http://help.sap.com/saphelp_grcpc30/helpdata/en/42/ebb279dec54989ac412b848c429ffd/content.htm Created on July 27, 2014 The documentation may have changed since you downloaded the PDF. You can always find the latest information on SAP Help Portal. Note This PDF document contains the selected topic and its subtopics (max. 150) in the selected structure. Subtopics from other structures are not included. 2014 SAP SE or an SAP affiliate company. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE. The information contained herein may be changed without prior notice. Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP SE and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE in Germany and other countries. Please see www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices. Table of content PUBLIC 2014 SAP SE or an SAP affiliate company. All rights reserved. Page 1 of 3 Table of content 1 Risk Management Process PUBLIC 2014 SAP SE or an SAP affiliate company. All rights reserved. Page 2 of 3 1 Risk Management Process
The basic risk management process, as suggested by most risk management frameworks, involves the steps described below. You can use this process to step through all Risk Management activities, from Customizing to end-user processing, up until the reporting phase. Prerequisites You have made the corresponding settings in Risk Management Customizing. Process 1. Risk Planning In the planning phase, you define and document your company's risk management framework. This allows the implementation of risk management programs on a large scale, and enables you to streamline and reduce duplicate efforts in the companys different organizational units. The following steps are involved in risk planning: Initial definition and assignment of roles and responsibilities. For more information, see Risk Management Application Roles. Setup of the organizational hierarchy and organizational views to be used Definition of risk-relevant business activities (such as processes, projects, or other company assets) Creation of a risk classification structure, so that you can structure and report on risk assessment results Definition of a key risk indicator (KRI) framework to automate and reduce risk monitoring efforts For more information, see Risk Structure. 2. Risk Identification In this phase, you carry out the following tasks: Identify and collect information on your companys risks, such as the risk drivers, potential impacts and the relationships between risk events. Define and assign key risk indicators for the risks. For more information, see Key Risk Indicators. Document the relationships between risks and create surveys for risks, activities, and risk indicators. For more information, see Surveys. 3. Risk Analysis In this phase, you assess risks and review historical losses in the following way: Qualitatively and/or quantitatively analyze the likelihood of occurrence of company risks and the potential impacts of the identified risks, so that you can determine the necessary responses and investments to mitigate or control the risks. For more information, see Risk Analysis. Collaborate with business stakeholders to collect risk analysis data, or create surveys or other workflows to help in collecting and interpreting risk analysis data. This enables you to build risk scenarios and simulations, as well as precisely determine your risk exposure. You can also group similar risks. For more information, see: Scenario Management Incident Management Surveys 4. Risk Response In this phase, you carry out the following tasks: Document the response measures taken to manage the risks and their current status. You do this by taking measures to actively mitigate the probability or potential impact of the risk, such as defining the risk assessment and approval or review cycles for risks and their responses, and assigning response ownership and actions. You can also propose and assign internal controls from Process Control, provided you have installed this application. For more information, see Using PC Controls and Creating or Editing a Control. For more information about responses, see Creating a Response or Enhancement Plan. 5. Risk Monitoring In this phase, you carry out the following steps, to evaluate your organization's risk exposure: Analyze and report on your company's risk situation. This step includes documentation of incidents and losses for occurred risk events, to track the effectiveness o mitigations and controls. For more information about documenting incidents, see Incident Management. You can also monitor the effectiveness and completeness of the responses that were used to mitigate your risks. Furthermore, to enable the continuous monitoring of risks, in this phase you run the reports for risks and their history, as well as for key risk indicators defined for these risks. For more information, see Reporting and Analytics and Dashboards and Heatmaps. PUBLIC 2014 SAP SE or an SAP affiliate company. All rights reserved. Page 3 of 3