Enterprise Risk Management using RM10 –Align to Your Goals and ActionsWilliam Newman, CMC, MBAManaging Principal, Newport ...
We are the ASUG Michigan Chapter. Withover 2,500 ASUG members and home to theAutomotive SIG and key working groups.We offe...
• Managing Principal, Newport Consulting Group• Member, SAP Sustainability Executive Advisory Council, BusinessInfluencer ...
Understanding the basis for Enterprise RiskManagement (ERM)Executive Challenges Aligning to Goals and ActionsSAP Risk Mana...
Understanding Enterprise Risk Management @william_newmanEnterprise Risk Management represents a company-wideapproach to ri...
Understanding Enterprise Risk Management @william_newman• Aligning Risk Appetite and Strategy• Enhancing Risk Response Dec...
Executive Challenges Aligning Goals to Actions @william_newmanChallenges remain as to motive, satisfaction and capabilities…
Executive Challenges Aligning Goals to Actions @william_newmanAdditional Sources: Discontinuity of risk management practic...
SAP Risk Management 10 ERM Platform @william_newman123ERM is not linked to fundamental value drivers of the businessShareh...
SAP Risk Management 10 ERM Platform @william_newmanSAP Business Suite and LOBProcesses (example: SupplyChain)KPIs, Metrics...
SAP Risk Management 10 ERM Platform @william_newmanSource: Increase Enterprise Risk Management Performance with SAP Busine...
SAP Risk Management 10 ERM Platform @william_newman3 4Source: Increase Enterprise Risk Management Performance with SAP Bus...
SAP Risk Management 10 ERM Platform @william_newmanSource: Increase Enterprise Risk Management Performance with SAP Busine...
SAP Risk Management 10 ERM Platform @william_newmanSource: Increase Enterprise Risk Management Performance with SAP Busine...
Considerations for Audit Practices @william_newmanBusiness audits are increasingly standard as a risk managementfunction a...
Considerations for Audit Practices @william_newmanRegardless of the business function or processes, most agreethe audit fo...
Considerations for Audit Practices @william_newmanSAP NetWeaver’s Audit Management allows full program lifecycle managemen...
2Considerations for Audit Practices @william_newmanSource: How SAP Solutions Can Make the Audit Process More Cost-effectiv...
• During the execution stage of anaudit, work papers often suggestcorrective or preventive actions inreal time.• SAP NetWe...
MEMBERSHIP memberservices@asug.comConsiderations for Supply Chain Risk Activities @william_newmanFunctional Risk Managemen...
Read my article onsupply chain visibilityin SCNMEMBERSHIP memberservices@asug.comConsiderations for Supply Chain Risk Acti...
MEMBERSHIP memberservices@asug.comConsiderations for Supply Chain Risk Activities @william_newmanSAP Supply Chain Performa...
MEMBERSHIP memberservices@asug.comConsiderations for Supply Chain Risk Activities @william_newmanSource: Manage Supply Cha...
Case Study – How One Organization Got Started @william_newman• Large Multinational Organization• Major SAP transformation ...
Case Study – How One Organization Got Started @william_newmanSystem TopologyThe concept of using therecords tracking insid...
Case Study – How One Organization Got Started @william_newmanSystem ContextFortunately the processfor conducting the audit...
Case Study – How One Organization Got Started @william_newmanPermissionsOnce roles and workflowwere defined a permissionsm...
Case Study – How One Organization Got Started @william_newmanOther aspects• SAP User Roles would determine ACpermissions f...
Links and References @william_newman• Newman, William. Understanding SAP BusinessObjects Enterprise Performance Management...
Key Take Away Points @william_newman1. There is a great need for Enterprise Risk Management (ERM) – and a lot ofconfusion ...
Discussion @william_newman
Contact @william_newmanWilliam Newman, CMC, MBAManaging Principal / OwnerNewport Consulting Group, LLC+1 (248) 978 – 2000w...
Upcoming SlideShare
Loading in …5
×

SAP Inside Track Toronto ASUG Ontario 2013 Enterprise Risk Management: Align Goals with Actions

2,178 views

Published on

Presentation to the 2013 SAP Inside Track and ASUG Ontario meetings June 19, 2013. Overview of five elements for enterprise risk management (ERM) using SAP RM10 as well as case study and best practices for audit management and supply chain risk management.

