SlideShare a Scribd company logo

SAP Inside Track Toronto ASUG Ontario 2013 Enterprise Risk Management: Align Goals with Actions

William Newman
William Newman

Presentation to the 2013 SAP Inside Track and ASUG Ontario meetings June 19, 2013. Overview of five elements for enterprise risk management (ERM) using SAP RM10 as well as case study and best practices for audit management and supply chain risk management.

BusinessEconomy & Finance
1 of 32
Download to read offline
Enterprise Risk Management using RM10 – Align to Your Goals and Actions William Newman, CMC, MBA Managing Principal, Newport Consulting Group Communications Chair, ASUG Michigan Chapter
We are the ASUG Michigan Chapter. With over 2,500 ASUG members and home to the Automotive SIG and key working groups. We offer three meetings annually: • March - Joint Meeting with Automotive SIG (Detroit) • June – Joint Meeting with West Michigan CWG (Grand Rapids) June 27, 2013 sponsored by GVSU • September / October – UA Partner meeting (Mount Pleasant) October 3, 2013 sponsored by CMU Join us, we are just a lake away! Great Lakes, Great Times. GREETINGS FROM MICHIGAN – Your Great Lakes Friends! Twitter: @asug_michigan
• Managing Principal, Newport Consulting Group • Member, SAP Sustainability Executive Advisory Council, Business Influencer Program, Office of CFO Marketing • Certified Management Consultant (since 1995) • Adjunct faculty - Northwood University (International Management, Sustainability Management, member UA program), University of Oregon Sustainable Leadership Program (Sustainable Supply Chain) • Professional Speaker (ASUG, SAP Insider, TEDx, Sustainable Business Forum, MACPA, SAI, Supply Chain Council, SAP Experts), Writer, SAP Press author “Understanding BusinessObjects Enterprise Performance Management (EPM)” • SCN Blog it Forward post: http://scn.sap.com/community/about/blog/2012/10/24/blog-it- forward--william-newman Hello. Call me “Bill” please… Introductions @william_newman
Understanding the basis for Enterprise Risk Management (ERM) Executive Challenges Aligning to Goals and Actions SAP Risk Management 10 Platform for ERM Considerations for Audit Practices Considerations for Supply Chain Risk Activities A Case Review – How One Organization Got Started Links and References Key Take-away Points Summary and Discussion Today’s Agenda Agenda @william_newman
Understanding Enterprise Risk Management @william_newman Enterprise Risk Management represents a company-wide approach to risk management activities in a holistic, pragmatic, and managed approach across multiple company operations, functions, and activities. - As abstracted from the Global Accenture Risk Management Report, 2011
Understanding Enterprise Risk Management @william_newman • Aligning Risk Appetite and Strategy • Enhancing Risk Response Decisions • Reducing Operational Surprises and Losses • Identifying and Managing Multiple Cross Enterprise Risks • Seizing Opportunities • Improving Deployment of Capital ERM objectives typically include some or all of the following: Source: SAP, 2012 as modified by Newport Consulting Group Enterprise risk management (ERM) in business includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives.
Executive Challenges Aligning Goals to Actions @william_newman Challenges remain as to motive, satisfaction and capabilities…
Executive Challenges Aligning Goals to Actions @william_newman Additional Sources: Discontinuity of risk management practices, in terms of demand, satisfaction, and board level understanding (various sources: The Economist Intelligence Unit Survey, Ascending the Maturity Curve (March, 2011); McKinsey Global Survey, Governance since the Economic Crisis (March, 2011); Report on the 2011 Accenture Global Risk Management Study, (February, 2011) … which suggests a certain “call to action” for executives. “Practical knowledge of risk management concepts and principles are needed in the corporate environment as never before, and executives have created demand for this knowledge. How this knowledge is crafted into ERM practices, standards, and guidelines inside of corporate policy is open for revision.” Source: The Executive Dilemma: How to Increase Enterprise Risk Management Performance? GRC Expert, 2012.
SAP Risk Management 10 ERM Platform @william_newman 1 2 3 ERM is not linked to fundamental value drivers of the business Shareholder devaluation occurs based on measuring nonproductive drivers ERM is not focused significantly or deeply enough on the broad “value-killer, fat-tail” risks SAP recognizes there are 3 primary reasons for ERM failure: Source: The Executive Dilemma: How to Increase Enterprise Risk Management Performance? GRC Expert, 2012.
SAP Risk Management 10 ERM Platform @william_newman SAP Business Suite and LOB Processes (example: Supply Chain) KPIs, Metrics, Measures (BI Analytics, EPM solutions) Impacts to Measures (BI Analytics, GRC & other solutions) Mitigation and Remediation Plans (GRC RM, PC, AC, ERP-PS) Source: Increase Enterprise Risk Management Performance with SAP Business Objects RM 10. SAP Experts, 2012. Overall Audit Documentation
SAP Risk Management 10 ERM Platform @william_newman Source: Increase Enterprise Risk Management Performance with SAP Business Objects RM 10. SAP Experts, 2012. 1 2
SAP Risk Management 10 ERM Platform @william_newman 3 4 Source: Increase Enterprise Risk Management Performance with SAP Business Objects RM 10. SAP Experts, 2012. SAP Risk Management 10 allows for a “graphical view” to portray bow tie risk formats, including risk drivers, impacts.
SAP Risk Management 10 ERM Platform @william_newman Source: Increase Enterprise Risk Management Performance with SAP Business Objects RM 10. SAP Experts, 2012. 5 6 The Bow Tie Builder graphical view allows specific risk driver and impact descriptions meaningful to specific organizations.
SAP Risk Management 10 ERM Platform @william_newman Source: Increase Enterprise Risk Management Performance with SAP Business Objects RM 10. SAP Experts, 2012. Risk actions – such as mitigations – may be added from the Bow Tie Builder. 7 You can identify specific areas of the risk, associated with organizations and processes. A common mitigation action is an audit program, let’s see how RM10 works to support audit programs and functional risk areas.
Considerations for Audit Practices @william_newman Business audits are increasingly standard as a risk management function across a number of different functions including: • Information Technology (SAS 70, SSAE 16) • Financial Management processes (SOX 404, Dodd-Frank) • Information Use (ITAR, security constraints) • Sustainability (LEED, SA 8000, Natural Step, GRI) • Assurance activities (AA 1000) • Quality Management processes (ISO 9000, CAPA, APQP) • Environmental Management processes (ISO 14000) • Product Compliance Regulations (ROHS, REACH, ELV) • Treasury Management and Currency Exchange (SWIFT) Audits are not just for IT system management anymore!
