Expand +



Building “Risk-Aware” Organizations

How to Reduce Complexity and Promote Participatory Processes Throughout Your Enterprise

by Gary Dickhart | SAPinsider, Volume 15, Issue 4

October 1, 2014

A risk management strategy cannot be effective unless it is developed around a consistent definition of risk that is accurate for and understood across your organization. Employees at every level must be given defined criteria and responses with which to identify and mitigate risk. Combined with appropriate governance, risk, and compliance (GRC) solutions and training, this strategy provides a formidable defense.


Businesses can’t predict everything, so they use past experience to help form future decision making. This is the foundation of risk management. Holistic technology solutions, like SAP solutions for governance, risk, and compliance (GRC), help organizations measure risk and manage large, complex landscapes made cumbersome by mergers and acquisitions. But organizations cannot rely solely on the technology — they must incorporate it with an enterprise-wide risk management strategy that empowers managers of various levels to use common processes to ensure risk events are handled consistently.

What Exactly Does Risk Mean in Your Organization?

At the beginning of a GRC solution deployment, you need to define risk and responses consistently across your enterprise. Organizations often don’t take the time to define risk responses in sufficient detail and to design a supporting process accordingly. For example, organizations often rank risks using the terminology “High,” “Medium,” or “Low.” Without a common definition of the rankings, however, each department or individual may respond differently to a given risk. An auditor may rank every risk High, while a director or manager may rate the same risks as Low and consider them part of the day-to-day business. A standard set of criteria — High means assets may be lost, Medium means inaccuracies occur in reporting, Low means productivity losses occur — allows all members across the organization to be on the same page.

In addition, defining the supporting processes for responses is important. When does senior management need to be notified? When do responses need to be prepared in advance? If someone observes a suspicious activity, what level of manager should be notified? In the absence of predicted response plans, the organization depends on each individual’s judgment, which may or may not align with senior management’s expectations.

When the right features are implemented, SAP solutions for GRC can help identify hidden risks, and standardize and track responses to ensure consistency and alignment.

How Technology Plays a Role

SAP solutions for GRC help organizations align their strategy with senior management’s expectations. For example, if organizations want to take a proactive approach, they can identify potential risks before acting, or they can focus on a reactive approach with features that report after the actions are taken. When the right features are implemented, SAP solutions for GRC can help identify hidden risks, and standardize and track responses to ensure consistency and alignment. The process of supporting the technology requires the involvement of managers across the organization.

The success of the deployment also depends on additional training and well-designed processes to maximize return on investment (ROI). The process for risk recognition and responses should be standardized. Customer Advisory Group’s services approach helps sustain the important processes throughout the organization by starting with a small, affordable pilot and then leveraging that experience to produce a deployment package so the technology and processes can be communicated easily to each business unit. When that is accomplished, many managers across the organization, instead of a few isolated experts, will be equipped to recognize and manage risk. In addition, the training and communication executed during our engagement empowers the organization to sustain the process without consultants in the future.

This approach, combined with the right technology, helps advance your organization’s integrity to drive more predictable and consistent results. Learn more at

An email has been sent to:


Gary Dickhart
Gary Dickhart

Chief Operating Officer
Customer Advisory Group LLC

More from SAPinsider


Please log in to post a comment.

No comments have been submitted on this article. Be the first to comment!