GRC Tuesdays: The State of Risk Management in 2018
OECD’s latest Economic Outlook, released on May 30th, observes that “the global economy is experiencing stronger growth, driven by a rebound in trade, higher investment and buoyant job creation, and supported by very accommodative monetary policy. The pace of global expansion over the 2018-19 period is expected to hover near 4%… However, the Outlook also underlines that significant risks posed by trade tensions, financial market vulnerabilities and rising oil prices loom large. “
Deloitte’s first-quarter 2018 CFO Signals™ survey of 155 CFOs of large North American companies also found similar results. The CFOs’ assessments of the major global economies “hit new survey highs in the latest survey…But even with blue skies and forecasts calling for more sunshine, finance chiefs should be prepared for challenges that could get in the way of executing their organizations’ growth strategies and capitalizing on today’s buoyant conditions.”
Deloitte also reports that “One way boards are enhancing their risk oversight practices is by clarifying and formally approving the organization’s risk appetite, the aggregate level of risk that management is willing to take in pursuit of its strategy. As a first step, boards must also sign off on management’s strategy. Directors realize it is their role to oversee both risk appetite and strategy, but conversations linking the two are usually informal, if they happen at all. Moreover, the board’s understanding of risks, especially nonfinancial risks, is often more intuitive than explicit.”
The ISO 31000:2018 Risk Management Guidelines, which updates the 2009 one, also highlights the new emphasis on “leadership by top management and the integration of risk management, starting with the governance of the organization and emphasis on the iterative nature of risk management, noting that new experiences, knowledge and analysis can lead to a revision of process elements, actions and controls at each stage of the process.”
How Does SAP Address Risk Management?
SAP Risk Management is used by companies to link their opportunities and business objectives to their risks and provides the end-to-end capabilities to risk identification, analysis, monitoring, and reporting. Top management can have up-to-date information on the latest risk information while the iterative processes of risk activities are carried out so risks aren’t just reported but are mitigated effectively with policies, controls, and other actions at the earliest possible stage.
SAP Risk Management can also automate the monitoring of key risk indicators in SAP S/4 HANA Cloud, allowing CFOs, chief risk officers, and other stakeholders to have better assurance that risks are managed.
SAP’s Three Lines of Defense solutions help business to manage risks more effective by making business processes, controls, and fraud risks more transparent and efficient. It automates the Three Lines of Defense so risk management can automate the end-to-end risk management processes while compliance can automate policy management, controls monitoring and testing, and so on. Internal audit can provide assurances that the strategy and investments in talent, digital transformation, and growth areas are protected and well managed.
- Learn more about SAP’s three lines of defense solutions.
- Read the rest of our GRC Tuesdays series blogs.