Considerations for Audit Practices @william_newman Regardless of the business function or processes, most agree the audit format contains several common stages and activities. Source: Adapted from IIA, University of Illinois materials, as modified by Newport Consulting Group.
Considerations for Audit Practices @william_newman SAP NetWeaver’s Audit Management allows full program life cycle management for internal audit activities, including: • Information Technology • Management Systems, and • Financial Operations As part of the SAP NetWeaver platform, SAP NetWeaver’s Audit Management connects seamlessly with specific SAP modules such as • SAP ERP Project System • SAP ERP HCM • SAP Risk Management New updates for SAP GRC 10.0 release! Ships FREE with Business Suite! Source: How SAP Solutions Can Make the Audit Process More Cost-effective, GRC Expert (2011)
2 Considerations for Audit Practices @william_newman Source: How SAP Solutions Can Make the Audit Process More Cost-effective, GRC Expert (2011) 1 In this example we can associate an Accounts Payable audit with both financial operations and even treasury risks if involving foreign currencies and operating units.
• During the execution stage of an audit, work papers often suggest corrective or preventive actions in real time. • SAP NetWeaver audit management allows you to identify these work papers and capture remediation actions on the fly so that these can be automatically summarized in the findings report. Considerations for Audit Practices @william_newman 3 Source: How SAP Solutions Can Make the Audit Process More Cost-effective, GRC Expert (2011)
MEMBERSHIP memberservices@asug.comConsiderations for Supply Chain Risk Activities @william_newman Functional Risk Management can look at many areas, including supply chain disruptions due to disasters, business continuity, and sociopolitical risk…
Read my article on supply chain visibility in SCN MEMBERSHIP memberservices@asug.comConsiderations for Supply Chain Risk Activities @william_newman …which can then roll-up and into a broader ERM program environment, providing transparency and proactive management. Source: Newman, William. Understanding SAP BusinessObjects Enterprise Performance Management, Galileo Press (2010).
MEMBERSHIP memberservices@asug.comConsiderations for Supply Chain Risk Activities @william_newman SAP Supply Chain Performance Management 2.0 allows for supply chain risks to be mapped to RM10 as part of an overall ERM program portfolio. These risks can also be associated with key risk indicators (KRIs) and SCOR 11 operating models key performance indicators (KPIs) which can help to minimize financial and operational risk targets and increase performance. Source: Manage Supply Chain Risks Using Supply Chain Management 2.0, GRC Expert (2012) Listen to my SCOR11 review on IXN Podcast in iTunes (IXN002)
MEMBERSHIP memberservices@asug.comConsiderations for Supply Chain Risk Activities @william_newman Source: Manage Supply Chain Risks Using Supply Chain Management 2.0, GRC Expert (2012) In this example we can link a risk from RM10 into performance measurements and operational data found in SCPM 2.0 1 2
Case Study – How One Organization Got Started @william_newman • Large Multinational Organization • Major SAP transformation underway • Third party purchased existing PC-based audit software (burning platform) • Looked to leverage AIS function of ECC (near term) as well as RM10, PC10 capabilities (downstream) Example audit risk management engagement Based on this, the organization’s internal audit department looked at how to leverage Access Controls, Process Controls, and NetWeaver Audit Management with Risk Management 10.
Case Study – How One Organization Got Started @william_newman System Topology The concept of using the records tracking inside AIS of ECC 6.0, combined with the document management features of NW Audit Management was compelling.
Case Study – How One Organization Got Started @william_newman System Context Fortunately the process for conducting the audit was reasonably consistent across business audit domains. Much of the system context was on workflow, approvals.
Case Study – How One Organization Got Started @william_newman Permissions Once roles and workflow were defined a permissions matrix was determined based on modified “CRUD-M” level access to audit report and working papers documentation. ILLUSTRATIVE
Case Study – How One Organization Got Started @william_newman Other aspects • SAP User Roles would determine AC permissions for NW Audit Management based on audit  eventually stage gate position using PC • Integrated message system between NW Audit Management and SAP Messaging, Microsoft Outlook • AIS would “feed” auditor working papers based on ISACA T-codes and “scenario basis” ILLUSTRATIVE
Links and References @william_newman • Newman, William. Understanding SAP BusinessObjects Enterprise Performance Management, Galileo Press (2010) • Newman, William. Reduce Risk in your Supply Chain with Supply Chain Performance Management, GRC Expert (March 12, 2010) login required • Newman, William. How SAP Solutions Can Make the Audit Process More Cost-effective, GRC Expert (October 4, 2011) login required • Newman, William. Increase Enterprise Risk Management Performance with Risk Management 10.0, GRC Expert (April 18, 2012) login required • Newman, William. The Bow Tie Builder Tool, GRC Expert (May 1, 2012) login required • Newman, William. Supply Chain Management 2.0 Offers Better Integration, Analytics, searchSAP.com (March 21, 2012) • Stackpole, Beth. Deploying Supply Chain Management Software Hinges on Breadth, Depth, Integration, searchManufacturingERP.com (April 18, 2012) • Stackpole, Beth. Ripe with Opportunity, Global Supply Chain also Brings Substantial Risk, searchManufacturingERP.com (March 14, 2012)
Key Take Away Points @william_newman 1. There is a great need for Enterprise Risk Management (ERM) – and a lot of confusion as to what this means. This creates significant opportunity for SAP and its partners. 2. SAP Risk Management 10.0 offers a great platform to build, manage, and assess the effectiveness of an ERM program 3. As part of mitigation activities, organizations are looking towards audits to build these actions into their ERM programs. SAP NetWeaver Audit Management offers easy to use connections into RM10 and other GRC tools. 4. Functional risk management allows deeper dives into specific processes, functions and operational activities in the organization. 5. SAP Supply Chain Performance Management 2.0 – allows for quick integration to RM10 risk activities while leveraging the Supply Chain Council SCOR model and SCRP framework.
Discussion @william_newman
Contact @william_newman William Newman, CMC, MBA Managing Principal / Owner Newport Consulting Group, LLC +1 (248) 978 – 2000 wnewman@newportconsgroup.com www.newportconsgroup.com Visit the ASUG Michigan Chapter! http://www.asug.com/chapters/4149 Thank you.