Published in: Business, Economy & Finance
1 Comment
1 Like
Statistics
Notes
No Downloads
Views
Total views
2,178
On SlideShare
0
From Embeds
0
Number of Embeds
891
Actions
Shares
0
Downloads
31
Comments
1
Likes
1
Embeds 0
No embeds

No notes for slide

SAP Inside Track Toronto ASUG Ontario 2013 Enterprise Risk Management: Align Goals with Actions

  1. 1. Enterprise Risk Management using RM10 –Align to Your Goals and ActionsWilliam Newman, CMC, MBAManaging Principal, Newport Consulting GroupCommunications Chair, ASUG Michigan Chapter
  2. 2. We are the ASUG Michigan Chapter. Withover 2,500 ASUG members and home to theAutomotive SIG and key working groups.We offer three meetings annually:• March - Joint Meeting with AutomotiveSIG (Detroit)• June – Joint Meeting with WestMichigan CWG (Grand Rapids)June 27, 2013 sponsored by GVSU• September / October – UA Partnermeeting (Mount Pleasant)October 3, 2013 sponsored by CMUJoin us, we are just a lake away!Great Lakes, Great Times.GREETINGS FROM MICHIGAN – Your Great Lakes Friends! Twitter: @asug_michigan
  3. 3. • Managing Principal, Newport Consulting Group• Member, SAP Sustainability Executive Advisory Council, BusinessInfluencer Program, Office of CFO Marketing• Certified Management Consultant (since 1995)• Adjunct faculty - Northwood University (International Management,Sustainability Management, member UA program), University of OregonSustainable Leadership Program (Sustainable Supply Chain)• Professional Speaker (ASUG, SAP Insider, TEDx, Sustainable BusinessForum, MACPA, SAI, Supply Chain Council, SAP Experts), Writer, SAPPress author “Understanding BusinessObjects Enterprise PerformanceManagement (EPM)”• SCN Blog it Forward post:http://scn.sap.com/community/about/blog/2012/10/24/blog-it-forward--william-newmanHello. Call me “Bill” please…Introductions @william_newman
  4. 4. Understanding the basis for Enterprise RiskManagement (ERM)Executive Challenges Aligning to Goals and ActionsSAP Risk Management 10 Platform for ERMConsiderations for Audit PracticesConsiderations for Supply Chain Risk ActivitiesA Case Review – How One Organization Got StartedLinks and ReferencesKey Take-away PointsSummary and DiscussionToday’s AgendaAgenda @william_newman
  5. 5. Understanding Enterprise Risk Management @william_newmanEnterprise Risk Management represents a company-wideapproach to risk management activities in a holistic,pragmatic, and managed approach across multiple companyoperations, functions, and activities.- As abstracted from the Global Accenture Risk ManagementReport, 2011
  6. 6. Understanding Enterprise Risk Management @william_newman• Aligning Risk Appetite and Strategy• Enhancing Risk Response Decisions• Reducing Operational Surprises and Losses• Identifying and Managing Multiple CrossEnterprise Risks• Seizing Opportunities• Improving Deployment of CapitalERM objectives typically include some or all of the following:Source: SAP, 2012 as modified by Newport Consulting GroupEnterprise risk management(ERM) in business includes themethods and processes used byorganizations to manage risks andseize opportunities related to theachievement of their objectives.
  7. 7. Executive Challenges Aligning Goals to Actions @william_newmanChallenges remain as to motive, satisfaction and capabilities…
  8. 8. Executive Challenges Aligning Goals to Actions @william_newmanAdditional Sources: Discontinuity of risk management practices, in terms of demand, satisfaction, and board level understanding (varioussources: The Economist Intelligence Unit Survey, Ascending the Maturity Curve (March, 2011); McKinsey Global Survey, Governance sincethe Economic Crisis (March, 2011); Report on the 2011 Accenture Global Risk Management Study, (February, 2011)… which suggests a certain “call to action” for executives.“Practical knowledge of risk management concepts andprinciples are needed in the corporate environment as neverbefore, and executives have created demand for thisknowledge. How this knowledge is crafted into ERM practices,standards, and guidelines inside of corporate policy is open forrevision.”Source: The Executive Dilemma: How to Increase Enterprise Risk Management Performance? GRC Expert, 2012.
  9. 9. SAP Risk Management 10 ERM Platform @william_newman123ERM is not linked to fundamental value drivers of the businessShareholder devaluation occurs based on measuringnonproductive driversERM is not focused significantly or deeply enough on the broad“value-killer, fat-tail” risksSAP recognizes there are 3 primary reasons for ERM failure:Source: The Executive Dilemma: How to Increase Enterprise Risk Management Performance? GRC Expert, 2012.
