3 key elements to bolster your risk management strategy · isk is unavoidable in your business...
TRANSCRIPT
S-9
SAPINSIDER SPECIAL REPORT | GRC GUIDEBOOK: STRATEGIES AND TOOLS TO MITIGATE RISK
Reproduced from the Oct n Nov n Dec 2014 issue of SAPinsider with permission from its publisher, WIS Publishing | SAPinsiderOnline.com
3 Key Elements to Bolster Your Risk Management Strategy
Brian ShannonPrincipal Consultant, Financial Solutions Dolphin Enterprise
Solutions CorporationR isk is unavoidable in your business decisions and
operations, but it can be managed with the right
technology and the right strategy. SAP solutions for
governance, risk, and compliance (GRC) enable organi-
zations to manage risk and comply with highly complex
financial, compliance, and regulatory audits. However,
rapidly evolving audit requirements are changing the
way that organizations do business, and merely imple-
menting GRC solutions is not enough. By putting a
comprehensive risk management strategy in place now,
organizations can protect themselves from future risks.
A successful risk management strategy incorporates
three essential elements: roles and responsibilities, poli-
cies and procedures, and technology.
1. Roles and ResponsibilitiesWhile organizations generally understand and control
financial risks, risks in other areas of the business are
sometimes overlooked. It can be difficult when control-
ling data to comply with regulations — such as the Pay-
ment Card Industry Data Security Standard (PCI DSS)
for credit card data or the Health Insurance Portability
and Accountability Act (HIPAA) for health data — be-
cause responsibility can fall across different departments.
To mitigate these broader risks, organizations must
develop an information lifecycle strategy and ensure
that the correct roles and responsibilities are in place.
At a minimum, organizations should consult mem-
bers of the finance, legal, and IT departments to deter-
mine how specific regulations and requirements affect
the way data is handled in SAP systems. Establishing
specific risk management roles and responsibilities will
ensure that the required controls are not only put in
place, but monitored over time, and can be quickly and
easily reported on in the event of an audit.
2. Policies and ProceduresAligning organizational policies and procedures with
requirements is important to any risk management strat-
egy. SAP solutions for GRC can help organizations codify
policies and procedures, and respond to audit requests in
a timely manner. Organizations can also leverage the ex-
isting capabilities in SAP applications to enforce policies
and procedures and mitigate risk. Optimizing existing
processes in SAP systems by automating manual steps
and ensuring that the SAP system is always the system
of record improves controls, increases productivity, and
lowers the total cost of operating SAP systems.
3. TechnologyWhen putting together a comprehensive risk manage-
ment strategy, it is important to consider software that
can be used to enhance what is available in SAP solu-
tions for GRC, specifically in the following areas:
■ Data capture: Organizations should consider tools
that capture information required for audit pur-
poses, such as process diagramming solutions, which
automatically document process steps and system
integration points; and optical character recognition
(OCR), which automatically enters large volumes of
audit documentation into the SAP system.
■ Reporting: Audit regulations are constantly chang-
ing, so it’s important to invest in flexible tools to meet
current and future audit reporting requirements,
such as the Data Retention Tool (DART) to meet
US-based financial audit requirements.
■ Data storage: Data archiving is an important consid-
eration to reduce the cost of long-term data storage.
Moving archived or infrequently accessed data to
cloud storage is another way to reduce costs.
Learn MoreBuilding a risk management strategy that incorporates
these three essential elements enables organizations
to mitigate risks and meet the challenges presented by
financial, compliance, and regulatory audits. For more,
visit www.dolphin-corp.com or download our white
paper, “Auditing 101: What Every Organization Run-
ning SAP Applications Needs to Know to Prepare
for Financial, Compliance, and Regulatory Audits” at
http://bit.ly/dolphinforaudits.
By putting a
comprehensive
risk management
strategy in place
now, organizations
can protect
themselves from
future risks.