Webinar – The Future of Enterprise Risk Management: Answering the Value Questions

by Erin Hughes, GRC Solution Marketing

Enterprise risk management (ERM) may be at a turning point. Many studies show that corporate boards and senior executives believe ERM is important and want more information about it. Other studies show an expectation gap. Stakeholders are not satisfied with progress to date and with the results of existing ERM initiatives. Something has to give.



VN:F [1.9.22_1171]
Rating: 4.0/5 (1 vote cast)

Can Global Trade Change the World? Yeah, It Can – and Does.

by Greg Ertel, Governance, Risk and Compliance, SAP

Next to farming, global trade influenced the evolution of our modern society more than anything else. Dating back to China’s silk road or the Arabian trade caravans, global trade transformed civilization from isolated communities to advanced, networked societies. Through global trade, populations advanced economically, fueling the development of science, art, and literature. Not only were goods and products exchanged, but also ideas and information.


VN:F [1.9.22_1171]
Rating: 4.5/5 (2 votes cast)

SAP Receives Two GRC Technology Innovation Awards from Corporate Integrity

by Michael Lortz, Senior Director, Governance, Risk and Compliance, SAP


SAP GRC…Not My Father’s GRC


No doubt you’ve seen or heard about the great innovations SAP rolled out over the past year or two. The biggest of these innovations is SAP HANA, our in-memory database technology that’s already reshaped the boundaries of the technology world. But there are others…like our growing stable of mobile apps , our laser focus on the on-demand space, and more.

Well, I’m part of the team that keeps watch over SAP BusinessObjects governance, risk, and compliance (GRC) solutions. We haven’t been idly watching as the company speeds by – we’ve been working hard on some exciting innovations that leverage SAP’s major technology advancements.

This week, three of our recent GRC enhancements received GRC Technology Innovation Awards from Corporate Integrity. Two GRC mobile apps, SAP GRC Access Approver and SAP GRC Policy Survey, and our risk bow-tie builder received the awards. The entire team is proud to have received these awards – but we’re even more excited about what the apps can do for our customers.


VN:F [1.9.22_1171]
Rating: 4.3/5 (4 votes cast)

SAP Influencer Summit 2011 Replays Now Available!

By Marie Alami, SAP

What are the roadmap priorities for business analytics solutions from SAP in 2012? What’s SAP’s vision around systems of engagement? What does systems of engagement mean? What are the five compelling trends that accelerate systems of engagement?

Get answers to these questions and more! Visit SAP Influencer Summit Online and watch the replays.

You’ll also hear directly from SAP customers Sharp, Cobb Energy, FreshDirect, and Houghton Mifflin Harcourt Publishing as they discuss business challenges, how they resolved them, and the benefits of using business analytics solutions from SAP.

Enhanced by Zemanta
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

How Does SAP Enable World-Class GRC Processes?

By Norman Marks, Vice President, Governance, Risk, and Compliance for SAP BusinessObjects



I have been writing for a while now (here and here) about what this term “GRC” really means. While the definition on was fun – an academic definition of the word ‘mess’ – there is a serious meaning as well.

I prefer and advocate the OCEG definition of GRC. I would like to see the community agree on this:

“A system of people, processes and technology that enables an organization to:

  • understand and prioritize stakeholder expectations;
  • set business objectives that are congruent with values and risks;
  • achieve objectives while optimizing risk profile and protecting value;
  • operate within legal, contractual, internal, social and ethical boundaries;
  • provide relevant, reliable and timely information to appropriate stakeholders; and
  • enable the measurement of the performance and effectiveness of the system.”

I have also explained why I believe there is value in talking about GRC. See this post.

But, what does my employer, SAP, provide for organizations seeking to improve their GRC processes?

First, let’s examine what OCEG lists as processes included in GRC and which are supported by SAP solutions:

Process Supported?


