SAP Risk Management

Contact Us

SAP Risk Management

Contact Us

SAP Risk Management allows you to identify and assess risks and opportunities, determine a response strategy, and monitor progress. With SAP Risk Management, you can do the following:

Identify enterprise risks and align them with business processes that create value

Identify enterprise risks and align them with business processes that create value

Assess and analyse risks in terms of likelihood and magnitude of impact

Track risk management effectiveness with embedded reports and analytics

Track risk management effectiveness with embedded reports and analytics

Continuously monitor risks using SAP HANA-based key risk indicators (KRIs)

Continuously monitor risks using SAP HANA-based key risk indicators (KRIs)

Key Features

SAP Risk Management offers the following functional capabilities:

Define risk-relevant business activities, set up your organizational risk hierarchy, and assign risk appetite, risk owners, and responsibilities. Develop risk libraries to structure and report on risk assessment results – and define your KRI framework to automate risk monitoring.

Document the potential root causes and consequence of risks – and identify the relationship between risks and events. Capabilities include: defining survey questions, documenting activities, proposing risks, and documenting risks and opportunities.

Run quantitative and qualitative risk analysis to determine the likelihood of occurrence and the potential impact of identified risks. Capabilities include: conducting assessments, building risk scenarios, scenario analysis, performing Monte Carlo simulations, risk response, and documenting responses and enhancement plans.

Analyze and report on your company’s risk situation. Capabilities include: documenting incidents and losses for risk events.

SAP Risk Management includes enterprise risk content and tools for industry-specific operational risk management, such as the following:

  • Graphical View
    Supports the creation and analysis of risks using graphical view.

  • Data Monitoring
    Monitor application data from internal and external systems in real time.

  • Workflow
    Use workflow to automate processes.

  • Starter kits
    Controls starter kit: Library of standard business controls, basic regulations, and direct entity-level controls.
    ERM starter kit: Library of enterprise risks, risk drivers, and impacts

  • Automated monitoring
    CCM library: Automated continuous controls monitoring
    KRI library: KRIs organized by risk drivers, risk categories, and industries
    SAP Risk Management uses the various work centres of the GRC, in which you can carry out all SAP Risk Management activities

What’s New in SAP Risk Management 12.0 SP06

New and Enhanced Features

  • It is now possible to add attachments and links to risk proposals and opportunity proposals.

  • When a user is deleted from the system, the risk and opportunity proposals created by them will be blocked.

  • With the customizing activity Maintain Opportunity Analysis Guidance, you can enable and customize the guidance on setting opportunity benefit and probability.

  • Now in the worksheets downloaded from Risks and Opportunities for offline operations, the unit of measurement used in each risk analysis is shown.

Important Integration Information

The processes and user interfaces of the following applications are closely linked, as they have interconnected features:

  • SAP Access Control

  • SAP Process Control

  • SAP Risk Management

You can access the features and documentation of one or several of these products only after licensing and installing the relevant products.

SAP Access Control 12.0, SAP NetWeaver 7.52 Support Package Stack 00

SAP Process Control 12.0, SAP NetWeaver 7.52 Support Package Stack 00

SAP Risk Management 12.0, SAP NetWeaver 7.52 Support Package Stack 00The integration topics describe the integration scenarios that leverage 12.0 features across multiple applications.

Integration of KRIs with SAP S/4HANA Cloud

To set up the integration of key risk indicators in your on-premise SAP Risk Management system with SAP S/4HANA Cloud, you must perform the following configuration steps.

Prerequisites

Scope item Key Risk Indicator Monitoring (2U2) must be active. You can check this in the Manage Your Solution app under View Solution Scope.

A user must exist for creating a communication system in SAP S/4HANA Cloud to access the on-premise SAP Risk Management system. This user must have the following privileges:

  • SAP_GRC_FN_BASE: Base role to run GRC applications

  • SAP_GRC_FN_ALL: GRC Power User

You must have a user with sufficient authorization in Customizing for SAP Risk Management, for example, GRC System Administrator.

Prerequisites

Activities

Set Up Cloud Connector

To enable communication via remote call between the on-premise and cloud systems, you need to enable SAP Cloud Platform Cloud Connector (Cloud Connector) in your SAP S/4HANA Cloud environment and create a communication arrangement for the scenario SAP_COM_0200.

For more information, go to the SAP Help Portal and search for the SAP S/4HANA Cloud product page. In the Product Assistance, navigate to the following chapter:

SAP S/4HANA Cloud Generic Information General Functions for the Key User Integration Scenarios How to Set Up SAP Cloud Platform Cloud Connector.

SAP S/4HANA Cloud Configuration

On the SAP S/4HANA Cloud side, you must perform the following tasks:

  • Create a communication user. You can do this using the Maintain Communication Users app.

  • Create a communication system which defines the host name of the SAP Risk Management system and handles users for both inbound and outbound communications. You can do this using the Communication Systems app.

When creating the system, you must add the virtual host name for the SAP Risk Management system and choose Use Cloud Connector.

In the Cloud Connector technical settings, you must enter the Instance Number and Client, which are system connection parameters for the SAP Risk Management system.

Add the new inbound communication user that you created in step 1, and add a new outbound communication user for communication back to the SAP Risk Management system. The outbound user is used to log onto the SAP Risk Management system, so ensure it has sufficient authorization.

  • Create a communication arrangement, which defines all the relevant information for communication with the SAP Risk Management system. You can do this in the Communication Arrangements app.

