Financial Management Blogs by SAP
Get financial management insights from blog posts by SAP experts. Find and share tips on how to increase efficiency, reduce risk, and optimize working capital.
Showing results for 
Search instead for 
Did you mean: 
Product and Topic Expert
Product and Topic Expert

In the previous blog in the series (GRC Tuesdays: What is really SAP Governance, Risk, and Compliance (GRC)?), I introduced the 4 pillars addressed by this solution area: Enterprise Risk and Compliance, Identity and Access Governance, Cybersecurity and Data Protection & Privacy and International Trade Management.

In this blog, and as its title suggests, I’ll focus on the solutions addressing the 1st pillar: Enterprise Risk and Compliance. Follow-up blogs will address the remaining pillars until I have provided you with a clear picture of the modules that compose this portfolio at SAP.


Enabling the Three Lines Model


First things first: why do we even have a solution area for this topic? The answer is quite simple and it is to enable organizations to implement and leverage an aligned Three Lines Model as recommended by many international associations.

With this approach, organizations are able to:

  • Provide one view of risk for real-time decision support. This is possible by sharing one single framework, methodology, and repository of risk and control data across the organization

  • Manage risks, controls, and regulatory requirements in business operations from a single source of truth. Since all information is shared, companies can further identify early warnings from key risk indicators and act before the risk exceeds target thresholds

  • Screen 3rd parties and detect anomalies and potential fraud, including by using predictive algorithms to identify new anomalous patterns and promote early detection

  • Enable continuous controls monitoring with automated alerts to manage by exception which is possible by using real-time checks embedded in business processes (i.e.: travel and expense, procure-to-pay, order-to-cash and more) to help ensure compliance


SAP Risk Management – Preserve & grow value


Features and functionalities:

* Plan risk management within the context of value to the organization

* Identify risks (including drivers and impacts), key risk indicators, and responses

* Analyze risk scenarios (qualitatively, quantitatively, or by scoring methods), model and simulate outcomes to understand exposure

* Respond to risk after balancing costs and benefits and launch workflow-driven responses with remediation tracking

* Monitor & report on risk thresholds, effectiveness of risk responses, and corrective actions


SAP Process Control – Control key processes and manage compliance


Features and functionalities:

* Document controls and policies centrally and map to key regulations

* Plan workflow-driven performance, assessments, and tests of effectiveness, but also distribute policies and related surveys

* Perform & monitor manual and automated controls, including continuous control monitoring of configurations, master data, transactions, and related changes

* Evaluate control design & effectiveness, but also raise and remediate issues

* Report compliance ratings, decisions and promote accountability with insightful analytics and sign-off


SAP Audit Management – Enhance audit quality and provide trusted insights


Features and functionalities:

* Managing audit activity by establishing a risk-based plan, prioritizing audit activities and aligning with the needs of the enterprise

* Planning the engagement by developing and documenting a plan for each engagement

* Performing the engagement by identifying, analyzing and documenting relevant information

* Communicating results on engagement objectives, scope, conclusions, findings, and recommendations

* Monitoring progress of results reported to management


SAP Business Integrity Screening – Detect fraud and investigate suspicious patterns faster


Features and functionalities:

* Design and determine the screening lists, analyze patterns, and define detection rules and models

* Set-up the detection strategy through simulation and calibration

* Detect by executing mass and/or real-time detection and stop anomalies or irregular transactions

* Investigate alerts with efficient evaluation, qualification and remediation of issues

* Analyze (key) performance indicators and create management reports


SAP Regulation Management by Pathlock (formerly known as Greenlight) – Maintain authoritative sources for multiple regulatory alerts and mandates


Features and functionalities:

* Intake regulatory changes by maintaining authoritative sources for multiple regulatory alerts and mandates

* Evaluate by identifying and addressing compliance gaps to meet new or changed regulatory requirements

* Collaborate to establish accountability and unify requirements and controls across operations and compliance stakeholders

* Monitor by aligning compliance requirements with operational activities and automate testing of controls

* Report to demonstrate comprehensive auditability of regulatory compliance

I hope this helps in introducing the Enterprise Risk and Compliance offering from SAP’s Governance, Risk, and Compliance portfolio.

As a reminder, you can find all the other blogs in this series listed below:

I look forward to reading your thoughts and comments either on this blog or on Twitter @TFrenehard