export declarations are being rejected due to improper product classifi-
cations for customs.
�Maintaining a safe working environment.For example, a mining com-
pany is required to maintain equipment according to safety standards.
Safety equipment is scheduled for periodic inspections. SAP GRC Risk
Management integrates with SAP ERP, so you could choose to receive
alerts when inspections are not conducted on time.
�Meeting government reporting requirements.Think of a pharmaceutical
company that is required to follow FDA regulations, including procedures
on how to conduct clinical trials. You could choose to set up an alert
that monitors data in SAP HCM that shows whether each relevant
employee has successfully completed training in clinical trial document
submission.
�Changes in your competition. Your largest customer is going through
a merger and acquisition process and the merging company buys from
your biggest competitor. You need to get an alert of all sales activities
and start to determine ways to manage the risk of losing this customer
due to the merger. SAP GRC Risk Management is integrated with SAP
CRM, so it can alert you to all relevant sales activities.
�Market fluctuation.You do 25 percent of your sales in Brazil and need
to monitor the fluctuation rate of the real (BRL). You set up a key risk
indicator to monitor the risk of booking a deal on a day when the real is
below the monthly average so that you are alerted about how currency
fluctuation impacts contract bookings. This could represent a difference
of $1 million in the contract booking, so you might want to wait until the
rate is more favorable to book the contract if you can.
Using SAP GRC Risk Management: A Fictional Case Study .......................
To see how SAP GRC Risk Management works in the real world, we’ve created
a fictional case study. Plastic Time, a fictional plastics manufacturing company,
produces styrene, and the CEO has been asked if they can fill an order for 2
million pounds in 30 days — a tight deadline that requires a quick answer.
Because Apslcom (a fictional customer) is a prospect the company has been
pursuing for some time, Plastic Time is very interested in making the sale.
But to evaluate the opportunity intelligently, Plastic Time’s CEO asks the
management team to factor in all the risks so that he can give the client a
solid answer to its inquiry. He also asks them to include the corporate risk
manager in the analysis process.
Chapter 2: Risky Business: Turning Risks into Opportunities 61
