Increasingly Complex Business, Regulatory and Political Environment Shines Spotlight on Importance of Risk Management
New Risk Management Software Capabilities, Value-Added Services, Proven and Rapid Implementation Framework to Address Forthcoming S&P Mandate
BOSTON — Today, SAP AG (NYSE: SAP) announced a new initiative, in collaboration with key partners, to equip customers with the solutions and services they need to best prepare for Standard & Poor’s (S&P) new enterprise risk management (ERM) evaluations, which the agency recently announced will soon be included in its credit ratings analysis for non-financial corporations. Together with its leading governance, risk and compliance (GRC) consulting partners – including Deloitte, IBM Global Business Services, PricewaterhouseCoopers and Protiviti – SAP is uniquely positioned to deliver the most robust set of risk management software tools, value-added services and best practice frameworks to help customers address S&P’s forthcoming ERM evaluation requirements. The announcement was made at the Business Objects Influencer Summit, being held in Boston on Aug. 12.
SAP® solutions for GRC are part of Business Objects, an SAP company, which combined with the Business Objects enterprise performance management and business intelligence solutions, deliver a comprehensive portfolio for business performance optimization.
Credit ratings agency S&P announced in May 2008 that it will soon be expanding its rating analysis of non-financial companies to include an ERM review; S&P has included ERM analysis in its ratings of financial institutions and insurers since 2005. Under the new directive, “Enterprise Risk Management: Standard & Poor’s to Apply Enterprise Risk Analysis to Corporate Ratings,” all companies seeking a positive credit rating will be required to provide evidence of a formal and effective risk management program, which S&P considers a good indicator of forward-looking stability. S&P’s inclusion of ERM analysis in its corporate ratings will ultimately provide investors with a more accurate and reliable view of a company’s ability to anticipate, understand and successfully manage risk. The global rollout of S&P’s ERM evaluations and enhanced ratings process will be incremental and staggered over several months, beginning with information-gathering and benchmark-setting discussions with impacted companies in Q3 2008, followed by company-specific scoring and rating analysis decisions expected sometime in 2009.
“S&P’s decision to apply ERM analysis to its corporate ratings further thrusts risk management into the spotlight, and ultimately is a good thing for companies and investors alike,” said Narina Sippy, senior vice president of SAP’s governance, risk and compliance business unit. “With dramatic corporate events continuing to make headlines around the world – from numerous product recalls, to rogue bank trading activity, to the continued fallout from the sub-prime mortgage crisis – one thing is clear: executive management teams and their Boards are fundamentally rethinking their focus on risk management. Together with our partners, SAP is uniquely positioned to help our customers implement a forward-thinking, strategic risk management program.”
As Risk Exposures Rise, Many Enterprises Find They Are Not Prepared
In recent months, risk management has been elevated from a siloed activity in the quiet corners of organizations to a critical enterprise-wide business imperative and a top executive and boardroom priority. According to a recent IBM Global Business Services study,1 roughly two out of three enterprises surveyed with revenues over $5 billion have encountered material risk events in the last three years, with nearly half of those companies acknowledging that they were not well prepared for the event.
“Our CFO survey shows that the ability to manage enterprise risk is a key differentiator for companies that outperform their peers in revenue and stock price growth, but only half of the companies have any sort of formalized risk management program in place,” said Bill Fuessler, Global Financial Management Consulting Leader, IBM.
This urgency by companies to make more risk-aware decisions that concretely impact overall business performance is echoed by analyst firm AMR Research in a recent GRC spending report2. AMR Research’s 2008 survey of 420 global organizations found that managing business and IT risk has become “a palpable buying motivation,” with risk management emerging as “the most influential issue driving investment in GRC,” leading the report’s authors to proclaim “risk management is the new compliance.”
