Using the Risk Exposure Configuration Interface

The configure risk exposure landing page displays two tables:

Risk exposure configuration history

• Lists the different configuration settings that are currently used or have been previously used
  • The Action button for each row gives you the option to create a new draft

Risk exposure configuration draft

• Lists all drafts of the active configuration version
  • The Action button for each row gives you the option to create a new draft, delete the draft, or edit the draft

The configuration editor displays five tabs:

1. To change the name of the version you are editing, click the pencil icon next to the current name.
2. Data sources: Lets you specify which data sources contribute to risk exposure measurements.
3. Category weights: Lets you set the weight of each risk category in the overall risk exposure calculation, and specify what is considered a Low, Medium, or High exposure for each category.
4. Field configurations: Lets you define values and risk exposures for standard and custom fields.
5. Incident types: Lists all supported incident types. Incidents are created based on media, and are contributing factors to all risk domains. This information is provided for reference only; no settings or changes can be made to these values.
6. Audit: Tracks changes made to the version of the configuration currently being viewed. It identifies the user who made each change, and includes the date and time of the change. This information is provided for reference only, and cannot be changed.

1. All default data sources are initially selected. Unselect those you wish to exclude. At least one data source must remain selected.
2. Save: Saves your work.
3. Cancel: Exits the editor and returns to the configure risk exposure landing page without saving your work.
4. Activate: Saves your work and makes the current version the active version.

The Data sources tab lists the data sources available for selection. Selected sources contribute to risk exposure measurements, and unselected sources do not.

Sources are categorized as follows:

• Default sources are available for all SAP Ariba Supplier Risk customers
• Licensed sources are third-party providers that become available for selection only after you register a license with them

The Category weights tab displays three sections:

Category weight settings

• Sets the relative weight of each risk category in one of the following ways:

  • For each category, adjust the slider left to reduce the category weight or right to increase the category weight

  • For each category, type a percentage weight in its Contribution to overall exposure (%) field
• Total weight must equal 100%

Risk level settings

• Defines what ranges of exposure are considered high, medium, and low for each risk category and for the overall risk exposure

Test your settings

• Allows you to test your new settings before activating them in your realm by entering risk exposure levels for a hypothetical supplier

The Field configurations tab displays three sections:

Standard fields

• Lists the fields included in the original risk exposure settings provided from a default data source

Licensed fields

• Lists the fields included in the additional data provided from a licensed third-party provider

Custom fields

• Lists the fields that you have configured in your site
  • You can configure up to 15 custom fields
• If you configure custom fields, you must create a supplier input file
  • The file includes the suppliers and data elements that you defined in the configuration settings

1. Risk category: The risk category. Options include: Environmental & social, Financial, Operational, or Regulatory & legal.
2. Field type: The data type of supported values for the field. Options include Numeric and Text.
3. Field value: The list of permissible values for the field. Each value in the list must conform to the specified field type.
4. Weight: Determines the emphasis for each field within the risk calculations for the category.
5. Threshold order: Determines whether greater emphasis should be given to higher or lower risk exposures, based on the thresholds set in the Less than and Greater than fields.

   Safer to riskier (default value): Values below the Less than value have Low impact, values above the Greater than value have High impact, and values in between have Medium impact.

   Riskier to safer: Values below the Less than value have High impact, values above the Greater than value have Low impact, and values in between have Medium impact.

6. Less than: Allows you to set the lower threshold. Values below this threshold are considered Low for risk calculation purposes, when using the default setting for Threshold order.
7. Greater than: Allows you to set the upper threshold. Values above this threshold are considered High for risk calculation purposes, when using the default setting for Threshold order.
8. Exposure override: Allows you to override the standard risk exposure calculation.

You can define values and risk exposures for standard, licensed, and custom fields

The Exposure override field allows you to select any of the standard, licensed, or custom fields to override the standard risk exposure calculation.

When using the override:

• The Weight of the selected field must be set to High on the Field configurations tab
• The Contribution to overall risk exposure must be set to 1% or higher for the category of the selected field on the Category weights tab

Exposure override options include:

• None means the override isn’t being used for that field and the standard risk exposure calculation is used
• Risk category exposure means the risk exposure is set to High for that risk category
• Overall risk exposure means the risk exposure is set to High for that risk category and overall