Strategy and Business Performance Management


Risk Management




Internal Control


Corporate Security




Information Technology


Business Ethics


Sustainability and Corporate Social Responsibility


Quality Management


Human Capital and Culture


Audit and Assurance




Admittedly, SAP’s solutions don’t cover every process equally. Some are addressed in depth (such as Finance and Risk Management) and others in less detail (such as Business Ethics).

This is why I always advise people to address their needs and the business problems they are trying to solve, rather than try to find a single “GRC solution”. I don’t believe in a single “GRC platform” unless you are talking about something like SAP’s NetWeaver, which is the foundation on which SAP’s various solutions reside.

Points for your consideration:

  • The core for me of GRC is strategy: developing it at the board and top management level, cascading it through the organization to everybody is working to the same goals, linking individual MBO and incentives, linking to risks, and managing performance. SAP has an excellent solution: SAP BusinessObjects Strategy Management (SM)
  • Performance management is a key element of GRC, although often overlooked. SAP has a number of related solutions in its SAP BusinessObjects Enterprise Performance Management suite
  • In order to develop intelligent strategy and manage the business, you need information. SAP leads the way with its SAP BusinessObjects business intelligence solutions (BI)
  • Risk management follows. Risks can be identified using a top-down approach (i.e., risks to strategy, goals and objectives) or a bottoms-up approach (e.g., from interviews and surveys). SAP BusinessObjects Risk Management(RM) supports both approaches, for all forms of risk, and risks in RM can be linked to SM for a complete view of risks and strategies
  • In order to manage risks, you have to understand, assess, and test controls – both manual and automated. This can be done using SAP BusinessObjects Process Control (PC), which is integrated with RM so you can do top-down and risk-based controls assessment and testing
  • Controls over the important risk area of access to the ERP are enhanced and monitored by products like SAP’s BusinessObjects Access Control (AC) – formerly known as Virsa
  • One popular topic in the GRC area is continuous control monitoring or auditing (CCM). PC is the primary solution for CCM, and especially powerful when combined with AC and the power of BI for data analytics
  • Compliance is a massive area, and I don’t know of anybody that addresses every global law and regulation. Certainly, solutions like RM enable a risk-based approach to compliance, but many areas need specialized solutions. SAP has several, such as those for global trade compliance and environmental, health, and safety compliance
  • Audit is included in most people’s list of GRC functions. SAP has many solutions with functionality for internal audit, including data analytics (BI), risk monitoring (RM), continuous auditing (PC, BI, and AC), and audit management (through its NetWeaver audit management functionality)
  • Core to Governance is the effectiveness of the (as described in the COSO internal control framework) ‘control environment’. This includes the ‘tone at the top’ and human resources practices such as hiring, employee performance management, etc. SAP is a leader in solutions for human resources

I could continue talking about all the other solutions for GRC processes, including features in SAP’s ERP products. But, there’s a limit on my and your patience. Let’s just say that the list of solutions for GRC processes is long and leave it at that!

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Next Page »

  • Subscribe to Blog via Email

    Receive email notifications of new posts.

  • RSS Feed

  • Connect with Us:

  • Related Blogs

  • Categories

RSS Feed Subscription

Subscribe to the Analytics from SAP Blog or individual categories.

Analytics from SAP Blog

  • Analytic Applications Feed for all posts filed under Analytic Applications
  • Analytics Strategy Feed for all posts filed under Analytics Strategy
  • Big Data Feed for all posts filed under Big Data
  • Blog Archives Feed for all posts filed under Blog Archives
  • Business Intelligence Feed for all posts filed under Business Intelligence
  • Collaboration Feed for all posts filed under Collaboration
  • Data Visualization Feed for all posts filed under Data Visualization
  • Data Warehousing Feed for all posts filed under Data Warehousing
  • EIM Feed for all posts filed under EIM
  • EPM Feed for all posts filed under EPM
  • GRC Feed for all posts filed under GRC
  • Mobile Analytics Feed for all posts filed under Mobile Analytics
  • Predictive Analytics Feed for all posts filed under Predictive Analytics
  • SAP HANA Feed for all posts filed under SAP HANA
  • ×