"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
SAP Inside Track 2012 enterprise risk management newman v fx
1. August 10, 2012
SAP Americas HQ
SAP Inside Track
Newtown Square, PA
August 10, 2012
Enterprise Risk Management using RM10 –
Align to Your Goals and Actions
William Newman, MBA, CMC – Managing Principal, Newport Consulting Group
2. Speaker Introduction
William D. Newman, CMC, MBA
• Managing Principal, Newport Consulting Group
• Member, SAP Sustainability Executive Advisory Council
• Certified Management Consultant (since 1995)
• Over 25 years in industry, professional services
• Recognized SAP BusinessObjects Influencer
• Adjunct faculty, Northwood University (International
Management)
• Adjunct faculty, University of Oregon (Sustainability Leadership)
• Management Consulting Taskforce (Michigan Assn. of CPAs)
• Professional Speaker (American SAP User Group, SAP Insider,
TEDx, Sustainable Business Forum, Michigan Assn. of CPAs)
TEDx talk at http://www.youtube.com/watch?v=8BmLVpdWvFk
• Numerous articles on program oversight, stakeholder
engagement, strategy, sustainable supply chain, social media
Sessions today based • Twitter (@william_newman)
on papers found in
• Google+ (+William Newman)
• Email wnewman@newportconsgroup.com
Page - 2
3. Speaker Introduction
See our presentation on Wednesday, September 12:
Session 0413: Increase Stakeholder Adoption by Leveraging
Mobile Platform Applications
Page - 3
4. Discussion Points
• Understanding the basis for Enterprise Risk Management
• Executive Challenges Aligning to Goals and Actions
• SAP Risk Management 10 Platform for ERM
• Considerations for Audit Practices
• Considerations for functional risk management activities
• Links and References
• Key Take-away Points
• Summary and Discussion
Page - 4
5. Understanding ERM
Enterprise Risk Management represents a company-wide
approach to risk management activities in a holistic, pragmatic,
and managed approach across multiple company operations,
functions, and activities.
- As abstracted from the Global Accenture Risk
Management Report 2011 by Newport Consulting Group
Page - 5
6. Understanding ERM
ERM objectives typically include some or all of the following:
• Aligning Risk Appetite and Strategy Enterprise risk management
• Enhancing Risk Response Decisions (ERM) in business includes the
• Reducing Operational Surprises and methods and processes used
Losses
by organizations to manage
• Identifying and Managing Multiple
risks and seize opportunities
Cross Enterprise Risks
• Seizing Opportunities related to the achievement of
• Improving Deployment of Capital their objectives.
Source: SAP, 2012 as modified by Newport Consulting Group
Page - 6
7. Discussion Points
• Understanding the basis for Enterprise Risk Management
• Executive Challenges Aligning to Goals and Actions
• SAP Risk Management 10 Platform for ERM
• Considerations for Audit Practices
• Considerations for functional risk management activities
• Links and References
• Key Take-away Points
• Summary and Discussion
Page - 7
8. Executive Challenges
Challenges remain as to motive, satisfaction and capabilities…
Source: Discontinuity of risk management practices, in terms of demand, satisfaction, and board level understanding (various sources:
The Economist Intelligence Unit Survey, Ascending the Maturity Curve (March, 2011); McKinsey Global Survey, Governance since the
Economic Crisis (March, 2011); Report on the 2011 Accenture Global Risk Management Study, (February, 2011)
Page - 8
9. Executive Challenges
… which suggests a certain “call to action” for executives.
“Practical knowledge of risk management
concepts and principles are needed in the
corporate environment as never before,
and executives have created demand for this
knowledge. How this knowledge is crafted into
ERM practices, standards, and guidelines inside of
corporate policy is open for revision.”
Source: The Executive Dilemma: How to Increase Enterprise Risk Management Performance? GRC Expert, 2012.
Page - 9
10. Discussion Points
• Understanding the basis for Enterprise Risk Management
• Executive Challenges Aligning to Goals and Actions
• SAP Risk Management 10 Platform for ERM
• Considerations for Audit Practices
• Considerations for functional risk management activities
• Links and References
• Key Take-away Points
• Summary and Discussion
Page - 10
11. SAP ERM Platform
SAP recognizes there are 3 primary reasons for ERM failure:
1 ERM is not linked to fundamental value drivers of the
business
2 Shareholder devaluation occurs based on measuring
nonproductive drivers
3 ERM is not focused significantly or deeply enough on
the broad “value-killer, fat-tail” risks
Source: The Executive Dilemma: How to Increase Enterprise Risk Management Performance? GRC Expert, 2012.
