It's been a week since we participated in the SAP Inside Track event at SAP Americas HQ in NSQ. First a big shout-out to Chip, Rich, Marilyn and others for putting the event together. I'll provide the link at the end of this blog as well for the recordings for all of the sessions including my session on Enterprise Risk Management (ERM) at http://wiki.sdn.sap.com/wiki/display/events/SAP+Inside+Track+Newtown+Square+2012.
First of all some key findings as a summary from my presentation:
1. ERM activities are of huge importance to large enterprises and mid-size supplier companies. Whether it is based on capital, treasury, environmental, natural disaster, or logistics risks .... companies overwhelmingly (by 93% according to one study from 2011) understand the importance of ERM activities as part of the board room to the shop floor.
2. There is a disparity between trained skills and practitioners with the talent required to successfully enable ERM processes in many companies. Only 33% of all companies report that there are the skills and talents necessary to meet near-term and mid-term ERM requirements in large enterprises. (Note to practitioners: rest now since it will become increasingly busy as demand rises for your skills!)
3. Executives do not fully understand the importance of ERM processes and - worse - do not understand the key risk drivers in their organization as much as they should. Only 15% of executives admit that they fully understand what their needs are in this area, while 32% admit they essentially have no clue ("limited to no understanding") of what key risk impacts affect their business.
[For more information on all three of these concurrent reports published within weeks of each other in 2011 visit these sources.*]
Suffice it to say there is a HUGE opportunity for risk practitioners, armed with the right methods, tools and approaches, to make a significant impact in how organizations manage and monitor enterprise risk. Big time.
The good news is that SAP BusinessObjects Risk Management 10.0 provides a number of elements that allows visual management of key ERM risk categories and actions, including such complex issues as supply chain risk, through a number of new capabilities inside RM10 and with new integrations with current and existing applications. For example the new graphical mode in RM10 allows a risk practitioner to demonstrate the risk via both drivers and impacts in what risk practitioners will recognize as a familiar "bow tie chart" approach to demonstrating risk activities, outcomes, and responsible organizations.
You can define particular mitigating actions - such as transfer, reduce, avoid, accept - using the mitigate risk option. Remember, if you really like typing in all of the information in the regular non-graphical RM10 work space you can still continue to do that!
One of the most common mitigation actions is an audit or assessment. With SAP NetWeaver Audit Management you can link audit activities - such as IT, financial, treasury, quality or other business audits. From this screen in SAP NetWeaver Audit Management you can build out the audit profile and then link it to a mitigation response in RM10.
Another area of functional risk is the supply chain. Supply chain risk can come from a number of areas including labor disruption, natural disasters, and supplier performance deficiency. You can use SAP BusinessObjects Supply Chain Management 2.0 (now in ramp-up and generally available [GA] later this year) to link performance activities to risks actions inside RM10. A number of risk categories from the Supply Chain Council SCOR framework are also available, you can learn more about these at http://supply-chain.org/scor/.
This is only a cursory overview of a number of new uses for RM10 to address enterprise risk management needs. For more information please visit our friends at SAP Experts for more deep discussions I provide, including step-wise scenarios on all three of these approaches. The following article set should prove very useful in exploring how and when to leverage these approaches with RM10:
*Sources: Discontinuity of risk management practices, in terms of demand, satisfaction, and board level understanding (various sources: The Economist Intelligence Unit Survey, Ascending the Maturity Curve (March, 2011); McKinsey Global Survey, Governance since the Economic Crisis(March, 2011); Report on the 2011 Accenture Global Risk Management Study, (February, 2011)