Enduring Turbulence with Agility: Redefining Moment for Risk Mitigation

The rapid and dramatic evolution of financial, social, and health risks are prompting varied responses. While governments attempt to slow the spread of disease and unrest, most companies partner with their respective communities while focusing on significant challenges to their business continuity.

As businesses undertake rapid change, executives must also pay attention and act on a wide variety of risks to remain resilient and steadfast. Effective short- and midterm steps are often created to navigate financial, operational, and competitive threats with control, visibility, and oversight. But they also require the presence of people to oversee it all.

Is it possible to have too much human intervention, even in processes where governance, risk, and compliance (GRC) are non-negotiable? By adopting SAP S/4HANA, businesses are answering this question as they redefine their GRC initiatives.

Finding Agility in Risk Mitigation Across Three Lines of Defense

Today’s pandemic-induced economic turbulence brings challenges beyond the traditional line of simple financial and IT risk. Credit is deteriorating and raising solvency issues. Meanwhile, bilateral trade tensions are escalating worldwide and job insecurity is inhibiting a recovery in consumer spending.

Mitigating such a wide range of risks requires comprehensive GRC programs. Doing so allows businesses to identify risks and handle them across multiple topics and lines of business. GRC programs must also be agile enough to quickly generate critical insights and reports in real time and include inherent qualities such as usability, scalability, and flexibility to act on that intelligence.

But here is the secret to delivering such a transformational result: addressing the three lines of defense.

  • Operational management: Cover business functions that own the responsibility of managing operations and are accountable for directly assessing, controlling, and mitigating risks.
  • Corporate risk and compliance: Enable areas that monitor and facilitate the implementation of effective risk management practices and assist risk owners in the adequate reporting of risk-related information up and down the organization.
  • Independent assurance: Take care of organizations that provide independent assurance beyond the internal audit, encompassing all elements of the risk management framework – from risk identification, assessment, and response to the communication of risk-related information. This exercise also includes an honest evaluation of the strategy, ethics, operations, reporting, and compliance.
Infographic: Embed risk and control monitoring in SAP S/4HANA
Click to enlarge

Automating Critical Processes with Digital Platforms

For many SAP customers, aligning GRC processes to strategic priorities enables a level of agility that covers three lines of defense through intelligent automation, better assurance, and higher visibility. This trend is helping businesses move beyond manual, sample-based audits and assessments of systems and processes that occur every few months or annually.

Automation enables continuous monitoring of processes and data in real time and across in-scope processes and transactions, for example:

  • Monitoring key risk indicators that exceed pre-established thresholds
  • Recognizing risks in new or existing business relationships or partnerships
  • Flagging potentially fraudulent or unusual financial transactions
  • Notifying process owners of changes to crucial configuration settings that control vital business processes such as robotic process automation
  • Prioritizing essential areas of access risk, particularly when managing a remote workforce
  • Reporting the status of cross-border shipments that qualify for preferential duty treatment or require specific licensing
  • Normalizing and communicating potential security events at the application layer
  • Reporting on data protection and privacy requirements and processes

According to McKinsey partners Kevin Laczkowski and Mihir Mysore, companies that are successfully overcoming recessionary conditions have the digital tools to bolster productivity and position themselves for future growth. “Some companies are already using advanced analytics to reduce the risk of quality issues and error rates,” they observed in their Harvard Business Review article. “Other businesses are using digital platforms to enable self-service options for customers and simplify the purchasing process.”

But first, two critical obstacles need to be conquered to set the stage for this level of digitalization across GRC activities:

  • Outdated information maintained in individual spreadsheets and stored in random silos
  • Lack of transparency when validating the effectiveness of operational performance, controls, and key performance indicators

By tapping into the intelligent infrastructure of SAP S/4HANA, customers can capture, process, and analyze transactional and experiential data in real time. Integrating safety process controls, rules, and mechanisms in the suite also helps ensure requirements are fulfilled, while authorized access to information is safeguarded and secure.

Furthermore, related organizations – such as procurement, human resources (HR), sales, marketing, services, and supply chain – can be included in the process. The business can assign scenario-based rules that enforce compliance, align strategies, and build operational resilience. Focusing on the cycle of monitoring critical changes and master data updates helps ensure SAP S/4HANA reports exceptions, identifies outliers in real time, and directs them to the appropriate expert for resolution.

Using Auditing as a Platform for a Global, On-Demand Ecosystem

With this approach, SAP customers can transform their processes with automated controls, which enhances business continuity. Executive decision-makers, employees, and stakeholders can be confident that all activities are executed compliantly and governed continuously with minimal risk, time, and effort. More importantly, every organization can work together proactively and deliver more strategic outcomes.

Consider Delivery Hero SE. With subsidiaries that offer everything on demand from kitty litter to pizza in 44 countries, the multinational online food-delivery service needed to monitor its GRC performance closely. This capability became especially urgent when deliveries became an important part of its business model and expansion plans during the onset of the pandemic.

After implementing SAP S/4HANA, Delivery Hero integrated the intelligent ERP with other SAP applications, including cloud-based analytics and procurement solutions, as well as SAP governance, risk, and compliance solutions. This landscape became the foundation of a digital boardroom experience – giving executives the visibility and insight to stay on top of internal audits, ensure compliance with global reporting and accounting requirements, and pinpoint risks early.

Managing Risk and Compliance as a Priority, Not an Afterthought

By completing the digital picture of GRC operations with SAP S/4HANA, businesses can evolve their processes to adapt and safeguard their bottom line and reputation.

Embedding controls and checks into the fabric of the enterprise system incorporates risk management capabilities throughout the operational lifecycle. But most importantly, GRC activities become a trusted part of protecting the company from the burdensome penalties of noncompliance, while emerging as a potential revenue generator for the business.


Discover how SAP S/4HANA can boost the resilience of risk mitigation and compliance initiatives while navigating turbulent times and planning for whatever comes next with the following resources:


Bruce Romney is senior director of Product Marketing for GRC and Security Solutions at SAP.
David Sweetman is senior director of SAP S/4HANA Global Marketing at SAP.