Due to the growing number of challenges in the internal processes and external supply chains recently, most growing business enterprises have already realized the importance of enterprise risk management solutions in depth. The industry experts also have analyzed the important role ERM plays in SAP solution suite. It can be really important for a business organization to develop a well tuned SAP ERM structure using five important elements in the SAP solution suite, including SAP Business Suite application and SAP GRC.
If you take a keen look at the reports that came out last year, you can see that the supply chain risk over the last five years can be found so easily anywhere. While Japan had the tragedy of tsunami wreck in 2011, the automotive companies across the globe faced great crisis because they all depended on the vendors of that country. Companies are now paying more attention to ensure the right transfer of internal funds internationally. The objective of this process is to meet the rising financial auditing requirements. Institutional governance boards are also taking immense steps to minimize the risk of big scale fraud, low portability and high impact risks which is also known as ‘fat tail’ or ‘black swan’ risks.
The Important Elements Of ERM
It is often tough for SAP customers to structure their business process audits, especially financial audits. Using the SAP Business Suit and available GRC tools to structure the business process audits always confuse the customers. To increase the efficiency of the risk management process and make the most of it, the business enterprises should consider studying a few important elements of ERM.
The first important element of a strong ERM program is nothing but the business process which is usually expressed in one or more SAP business Suites or Line of Business applications. When it comes to financial closings, business organizations can use a variety of SAP ERM modules such as General Ledger (GL), Controlling (CO), and Finance (FI) to maintain ‘closing the books’, fund transfer to organization units and reconciliations. It is beneficial if you have some step-wise and stage gate structure behind these processes with related SAP profiles and their roles recognized.
The second important element of an ERM program is having the appropriate SAP profiles and roles, GRC access controls (AC) and Process Controls (PC). These controls can be applied to make sure that the qualified individuals have access to the systems at the right time when they require it. This can be very crucial for segregation of duties (SOD) required by Sarbanes-Oxley (SOX) and other important controls.
To have an umbrella risk management strategy to recognize potential or recurring risks and to mitigate, avoid and transfer and address those risks, is the third element of any good ERM. The simple risks such as delayed receipt payments or low probability, high impact ‘fat tail’ risks such as natural disasters are usually covered in this section. SAP Risk Management 10 (RM10) offers the structure required for this and has also grown in great amounts over the past years to contain links to EPM tools too.
Another remarkable identity of a strong ERM program is its way of checking the performance of business processes. NetWeaver Audit Management is the final element of a good ERM program. Audit management is something that binds monitoring activities (a risk-mitigation practice) and all native SAP Business Suit activities. Through Audit Management, you can recognize audit plans and programs and place them in a calendar of activities and include working papers and other proofs such as transaction logs from SAP Business Suite processes. As the Audit Management system now comes along with the SAP Business Suite, there are no expensive third party integrations to handle external environment of SAP ecosystem.
Ameera Tabassum is an ACCA Affiliate. She has diversified experience working as Business Process Consultant for an Audit solution company in the Uk. She has over 4 years of experience in ERM risk solutions and as a practicing manager of Business analysts successfully executing several projects in terms of Risk management strategies, ERM risk management solutions and Governance risk compliance.