Harness Risk Threshold Definition to Drive Ad Hoc Risk Escalation

  • by Kehinde Eseyin, Security Architect
  • November 19, 2014
Kehinde Eseyin shows how to configure, create, and process ad hoc risk escalations using SAP Risk Management 10.1.
Learning Objectives

Reading this article you will learn how to:

  • Configure ad hoc risk escalation
  • Approve, transfer, reject, and forward ad hoc risk escalation
  • Monitor the status of ad hoc risk escalation
Key Concept

Risk threshold is a reflection of the amount of risk an organization is ready to tolerate. Because risk threshold can be defined at the organizational unit level based on specific metrics, such as size, revenue, or geographical formation, SAP has provided the new ad hoc risk escalation functionality. This functionality in SAP Risk Management 10.1 is designed to manage the escalation of a proposed risk to a superior approving authority (in the higher organizational unit) for subsequent processing when the defined threshold is exceeded. If the defined threshold is not exceeded, the workflow item is processed within the organization unit by the responsible actor.

Ad hoc risk escalation is a new functionality in SAP Risk Management 10.1 that allows risk experts to create ad hoc risks while allowing for escalation if defined thresholds are exceeded. Ad hoc risk is a risk that is specifically created in response to identified vulnerability and possible issues. Ad hoc risks can be prompted by compliance or business events or result from identifying a threat area.

This risk type does not exist as part of the risk master data and therefore needs to be raised separately when possible risk issues are encountered. It is basically a risk proposal that is subject to further validation that might require escalation. When creating ad hoc risk, you need to define the probability of the risk materializing and the associated possible impact value, which can be alarming in some cases.

Kehinde Eseyin

Kehinde Eseyin is a security architect. He holds a bachelor’s degree in computer science. He has about 12 years of IT security, governance framework, IS risk, and compliance experience gained by working in numerous global organizations. Over the years, he has demonstrated competencies in security design, information assurance, cyber security, data privacy, threat and vulnerability management, penetration testing, business architecture, project management, IT audit, IS controls framework, and identity and access management.

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.