Tell us what you think

We want to create the best possible experience for our learners. Your feedback helps us to improve the experience for everyone.

Introducing the Enterprise Risk Management Program.

Objective

After completing this lesson, you will be able to summarize the Enterprise Risk Management Program.

 The Broad View of the ERM Program

What is Risk?

Risk is an event that may result in a significant deviation from a planned objective resulting in an unwanted, negative consequence. The planned objective could be any aspect of an organization's strategic, financial, regulatory, and operational processes, products, or services.

Scope of Enterprise Risk

Organizations face many types of risks. These risks include:

Strategic risks that involve an organization's direction. Is the organization's current course and ability to adapt to market changes correct, or does it need to be changed to keep from stagnating or collapsing? Strategic risks include an organization's overall objectives, the assumptions that underlie those objectives, and the constraints the organization faces.
Financial risks that involve the allocation of resources, including an organization's financial investments. For instance, are financial resources allocated creating the best returns for an organization's shareholders?
Regulatory risks that involve an organization's compliance with corporate sustainability, trade, financial reporting, and other legal and regulatory requirements.
Operational risks that involve the people, processes, and technology that are needed to carry out an organization's strategic objectives. These risks include how well information technology systems function or the effectiveness of information security to perfect confidential data.

What Is the Need for Risk Management?

Risk is made up of two parts: the probability of something going wrong, and the negative consequences if it does. Organizations operate in a dynamic environment, so the future remains uncertain.

The following are reasons why an organization is in urgent need of appropriate risk management:

Adverse Consequences:

Risk can be hard to spot. However, if let alone to prepare for and manage and you're hit by a consequence that you hadn't planned for, then the costs, time, and reputations could be on the line.

Inconsistent and Unreliable Risk Data Information

A person is giving a presentation in a modern conference room. They are pointing at a large screen displaying colorful charts and graphs related to various business sectors such as Manufacturing, Operations, Human Resources, and Technology. The room has wooden walls and a bench along one side. Another person is partially visible, seated at a table.

People call different things by the same name and the same things by different names. Without an automated and repeatable process to gather data, all your time resources are focused on collection rather than execution.

Act on Emerging Risks and Opportunities 

A person wearing a virtual reality headset and a red safety vest is interacting with a virtual environment. They are standing in an industrial setting with blue machinery in the background. The person is making a gesture with their hand, possibly interacting with the virtual interface.

Risk management must be rooted in the future, not the past. What happened yesterday is only important if it helps predict the future. Tomorrow's risks and opportunities, if predicted early, provide a business advantage. The role of the risk manager in foreseeing the catastrophic events and business opportunities is critical. 

Create Continuous Insight

A person wearing a blue shirt, tie, and vest is interacting with a large touchscreen display. The display shows architectural or technical drawings. The individual has tattoos on their arms and is pointing at the screen, possibly explaining or presenting something. The setting appears to be a modern office or conference room with large windows in the background.

Top management, who base decisions on risk information, require insight into the risk appetite on a real-time basis. Just reporting annually provides a rear-view focus and limited insight on how to improve the business. The ability to manage risk at the various levels by the risk appetite drives better performance.

A diagram titled Risk Managers depicts a blue icon with three people and a speech bubble containing the questions: What is the status of our top risks? and What risks don't we know about? To the right of the icon, there are three arrows pointing to the following actions: Asks for additional input, Send out MS Excels, and Workshop after workshop.

Risk managers are typically responsible for ensuring that a consistent risk management process is followed throughout the organization. However, the risks are "owned" by the lines of business. As a result, risk managers constantly struggle with tracking the progress of responding to risks.

The image depicts a comparison between Risk Managers and Lines of Business, highlighting their different concerns and approaches.On the left side, under Risk Managers, there is a blue icon representing a group of people. The speech bubble above them contains the questions:What is the status of our top risks?What risks don't we know about?Below the icon, there are three actions listed:Asks for additional inputOn the right side, under Lines of Business, there is a yellow icon representing a group of people. The speech bubble above them contains the questions:Are we on track to reach my goals?Do we have to fill another assessment?Below the icon, there are three actions listed:Brainstorm one-off response possibilities. Siloed risk thinkingFocusing only on negative risks

The Lines of business typically do not think about risks as you do from a compliance perspective, but about meeting their performance objectives. They tend to receive several surveys or assessment requests from different groups that ask similar questions (that is, risk management, audit, IT security, business continuity, and so on).

Typically, the business units come up with good solutions to address the risks they know about, but only those risks. They have absolutely no visibility into risks outside of their silo that could negatively affect them. Risk mitigation efforts that are successful are often one-offs, and are typically never reapplied to other regions or similar business units.

This image illustrates the different concerns and actions of three groups within an organization: Risk Managers, Lines of Business, and Directors and Executives.

Executives and directors are concerned with market expectations and delivering the strategy. Risks are often not addressed during management meetings. As a result, executives do not know if any negative surprises keep them from meeting their projections until it is too late.

The consequence of this fragmented and disjointed approach to risk management is that risks go unnoticed, resulting in losses.

How SAP Risk Management helps an Organization

SAP Risk Management automates manual tasks, employs best practices in a unified platform, automates the monitoring using SAP HANA-based key risk indicators (KRIs), embedded reporting, and analytics on real-time information. SAP Risk Management is an end-to-end solution for the planning, identification, analysis, response and monitoring risks, and their incidents that specifically address these requirements.

In the next lesson, we explore into the key capabilities of SAP Risk Management in more detail.

Log in to track your progress & complete quizzes