Considering Romania
China is clearly not the best choice, and the U.S. plant is both costly and over-
booked by comparison, so the team looks at the plant in Romania. The Chief
Risk Officer reviews the top two risks for Romania, which are financial and
environmental. Data for this plant indicates a lower level of supply chain
risks, and the line of business managers there do not indicate any additional
production problems. However, the increased revenue from this job will put
the plant over the compliance audit threshold, placing higher compliance
costs on the company; however, U.S. compliance processes and controls will
be leveraged to minimize the risk and the impact of the additional compliance
requirements. The increased revenue substantially offsets the cost of the addi-
tional compliance requirements, given that these requirements can be met
efficiently because of the SAP GRC implementation that is already in place.
The second risk to be considered is environmental. What are the current
carbon targets in Romania based on the new production limits? SAP GRC Risk
Management automatically monitors the key environmental risk indicators
and shows that the Romanian plant falls below emissions permit limits even
with the expected increase in production. There is no risk of having to apply
for new permits or buy emissions credits.
After finishing this evaluation, the team settles on the Romanian plant and
creates a draft of the operational plan. The CRO then works to get all of the
risks and mitigation plans into GRC Risk Management so that progress on
the job can be monitored.
The bottom line is that Plastic Time can make a confident reply to Apslcom,
assuring the client it can handle the job (and confident that it makes good
business sense, too).
Using SAP Risk Management: An SAP Case Study .....................................
When Henning Kagermann became CEO of SAP AG, he wanted to know how
risks were being identified, reported, and managed within the company. What
he found was pretty typical. Everyone at SAP said, yes, we track our risks, and
here are the spreadsheets we use.
As you might suspect, risks were being managed in a fragmented and ad hoc
manner. Everyone did it in their own way, and in most cases, their methodol-
ogy was sound, but the result was far from systematic or even comparable in
any rigorous way.
Chapter 2: Risky Business: Turning Risks into Opportunities 63
