Risk Management serving as an integrated cross-enterprise platform, SAP is partnering with other leading technology providers to extend its capabilities into critical areas such as business continuity and crisis management, supply chain risk, advanced analytics and industry-specific solutions.
One such SAP partner is Triple Point Technology, a global supplier of cross-industry software for commodity trading and position management. Triple Point provides Commodity SL, built on the SAP NetWeaver platform, which enables organizations to aggregate the physical and financial positions and execute the respective hedges across their diverse commodity profile. This is critical within industries where raw materials and finished products are subject to highly volatile supply/demand shifts, thus creating a significant risk exposure, such as in oil and gas, mining, utilities and consumer products. Triple Point provides the quantification of commodity risk exposure to SAP GRC Risk Management, so it can be prioritized and monitored effectively in context to the other top financial, regulatory and operational risks that the enterprise faces.
In the area of compliant business continuity and disaster recovery, SAP is partnering with Unisys to promote solutions to manage and control disaster risk and limit subsequent liability due to potential non-compliance following a catastrophic event. The Unisys Safeguard 30m solution uniquely provides automated application failover and fully coordinated data recovery between data centers up to 3,000 miles apart in 30 minutes or less. With this solution, regional business continuity risks such as seismic-, power- or weather-related events tracked in SAP GRC Risk Management can be successfully mitigated by automatically shifting operations to an unimpaired data center within a matter of minutes. SAP and Unisys have initiated a joint marketing program to promote disaster recovery, regulatory compliance and risk management solutions to clients.