Harness Risk Threshold Definition to Drive Ad Hoc Risk Escalation

  • by Kehinde Eseyin, Senior SAP GRC Consultant, Turnkey Consulting Ltd.
  • November 19, 2014
Kehinde Eseyin shows how to configure, create, and process ad hoc risk escalations using SAP Risk Management 10.1.
Learning Objectives

Reading this article you will learn how to:

  • Configure ad hoc risk escalation
  • Approve, transfer, reject, and forward ad hoc risk escalation
  • Monitor the status of ad hoc risk escalation
Key Concept

Risk threshold is a reflection of the amount of risk an organization is ready to tolerate. Because risk threshold can be defined at the organizational unit level based on specific metrics, such as size, revenue, or geographical formation, SAP has provided the new ad hoc risk escalation functionality. This functionality in SAP Risk Management 10.1 is designed to manage the escalation of a proposed risk to a superior approving authority (in the higher organizational unit) for subsequent processing when the defined threshold is exceeded. If the defined threshold is not exceeded, the workflow item is processed within the organization unit by the responsible actor.

Ad hoc risk escalation is a new functionality in SAP Risk Management 10.1 that allows risk experts to create ad hoc risks while allowing for escalation if defined thresholds are exceeded. Ad hoc risk is a risk that is specifically created in response to identified vulnerability and possible issues. Ad hoc risks can be prompted by compliance or business events or result from identifying a threat area.

This risk type does not exist as part of the risk master data and therefore needs to be raised separately when possible risk issues are encountered. It is basically a risk proposal that is subject to further validation that might require escalation. When creating ad hoc risk, you need to define the probability of the risk materializing and the associated possible impact value, which can be alarming in some cases.

Kehinde Eseyin

Kehinde Eseyin is a senior SAP security and GRC consultant with Turnkey Consulting (UK) Limited. He has more than eight years of SAP authorizations, GRC, and Basis experience. In the past, he has managed teams to coordinate security, GRC, and Basis administration activities within a multinational environment and operated as an independent consultant, performing SAP system audits and SAP GRC Access Control implementations. He holds a bachelor’s degree in computer science. He has different certifications, including SAP Access Control 10.0 Consultant; SAP Technical Consultant (SAP NetWeaver on Oracle); SAP Solution Manager Operations Consultant; SAP Support Engineer – SAP Solutions Manager; SAP Business One Consultant; Oracle Database Administration Professional (OCP DBA); ITIL v3; and PRINCE2. He is the co-author of SAP BusinessObjects Access Control 10.0 Application Associate Certification [Review Questions and Answers].

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.