Understanding Master Data

Objectives

After completing this lesson, you will be able to:
  • Describe master data.
  • Understand master data elements.
  • Understand the Master Data Flow.
  • Explain different organizational structures.
  • Explain roles and entities in SAP Process control.
  • Manage Master Data Procedures.

Risk Planning

This image shows the SAP Risk Management cycle with five stages: Risk Planning: Set objectives, risk appetite, and categories.Risk Identification: Identify potential risks.Risk Analysis: Assess impact and likelihood.Risk Treatment: Develop mitigation strategies. Risk Monitoring & Reporting: Continuously track and report risks.

In SAP Risk Management, Enterprise risks are typically documented for organizational entities and various types of business activities. These activities can include business processes, assets, projects, programs, and more. Both the organizational and activity structures have a hierarchical nature. The main requirement is the ability to document enterprise risks and assign them to different nodes within the organizational and activity structures.

By maintaining comprehensive and accurate master data documentation in SAP Risk Management, organizations can effectively identify, assess, and mitigate risks. This enables them to make informed decisions and take proactive measures to protect their business interests.

Let’s look at the master data elements in SAP Risk Management before moving on to the detailed master flow chart.

Master Data Elements

The image shows a diagram with six balance scales representing: Organization hierarchy, Business Objective hierarchy, Activity hierarchy, Risk & Opportunity category, Driver Category, and Impact Category.

Master data elements in SAP Risk Management are the foundational blocks that store and manage critical information related to risk management processes. These elements include:

  1. Organizational Hierarchy

    This refers to the structure of an organization and the main entry point for SAP Risk Management, including its geographical entities, departments, divisions, and reporting lines. For example, a company may have multiple business units, each with its own risk management responsibilities.

  2. Objectives

    These are the goals and targets that an organization sets for itself. Objectives can be financial, operational, or strategic in nature. For example, a company may have an objective to increase market share by 10% within the next year.

  3. Activity Classification

    This involves categorizing the activities or processes within an organization. This classification helps to identify and assesses risks associated with each activity. For example, activities can be classified as manufacturing, sales, or finance.

  4. Risk/Opportunity Category

    This refers to the classification of risks and opportunities based on their nature or source. Risks can be categorized as financial, operational, compliance, or strategic, while opportunities can be categorized as market expansion, cost savings, or innovation.

    Note

    Opportunity category framework is the same as risk category framework. We will not be exploring or maintaining the master data for opportunity in this learning course.
  5. Driver

    This refers to the cause or factor that contributes to a risk or opportunity. Identifying the drivers helps to understand the root causes and taking appropriate actions. For example, a driver for a financial risk could be changes in interest rates.

  6. Impact

    This refers to the potential consequences or effects of a risk or opportunity. Assessing the impact helps to prioritize risks and determine the appropriate risk response strategies. For example, the impact of a compliance risk could be financial penalties or reputational damage.

Now that you understand the master data elements, it is time to introduce you to the master data flow chart.

Master Data Flow

A flowchart illustrating the steps from Start to End for setting up a business risk management process. Steps include setting up business objectives, organization hierarchy, roles, activity hierarchy, risk catalog, risk categories, impact and driver assignments, risk roles, and risk response.

The process for manually creating Risk Management master data typically follows this order:

  1. Set up the Business Objective.
  2. Set up Organizations hierarchy.
  3. Set up Activity Hierarchy.
  4. Set up Risk Catalog–Risk Category.
  5. Set up Risk by choosing Risk category.
  6. Set up Risk Response.

The Master data assignments start after all initial actions have been created:

  • Assign corporate and organization roles
  • Assign Impact and Driver to Risk
  • Assign Risk Roles

The Master Data flow is explained step-by-step in the next lesson.

Setting up an Organizations Hierarchy

Two organizational charts for CRG International, Inc. The left chart is geographic with HR, Finance, and IT for Germany and France. The right chart is functional with Finance and Operations departments.

Organizational master data is a standard component at SAP that captures the structure of a business. During implementation or through import from other applications, the organization's master data is set up.

There are several aspects to consider when arranging an organization hierarchy for risk reporting purposes (for example, legal structure, geographic, lines of business, and so on). The benefits of defining organization hierarchies are flexible risk reporting to meet the requirements of different risk management stakeholders and improved risk transparency.