Page - 11
14. SAP ERM Platform
SAP Risk Management 10 allows new
“graphical view” to portray bow tie risk
formats, including risk drivers, impacts.
Source: SAP, 2012.
Page - 14
15. SAP ERM Platform
The Bow Tie Builder graphical view allows
specific risk driver and impact descriptions
meaningful to specific organizations.
Source: SAP, 2012.
Page - 15
16. SAP ERM Platform
Risk actions – such as
mitigations – may be added
from the Bow Tie Builder.
Source: SAP, 2012.
Page - 16
17. SAP ERM Platform
You can identify specific
areas of the risk, associated
with organizations and
processes. A common
mitigation action is an audit
program, let’s see how
RM10 works to support
audit programs and
functional risk areas.
Source: SAP, 2012.
Page - 17
18. Discussion Points
• Understanding the basis for Enterprise Risk Management
• Executive Challenges Aligning to Goals and Actions
• SAP Risk Management 10 Platform for ERM
• Considerations for Audit Practices
• Considerations for functional risk management activities
• Links and References
• Key Take-away Points
• Summary and Discussion
Page - 18
19. Audit Practices
Business Audits are gaining popularity as a risk management
function across a number of different functions including:
• Information Technology (SAS 70, SSAE 16)
• Financial Management processes (SOX 404, Dodd-Frank)
• Information Use (ITAR, security constraints)
• Sustainability (LEED, SA 8000, Natural Step, GRI)
• Assurance activities (AA 1000)
• Quality Management processes (ISO 9000, CAPA, APQP)
• Environmental Management processes (ISO 14000)
• Product Compliance Regulations (ROHS, REACH, ELV)
• Treasury Management and Currency Exchange (SWIFT)
Audits are not just for IT system management anymore!
Page - 19
20. Audit Practices
Regardless of the business function or processes, most agree the
audit format contains several common stages and activities.
Planning Execution Findings Corrective
Actions
Prepare and
Pre-audit Initiate Audit Conduct Deliver Exit
Distribute Final
Assessment Activities Field Work Conference
Report
Develop Prepare
Working Papers Audit Findings
Source: Adapted from IIA, University of Illinois materials, as modified by Newport Consulting Group.
Page - 20
21. Audit Practices
SAP NetWeaver’s audit management allows full program life
cycle management for internal audit activities, including:
• Information Technology
• Management Systems, and
• Financial Operations
Note: SAP NetWeaver’s
As part of the SAP NetWeaver platform, SAP audit management ships
NetWeaver’s audit management connects with the SAP NetWeaver
seamlessly with specific SAP modules such as platform as part of the SAP
BusinessSuite 7.0 release
• SAP ERP Project System
• SAP ERP HCM
• SAP Risk Management
New enhancements are available as part of the SAP
BusinessObjects GRC 10.0 release!
Source: How SAP Solutions Can Make the Audit Process More Cost-effective, GRC Expert (2011)
Page - 21
22. Audit Practices
In this example we can associate an
Accounts Payable audit with both
financial operations and even
treasury risks if involving foreign
currencies and operating units.
Source: How SAP Solutions Can Make the Audit Process More Cost-effective, GRC Expert (2011)
Page - 22
23. Audit Practices
• During the execution stage of an audit,
work papers often suggest corrective
or preventive actions in real time.
• SAP NetWeaver audit management
allows you to identify these work
papers and capture remediation
actions on the fly so that these can be
automatically summarized in the
findings report.
BusinessObjects Access Control and SAP BusinessObjects Process Control can be used to
allow the audit team to have access to in-process documents and records without making
this information available to the other members of an organization, until such time as it is
formally published.
Source: How SAP Solutions Can Make the Audit Process More Cost-effective, GRC Expert (2011)
Page - 23
24. Discussion Points
• Understanding the basis for Enterprise Risk Management
• Executive Challenges Aligning to Goals and Actions
• SAP Risk Management 10 Platform for ERM
• Considerations for Audit Practices
• Considerations for functional risk management activities
• Links and References
• Key Take-away Points
• Summary and Discussion
Page - 24
25. Functional Risk Management
Functional Risk Management can look at many areas, including
supply chain disruptions due to disasters, business continuity, and
sociopolitical risk…
Source: Newman, William. Understanding SAP BusinessObjects Enterprise Performance Management, Galileo Press (2010).
