Combine SAP Strategy Management and GRC Risk Management for Risk-Intelligent Strategic Execution

  • by Dr. Karol Bliznak, Vice President, SAP AG
  • April 15, 2008
In most organizations, strategic management and risk management are completely separate processes. As a result, it’s often difficult to track strategic goals over time while assessing the risks that might affect strategic initiatives. With an integrated approach to strategy and risk management, you can ensure that business owners are focusing on the right initiatives both to drive execution of strategy and manage risk.
Key Concept

SAP Strategy Management (SSM) is delivered as part of SAP’s Financial Performance Management (FPM) portfolio. It helps organizations align resources quickly to carry out corporate strategy by communicating strategic plans clearly, translating them into priorities and tasks, and rapidly monitoring and reporting on their progress. SSM has replaced the SAP Balanced Scorecard application of SAP Strategic Enterprise Management (SAP SEM) for scorecarding and strategy management.

SAP GRC Risk Management, delivered with SAP solutions for GRC, helps you to identify risk and conduct risk analysis, response, monitoring, and reporting within a best-practice framework. With GRC Risk Management, a company can balance business opportunities with financial, legal, and operational exposure to minimize the market penalties from high-impact events.

Many of today’s businesses have a common theme: leveraging knowledge of enterprise risks and their own risk tolerance to guide strategic execution and measurement of performance in their executing strategy. The practice of handling enterprise strategy management and risk management often clouds the natural, theoretical tie between these two business processes, which companies frequently handle separately. This leads to organizations using inefficient and error-prone means — such as manual, spreadsheet-based matching, merging, and aggregation of data from the strategy and risk silos — to identify the strategic objectives at risk and to effectively introduce and monitor risk-mitigating measures. I’ll show you how to integrate SAP Strategy Management (SSM) and SAP GRC Risk Management, helping you to understand the relationship between the strategic objectives and the associated risks.

Consider this example: A car producer makes the profitable growth of its SUV product line the cornerstone of an aggressive growth strategy. Based on revenue figures from the recent past, which are shown in a strategy scorecard, the SUV product line seems predestined to hit the ambitious revenue and profitability numbers. Simultaneously, however, the forward-looking risk assessment data in a risk management system indicates a surprisingly increased aggregated risk exposure for the SUV line. The line is suffering from internally discovered production quality gaps, increased regulatory risks, and a changing market perception for this type of vehicle. Without having the ability to match both the performance and risk insights from the two data silos, the producer might bet on the SUV’s seemingly solid growth objective and put its entire strategy at risk, missing its targets or even suffering significant financial losses.

SAP’s concept of risk-intelligent strategic execution provides a greater ability to understand and manage business performance by integrating SSM and GRC Risk Management. By managing risks across corporate strategy and key business initiatives and providing risk-related reporting on these initiatives, your organization’s managers can focus their attention on the initiatives that risks affect. This can avert further costs or identify opportunities for the company. The car producer from my example now has the visibility to an objective’s past performance and to future risk exposure. It might be able to adjust its corporate strategy, switching to other lower-risk product lines to deliver on a profitable growth objective.

You can find some basic information on risk-intelligent strategic execution in the standard documentation of both GRC Risk Management and SSM; however, documentation of a detailed, cross-application scenario has been missing before now. A GRC expert with GRC Risk Management knowledge, as well as basic SSM and SAP NetWeaver knowledge, could drive the setup with assistance from SSM and SAP NetWeaver experts. For more about prerequisites, see Table 1.

Dr. Karol Bliznak

Dr. Karol Bliznak is vice president of the Rapid Innovation Group (RIG) within the mobility division at SAP. He focuses on converging SAP’s strategic innovation categories, such as mobile solutions, SAP HANA, business analytics, and the cloud. He works at the SAP AG headquarters in Walldorf, Germany. He has more than 14 years of SAP experience in business intelligence, mobility and in-memory technologies, enterprise performance management, financial accounting, controlling, governance, risk, and compliance.

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.