The idea for creating SAP GRC Risk Management was born, to give SAP the
ability to identify and manage their own risks within their own business. The
benefits SAP realized by implementing SAP GRC Risk Management solutions
are quantifiable in several ways:
�Cost savings:Time is money, and now SAP spends approximately 30 per-
cent less time managing risk activities centrally and throughout the busi-
ness (previously, SAP employees spent this time manually completing
and tracking risk assessments, consolidating assessments, and rolling
up and generating reports).
�Reduced insurance premiums:Because SAP is monitoring its risks sys-
tematically, insurance companies can reduce their premiums. Using SAP
GRC Risk Management drove down insurance costs, saving the company
$4 million annually in insurance premiums. Because of automatic KRI
monitoring, fewer risks result in incidents, and there are fewer claims.
“Prior to the implementation, we had an average of 7 to 10 claims per
year within our Americas region alone,” says George Haitsch, Vice
President Corporate Risk, Global Risk Management, SAP AG. “Now we
average just 2 to 4 claims annually for the entire SAP Group.”
�Risk management as competitive advantage: SAP GRC Risk Management
has made SAP AG a tougher and savvier competitor. “All loss events
impact the bottom line, making us less profitable,” states Phil Morin,
senior director of risk management, SAP AG. “If we reduce the number
of loss events, we have more money to invest in areas such as research
and development @md and that’s got to be good news for our customers.”
�Monitoring important KRIs: Part of the competitive advantage derives
from the ability to important information such as the sales pipeline, new
project launch status, and the effectiveness of internal controls.
Gleaning the Benefits of SAP GRC Risk Management ................................
SAP GRC Risk Management enables businesses to understand the true nature
and exposure of enterprise risks. Benefits include increased visibility into risks,
the ability to leverage existing data throughout the enterprise, the ability to
align risk management with strategy, and the ability to make better decisions.
�Increase visibility:SAP GRC Risk Management enables and automates the
cross-enterprise identification, monitoring, and mitigation of risks across
lines of business. It provides visibility and transparency of risks across the
enterprise to allow organizations to be more accountable and make more
effective risk-based business decisions.
64 Part I: Governance, Risk, and Compliance Demystified