Page - 25
26. Functional Risk Management
… which can then roll-up and into a broader ERM program
environment, providing transparency and proactive management.
SAP BusinessObjects Supply Chain Performance Management 2.0, which is
now in ramp-up, allows for supply chain risks to be mapped to RM10 as
part of an overall ERM program portfolio. These risks can also be associated
with key risk indicators (KRIs) which can impact financial and operational
performance targets.
Source: Newman, William. Understanding SAP BusinessObjects Enterprise Performance Management, Galileo Press (2010).
Page - 26
27. Functional Risk Management
The Supply Chain Council Supply Chain Risk Perspective
SCOR model includes a Supply Chain Council SCOR Model
supply chain risk perspective
(SCRP) which pre-defines risk
categories which are
common to an Enterprise
Risk Management program.
The SCOR model and the
SCRP framework is
structured already inside
SCPM 2.0. SAP has earned
several awards from the
Supply Chain Council for this
solution approach.
Source: Managing Risk in the Organization Using the SCOR Methodology, Supply Chain Council (2008)
Page - 27
28. Functional Risk Management
In this example we can
link a risk from RM10 into
performance
measurements and
operational data found in
SCPM 2.0
Source: Manage Supply Chain Risks Using Supply Chain Management 2.0, GRC Expert (2012)
Page - 28
29. Discussion Points
• Understanding the basis for Enterprise Risk Management
• Executive Challenges Aligning to Goals and Actions
• SAP Risk Management 10 Platform for ERM
• Considerations for Audit Practices
• Considerations for functional risk management activities
• Links and References
• Key Take-away Points
• Summary and Discussion
Page - 29
30. Links and References
• Newman, William. Understanding SAP BusinessObjects Enterprise Performance
Management,
Galileo Press (2010)
• Newman, William. Reduce Risk in your Supply Chain with Supply Chain Performance
Management, GRC Expert (March 12, 2010) login required
• Newman, William. How SAP Solutions Can Make the Audit Process More Cost-effective,
GRC Expert (October 4, 2011) login required
• Newman, William. Increase Enterprise Risk Management Performance with Risk
Management 10.0, GRC Expert (April 18, 2012) login required
• Newman, William. The Bow Tie Builder Tool, GRC Expert (May 1, 2012) login required
• Newman, William. Supply Chain Management 2.0 Offers Better Integration, Analytics,
searchSAP.com (March 21, 2012)
• Stackpole, Beth. Deploying Supply Chain Management Software Hinges on Breadth,
Depth, Integration,
searchManufacturingERP.com (April 18, 2012)
• Stackpole, Beth. Ripe with Opportunity, Global Supply Chain also Brings Substantial Risk,
searchManufacturingERP.com (March 14, 2012)
Page - 30
31. Discussion Points
• Understanding the basis for Enterprise Risk Management
• Executive Challenges Aligning to Goals and Actions
• SAP Risk Management 10 Platform for ERM
• Considerations for Audit Practices
• Considerations for functional risk management activities
• Links and References
• Key Take-away Points
• Summary and Discussion
Page - 31
32. Key Take-away Points
1. There is a great need for Enterprise Risk Management (ERM) – and a lot of
confusion as to what this means. This creates significant opportunity for
SAP and its partners.
2. SAP Risk Management 10.0 offers a great platform to build, manage, and
assess the effectiveness of an ERM program
3. As part of mitigation activities, organizations are looking towards audits to
build these actions into their ERM programs. SAP NetWeaver Audit
Management offers easy to use connections into RM10 and other GRC tools.
4. Functional risk management allows deeper dives into specific
processes, functions and operational activities in the organization.
5. SAP Supply Chain Performance Management 2.0 – now in ramp up –
allows for quick integration to RM10 risk activities while leveraging
the Supply Chain Council SCOR model and SCRP framework.
Page - 32
33. Discussion Points
• Understanding the basis for Enterprise Risk Management
• Executive Challenges Aligning to Goals and Actions
• SAP Risk Management 10 Platform for ERM
• Considerations for Audit Practices
• Considerations for functional risk management activities
• Links and References
• Key Take-away Points
• Summary and Discussion
Page - 33
35. Thank you for participating.
Please feel free provide feedback
on this session via chat, email,
twitter or on SCN.
Visit us and learn more at
www.newportconsgroup.com