0 оценок0% нашли этот документ полезным (0 голосов)
81 просмотров4 страницы
Gain insight into how risk drivers can impact your business value and reputation. Our risk management software can help you track key risk indicators and align risk events with their potential impact – so you can make responsible, defensible risk management decisions, regardless of your company size or industry.
Identify, define, and improve the business activities that create value
Understand systemic risk drivers and their impact on value, processes, and performance
Map business objectives to their relevant value drivers within your organization
Gain insight into how risk drivers can impact your business value and reputation. Our risk management software can help you track key risk indicators and align risk events with their potential impact – so you can make responsible, defensible risk management decisions, regardless of your company size or industry.
Identify, define, and improve the business activities that create value
Understand systemic risk drivers and their impact on value, processes, and performance
Map business objectives to their relevant value drivers within your organization
Gain insight into how risk drivers can impact your business value and reputation. Our risk management software can help you track key risk indicators and align risk events with their potential impact – so you can make responsible, defensible risk management decisions, regardless of your company size or industry.
Identify, define, and improve the business activities that create value
Understand systemic risk drivers and their impact on value, processes, and performance
Map business objectives to their relevant value drivers within your organization
with SAP GRC What we are seeing in the market Organizations today are struggling with managing risks across the enterprise. External and internal risk management requirements are becoming increasingly complex and intrusive, while the demand for more comprehensive, consolidated and actionable governance, risk and compliance (GRC) information continues to increase. The historic approach of managing risk in silos across different teams, processes, methods and infrastructure cannot keep up with these requirements. Risk management has become a growing operational and fnancial burden, limiting its ability to keep pace with business growth and transformational initiatives. This is the right time to learn about opportunities to transform your risk management program by enabling it through an SAP GRC Risk Management solution that can: Create improved visibility and integration by linking various risk and control frameworks Lower the cost of risk management through the elimination of duplicate and fragmented risk activities and minimization of manual processes Increase effciencies through automation and end-to-end process centralization What are the opportunities at your company? Typical current state Mature state Our recent Ernst & Young global survey of more than 250 leading organizations found a direct link between effective risk management practices and improved fnancial performance. Harnessing the power of GRC technology to improve risk information, streamline processes and reduce cost was both the biggest challenge and opportunity in achieving the needed risk management maturity. Increasing complexity Simplifed Reactive Proactive Fear of unknown Visibility Cost pressures Cost- effcient Inconsistent approach Consistent Multiple and manual risk management processes Signifcant workfow automation Centralized risk and risk assessment management Integration with other SAP GRC modules Fragmented, manual and ad hoc reporting Inability to produce a consolidated heat map Consistent and real-time reporting Centralized and consolidated heat map Drill-down capabilities Lack of confdence that all risks were captured Consolidated views and end-to-end risk management processes Scheduled risk assessment activities Ability to improve audit activities Lack of centralization Signifcant impact on business Centralized processes Reasonable impact on business Ability to manage risks at multiple organizational levels Inconsistent approach to capture and assess risks across the organization Central end-to-end process Automated risk activities SAP GRC Risk Management can enable your risk agenda Signifcant workfow automation Centralized risk and risk assessment management Integration with other SAP GRC modules Resulting in the following benefts: Improved alignment to the objectives and strategy of the business Central management of fnancial, operational and compliance risks across organization and technology platforms Increased integration and coordination among business, IT and compliance Automated risk assessment process Flexibility to accommodate various risk models and execute scenario simulations Sustainability of risk management process User-friendly reporting Elimination of duplicate and fragmented risk management activities Reduced level of effort associated with performing risk management activities Streamlined distribution and approval of risks and surveys Comprehensive and continuous risk management and monitoring Proactive identifcation of risks Improved visibility and integration across manual and fragmented risk activities Better aligned risk coverage, including the identifcation of stronger, more pervasive controls Improved visibility to risks that matter most to the organization, enabling resources to proactively focus on the most signifcant risks Improve controls and processes Better aligned risk coverage, including the identication of stronger, more