Recommended

Hello ERM - It's Time to Go
Hello ERM - It's Time to GoHello ERM - It's Time to Go
Hello ERM - It's Time to Go
Resolver Inc.
 
EHSM PUBLIC SECTOR CASE MANAGEMENT SOLUTION
EHSM PUBLIC SECTOR CASE MANAGEMENT SOLUTIONEHSM PUBLIC SECTOR CASE MANAGEMENT SOLUTION
EHSM PUBLIC SECTOR CASE MANAGEMENT SOLUTION
Lennart Winqvist
 
Key risk indicators shareslide
Key risk indicators shareslideKey risk indicators shareslide
Key risk indicators shareslide
Zakaria Salah, Ph.D,MBA
 
The Risk Paradox: Showcasing the Success of Security
The Risk Paradox: Showcasing the Success of SecurityThe Risk Paradox: Showcasing the Success of Security
The Risk Paradox: Showcasing the Success of Security
Resolver Inc.
 
App Showcase: Retail Loss Prevention
App Showcase: Retail Loss PreventionApp Showcase: Retail Loss Prevention
App Showcase: Retail Loss Prevention
Resolver Inc.
 
DiSerafino - ORSA_insurance_conference
DiSerafino - ORSA_insurance_conferenceDiSerafino - ORSA_insurance_conference
DiSerafino - ORSA_insurance_conference
Lou DiSerafino
 
Aligning Risk Management with ITIL
Aligning Risk Management with ITILAligning Risk Management with ITIL
Aligning Risk Management with ITIL
Austin Songer
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
Resolver Inc.
 

Recommended

Hello ERM - It's Time to Go
Hello ERM - It's Time to GoHello ERM - It's Time to Go
Hello ERM - It's Time to Go
Resolver Inc.
 
EHSM PUBLIC SECTOR CASE MANAGEMENT SOLUTION
EHSM PUBLIC SECTOR CASE MANAGEMENT SOLUTIONEHSM PUBLIC SECTOR CASE MANAGEMENT SOLUTION
EHSM PUBLIC SECTOR CASE MANAGEMENT SOLUTION
Lennart Winqvist
 
Key risk indicators shareslide
Key risk indicators shareslideKey risk indicators shareslide
Key risk indicators shareslide
Zakaria Salah, Ph.D,MBA
 
The Risk Paradox: Showcasing the Success of Security
The Risk Paradox: Showcasing the Success of SecurityThe Risk Paradox: Showcasing the Success of Security
The Risk Paradox: Showcasing the Success of Security
Resolver Inc.
 
App Showcase: Retail Loss Prevention
App Showcase: Retail Loss PreventionApp Showcase: Retail Loss Prevention
App Showcase: Retail Loss Prevention
Resolver Inc.
 
