By moving to continuous delivery for our SaaS solutions – including of course SAP Risk and Assurance Management, SAP Product Management and Engineering teams are aiming at addressing 3 main benefits:

1. Deliveries without disruption: updates will not interfere with the daily work of end users and no regression tests are necessary

2. Flexible adoption of innovations: continuous deliveries consist of pre-delivered new functionalities usually delivered behind toggles to give customers the flexibility to actively decide whether to put a functionality into operation straight away or to wait until the releases following the update as it then becomes available to all customers by default

3. Faster action on feedback or improvement requests: this approach allows SAP to innovate faster and respond more quickly to improvement requests.

Thanks to this delivery strategy, there have been quite a few recent enhancements for SAP Risk and Assurance Management, and I have selected just a few below to highlight. This is by no means the entire list!

New risk analysis methods

Quantitative risk assessment was already available in SAP Risk and Assurance Management since the delivery of the Risk Service module in Q2 2024, but new risk analysis methods are now also available: Qualitative Analysis and Mixed Analysis.

In Qualitative Analysis, users can estimate an amount of financial loss incurred and the likelihood of occurrence for the risk. The total loss is derived from the sum of the quantitative impacts and the amount of loss is automatically translated into an impact level and impact score against the impact scale defined by the organization in the configuration settings of the solution.

Mixed Analysis is used when there is a combination of both qualitative and quantitative assessments. In this approach, the Total Loss is not used, but the Total Impact Level and Total Impact Score are. Here, the sum of the quantitative impacts is translated into an impact level based on the impact scale, and then compared with the qualitative impacts. The highest impact level is taken as the total impact level.

Summary of what is available when:

Integration with SAP Signavio for Controls and Risks version 2.0

Last year, SAP Product Management and Engineering had delivered the integration between SAP Signavio and SAP Risk and Assurance Management with an import of all processes from the first one to the second one. Processes where then synchronised between the 2 solutions and there was also another integration that related to controls. Controls could be created in SAP Risk and Assurance Management and exported to SAP Signavio where they could be assigned to process tasks.

This was integration 1.0.

We now have version 2.0 of this integration with much broader capability since the risk is also included in the scope. Risks can therefore be pushed from SAP Risk and Assurance Management to SAP Signavio.

But there’s more: legacy controls and risks from SAP Signavio to SAP Risk and Assurance Management are also now supported. So, if an organization has been using SAP Signavio for some time and has already populated controls and risks there and they now start using SAP Risk and Assurance Management, they can push their controls and risks from SAP Signavio to SAP Risk and Assurance Management.

Version 2.0 of this integration therefore enables customers to use SAP Risk and Assurance Management as a single central repository for creating and managing risks and controls, and to export them to SAP Signavio on a regular basis.

Automatic Issue Owner Determination, Notification, and Assignment

With this new capability, when a new issue is created, the system can automatically identify the person who will be in charge of its resolution. This is the issue owner.

With automatic dispatching of new issues to designated users and email notifications to make nominees aware of it, issue owners are notified in a timely manner so they can’t really miss it.

This enhancement further helps issues find their best processor under consideration of absences, etc. and avoid orphaned issues by automatically assigning an issue owner after a grace period.

To do so, there is an app Manage Teams and Responsibilities where you can create the teams based on determination rules and define who gets the action items.

The process to determine the right stakeholder before was manual so every new issue had to be manually dispatched. Now, the solution takes care of it automatically and makes it more convenient... and scalable!

GRC Data Consolidation Service

Dashboard and reports are key components in any efficient Compliance program. Not only to be able to communicate results to Senior Management, but also to be able to monitor control results and issue status.

In this area, the new GRC Data Consolidation service provides an API to replicate consolidated information for controls and issues enabling organizations to visualize this data in charts and graphics in any analytical tool that can use OData. Including SAP Analytics Cloud of course.

Below are just some examples of use cases of data from SAP Risk and Assurance Management that can be visualized:

What’s more, semantic fields can also be leveraged:

Looking for additional enhancements and more details?

As mentioned in the introduction, this is only a sample of the recent enhancements. But you will be able to find the complete list as well as further documentation directly in the dedicated section of the SAP Help Portal: What's New in SAP Risk and Assurance Management

I look forward to reading your thoughts and comments either on this blog or on Twitter @TFrenehard

And if you are interested in learning more about SAP solutions for Governance, Risk, and Compliance, feel free to fill-in the demo request form!