�Setting a level (for example, more than three injuries in a quarter)
�Monitoring percentage increase or decrease (for example, a 5 percent
increase in unplanned manufacturing downtime) or percentage by
volume (more than 0.5 percent customer complaints per product
shipped)
If any of these thresholds are reached or exceeded — more than three
injuries in a quarter for example — an alert is raised so that the situation
receives immediate follow up.
Finally, the risk appetite for each line of business and for the enterprise as a
whole needs to be documented. How much loss can the business absorb
based on current capitalization? It may make sense for some parts of your
business to take more risks (in a product line, for example) while other lines
of businesses, which provide a steady revenue stream — your cash cows —
will be managed more conservatively.
Monitoring risks and key risk indicators
with SAP GRC Risk Management
Here are some situations where you could use SAP GRC Risk Management to
monitor risks and the associated key risk indicators:
�Mass exodus.SAP GRC Risk Management integrates with SAP Human
Capital Management so that you can generate an alert if key people from
the same group are leaving the company, perhaps because they are being
wooed by a competitor.
�Accidents on the rise.SAP GRC Risk Management integrates with SAP
Environment, Health & Safety, so you can raise an alert if an accident
(or two of the same type) occurs, indicating a safety problem.
�Projects are late; deals hang in the balance.The new product release is
key to several important sales deals. SAP GRC Risk Management inte-
grates with SAP Project System and SAP Customer Relationship
Management so you can receive alerts both on the status of the project
and on the revenue that depends on its timely delivery.
�Supplier reliability on the wane.Maybe your suppliers usually deliver
on time, but that on time delivery is slowly falling behind. SAP GRC Risk
Management, working with SAP ERP, can alert you to this trend — before
it becomes a problem.
�Entering a new market.One possible risk is noncompliance with trade
regulations for that market. SAP GRC Risk Management integrates with
SAP Global Trade Services, so you could choose to receive alerts when
60 Part I: Governance, Risk, and Compliance Demystified