DiSerafino - ORSA_insurance_conference
DiSerafino - ORSA_insurance_conferenceDiSerafino - ORSA_insurance_conference
DiSerafino - ORSA_insurance_conference
Lou DiSerafino
 
Aligning Risk Management with ITIL
Aligning Risk Management with ITILAligning Risk Management with ITIL
Aligning Risk Management with ITIL
Austin Songer
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
Resolver Inc.
 
SAP Inside Track 2012 enterprise risk management newman v fx
SAP Inside Track 2012 enterprise risk management newman v fxSAP Inside Track 2012 enterprise risk management newman v fx
SAP Inside Track 2012 enterprise risk management newman v fx
William Newman
 
Resume ia
Resume iaResume ia
Resume ia
Iftikhar Ahmed, PMP
 
The Path Forward: Getting started with Analytics Quotient
The Path Forward: Getting started with Analytics QuotientThe Path Forward: Getting started with Analytics Quotient
The Path Forward: Getting started with Analytics Quotient
Julie Severance
 
How to optimize IT for future business needs
How to optimize IT for future business needsHow to optimize IT for future business needs
How to optimize IT for future business needs
Axios Systems
 
David.Burna.resume.2023.08.03.doc
David.Burna.resume.2023.08.03.docDavid.Burna.resume.2023.08.03.doc
David.Burna.resume.2023.08.03.doc
DavidBurna
 
David.Burna.resume.2023.06.27.doc
David.Burna.resume.2023.06.27.docDavid.Burna.resume.2023.06.27.doc
David.Burna.resume.2023.06.27.doc
DavidBurna
 
ITIL foundations - Complete introduction to ITIL phases, lifecycle and processes
ITIL foundations - Complete introduction to ITIL phases, lifecycle and processesITIL foundations - Complete introduction to ITIL phases, lifecycle and processes
ITIL foundations - Complete introduction to ITIL phases, lifecycle and processes
Richard Grieman
 
Understanding the StratexPoint Framework
Understanding the StratexPoint FrameworkUnderstanding the StratexPoint Framework
Understanding the StratexPoint Framework
Ascendore Limited
 
Gain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls MonitoringGain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls Monitoring
Emma Kelly
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
EnterpriseGRC Solutions, Inc.
 
Kumar swaminathan resume -pmp-csm-itil
Kumar swaminathan resume -pmp-csm-itilKumar swaminathan resume -pmp-csm-itil
Kumar swaminathan resume -pmp-csm-itil
Kumar Swaminathan PMP,CSM
 
Kumar swaminathan resume -pmp-csm-itil
Kumar swaminathan resume -pmp-csm-itilKumar swaminathan resume -pmp-csm-itil
Kumar swaminathan resume -pmp-csm-itil
Kumar Swaminathan PMP,CSM
 
Mann-India_SAP_Service-Offering_GRC
Mann-India_SAP_Service-Offering_GRCMann-India_SAP_Service-Offering_GRC
Mann-India_SAP_Service-Offering_GRC
Mann-India
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAP
PECB
 
WorldAtWorkConfernce_USBank_OS FINAL (no notes)
WorldAtWorkConfernce_USBank_OS FINAL (no notes)WorldAtWorkConfernce_USBank_OS FINAL (no notes)
WorldAtWorkConfernce_USBank_OS FINAL (no notes)
Laura Roach
 
Business Intelligence System and instrumental level multi dimensional database
Business Intelligence System and instrumental level multi dimensional database Business Intelligence System and instrumental level multi dimensional database
Business Intelligence System and instrumental level multi dimensional database
Rolta
 
HOW TO OVERCOME TECHNICAL LIMITATIONS TO SCALE UP AUTOMATION
HOW TO OVERCOME TECHNICAL LIMITATIONS TO SCALE UP AUTOMATION HOW TO OVERCOME TECHNICAL LIMITATIONS TO SCALE UP AUTOMATION
HOW TO OVERCOME TECHNICAL LIMITATIONS TO SCALE UP AUTOMATION
Mohit Sharma (GAICD)
 
Saikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedSaikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updated
konchada
 
Saikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedSaikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updated
konchada
 
Presentation_20110802213554
Presentation_20110802213554Presentation_20110802213554
Presentation_20110802213554
P Karlin Panggalo.SE.MM.Ak.CA.CFA.CCM
 
Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
Kirill Klimov
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
agatadrynko
 

More Related Content

Similar to SAP Inside Track Toronto ASUG Ontario 2013 Enterprise Risk Management: Align Goals with Actions

SAP Inside Track 2012 enterprise risk management newman v fx
SAP Inside Track 2012 enterprise risk management newman v fxSAP Inside Track 2012 enterprise risk management newman v fx
SAP Inside Track 2012 enterprise risk management newman v fx
William Newman
 
Resume ia
Resume iaResume ia
Resume ia
Iftikhar Ahmed, PMP
 
The Path Forward: Getting started with Analytics Quotient
The Path Forward: Getting started with Analytics QuotientThe Path Forward: Getting started with Analytics Quotient
The Path Forward: Getting started with Analytics Quotient
Julie Severance
 
How to optimize IT for future business needs
How to optimize IT for future business needsHow to optimize IT for future business needs
How to optimize IT for future business needs
Axios Systems
 
