SAP GRC: Risky Times call for “Back to Basics” for Businesses
Let’s take a look at the times we are in. I am the kind of person who likes to simply put things into perspective, so let’s use the old checklist:
- Stock market rocking back and forth? CHECK
- Unemployment on the rise? AFFIRMATIVE
- Stormy global political and economic picture? YOU BET
- Fear and uncertainty regarding the economy? ABSOLUTLEY
Excuse me for painting such a gloomy picture, but that’s what we are dealing with. Challenging times like these call for some serious risk management measures for enterprises—protecting businesses assets, both financial and intellectual, has never been more important. Therefore, it may be time to tighten some internal controls, revamp business processes and update some standard operating procedures. These measures, more often than not, lead to cost savings and improvements in efficiency.
The first step to the solution? Be pro-active. Turbulent times will cause new risks to arise, so it can never hurt to strengthen risk management policy by remembering some basic principles of organizational risk management. Below are first steps managers can take that will help you evaluate and prevent risk in your enterprise:
- Identify the origin of the risk. This can be internal, external, ineffective or risky business process and lack of management information.
- Establish what caused the newly identified risk to occur.
- Rank your risks according to how critical they are and estimate any impact they might have had on the company’s security or brand image.
- Develop effective controls and put an action plan behind it in order to ensure all of the identified risk factors get their due attention.
- And lastly, don’t forget to turn to your IT department for long-term, sustainable solutions that incorporate those business principles and policies into a well-oiled IT reality.
To sum it up, next time you are sitting with management discussing compliance and risk management within your business, don’t get overwhelmed. Remember that it starts with asking yourself these basic questions, and go from there:
- Does my company really have an up-to-date compliance and risk management policy / framework for times like these?
- Does my company have the mindset to be pro-active regarding compliance awareness?