Create the new communication arrangement with communication scenario SAP_COM_0230, and add the communication system you created in step 2. Define the inbound communication user as the one created in step 1.

SAP Risk Management Configuration

On the SAP Risk Management side, you must perform the following tasks:

  • Create an RFC connector to communicate with the SAP S/4HANA Cloud system.

You can do this in Customizing for Governance, Risk and Compliance under Common Component Settings Integration Framework Create Connectors.

The RFC destination of the created connector must be the system ID of the SAP S/4HANA Cloud system and the connection type must be 3 (ABAP Connection).

You must also add the target SCC host name and instance number, and for the logon details you include the user name you created on the SAP S/4HANA side above.

  • Define the connection types that are used when connecting to the SAP S/4HANA Cloud system.

You can do this in Customizing for Governance, Risk and Compliance under Common Component Settings Integration Framework Maintain Connectors and Connection Types.

For the new connector, define the following:

  • Target connector: Provide the RFC destination created in step 1.

  • Source connector: Provide the RFC destination of the current client of the SAP Risk Management system.

  • Connection type: SAPTABLES4

  • Logical port: Again, provide the RFC destination of the current client of the SAP Risk Management system.

  • Maintain scripts to be used when reading tables in the SAP system.

You can do this in Customizing for Governance, Risk and Compliance under Risk Management Key Risk Indicators Connectivity Maintain Scripts for SAP Table.

Create a new entry with the following details:

  • Script: The ID of the script for reading the table of the SAP system

  • Script Name: The name of the script

  • Table Name: The name of the SAP system table to be read

  • Maintain the whitelist to indicate the tables that the SAP S/4HANA Cloud system is allowed to read.

You can do this in Customizing for Governance, Risk and Compliance under Common Component Settings Continuous Monitoring Maintain Whitelist for S/4HANA Integration.

Create new entries with the tables that you want to whitelist in SAP S/4HANA Cloud.

Activities

Set Up Cloud Connector

To enable communication via remote call between the on-premise and cloud systems, you need to enable SAP Cloud Platform Cloud Connector (Cloud Connector) in your SAP S/4HANA Cloud environment and create a communication arrangement for the scenario SAP_COM_0200.

For more information, go to the SAP Help Portal and search for the SAP S/4HANA Cloud product page. In the Product Assistance, navigate to the following chapter:

SAP S/4HANA Cloud Generic Information General Functions for the Key User Integration Scenarios How to Set Up SAP Cloud Platform Cloud Connector.

SAP S/4HANA Cloud Configuration

On the SAP S/4HANA Cloud side, you must perform the following tasks:

  • Create a communication user. You can do this using the Maintain Communication Users app.

  • Create a communication system which defines the host name of the SAP Risk Management system and handles users for both inbound and outbound communications. You can do this using the Communication Systems app.

    When creating the system, you must add the virtual host name for the SAP Risk Management system and choose Use Cloud Connector
    In the Cloud Connector technical settings, you must enter the Instance Number and Client, which are system connection parameters for the SAP Risk Management system.

    Add the new inbound communication user that you created in step 1, and add a new outbound communication user for communication back to the SAP Risk Management system. The outbound user is used to log onto the SAP Risk Management system, so ensure it has sufficient authorization.

  • Create a communication arrangement, which defines all the relevant information for communication with the SAP Risk Management system. You can do this in the Communication Arrangements app.

    Create the new communication arrangement with communication scenario SAP_COM_0230, and add the communication system you created in step 2. Define the inbound communication user as the one created in step 1.

SAP Risk Management Configuration

On the SAP Risk Management side, you must perform the following tasks:

  • Create an RFC connector to communicate with the SAP S/4HANA Cloud system.

    You can do this in Customizing for Governance, Risk and Compliance under Common Component Settings IntegrationFramework Create Connectors.

    The RFC destination of the created connector must be the system ID of the SAP S/4HANA Cloud system and the connection type must be 3 (ABAP Connection).

    You must also add the target SCC host name and instance number, and for the logon details you include the user name you created on the SAP S/4HANA side above.

  • Define the connection types that are used when connecting to the SAP S/4HANA Cloud system.

    You can do this in Customizing for Governance, Risk and Compliance under Common Component Settings Integration Framework Maintain Connectors and Connection Types.

    For the new connector, define the following:

  • Target connector: Provide the RFC destination created in step 1.

  • Source connector: Provide the RFC destination of the current client of the SAP Risk Management system.

  • Connection type: SAPTABLES4

  • Logical port: Again, provide the RFC destination of the current client of the SAP Risk Management system.

  • Maintain scripts to be used when reading tables in the SAP system.

    You can do this in Customizing for Governance, Risk and Compliance under Risk Management Key Risk Indicators Connectivity Maintain Scripts for SAP Table.

    Create a new entry with the following details:

  • Script: The ID of the script for reading the table of the SAP system

  • Script Name: The name of the script

  • Table Name: The name of the SAP system table to be read

  • Maintain the whitelist to indicate the tables that the SAP S/4HANA Cloud system is allowed to read.

    You can do this in Customizing for Governance, Risk and Compliance under Common Component Settings Continuous Monitoring Maintain Whitelist for S/4HANA Integration.

    Create new entries with the tables that you want to whitelist in SAP S/4HANA Cloud.

Want to get in touch with one of our experts?

Request a Live Demo Today!

Request a Demo