SAP Risk Management and Controls in the Public Cloud
Game Changer for our Customers
This is a momentous event in SAP GRC! We are adding a new public cloud risk management capability to our already exciting public cloud internal control solution SAP Financial Compliance Management (FCM). Take a look at my GRC Tuesday blog on the solution if you want additional information about FCM.
We will offer public cloud risk and control management in the same solution, running on SAP Business Technology Platform, and with integration into SAP S/4HANA cloud – both public and private versions. It can also integrate to SAP ERP 6.0 (ECC) as part of an implementation project. Note this risk module is different to our existing private cloud solution SAP Risk Management.
We plan to release the new functionality into FCM before the end of 2023.
Why this matters, and why now
We are in at a point time where businesses really do have to deal with a VUCA (volatility, uncertainty, complexity, and ambiguity) environment – in terms of data, processes, employees, financials and financing, nth parties, technology, regulations, internal and external risk. By way of example, ESG pretty much covers all of these aspects in one go.
At the SAP Insider GRC conference last week in Copenhagen, we saw an interesting figure from their The CIO’s Transformation Report Card 2023. The most common trend, with 53% of 2023 respondents (up from 36% in 2022) picking it was: Automation, standardization, or redesign of our business processes.
I believe this is a reflection of trends such as:
- 90% of compliance leaders expect evolving business, regulatory, and customer demands to increase compliance-related operating costs by up to 30% (Accenture, 2022)
- 50% of organizations aim to automate controls monitoring and management capabilities to address core drivers of GRC strategy in 2023 (SAP Insider, 2023)
- 3 out of 4 of companies are planning to increase spend across data analytics (75%), process automation (74%), and technology (72%) to support the detection and monitoring of risks (PwC, 2022)
The way to deal with a VUCA business landscape is to centralize and consolidate risk and control management, automate where possible, adopt best practices and standard operating procedures, replace technical debt options with strategically aligned integrated solutions from a single supplier, and select solutions with low TCO but with ease of use. Which is where this new offering from SAP fits, perfectly.
Risk and Controls in the same solution
It’s incumbent and honest of me to say this is the first release of our public cloud risk module into FCM. However, there is a strong roadmap of product development behind it, as well as FCM itself. Which will also include a name change.
With this solution we will:
- Provide one platform for many uses cases and risk domains across the enterprise
- Transform governance, risk, and compliance (GRC) from a cost factor (backward looking) to a strategic differentiator (business performance improvement, forward looking)
- Enhance process assurance for S/4HANA Cloud, Public & Private Cloud Edition, on premise, as well as hybrid scenarios.
- Align with SAP core strategy of running on SAP Business Technology Platform, and SAP Analytics Cloud.
Some sneak screenshot previews
Bear in mind the actual release version may look different.
Below are some screenshots form one of our development instances of the public cloud risk management software. It’s no accident I have chosen an ESG-type risk below just to demonstrate that while the software is (currently) called SAP Financial Compliance Management, use cases are by no means limited to financial ones. They could be HR, Operational, Legal, IT application, ESG (as in this case), and more.
The risk definition section is intuitive and comprehensive, with a summary and loss section at the top for a quick grasp of the state of the risk.
We document Causes and Impacts for the risk
As well as the process and result of a risk assessment, based on the strength of treatment plans.
By including this risk management module within FCM allows the use of automated control performance to be included in the risk assessment. In the example above the treatment measure “Reduction of high risk water-sourcing regions” is in fact one of the controls in the system. The control automatically interrogates S/4HANA, checking for suppliers from countries subject to failures due to increased occurrences of drought brought about by climate change.
Business users can easily fine tune the logic in the procedure by editing parameters and thresholds for the automated procedure performance. They can also drill into the outputs and conduct thorough issue and remediation activities.
It’s worth noting too that we have an integration between FCM and SAP Signavio Process Manager, which means the business first line solution (Signavio) and assurance second line solution (FCM) automatically synchronize process and control information. I have discussed this in my blog about this integration. And this leading edge integration has been nominated for an innovation award by #RISK Awards Team. Of course we are looking at including risk in the integration
The benefits of this new offering are simple but can be subtle, which in fact means they are sometimes complex to articulate with due importance. And there can be many which leads to a ‘listener fatigue’. But for the business and business users, they are real.
- Low total cost of ownership
- Simple infrastructure
- Short time to operationalize
- Smoother digitalization, finance/digital transformation
- Ease of use, intuitive user interface
- Standardised best practice approach
- Access to expanding consumable content
- Leverage SAP Business Technology Platform capabilities
- In line with SAP strategy, customer strategy
- Benefits from LLP and ML capabilities, future potential access to anonymized data
Effective risk and control management is a fundamental requirement for the modern business – for performance, not only risk and compliance.
Public cloud GRC software has real business benefits.
SAP is here to support customers looking for a public cloud risk and control solution with deep integration to S/4HANA.
And this journey is just going to get stronger.