SAP Risk Management in GRC is used to manage risk-adjusted management of enterprise performance that empowers an organization to optimize efficiency, increase effectiveness, and maximize visibility across risk initiatives.
The following are the key functions under Risk Management −
Risk management emphasizes on organizational alignment towards top risks, associated thresholds, and risk mitigation.
Risk analysis includes performing qualitative and quantitative analysis.
Risk management involves Identification of key risks in an organization.
Risk management also includes resolution/remediation strategies for risks.
Risk management performs the alignment of key risk and performance indicators across all business functions permitting earlier risk identification and dynamic risk mitigation.
Risk management also involves proactive monitoring into existing business processes and strategies.
Let us now discuss the various phases in Risk Management. The following are the various phases in risk management −
In a risk recognition process under risk management, the following steps can be performed −
Perform the following tasks under Rule Building and Validation −
Perform the following tasks under Analysis −
From the management aspect, you can see compact view of risk violations that are grouped by severity and time.
Step 1 − Go to Virsa Compliance Calibrator → Informer tab
Step 2 − For SoD violations, you can display a pie chart and a bar chart to represent current and past violations in the system landscape.
The following are the two different views to these violations −
Perform the following tasks under remediation −
Perform the following tasks under mitigation −
Perform the following tasks under Continuous Compliance −
Risks should be classified as per the company policy. The following are the various risk classifications that you can define as per risk priority and company policy −
Critical classification is done for risks that contain company’s critical assets that are very likely to be compromised by fraud or system disruptions.
This includes physical or monetary loss or system-wide disruption that includes fraud, loss of any asset or failure of a system.
This includes multiple system disruption like overwriting master data in the system.
This includes risk where the productivity losses or system failures compromised by fraud or system disruptions and loss is minimum.