Companies must decide on the model that will be used to define hierarchies and involve teams responsible for implementing multiple Governance, Risk, and Compliance (GRC) components, such as SAP Access Control and SAP Process Control, in the setup of the organizations. It's important to determine whether the hierarchy mirrors the company's organizational structure and ensure consistency in defining the hierarchy.

Different structures, such as geographical entities, functional, or business units, can be used to create the organization hierarchy. Companies must also determine who is responsible for researching and rectifying risk and response discrepancies for each location within the hierarchy, whether it's applicable to business process owners, Enterprise Risk Management team, or another group.

Organizational units must report on the mitigation of risks by Responses to demonstrate the organization’s objective. Risks and Responses are associated with an organization, allowing for analysis and monitoring at the organization level.

The Organization Hierarchy also includes several important features, such as setting up the hierarchy based on specific company requirements, assigning Objective, Unit of Measure, Risk Appetite, Risk Threshold, and assignment of owners.

Changes can occur within organizations, and these must be updated in SAP Risk Management.

There can be only one top node for the organization's catalog, and the top node is defined in the Implementation Guide. A hierarchical structure can be defined under the top node. Each node in the structure is called an organizational unit.

Master Data Upload Generator Template (MDUG) for Uploading Master Data

A computer monitor displaying an Excel spreadsheet with columns labeled Name, Description, Shared Service Provider, and others. Rows include entries like CRG International Inc., HR, Finance, General Accounting, and Sales & Marketing.

As you see on the screen above, SAP Risk Management creates an excel file for uploading master data. Once the excel file is filled with all master data, it can be uploaded into SAP Risk Management and Process Control for processing. This includes information such as Organization, Org unit, Risk Category, Risk Template, Risk Impact, and Risk Driver.

1) Initial Data Upload by Master Data Upload Generator (MDUG) Template.

MDUG Tool is a standard delivered tool for SAP Risk Management and Process Control. Uploaded Data is usable as central master data not transactional master data.

Advantages

  • Efficiency in Bulk Operations: Specifically designed for mass data uploads, this approach significantly streamlines the process of importing large volumes of data into the system.
  • Purpose-Built Tool: As a standard tool delivered for Risk Management/Process Control (RM/PC), it is optimized for the initial loading of master data, ensuring a smooth start-up phase.

Disadvantages

  • Limited Scope: Primarily intended for the initial load of RM/PC master data, it is not designed to support ongoing maintenance, which may necessitate additional tools or methods for long-term data management.

Master Data Setup Options via Manual Entry

A computer screen displaying an SAP application interface with a list of organizational hierarchy items. The screen shows details such as Org. Unit, ID, Name, and Validity. A black circle with the number 2 is on the left side of the screen. The background is white and minimalistic.

If you choose Organization tile and choose Add, a form opens. On this form, you can manually enter the information for the organization. Once you have entered all the required information, you can save the organization entry and it is added to the SAP Risk Management system.

2) Manual Entry and Maintenance in SAP Risk Management

In general, the compliance team initially sets up the master data after installation and configuration of Risk Management, including:

  • Organization Hierarchy
  • Assignment of corporate/organization roles
  • Business Objective Hierarchy
  • Activity Hierarchy

This can be resource-intensive for a company.

Advantages

  • User Experience: Benefiting from a user-friendly and intuitive interface, this method facilitates easy navigation and data input for users.

Disadvantages

  • Access Control: Data entry permissions are strictly defined by user roles, potentially limiting broader organizational engagement.
  • Resource Demand: It tends to be resource-intensive, requiring significant manual effort and time, which might affect efficiency.

Setting up an Objective Hierarchy

Flowchart showing Objective Hierarchy with Strategies: Provide Reliable Business Information and Safeguard Assets, leading to various Objectives and Categories.

Organizations typically have several strategic initiatives with different objectives for each.

The objective hierarchy provides a framework for documenting the categories, strategies, and objectives.

The Implementation Guide introduces the objective category, which is then inherited in the objective. The objective hierarchy consists of a default root node with two levels below it. The first level captures the strategies, while the second level captures the objectives for each strategy. For instance, a category could be financial, the strategy could be minimizing costs, and the corresponding objective could be minimizing operating costs.