David.Burna.resume.2023.08.03.doc
David.Burna.resume.2023.08.03.docDavid.Burna.resume.2023.08.03.doc
David.Burna.resume.2023.08.03.doc
DavidBurna
 
David.Burna.resume.2023.06.27.doc
David.Burna.resume.2023.06.27.docDavid.Burna.resume.2023.06.27.doc
David.Burna.resume.2023.06.27.doc
DavidBurna
 
ITIL foundations - Complete introduction to ITIL phases, lifecycle and processes
ITIL foundations - Complete introduction to ITIL phases, lifecycle and processesITIL foundations - Complete introduction to ITIL phases, lifecycle and processes
ITIL foundations - Complete introduction to ITIL phases, lifecycle and processes
Richard Grieman
 
Understanding the StratexPoint Framework
Understanding the StratexPoint FrameworkUnderstanding the StratexPoint Framework
Understanding the StratexPoint Framework
Ascendore Limited
 
Gain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls MonitoringGain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls Monitoring
Emma Kelly
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
EnterpriseGRC Solutions, Inc.
 
Kumar swaminathan resume -pmp-csm-itil
Kumar swaminathan resume -pmp-csm-itilKumar swaminathan resume -pmp-csm-itil
Kumar swaminathan resume -pmp-csm-itil
Kumar Swaminathan PMP,CSM
 
Kumar swaminathan resume -pmp-csm-itil
Kumar swaminathan resume -pmp-csm-itilKumar swaminathan resume -pmp-csm-itil
Kumar swaminathan resume -pmp-csm-itil
Kumar Swaminathan PMP,CSM
 
Mann-India_SAP_Service-Offering_GRC
Mann-India_SAP_Service-Offering_GRCMann-India_SAP_Service-Offering_GRC
Mann-India_SAP_Service-Offering_GRC
Mann-India
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAP
PECB
 
WorldAtWorkConfernce_USBank_OS FINAL (no notes)
WorldAtWorkConfernce_USBank_OS FINAL (no notes)WorldAtWorkConfernce_USBank_OS FINAL (no notes)
WorldAtWorkConfernce_USBank_OS FINAL (no notes)
Laura Roach
 
Business Intelligence System and instrumental level multi dimensional database
Business Intelligence System and instrumental level multi dimensional database Business Intelligence System and instrumental level multi dimensional database
Business Intelligence System and instrumental level multi dimensional database
Rolta
 
HOW TO OVERCOME TECHNICAL LIMITATIONS TO SCALE UP AUTOMATION
HOW TO OVERCOME TECHNICAL LIMITATIONS TO SCALE UP AUTOMATION HOW TO OVERCOME TECHNICAL LIMITATIONS TO SCALE UP AUTOMATION
HOW TO OVERCOME TECHNICAL LIMITATIONS TO SCALE UP AUTOMATION
Mohit Sharma (GAICD)
 
Saikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedSaikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updated
konchada
 
Saikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedSaikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updated
konchada
 
Presentation_20110802213554
Presentation_20110802213554Presentation_20110802213554
Presentation_20110802213554
P Karlin Panggalo.SE.MM.Ak.CA.CFA.CCM
 

Similar to SAP Inside Track Toronto ASUG Ontario 2013 Enterprise Risk Management: Align Goals with Actions (20)

SAP Inside Track 2012 enterprise risk management newman v fx
SAP Inside Track 2012 enterprise risk management newman v fxSAP Inside Track 2012 enterprise risk management newman v fx
SAP Inside Track 2012 enterprise risk management newman v fx
 
Resume ia
Resume iaResume ia
Resume ia
 
The Path Forward: Getting started with Analytics Quotient
The Path Forward: Getting started with Analytics QuotientThe Path Forward: Getting started with Analytics Quotient
The Path Forward: Getting started with Analytics Quotient
 
How to optimize IT for future business needs
How to optimize IT for future business needsHow to optimize IT for future business needs
How to optimize IT for future business needs
 
David.Burna.resume.2023.08.03.doc
David.Burna.resume.2023.08.03.docDavid.Burna.resume.2023.08.03.doc
David.Burna.resume.2023.08.03.doc
 
David.Burna.resume.2023.06.27.doc
David.Burna.resume.2023.06.27.docDavid.Burna.resume.2023.06.27.doc
David.Burna.resume.2023.06.27.doc
 
ITIL foundations - Complete introduction to ITIL phases, lifecycle and processes
ITIL foundations - Complete introduction to ITIL phases, lifecycle and processesITIL foundations - Complete introduction to ITIL phases, lifecycle and processes
ITIL foundations - Complete introduction to ITIL phases, lifecycle and processes
 
Understanding the StratexPoint Framework
Understanding the StratexPoint FrameworkUnderstanding the StratexPoint Framework
Understanding the StratexPoint Framework
 
Gain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls MonitoringGain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls Monitoring
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
 
Kumar swaminathan resume -pmp-csm-itil
Kumar swaminathan resume -pmp-csm-itilKumar swaminathan resume -pmp-csm-itil
Kumar swaminathan resume -pmp-csm-itil
 
Kumar swaminathan resume -pmp-csm-itil
Kumar swaminathan resume -pmp-csm-itilKumar swaminathan resume -pmp-csm-itil
Kumar swaminathan resume -pmp-csm-itil
 