New Capabilities Enable Enterprises to Embed Risk Management into Daily Operations
To help companies better manage risk and prepare for S&P’s forthcoming ERM evaluations, SAP has teamed with its GRC consulting partners to deliver a robust set of risk management software tools, value-added services, and a proven and rapid implementation framework. These combined offerings will enable enterprises to better integrate risk and risk management into their day-to-day decision making. Today, most enterprises do not have visibility into when and how key risks change, as they typically “track” the status of risks by sending out a questionnaire on a quarterly or annual basis. Unfortunately, this “calendar approach” not only creates additional work for the business units, but often only identifies changes in risk after-the-fact – when it has already resulted in a loss to the company.
SAP and its partners have developed industry-specific risk catalogs containing key risk indicators that can be monitored in the systems that line-of-business managers use to execute their daily work. The SAP® GRC Risk Management application continuously monitors key risk indicators so management is immediately notified of changes in risk levels. This real-time notification enables them to put proactive mitigations in place to prevent the risk from occurring, and directly reduces potential losses and corresponding insurance premiums that the enterprise must bear.
For example, one area where companies are especially vulnerable to significant value loss is their reputation. It is one of the most difficult risks to monitor because there are many drivers that come from different parts of the organization. Root causes such as out-of-spec supplier raw materials, employee safety, finished product quality, customer complaints and non-compliance with requirements and policies are all quantified in execution systems and can be monitored to indicate when a risk is about to become an event.
“The critical risks vary from one industry to the next,” said Jim Deloach, managing director at risk consultancy Protiviti and responsible for governance, risk and compliance solutions. “Protiviti has developed risk and KRI catalogs for SAP GRC Risk Management that enable enterprises to ensure that they not only have their key risks identified, but that they also have the continuous KRI monitoring in place. This approach of embedding risk monitoring into existing business processes across the enterprise not only reduces the exposure to unwanted risk events but also builds a strong risk culture within the company. More specifically, integration of risk management with enterprise performance management is where the real action is.”
Aligning Risk Management with Strategy and Planning Processes Critical to Future Organizational Success
Most enterprises today look at the management of strategy and risk as separate processes, preventing them from achieving the full value of their new business strategies and initiatives. Additionally, as part of the new requirements from S&P, organizations will be evaluated based on how effectively they incorporate risk into their strategic planning and performance measurement processes. The integration of the SAP GRC Risk Management and SAP® Strategy Management applications not only helps organizations meet these new requirements, but also improves their ability to successfully execute new strategies. For more details on the integration of SAP GRC Risk Management and SAP Strategy Management, please see related press release also issued today: “New Enterprise Performance Management Solutions from Business Objects Enable Customers to Link Strategy to Execution.”
1 IBM Global Business Services, “Balancing Risk and Performance with an Integrated Finance Organization; the Global CFO Study 2008,” 2008.
2 AMR Research, “The Governance, Risk Management, and Compliance Spending Report, 2008-2009: Inside the $32B GRC Market,” by John Hagerty, Jennifer Hackbush, Dennis Gaughan, simon Jacobson, 2008.
About SAP® Solutions for GRC
SAP® solutions for governance, risk and compliance (SAP solutions for GRC) help to enable corporate accountability by providing operational transparency and evidence that an organization conducts business within ethical standards and regulatory mandates. SAP solutions for GRC are part of the Business Objects portfolio, which combined with enterprise performance management and business intelligence solutions, deliver a comprehensive portfolio for business performance optimization. SAP’s unified approach to GRC overcomes key corporate accountability challenges across disconnected systems, regions and functions. SAP solutions for GRC are enabled across SAP and non-SAP systems, working together with GRC ecosystem partner content, technology and applications to provide the most effective solution for governance, risk and compliance available today. For more information about SAP solutions for GRC, please visit http://www.sap.com/grc.
About Business Objects
Business Objects, an SAP company, transforms the way the world works by connecting people, information and businesses. With open, heterogeneous applications in the areas of governance, risk and compliance; enterprise performance management; and business intelligence, Business Objects enables organizations of all sizes worldwide to close the gap between business strategy and execution. Together with a strong and diverse partner network, Business Objects allows customers to optimize business performance across all major industries including banking, retail, consumer-packaged goods and public sector. Business Objects is committed to helping customers turn raw data into actionable decisions, regardless of their underlying database, operating system, applications or IT system.