The objectives defined in the hierarchy can be shared with the organizational units defined in the organizational structure master data.

Setting up Activity Hierarchy

The diagram shows an Activity Hierarchy: Business Process, Assets, Products/Services, with categories like financial management and product delivery.

An activity is a risk-bearing activity, such as a business process, project, or program. Activity categories and activities provide risk managers with extra insight into the areas of the business that are impacted by risks. This added dimension in risk reporting allows for a more comprehensive understanding of the potential risks faced by the organization.

For example, instead of simply reporting on the overall risk level, risk managers can now identify specific activities that are most affected by these risks. This enables them to prioritize their risk management efforts and allocate resources accordingly. By having a clear understanding of which areas of the business are most at risk, risk managers can develop targeted strategies to mitigate these risks and protect the organization's interests.

Overall, activity categories enhance risk reporting by providing a deeper level of analysis and helping risk managers to make informed decisions to safeguard the business.

The activity hierarchy consists of activity types and activity categories. Activity types can include Business processes, Assets, Projects, and so on.

Further more, Activity categories take birth to have additional hierarchy:

  • Business Processes, such as Manage Financial resources
  • Assets, such as IT infrastructure (tangible and Intangible)
  • Projects

There is no limit to the number of levels and activity categories. Each activity category entry stores extra master data attributes. In addition, assignment of Activity to risks is optional In SAP Risk Management.

Setting Up Risk Category

The image shows a risk management framework with three categories: Strategy (governance, competition), Financial (market, liquidity), and Operational (disruptions, safety).

SAP Risk Management manages risks and opportunities as separate entities. They are defined for activities and classified into risk categories and opportunity categories. All risks and opportunities must be assigned to a risk category and an opportunity category, respectively. Both risk and opportunity categories follow a hierarchical structure.

For example, the Financial risk category has a child risk category "Market Risks" and an opportunity category could be "Market Expansion." By managing risks and opportunities separately, organizations can effectively identify and address potential threats and capitalize on potential benefits. This ensures a proactive approach to risk management and enables businesses to make informed decisions to mitigate risks and seize opportunities.

There is no limit to the number of levels and the number of risk and opportunity categories. Each risk and opportunity category entry stores extra master data attributes.

All risks and opportunities must be assigned to a risk and an opportunity category.

In Unit 3, we explore local risk in the risk category in more detail.

Master Data Upload generator Template for Risk Category

The image shows an Excel spreadsheet with columns labeled Parent, Name, and Description, categorizing risks into Financial, Operational, and Strategy

The order follows:

  • List Risk categories in Name and Description columns.
  • Assigning Risk category as Parent to child risk category in Parent column.

Specific Considerations of ERM Roles and Entities in SAP Risk Management

The diagram shows a risk management framework with roles and entities. Roles include Central Risk Manager, Risk Manager, Risk Owner, Risk Expert, and Activity Owner. Entities are Corporate/Organization, Risk, and Activity. Arrows indicate a hierarchical structure, with roles at the bottom reporting to those at the top.
  • Activity Owner: Oversees the risk management activities at activity entity level, such as business process, project, or object. The activity owner is equivalent to the process owner role in SAP Process Control.
  • Risk Expert: The Risk Expert plays a crucial role at Risk entity level in identifying potential risks, assessing their impact, and implementing appropriate risk mitigation strategies.
  • Risk Owner: Responsible for managing (and updating) the assigned risk at Risk entity level by defining appropriate response plans for a risk.
  • Risk Manager: Defines corporate risk management framework from corporate and/or organization entity levels. Maintenance of master data in the SAP Risk Management application, such as activity classifications (process catalog, project structure), risk organization, and risk classification.
  • Organization Owner: Oversees the risk management activities for an organization from corporate and/or organization entity levels.

Note

For more information about Risk Management Application Roles you visit SAP Help Portal. Risk Management Application Roles | SAP Help Portal

In the next lesson, we explore the key capabilities of SAP Risk Management.

Log in to track your progress & complete quizzes

Learning

SAP FacebookSAP YoutubeSAP LinkedIn