SAP GRC risk management and key risk indicators .........................
You may have heard of KPIs — key performance indicators — that help com-
panies and employees track progress toward their goals. Key risk indicators
(KRIs) provide the same kind of metric, but in the realm of risk. KRIs tell you
that if a certain risk is realized, it represents a significant problem. SAP GRC
Risk Management provides automatic KRI monitoring. Furthermore, as shown
in Figure 2-3, KRIs are related to risk targets and thresholds, making it very
concrete that if a certain metric reaches a certain level, the risk owner must
be notified.Figure 2-3 highlights how KRI monitoring helps drive and automate the risk
management process.The process of KRI monitoring starts with identifying the key risk indicators:What are the top key risk indicators that could affect your business
processes?Which of your business processes or activities are “worth” tracking from
a risk management perspective?
What are your company’s goals and how do risks align to those? How do
they differ by line of business?The next step is to set thresholds for each KRI using configurable business
rules. For example:Figure 2-3:
Automatic
KRI
monitoring
with SAP
GRC Risk
Manage-
ment.