Skip to Content
Business Trends
Author's profile photo Avery Horzewski

A Q & A with 2019 SAP Innovation Awards Participant: Ernst & Young

I had the pleasure of chatting with Caroline Desrochers and Nicholas Gutwirth from Ernst & Young (see their bios below) to discuss their SAP Innovation Awards entry: EY Risk Navigator, a powerful set of SAP analytics dashboards running on SAP Cloud Platform.

What challenges do you see businesses facing with their risk and controls processes?

Until recently, risk was a point-in-time, detective effort focused on avoiding negative outcomes. But these outdated risk-monitoring procedures no longer allow companies to remain competitive in the market. Continued reliance on traditional risk and controls monitoring can lead to high spend and less confidence that things are being managed properly. This is because the past fragmented views and costly manual testing of risk and controls increased the risk of recurring audit findings and reactive risk mitigation.

How does the EY Risk Navigator solution address these problems?

Companies need to remodel their risk management functions to better protect the business and to keep pace with an increasingly complex and diverse business, regulatory, and compliance landscape. Today’s challenges are driving demand for a more robust, technology-enabled solution to monitor risks in the digital world. Put simply, organizations need to embrace disruption and build in trust-by-design to thrive in the Transformative Age.

That’s where EY Risk Navigator comes in. As an SAP-certified suite of solutions, it helps companies differentiate with trust by giving them a real-time, predictive view of risk across an organization. This type of near-real-time access to risk and controls information allows them to frame risk as an enabler and drive confident, risk-informed decisions.

What are the business benefits of EY Risk Navigator?

EY Risk Navigator Cloud Analytics enables companies to identify, understand, and remediate risk before it proliferates through an organization, so they can embed trust into the process rather than addressing issues after a breakdown. Key benefits include:

  • Accessibility: reduced barriers to advanced risk-monitoring capabilities, including lower capital and resource-intensive implementations
  • Cost savings: lower costs enabled through cloud computing and automation of risk identification and remediation, as well as cost avoidance associated with undetected control failures
  • Early detection and intervention: near real-time access to risk and control status, supporting more timely resolution of findings (and smoother audits)
  • Speed to value: speed to value in attaining mature, continuous risk-monitoring capabilities using EY’s rich risk and controls content (e.g., key risk indicators, controls library, segregation-of-duties ruleset)

The solution provides a platform for the CIO, CISO, controller, and business stakeholders to facilitate common, factual discussions on the state of controls. This is possible because management has real-time access to the state of its business and IT processes running on SAP, which in turn allows compliance and business functions to move past a compliance-only mindset and partner together in advancing the organization’s mission.

Advanced analytics also gives stakeholders richer information, resulting in better business decisions. By having these analytics without the need for periodic manual generation, companies can better allocate their resources toward more value-add activities vs. just compliance.

What advice do you have for companies ready to transform their risk processes?

Regardless of the technology solutions leveraged by companies, organizations need to transform. The days of monitoring and reacting to threats after they occur are gone. To get started, we recommend the following steps:

  • Define and understand the upside and downside of risks that can impact your business
  • Design and activate strong monitoring processes
  • Adopt cutting-edge technology that can help you predict risk (not just react to it)
  • Employ data analytics and trends to identify root causes for control breakdowns

We’d love to hear what organizations are doing to get ahead of risk, so please feel free to comment below. If you have any questions, please post those as well. And if you want additional information, go to

Caroline Desrochers, Senior Manager, Risk Transformation

Caroline Desrochers is a Senior Manager in the Advisory Services practice of Ernst & Young LLP. She started her career as an external auditor before shifting her focus to helping companies design their business process and SOX controls. She has helped leading organizations to optimize their risk and control frameworks and drive automation to streamline compliance. Caroline also helps lead the EY Risk Navigator solution offering.




Nicholas Gutwirth, Manager, Risk Transformation

Nicholas Gutwirth is a Manager in the Advisory Services practice at Ernst & Young LLP. He helps organizations optimize their business control frameworks and implement governance, risk management, and compliance (GRC) solutions to address regulatory requirements. His past experience includes over four years as an external auditor with a focus on auditing SAP.

Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.