Mann-India_SAP_Service-Offering_GRC
Mann-India_SAP_Service-Offering_GRCMann-India_SAP_Service-Offering_GRC
Mann-India_SAP_Service-Offering_GRC
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAP
 
WorldAtWorkConfernce_USBank_OS FINAL (no notes)
WorldAtWorkConfernce_USBank_OS FINAL (no notes)WorldAtWorkConfernce_USBank_OS FINAL (no notes)
WorldAtWorkConfernce_USBank_OS FINAL (no notes)
 
Business Intelligence System and instrumental level multi dimensional database
Business Intelligence System and instrumental level multi dimensional database Business Intelligence System and instrumental level multi dimensional database
Business Intelligence System and instrumental level multi dimensional database
 
HOW TO OVERCOME TECHNICAL LIMITATIONS TO SCALE UP AUTOMATION
HOW TO OVERCOME TECHNICAL LIMITATIONS TO SCALE UP AUTOMATION HOW TO OVERCOME TECHNICAL LIMITATIONS TO SCALE UP AUTOMATION
HOW TO OVERCOME TECHNICAL LIMITATIONS TO SCALE UP AUTOMATION
 
Saikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedSaikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updated
 
Saikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedSaikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updated
 
Presentation_20110802213554
Presentation_20110802213554Presentation_20110802213554
Presentation_20110802213554
 

Recently uploaded

Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
Kirill Klimov
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
agatadrynko
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
FelixPerez547899
 
Top mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptxTop mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptx
JeremyPeirce1
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
techboxsqauremedia
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Avirahi City Dholera
 
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Lviv Startup Club
 
Chapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .pptChapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .ppt
ssuser567e2d
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
SOFTTECHHUB
 
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
hartfordclub1
 
Training my puppy and implementation in this story
Training my puppy and implementation in this storyTraining my puppy and implementation in this story
Training my puppy and implementation in this story
WilliamRodrigues148
 
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
my Pandit
 
2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings
aragme
 
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
AnnySerafinaLove
 
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdfThe 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
thesiliconleaders
 
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
taqyea
 
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta MatkaDpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
Mastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnapMastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnap
Norma Mushkat Gaffin
 
-- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month ---- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month --
NZSG
 
Part 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 SlowdownPart 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 Slowdown
jeffkluth1
 

Recently uploaded (20)

Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
 
Top mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptxTop mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptx
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
 
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
 
Chapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .pptChapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .ppt
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
 
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
 
Training my puppy and implementation in this story
Training my puppy and implementation in this storyTraining my puppy and implementation in this story
Training my puppy and implementation in this story
 
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
 
2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings
 
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
 
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdfThe 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
 
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
 
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta MatkaDpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
 
Mastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnapMastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnap
 
-- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month ---- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month --
 
Part 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 SlowdownPart 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 Slowdown
 

SAP Inside Track Toronto ASUG Ontario 2013 Enterprise Risk Management: Align Goals with Actions