  10. 10. SAP Risk Management 10 ERM Platform @william_newmanSAP Business Suite and LOBProcesses (example: SupplyChain)KPIs, Metrics, Measures(BI Analytics, EPM solutions)Impacts to Measures(BI Analytics, GRC & othersolutions)Mitigation and Remediation Plans(GRC RM, PC, AC, ERP-PS)Source: Increase Enterprise Risk Management Performance with SAP Business Objects RM 10. SAP Experts, 2012.Overall AuditDocumentation
  11. 11. SAP Risk Management 10 ERM Platform @william_newmanSource: Increase Enterprise Risk Management Performance with SAP Business Objects RM 10. SAP Experts, 2012.1 2
  12. 12. SAP Risk Management 10 ERM Platform @william_newman3 4Source: Increase Enterprise Risk Management Performance with SAP Business Objects RM 10. SAP Experts, 2012.SAP Risk Management 10 allows for a“graphical view” to portray bow tie riskformats, including risk drivers, impacts.
  13. 13. SAP Risk Management 10 ERM Platform @william_newmanSource: Increase Enterprise Risk Management Performance with SAP Business Objects RM 10. SAP Experts, 2012.5 6The Bow Tie Builder graphical view allowsspecific risk driver and impact descriptionsmeaningful to specific organizations.
  14. 14. SAP Risk Management 10 ERM Platform @william_newmanSource: Increase Enterprise Risk Management Performance with SAP Business Objects RM 10. SAP Experts, 2012.Risk actions – such as mitigations – may beadded from the Bow Tie Builder.7You can identify specific areas of the risk,associated with organizations andprocesses. A common mitigation actionis an audit program, let’s see how RM10works to support audit programs andfunctional risk areas.
  15. 15. Considerations for Audit Practices @william_newmanBusiness audits are increasingly standard as a risk managementfunction across a number of different functions including:• Information Technology (SAS 70, SSAE 16)• Financial Management processes (SOX 404, Dodd-Frank)• Information Use (ITAR, security constraints)• Sustainability (LEED, SA 8000, Natural Step, GRI)• Assurance activities (AA 1000)• Quality Management processes (ISO 9000, CAPA, APQP)• Environmental Management processes (ISO 14000)• Product Compliance Regulations (ROHS, REACH, ELV)• Treasury Management and Currency Exchange (SWIFT)Audits are not just for IT system management anymore!
  16. 16. Considerations for Audit Practices @william_newmanRegardless of the business function or processes, most agreethe audit format contains several common stages and activities.Source: Adapted from IIA, University of Illinois materials, as modified by Newport Consulting Group.
  17. 17. Considerations for Audit Practices @william_newmanSAP NetWeaver’s Audit Management allows full program lifecycle management for internal audit activities, including:• Information Technology• Management Systems, and• Financial OperationsAs part of the SAP NetWeaver platform, SAP NetWeaver’s Audit Managementconnects seamlessly with specific SAP modules such as• SAP ERP Project System• SAP ERP HCM• SAP Risk ManagementNew updates for SAP GRC 10.0 release! Ships FREE with Business Suite!Source: How SAP Solutions Can Make the Audit Process More Cost-effective, GRC Expert (2011)
  18. 18. 2Considerations for Audit Practices @william_newmanSource: How SAP Solutions Can Make the Audit Process More Cost-effective, GRC Expert (2011)1In this example we can associate an AccountsPayable audit with both financial operationsand even treasury risks if involving foreigncurrencies and operating units.
  19. 19. • During the execution stage of anaudit, work papers often suggestcorrective or preventive actions inreal time.• SAP NetWeaver audit managementallows you to identify these workpapers and capture remediationactions on the fly so that these can beautomatically summarized in thefindings report.Considerations for Audit Practices @william_newman3Source: How SAP Solutions Can Make the Audit Process More Cost-effective, GRC Expert (2011)
  20. 20. MEMBERSHIP memberservices@asug.comConsiderations for Supply Chain Risk Activities @william_newmanFunctional Risk Management can look at many areas,including supply chain disruptions due to disasters, businesscontinuity, and sociopolitical risk…
  21. 21. Read my article onsupply chain visibilityin SCNMEMBERSHIP memberservices@asug.comConsiderations for Supply Chain Risk Activities @william_newman…which can then roll-up and into a broader ERM programenvironment, providing transparency and proactivemanagement.Source: Newman, William. Understanding SAP BusinessObjects Enterprise Performance Management, Galileo Press (2010).