pervasive controls Reduced level of effort associated with performing and testing controls Increased control and process efciencies enabled through automation and continuous monitoring Improved control mix that addresses key business risks while driving process efciencies Embed risk management Comprehensive and continuous risk management and monitoring Central management of nancial, operational and compliance risks and controls across organization Enhance risk strategy Improved alignment to the objectives and strategy of the business Improved visibility to risks that matter most to the organization Proactive identication of risks Enhanced decision-making Optimize risk management functions Elimination of duplicate and fragmented risk management activities Increased integration and coordination among business, IT and compliance Sustainability of risk management process Effective top-down and bottom- up reporting Turning risk into results Enhance risk strategy Embed risk management Optimize risk management functions Improve controls and processes Risk agenda Risk Cost Value Risk Value Cost Cost Value Risk Next steps to improve your risk management landscape Maturity models and leading-practice benchmarks: assist with assessing the current state against leading practice (enterprise-wide technology, GRC technology and processes/ controls) and identifying opportunities for improvement. SAP GRC demo environment: demo environment for all the latest versions of software, including SAP GRC 10.0 for Access Control, Process Control, Risk Management and Global Trade Services. EY RiskUniverse
: industry-specifc risk universes,
process-normative models and key business risks linked to application-specifc controls that can be used to customize SAP GRC demos. Baseline enterprise-wide GRC technology maturity model
Optimize enterprise application landscape Single ERP vendor as primary choice for global corporate functions Aggressively rationalize application portfolio and licensing Centrally developed architectural blueprints and standards adopted Simplify enterprise application landscape Rationalize application portfolio and licensing alignment Single ERP vendor by function Architectural standards and blueprints alignment Leverage enterprise application landscape Some application rationalization Leverage unused ERP functionality and integration Limited adoption of architectural standards Deployment options Application rationalization/ Decommissioning Point solutions and custom applications Inconsistent architectural landscape Maximize IT organizational efficiency Status quo Maximize cost reduction Maximize organizational effectiveness Deploy technology Leverage technology Simplify technology Optimize technology T e c h n o lo g y e n a b le m e n t Benefits Simplify Deploy Leverage Optimize Where is Co? X What is your future state? GRC technology benchmarking metrics
Top 66% 9% 20% Metrics Low Median Percentage (%) of primary controls that are automated. 46% 17% 30% Percentage (%) of IT budget related to providing IT support services. 30 Days 74 Days 55 Days Average cycle time in days (including weekends) from identification of a change in risk till risk response. 2 Days 14 Days 5 Days Average cycle time in days (including weekends) from the identification of a control violation until its reported. 0.2 3.8 1.1 Technology cost associated with reporting on internal controls and compliance per $100,000 revenue. Co X current state Note: Cross-industry technology, internal controls, and process benchmarks obtained fromAPQC. Automation Portfolio rationalization Automation Automation Portfolio simplification Rapid GRC technology diagnostic provides accelerated current state assessment of your GRC processes and technology, allowing you to identify realizable value and develop a future state road map to achieve it. SAP GRC demo facilitates mapping of business requirements to SAP GRC functionality and could be used to develop an initial business case for implementing SAP GRC. Why Ernst & Young? Global and fexible approach with a focus on SAP GRC Knowledgeable team with practical experience in process, risk and technology disciplines Industry-specifc content and enablers Leading-practice assessment diagnostics and leverage models Service delivery model design and key performance indicators Ernst & Young Assurance | Tax | Transactions | Advisory About Ernst & Young Ernst & Young is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 152,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve their potential. Ernst & Young refers to the global organization of member frms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit www.ey.com. 2012 EYGM Limited. All Rights Reserved. BSC No. 1204-1353150 | EYG No. AU1190 This publication contains information in summary form and is therefore intended for general guidance only. It is not intended to be a substitute for detailed research or the exercise of professional judgment. Neither EYGM Limited nor any other member of the global Ernst & Young organization can accept any responsibility for loss occasioned to any person acting or refraining from action as a result of any material in this publication. On any specifc matter, reference should be made to the appropriate advisor. ED 0113 Our services Rapid GRC technology diagnostic GRC technology vendor selection GRC technology implementation and assessments Risk transformation enabled by GRC technology RiCAP: collects and analyzes process, risk and controls data to help align risk spend to strategic and business objectives by maximizing risk coverage and identifying control cost drivers.