  • 1. Enterprise Risk Management using RM10 – Align to Your Goals and Actions William Newman, CMC, MBA Managing Principal, Newport Consulting Group Communications Chair, ASUG Michigan Chapter
  • 2. We are the ASUG Michigan Chapter. With over 2,500 ASUG members and home to the Automotive SIG and key working groups. We offer three meetings annually: • March - Joint Meeting with Automotive SIG (Detroit) • June – Joint Meeting with West Michigan CWG (Grand Rapids) June 27, 2013 sponsored by GVSU • September / October – UA Partner meeting (Mount Pleasant) October 3, 2013 sponsored by CMU Join us, we are just a lake away! Great Lakes, Great Times. GREETINGS FROM MICHIGAN – Your Great Lakes Friends! Twitter: @asug_michigan
  • 3. • Managing Principal, Newport Consulting Group • Member, SAP Sustainability Executive Advisory Council, Business Influencer Program, Office of CFO Marketing • Certified Management Consultant (since 1995) • Adjunct faculty - Northwood University (International Management, Sustainability Management, member UA program), University of Oregon Sustainable Leadership Program (Sustainable Supply Chain) • Professional Speaker (ASUG, SAP Insider, TEDx, Sustainable Business Forum, MACPA, SAI, Supply Chain Council, SAP Experts), Writer, SAP Press author “Understanding BusinessObjects Enterprise Performance Management (EPM)” • SCN Blog it Forward post: http://scn.sap.com/community/about/blog/2012/10/24/blog-it- forward--william-newman Hello. Call me “Bill” please… Introductions @william_newman
  • 4. Understanding the basis for Enterprise Risk Management (ERM) Executive Challenges Aligning to Goals and Actions SAP Risk Management 10 Platform for ERM Considerations for Audit Practices Considerations for Supply Chain Risk Activities A Case Review – How One Organization Got Started Links and References Key Take-away Points Summary and Discussion Today’s Agenda Agenda @william_newman
  • 5. Understanding Enterprise Risk Management @william_newman Enterprise Risk Management represents a company-wide approach to risk management activities in a holistic, pragmatic, and managed approach across multiple company operations, functions, and activities. - As abstracted from the Global Accenture Risk Management Report, 2011
  • 6. Understanding Enterprise Risk Management @william_newman • Aligning Risk Appetite and Strategy • Enhancing Risk Response Decisions • Reducing Operational Surprises and Losses • Identifying and Managing Multiple Cross Enterprise Risks • Seizing Opportunities • Improving Deployment of Capital ERM objectives typically include some or all of the following: Source: SAP, 2012 as modified by Newport Consulting Group Enterprise risk management (ERM) in business includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives.
  • 7. Executive Challenges Aligning Goals to Actions @william_newman Challenges remain as to motive, satisfaction and capabilities…
  • 8. Executive Challenges Aligning Goals to Actions @william_newman Additional Sources: Discontinuity of risk management practices, in terms of demand, satisfaction, and board level understanding (various sources: The Economist Intelligence Unit Survey, Ascending the Maturity Curve (March, 2011); McKinsey Global Survey, Governance since the Economic Crisis (March, 2011); Report on the 2011 Accenture Global Risk Management Study, (February, 2011) … which suggests a certain “call to action” for executives. “Practical knowledge of risk management concepts and principles are needed in the corporate environment as never before, and executives have created demand for this knowledge. How this knowledge is crafted into ERM practices, standards, and guidelines inside of corporate policy is open for revision.” Source: The Executive Dilemma: How to Increase Enterprise Risk Management Performance? GRC Expert, 2012.
  • 9. SAP Risk Management 10 ERM Platform @william_newman 1 2 3 ERM is not linked to fundamental value drivers of the business Shareholder devaluation occurs based on measuring nonproductive drivers ERM is not focused significantly or deeply enough on the broad “value-killer, fat-tail” risks SAP recognizes there are 3 primary reasons for ERM failure: Source: The Executive Dilemma: How to Increase Enterprise Risk Management Performance? GRC Expert, 2012.
  • 10. SAP Risk Management 10 ERM Platform @william_newman SAP Business Suite and LOB Processes (example: Supply Chain) KPIs, Metrics, Measures (BI Analytics, EPM solutions) Impacts to Measures (BI Analytics, GRC & other solutions) Mitigation and Remediation Plans (GRC RM, PC, AC, ERP-PS) Source: Increase Enterprise Risk Management Performance with SAP Business Objects RM 10. SAP Experts, 2012. Overall Audit Documentation
  • 11. SAP Risk Management 10 ERM Platform @william_newman Source: Increase Enterprise Risk Management Performance with SAP Business Objects RM 10. SAP Experts, 2012. 1 2
  • 12. SAP Risk Management 10 ERM Platform @william_newman 3 4 Source: Increase Enterprise Risk Management Performance with SAP Business Objects RM 10. SAP Experts, 2012. SAP Risk Management 10 allows for a “graphical view” to portray bow tie risk formats, including risk drivers, impacts.
  • 13. SAP Risk Management 10 ERM Platform @william_newman Source: Increase Enterprise Risk Management Performance with SAP Business Objects RM 10. SAP Experts, 2012. 5 6 The Bow Tie Builder graphical view allows specific risk driver and impact descriptions meaningful to specific organizations.
  • 14. SAP Risk Management 10 ERM Platform @william_newman Source: Increase Enterprise Risk Management Performance with SAP Business Objects RM 10. SAP Experts, 2012. Risk actions – such as mitigations – may be added from the Bow Tie Builder. 7 You can identify specific areas of the risk, associated with organizations and processes. A common mitigation action is an audit program, let’s see how RM10 works to support audit programs and functional risk areas.
  • 15. Considerations for Audit Practices @william_newman Business audits are increasingly standard as a risk management function across a number of different functions including: • Information Technology (SAS 70, SSAE 16) • Financial Management processes (SOX 404, Dodd-Frank) • Information Use (ITAR, security constraints) • Sustainability (LEED, SA 8000, Natural Step, GRI) • Assurance activities (AA 1000) • Quality Management processes (ISO 9000, CAPA, APQP) • Environmental Management processes (ISO 14000) • Product Compliance Regulations (ROHS, REACH, ELV) • Treasury Management and Currency Exchange (SWIFT) Audits are not just for IT system management anymore!
  • 16. Considerations for Audit Practices @william_newman Regardless of the business function or processes, most agree the audit format contains several common stages and activities. Source: Adapted from IIA, University of Illinois materials, as modified by Newport Consulting Group.
