S-9

SAPINSIDER SPECIAL REPORT | GRC GUIDEBOOK: STRATEGIES AND TOOLS TO MITIGATE RISK

Reproduced from the Oct n Nov n Dec 2014 issue of SAPinsider with permission from its publisher, WIS Publishing | SAPinsiderOnline.com

3 Key Elements to Bolster Your Risk Management Strategy

Brian ShannonPrincipal Consultant, Financial Solutions Dolphin Enterprise

Solutions CorporationR isk is unavoidable in your business decisions and

operations, but it can be managed with the right

technology and the right strategy. SAP solutions for

governance, risk, and compliance (GRC) enable organi-

zations to manage risk and comply with highly complex

financial, compliance, and regulatory audits. However,

rapidly evolving audit requirements are changing the

way that organizations do business, and merely imple-

menting GRC solutions is not enough. By putting a

comprehensive risk management strategy in place now,

organizations can protect themselves from future risks.

A successful risk management strategy incorporates

three essential elements: roles and responsibilities, poli-

cies and procedures, and technology.

1. Roles and ResponsibilitiesWhile organizations generally understand and control

financial risks, risks in other areas of the business are

sometimes overlooked. It can be difficult when control-

ling data to comply with regulations — such as the Pay-

ment Card Industry Data Security Standard (PCI DSS)

for credit card data or the Health Insurance Portability

and Accountability Act (HIPAA) for health data — be-

cause responsibility can fall across different departments.

To mitigate these broader risks, organizations must

develop an information lifecycle strategy and ensure

that the correct roles and responsibilities are in place.

At a minimum, organizations should consult mem-

bers of the finance, legal, and IT departments to deter-

mine how specific regulations and requirements affect

the way data is handled in SAP systems. Establishing

specific risk management roles and responsibilities will

ensure that the required controls are not only put in

place, but monitored over time, and can be quickly and

easily reported on in the event of an audit.

2. Policies and ProceduresAligning organizational policies and procedures with

requirements is important to any risk management strat-

egy. SAP solutions for GRC can help organizations codify

policies and procedures, and respond to audit requests in

a timely manner. Organizations can also leverage the ex-

isting capabilities in SAP applications to enforce policies

and procedures and mitigate risk. Optimizing existing

processes in SAP systems by automating manual steps

and ensuring that the SAP system is always the system

of record improves controls, increases productivity, and

lowers the total cost of operating SAP systems.

3. TechnologyWhen putting together a comprehensive risk manage-

ment strategy, it is important to consider software that

can be used to enhance what is available in SAP solu-

tions for GRC, specifically in the following areas:

■ Data capture: Organizations should consider tools

that capture information required for audit pur-

poses, such as process diagramming solutions, which

automatically document process steps and system

integration points; and optical character recognition

(OCR), which automatically enters large volumes of

audit documentation into the SAP system.

■ Reporting: Audit regulations are constantly chang-

ing, so it’s important to invest in flexible tools to meet

current and future audit reporting requirements,

such as the Data Retention Tool (DART) to meet

US-based financial audit requirements.

■ Data storage: Data archiving is an important consid-

eration to reduce the cost of long-term data storage.

Moving archived or infrequently accessed data to

cloud storage is another way to reduce costs.

Learn MoreBuilding a risk management strategy that incorporates

these three essential elements enables organizations

to mitigate risks and meet the challenges presented by

financial, compliance, and regulatory audits. For more,

visit www.dolphin-corp.com or download our white

paper, “Auditing 101: What Every Organization Run-

ning SAP Applications Needs to Know to Prepare

for Financial, Compliance, and Regulatory Audits” at

http://bit.ly/dolphinforaudits.

By putting a

comprehensive

risk management

strategy in place

now, organizations

can protect

themselves from

future risks.