Risk management: Roadmap to 'maturity'

Spencer Stuart / DirectorS & Boar DS Director S r oSter fourth quarter 2008 15 A s globalization and regula- tion intensify, many compa- nies respond to these com- p l ex i t i e s by i m p l e m e n t i n g rigorous risk management processes. SAP, a g lobal prov ider of enter pr ise management software, is no exception. SAP’s initial risk management efforts were aimed at g reater efficiency and regulatory compliance, but, as detailed here, SAP g r av itated to an enter pr ise-w ide r isk man- agement solution to take full advantage of its capabilities and increase organizational consistency. S p e c i f i c a l l y, a b r o a d e r risk management approach strengthened key businesses’ processes, enhanced predict- ability of SAP’s operations, and suppor ted the compa- ny’s overall business strategy. Consequently, SAP’s imple- m e n t a t i o n a p p r o a c h c a n serve as a roadmap for other companies evaluating when and how to bolster their risk management capabilities. S A P l a u n ch e d i t s i n i t i a l r i s k m a n a g e m e n t i n i t i a- tive in 2002 to ensure compliance with various regulatory mandates, as well as synthesize and analyze information re- lated to internal financial processes and controls. As a company with worldwide operations, including emerging markets, SAP found itself in a position familiar to many companies: without an automated approach, the company was spending too much time and resources to identify and manage risks. To accommodate its global growth plans, contain costs, and ensure accuracy and reliability of data, SAP determined that an automated so- lution that integrated risk management information and activities across busi- ness processes was required. There are several ways to implement a risk management solution. Many com- panies employ a ‘top-down’ approach, using st r ate g ic go als as touchstones across all business units. While enter- prise-wide risk management was its ult imate go al, SAP took a different path to risk management maturity. To gain immediate value and return, SAP first focused on key operational processes and a c t iv it ies to dr ive out costs and increase efficien- cies. A new internal system provided key process controls that enabled better mitigation of financial risks. Supported by the entire executive board and all senior SAP executives, global risk management stan- dards were implemented in all lines of business for the identified risks. After completing this ini- tial phase of the risk manage- ment effort, SAP expanded its approach to implement risk management across the entire enterprise, which allowed it to integrate and align risk management across financial, operational, and strate- gic risks. The broader scope was achieved in part by senior executives conducting detailed risk assessments across all the company’s lines of business. One result of the expansion was that risk informa- tion became accessible and manageable across all levels of the company. Begin- ning in 2006, SAP started to map risks consistently to strategic goals within its risk management system. By integrating strategic, operation- al, and financial risks in one solution, SAP achieved true enterprise-wide risk management, providing managers with a holistic view of risk data, and doing so more efficiently and effectively than previously achieved. Ultimately SAP’s risk management initiative produced what its leadership needed most: an aggregate, reliable risk management profile of the whole busi- ness that was easily communicated and aligned its risk appetite with the com- pany’s strategic objectives. It enables ex- ecutives at all levels of the company to make more risk-intelligent decisions. B y u s i n g a s e l f - d e ve l o p e d , a u t o- mated solution to manage risks, SAP has increased transparency across risk initiatives and improved efficiencies in managing risk. Automatic triggers and workflow tools help risk managers and business managers detect risks at the earliest stage, which can mitigate the im- pact of the risk. On a more transactional level, SAP can now efficiently document and manage all risks and interactions related to a specific activity or customer throughout the lifecycle, from pre-ac- count planning to product delivery and service. In summary, by expanding its risk management solution to an enter- prise-wide level, SAP is capturing multi- plicative benefits across the company. Given the positive results, SAP con- tinues to evolve its approach by identify- ing and managing new risks to support better decision making. To achieve this, risk managers and business managers collaborate closely to analyze the impli- cations of the risk management data, de- scribe new key risk indicators, link those indicators to strategic goals, and set ap- propriate risk levels. SAP sees its invest- ment in holistic risk management as an impor tant advantage in maintaining market leadership, even at a time when global risks are proliferating. ■ The author can be contacted at miriam. kraus@sap.com. c orporate accounta Bility agen Da Miriam Kraus is senior vice president of global governance, risk, and compliance (GRC) for SAP (www. sap.com). She leads SAP’s global GRC organization. Risk management: Roadmap to ‘maturity’ There are several ways to implement a risk management solution. Here is what SAP itself did. By MiriaM KrauS

Other related articles