Risk Management Process

PDF download from SAP Help Portal:

http://help.sap.com/saphelp_grcpc30/helpdata/en/42/ebb279dec54989ac412b848c429ffd/content.htm
Created on July 27, 2014
The documentation may have changed since you downloaded the PDF. You can always find the latest information on SAP Help Portal.
Note
This PDF document contains the selected topic and its subtopics (max. 150) in the selected structure. Subtopics from other structures are not included.
2014 SAP SE or an SAP affiliate company. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose
without the express permission of SAP SE. The information contained herein may be changed without prior notice. Some software products marketed by SAP SE
and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by
SAP SE and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be
liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express
warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. SAP and other
SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE in Germany and other
countries. Please see www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices.
Table of content
PUBLIC
2014 SAP SE or an SAP affiliate company. All rights reserved.
Page 1 of 3
Table of content
1 Risk Management Process
PUBLIC
2014 SAP SE or an SAP affiliate company. All rights reserved.
Page 2 of 3
1 Risk Management Process

The basic risk management process, as suggested by most risk management frameworks, involves the steps described below. You can use this process to
step through all Risk Management activities, from Customizing to end-user processing, up until the reporting phase.
Prerequisites
You have made the corresponding settings in Risk Management Customizing.
Process
1. Risk Planning
In the planning phase, you define and document your company's risk management framework. This allows the implementation of risk management
programs on a large scale, and enables you to streamline and reduce duplicate efforts in the companys different organizational units. The following steps
are involved in risk planning:
Initial definition and assignment of roles and responsibilities. For more information, see Risk Management Application Roles.
Setup of the organizational hierarchy and organizational views to be used
Definition of risk-relevant business activities (such as processes, projects, or other company assets)
Creation of a risk classification structure, so that you can structure and report on risk assessment results
Definition of a key risk indicator (KRI) framework to automate and reduce risk monitoring efforts
For more information, see Risk Structure.
2. Risk Identification
In this phase, you carry out the following tasks:
Identify and collect information on your companys risks, such as the risk drivers, potential impacts and the relationships between risk events.
Define and assign key risk indicators for the risks. For more information, see Key Risk Indicators.
Document the relationships between risks and create surveys for risks, activities, and risk indicators. For more information, see Surveys.
3. Risk Analysis
In this phase, you assess risks and review historical losses in the following way:
Qualitatively and/or quantitatively analyze the likelihood of occurrence of company risks and the potential impacts of the identified risks, so that you
can determine the necessary responses and investments to mitigate or control the risks. For more information, see Risk Analysis.
Collaborate with business stakeholders to collect risk analysis data, or create surveys or other workflows to help in collecting and interpreting risk
analysis data. This enables you to build risk scenarios and simulations, as well as precisely determine your risk exposure. You can also group
similar risks. For more information, see:
Scenario Management
Incident Management
Surveys
4. Risk Response
In this phase, you carry out the following tasks:
Document the response measures taken to manage the risks and their current status. You do this by taking measures to actively mitigate the
probability or potential impact of the risk, such as defining the risk assessment and approval or review cycles for risks and their responses, and
assigning response ownership and actions.
You can also propose and assign internal controls from Process Control, provided you have installed this application. For more information, see Using
PC Controls and Creating or Editing a Control.
For more information about responses, see Creating a Response or Enhancement Plan.
5. Risk Monitoring
In this phase, you carry out the following steps, to evaluate your organization's risk exposure:
Analyze and report on your company's risk situation. This step includes documentation of incidents and losses for occurred risk events, to track the
effectiveness o mitigations and controls. For more information about documenting incidents, see Incident Management.
You can also monitor the effectiveness and completeness of the responses that were used to mitigate your risks.
Furthermore, to enable the continuous monitoring of risks, in this phase you run the reports for risks and their history, as well as for key risk indicators
defined for these risks. For more information, see Reporting and Analytics and Dashboards and Heatmaps.
PUBLIC
2014 SAP SE or an SAP affiliate company. All rights reserved.
Page 3 of 3