  • 17. Considerations for Audit Practices @william_newman SAP NetWeaver’s Audit Management allows full program life cycle management for internal audit activities, including: • Information Technology • Management Systems, and • Financial Operations As part of the SAP NetWeaver platform, SAP NetWeaver’s Audit Management connects seamlessly with specific SAP modules such as • SAP ERP Project System • SAP ERP HCM • SAP Risk Management New updates for SAP GRC 10.0 release! Ships FREE with Business Suite! Source: How SAP Solutions Can Make the Audit Process More Cost-effective, GRC Expert (2011)
  • 18. 2 Considerations for Audit Practices @william_newman Source: How SAP Solutions Can Make the Audit Process More Cost-effective, GRC Expert (2011) 1 In this example we can associate an Accounts Payable audit with both financial operations and even treasury risks if involving foreign currencies and operating units.
  • 19. • During the execution stage of an audit, work papers often suggest corrective or preventive actions in real time. • SAP NetWeaver audit management allows you to identify these work papers and capture remediation actions on the fly so that these can be automatically summarized in the findings report. Considerations for Audit Practices @william_newman 3 Source: How SAP Solutions Can Make the Audit Process More Cost-effective, GRC Expert (2011)
  • 20. MEMBERSHIP memberservices@asug.comConsiderations for Supply Chain Risk Activities @william_newman Functional Risk Management can look at many areas, including supply chain disruptions due to disasters, business continuity, and sociopolitical risk…
  • 21. Read my article on supply chain visibility in SCN MEMBERSHIP memberservices@asug.comConsiderations for Supply Chain Risk Activities @william_newman …which can then roll-up and into a broader ERM program environment, providing transparency and proactive management. Source: Newman, William. Understanding SAP BusinessObjects Enterprise Performance Management, Galileo Press (2010).
  • 22. MEMBERSHIP memberservices@asug.comConsiderations for Supply Chain Risk Activities @william_newman SAP Supply Chain Performance Management 2.0 allows for supply chain risks to be mapped to RM10 as part of an overall ERM program portfolio. These risks can also be associated with key risk indicators (KRIs) and SCOR 11 operating models key performance indicators (KPIs) which can help to minimize financial and operational risk targets and increase performance. Source: Manage Supply Chain Risks Using Supply Chain Management 2.0, GRC Expert (2012) Listen to my SCOR11 review on IXN Podcast in iTunes (IXN002)
  • 23. MEMBERSHIP memberservices@asug.comConsiderations for Supply Chain Risk Activities @william_newman Source: Manage Supply Chain Risks Using Supply Chain Management 2.0, GRC Expert (2012) In this example we can link a risk from RM10 into performance measurements and operational data found in SCPM 2.0 1 2
  • 24. Case Study – How One Organization Got Started @william_newman • Large Multinational Organization • Major SAP transformation underway • Third party purchased existing PC-based audit software (burning platform) • Looked to leverage AIS function of ECC (near term) as well as RM10, PC10 capabilities (downstream) Example audit risk management engagement Based on this, the organization’s internal audit department looked at how to leverage Access Controls, Process Controls, and NetWeaver Audit Management with Risk Management 10.
  • 25. Case Study – How One Organization Got Started @william_newman System Topology The concept of using the records tracking inside AIS of ECC 6.0, combined with the document management features of NW Audit Management was compelling.
  • 26. Case Study – How One Organization Got Started @william_newman System Context Fortunately the process for conducting the audit was reasonably consistent across business audit domains. Much of the system context was on workflow, approvals.
  • 27. Case Study – How One Organization Got Started @william_newman Permissions Once roles and workflow were defined a permissions matrix was determined based on modified “CRUD-M” level access to audit report and working papers documentation. ILLUSTRATIVE
  • 28. Case Study – How One Organization Got Started @william_newman Other aspects • SAP User Roles would determine AC permissions for NW Audit Management based on audit  eventually stage gate position using PC • Integrated message system between NW Audit Management and SAP Messaging, Microsoft Outlook • AIS would “feed” auditor working papers based on ISACA T-codes and “scenario basis” ILLUSTRATIVE
  • 29. Links and References @william_newman • Newman, William. Understanding SAP BusinessObjects Enterprise Performance Management, Galileo Press (2010) • Newman, William. Reduce Risk in your Supply Chain with Supply Chain Performance Management, GRC Expert (March 12, 2010) login required • Newman, William. How SAP Solutions Can Make the Audit Process More Cost-effective, GRC Expert (October 4, 2011) login required • Newman, William. Increase Enterprise Risk Management Performance with Risk Management 10.0, GRC Expert (April 18, 2012) login required • Newman, William. The Bow Tie Builder Tool, GRC Expert (May 1, 2012) login required • Newman, William. Supply Chain Management 2.0 Offers Better Integration, Analytics, searchSAP.com (March 21, 2012) • Stackpole, Beth. Deploying Supply Chain Management Software Hinges on Breadth, Depth, Integration, searchManufacturingERP.com (April 18, 2012) • Stackpole, Beth. Ripe with Opportunity, Global Supply Chain also Brings Substantial Risk, searchManufacturingERP.com (March 14, 2012)
  • 30. Key Take Away Points @william_newman 1. There is a great need for Enterprise Risk Management (ERM) – and a lot of confusion as to what this means. This creates significant opportunity for SAP and its partners. 2. SAP Risk Management 10.0 offers a great platform to build, manage, and assess the effectiveness of an ERM program 3. As part of mitigation activities, organizations are looking towards audits to build these actions into their ERM programs. SAP NetWeaver Audit Management offers easy to use connections into RM10 and other GRC tools. 4. Functional risk management allows deeper dives into specific processes, functions and operational activities in the organization. 5. SAP Supply Chain Performance Management 2.0 – allows for quick integration to RM10 risk activities while leveraging the Supply Chain Council SCOR model and SCRP framework.
  • 32. Contact @william_newman William Newman, CMC, MBA Managing Principal / Owner Newport Consulting Group, LLC +1 (248) 978 – 2000 wnewman@newportconsgroup.com www.newportconsgroup.com Visit the ASUG Michigan Chapter! http://www.asug.com/chapters/4149 Thank you.