  22. 22. MEMBERSHIP memberservices@asug.comConsiderations for Supply Chain Risk Activities @william_newmanSAP Supply Chain PerformanceManagement 2.0 allows for supply chainrisks to be mapped to RM10 as part of anoverall ERM program portfolio.These risks can also be associated withkey risk indicators (KRIs) and SCOR 11operating models key performanceindicators (KPIs) which can help tominimize financial and operationalrisk targets and increase performance.Source: Manage Supply Chain Risks Using Supply Chain Management 2.0, GRC Expert (2012)Listen to my SCOR11review on IXN Podcastin iTunes (IXN002)
  23. 23. MEMBERSHIP memberservices@asug.comConsiderations for Supply Chain Risk Activities @william_newmanSource: Manage Supply Chain Risks Using Supply Chain Management 2.0, GRC Expert (2012)In this example we can link a riskfrom RM10 into performancemeasurements and operationaldata found in SCPM 2.012
  24. 24. Case Study – How One Organization Got Started @william_newman• Large Multinational Organization• Major SAP transformation underway• Third party purchased existing PC-basedaudit software (burning platform)• Looked to leverage AIS function of ECC(near term) as well as RM10, PC10capabilities (downstream)Example audit risk management engagementBased on this, the organization’sinternal audit department lookedat how to leverage AccessControls, Process Controls, andNetWeaver Audit Managementwith Risk Management 10.
  25. 25. Case Study – How One Organization Got Started @william_newmanSystem TopologyThe concept of using therecords tracking inside AISof ECC 6.0, combined withthe documentmanagement features ofNW Audit Managementwas compelling.
  26. 26. Case Study – How One Organization Got Started @william_newmanSystem ContextFortunately the processfor conducting the auditwas reasonably consistentacross business auditdomains. Much of thesystem context was onworkflow, approvals.
  27. 27. Case Study – How One Organization Got Started @william_newmanPermissionsOnce roles and workflowwere defined a permissionsmatrix was determined basedon modified “CRUD-M” levelaccess to audit report andworking papersdocumentation.ILLUSTRATIVE
  28. 28. Case Study – How One Organization Got Started @william_newmanOther aspects• SAP User Roles would determine ACpermissions for NW Audit Managementbased on audit eventually stage gate position usingPC• Integrated message system between NWAudit Management and SAP Messaging,Microsoft Outlook• AIS would “feed” auditor working papersbased on ISACA T-codes and “scenariobasis”ILLUSTRATIVE
  29. 29. Links and References @william_newman• Newman, William. Understanding SAP BusinessObjects Enterprise Performance Management,Galileo Press (2010)• Newman, William. Reduce Risk in your Supply Chain with Supply Chain Performance Management, GRC Expert(March 12, 2010) login required• Newman, William. How SAP Solutions Can Make the Audit Process More Cost-effective, GRC Expert (October 4,2011) login required• Newman, William. Increase Enterprise Risk Management Performance with Risk Management 10.0, GRC Expert(April 18, 2012) login required• Newman, William. The Bow Tie Builder Tool, GRC Expert (May 1, 2012) login required• Newman, William. Supply Chain Management 2.0 Offers Better Integration, Analytics,searchSAP.com (March 21, 2012)• Stackpole, Beth. Deploying Supply Chain Management Software Hinges on Breadth, Depth, Integration,searchManufacturingERP.com (April 18, 2012)• Stackpole, Beth. Ripe with Opportunity, Global Supply Chain also Brings Substantial Risk,searchManufacturingERP.com (March 14, 2012)
  30. 30. Key Take Away Points @william_newman1. There is a great need for Enterprise Risk Management (ERM) – and a lot ofconfusion as to what this means. This creates significant opportunity for SAPand its partners.2. SAP Risk Management 10.0 offers a great platform to build, manage, andassess the effectiveness of an ERM program3. As part of mitigation activities, organizations are looking towards audits tobuild these actions into their ERM programs. SAP NetWeaver AuditManagement offers easy to use connections into RM10 and other GRC tools.4. Functional risk management allows deeper dives into specificprocesses, functions and operational activities in the organization.5. SAP Supply Chain Performance Management 2.0 – allows for quick integrationto RM10 risk activities while leveraging the Supply Chain Council SCOR modeland SCRP framework.
  31. 31. Discussion @william_newman
  32. 32. Contact @william_newmanWilliam Newman, CMC, MBAManaging Principal / OwnerNewport Consulting Group, LLC+1 (248) 978 – 2000wnewman@newportconsgroup.comwww.newportconsgroup.comVisit the ASUG Michigan Chapter!http://www.asug.com/chapters/4149Thank you.

×