GRC Tuesdays: Manage the Risks of Innovative Initiatives with the Three Lines of Defense
In Protiviti’s 2018 Finance Trends Survey of almost 400 CFOs, vice presidents of finance, chief accounting officers, and other finance leaders, respondents were asked to rate 16 difference finance areas based on a scale from 1 to 10 for the finance function to improve its performance over the next 12 months. The top five high priorities include:
- Security and privacy of data in finance applications
- Enhanced data analytics
- Process improvement: process and data analytics
- Changing demands and expectation of internal customers
- Challenges with regulations
Per the study, “security and privacy of data in finance applications is a high priority for 75% of CFOs/finance VPs. It is highest among organizations with $10 billion to $19 billion in revenue (84%).
These priorities align with risks highlighted in the 2018 Risk in Review Study by PwC, which surveyed over 1,500 risk executives. Based on the survey results, PwC’s study found “cybersecurity or privacy threats is seen as the risk category expected to rise the most …From introducing new products to entering new markets, to forming alliances, to creating new distribution models, cybersecurity or privacy is of greatest concern. As businesses operate in an increasingly digital world, technology underlies many innovative activities and, by extension, opens the door to greater cyber (or privacy) risk”.
The PwC survey found organizations that have risk management programs that manage innovation-related risks effectively are:
“2-3x more likely to express confidence in their program’s ability to manage risk from high-impact technologies like AI and IoT, and 3x more likely to see future revenue growth than their less-innovative, less-effective peers.”
It’s clear that as organizations are innovating to grow revenue and capture great opportunity, there are more expectations from CFOs and other executive management for enterprise GRC programs to engage in strategic and innovative initiatives.
SAP’s Solutions for the Three Lines of Defense
SAP’s Three Lines of Defense can help organizations to manage the increased risk and volatility associated with high risk velocity events, complexity of regulatory requirements, and the need for protecting sensitive information and infrastructure.
- SAP Risk Management offers end-to-end capabilities to link business strategy objectives to risk appetites and business risks in operational, financial, human capital, technology, compliance, and other categories. These risks are management throughout the Three Lines of Defense in business operations and entity-level risk and compliance activities, and are leveraged by the third line of defense for independent assurance. This means risk managers can be engaged in the life cycles of risks and respond to them in the earliest stages possible.
- SAP Risk Management also offers power key risk indicators and other monitoring capabilities to ensure risk appetite and risk tolerance are adjusted to support an agile framework to manage dynamic and changing risks.
- SAP data privacy governance solutions can also help organizations to document data processing activities, extend and configure the forms used to document data processing activities, and monitor data process and demonstrate compliance with reporting.
In summary, SAP’s Three Lines of Defense help organizations to focus on what’s most important—integrating with critical business systems, monitoring risks and controls continuously, and helping to drive business innovation and innovation by linking all risks to objectives to provide powerful oversight for key stakeholders.
- Have you implemented the Three Lines of Defense in your organization? Read our other blogs on the subject for more information and visit our product pages for details on all the SAP software for the three lines:
- SAP Risk Management
- SAP Process Control
- SAP Audit Management
- SAP Business Integrity Screening.
- Please visit us at SAPinsider GRC2019 in Las Vegas March 19-21 and meet the SAP GRC solutions team. Register before by January 4th for early bird discounts.